What’s a risk? How does one manage risks? What is the best method to track risks for a project? Is there a standard categorization to use? What is the difference between a risk and an issue? The list goes on and on.
Risk management can be tricky, but having some sort of process on how to manage risks for any project in your organization is extremely important. Identifying, prioritizing and addressing risks for a project, is a fundamental principle that shouldn't be overlooked. If not properly addressed, it can result in slipped schedules, budget overruns, poor quality deliverables, unsatisfied clients, unpaid invoices, etc.
According to the Project Management Institute's PMBOK Risk management is one of the ten knowledge areas in which a project manager must be competent. Project risk is defined by PMI as 'an uncertain event or condition that, if it occurs, has a positive or negative effect on a project's objectives'. Remember, a risk is not an issue. An issue has already occurred (meaning the risk manifested into a problem). A risk is the recognition that a problem might occur. By identifying potential problems, the project manager can work with the team to prevent them from becoming issues.
There are some components to Risk Management process that one should consider. Depending on how the organization or project is run, not all of them may be used.
1. Risk identification – identify those positive and negative risks that might affect the project
2. Risk analysis – evaluation into the risk probability of occurrence and impact
3. Risk response planning – ways to mitigate, avoid, eliminate the risk’s affect on the project
4. Risk monitoring & tracking
Most of the time, project managers are frequently unaware of the big black cloud over their head that’s about to unleash a storm. The worst part is that someone from the team saw the storm coming from miles away, but failed to inform the project manager about it.
One way to fix this is to consistently include risk communication in the tasks you carry out. If you have a status/team meeting, make sure project risks are part of the agenda. This shows risks are important to the team members and gives them the opportunity do discuss the open risks and report new ones.
Another idea that can fix this is to ensure risks are being tracked in a repository that the entire team has access to. Maintaining a risk log enables the team to view progress and make sure that nothing slips through the crack. It is also a perfect communication tool that informs team members and stakeholders what is going on.
A good risk log should contain the following:
· Date risk is opened
· Description of risk
· Owner of risk
· Likelihood of it occurring (ex: percentage)
· Risk impact (ex: low, medium, high)
· Mitigation strategy/plan
Having a mitigation strategy is key. The purpose of the mitigation plan is to describe how this particular risk will be handled – what, when, by whom and how will it be done to avoid it or minimize consequences if it becomes a liability. Once a mitigation plan is put in place and accepted by the project team and client, the project can move forward with the open risk. This creates transparency and allows the project to move forward with minimal impact.
Effective risk management allows one to identify a project’s strengths, weaknesses, opportunities and threats. By planning for unexpected events, the project team can be ready to respond accordingly. To ensure a project’s success, define how potential risks will be handled in your organization. Successful project managers recognize that risk management is important, because it allows a company to maximize profits and minimize expenses while maintaining client satisfaction.