Project Risk Management
The purpose of Project Risk Management is to identify project risks and develop strategies to prevent them from occurring or minimize their impact to the project if they do occur.
Project risks exist because of uncertainty. There is always the possibility that something known or unknown could impact the achievement of your project's goals. Risk management is about being prepared to handle these risks.
As the project manager, there are four basics of risk management that you can use to manage your project's risks...
The first step of risk management is to identify any risks that may impact your project. You are essentially answering the question, "What could go wrong?"
It's important to encourage critical thinking when trying to identify risks. In general, it's great to have a "Can Do" attitude, but during this activity you need to believe in Murphy's Law.
Anything that can go wrong, will go wrong.
- Murphy's Law
There are several techniques that you can use to help identify risks...
Keep in mind that this is not a one-time activity. As the project progresses, new risks may evolve or become known while others may no longer be relevant.
Once you have a list of potential project risks, you need to determine which risks need to be managed. Generally, those risks that would have the greatest impact to the project as well as those that are more likely to occur are the ones that should be focused on.
A basic risk assessment will analyze each risk event for the likelihood that the risk will occur and for the impact it will have if it occurs. This type of qualitative risk analysis information can be plotted on a Risk Assessment Matrix which incorporates the risk rating rules as defined in your Project Risk Management Plan.
Risk Assessment Matrix
Quantitative risk management methods can also be used. These methods include the Monte Carlo technique, sensitivity analysis, and expected monetary value analysis.
For each risk, there are four response strategies that you can choose from...
In some cases, risk avoidance is possible by making a change to the project management plan. Some examples include extending or shortening the schedule, changing the project strategy, or reducing scope.
Risk transfer involves passing the risk to a third party. This doesn't change or eliminate the risk, it simply gives another party the responsibility to manage the risk. Examples of risk transfer include insurance, performance bonds, warranties, fixed price contracts, and guarantees.
Risk mitigation means to reduce the probability and/or impact of a risk event. Examples of risk mitigation include safety training, simplifying processes, choosing a stable supplier, and redundant activities.
Risk acceptance is when the project team decides not to change the project management plan to deal with the risk or is unable to identify any other risk response strategies for a risk event. This strategy can be passive where the project team decides to just deal with the risk if it occurs. Or it can be active where the project team has a contingency reserve allocated and plan in place in case the risk occurs.
Monitoring and controlling your project risks involves implementing your risk response strategies, tracking identified risks, monitoring triggering events, and identifying new risks. This should be done throughout your project.
You can find more articles about project risk management below.
What is risk management? A practical definition of risk management including a 4-step process for managing project risk. Learn why risk management is critical for effective project management.
Qualitative risk analysis is a a simple and cost-effective way to manage project risks. Learn how you can develop and use a qualitative risk assessment matrix for your project...