Wednesday, 14 December 2011 09:36

Seven Crucial Steps to Effective Project Risk Management

Written by
Rate this item
(10 votes)

FeatureDec14thRisk Management is simply defined as identifying, analyzing and managing the uncertainties in a project -both positive (opportunities) and negative (threats). The benefits of risk management are instrumental to a project’s success. By proactively addressing uncertainties, in combination with a strong project management program, problems within the project can decrease by as much as 60 or 70 %.

The International Organization for Standardization identifies the following principles of risk management.

Risk management should:

~ create value ~ be integral to the organization process
~ be part of the decision making ~ address uncertainty and assumptions
~ be systematic and structured ~ be based on accurate information
~ be project specific ~ account for human factors
~ be transparent and inclusive ~ be responsive to change
~ be periodically re-assessed

But what are the steps to building an effective risk management program?

1. Embed risk management as an integral part of the project. Stakeholder buy-in and support is very important to achieve a successful risk management process. It is a good practice to ensure that there are demonstrable benefits to illustrate this approach and make risk management part of the day to day operations.

2. Identify Risk. This step is most effective when done very early in the project. Having a brainstorming session with team member to list out several potential risk items is a good beginning. Include all potential risks, including the risks that are already known and assumed, such as scope creep. Include threats that may stem from human threats, operational issues, procedural impacts, financial threats and natural events. Talk to the industry experts who may have experience in your project type to get a different perspective.

Identify not only the threats, but also any opportunities that may impact your project. Opportunities may assist you in bringing the project in on schedule, perhaps with better deliverables or make it more profitable.

Communication at this stage is crucial. Including communication of risk as part of all meetings is effective to illustrate the importance of risk management, share the risk potentials and provide a platform for discussion.

3. Assign Ownership. Who is going to be responsible for what risk? This person will be accountable to optimize a specific risk-either decrease the threat or capitalize on the opportunity. They will identify the possible triggers to their assigned risk.

Assigning ownership is also important in establishing an effective and clear communication channel. All involved with the project know whom to call when questions arise.

4. Estimate or Prioritize Risks. Once the risks are identified, the next step is to assess the likelihood of the threat being realized. Some risks will have a much higher impact. One approach to estimating the risk is to make a best estimate of the probability and multiply this by the amount it will cost to set things right, if it happens. This will provide an impact value associated with the risk. Another approach is to assign each risk a numerical rating, such as a scale from 1 to 5. Do you have any potentially large events that can cause huge losses OR gains? These will be the number one priorities. Ensure that your priorities are used consistently and focus on the biggest risks first and the lesser priority risks as applicable.

5. Analyze the Risk. What is this risk about? What are the effects of this risk? What causes will make this risk occur? List the different causes and circumstances that affect the risk likelihood; doing a simulation to illustrate how likely the project is to finish on a specific date or at what cost. Gaining a sound understanding of the risk is a solid foundation for an effective proactive response and provides insights to manage the risks.

6. Manage the Risk. Plan out and implement a response for each risk. Typically you will have four options – Transfer the risk (subcontracting scope or adding contractual clauses), risk avoidance (eliminating the source of the risk, such as changing a vendor), risk minimization (influencing the impact) and risk acceptance.

Create a contingency plan for the largest risks. This would encompass all actions taken if a risk were to occur.

7. Create a Risk Register. This will enable you to view progress and stay on top of each risk. A good risk register or log will include a risk description, ownership, and the analysis of cause and effect. This register will also include the associated tasks. A good risk register is a valuable tool in communication project status. It should be easily maintained and updated. By remaining current and up to date, the risk register will be viewed as a relevant and useful tool throughout the project lifecycle.

Once a solid risk management process is established, it forms the basis for crisis prevention and cost effectiveness. Risk management involves adapting the use of existing resources, contingency planning and resource allotment. This process does not need to be complicated. By implementing a project risk management process at the beginning of each project, the team can prepare for whatever may occur and maximize the project results.

Don't forget to leave your comments below.

Josh Medica, CEO and President of Integrated Consulting. Josh’s passion and commitment to project excellence has established him as a project management/project controls industry expert. He transferred that passion and knowledge into executive level master training classes on all topics related to project management and project controls.  Josh has facilitated risk workshops on projects ranging from id="mce_marker"0 MM to $2 BB .  His dynamic and thought provoking presentation style has positioned him as a leading trainer/educator. His speaking circuit also includes house training for large EPC companies, engineering companies, and major oil companies across the globe.

Read 51754 times

Latest from p45h Medica


0 # Tony Welsh 2011-12-14 03:11
This is good as far as it goes but it does not take account of the more mundane everyday uncertainty about task durations. The cumulative effect of these can be substantial, especially because of merge bias. Doing a quantitative risk analysis should perhaps be step 8. Inexpensive software exists to do this. In the Microsoft Project world, Risk+ and my own Full Monte (see are examples. Otherwise Pertmaster and others.
Reply | Reply with quote | Quote
0 # Joe MacNish 2011-12-14 03:20
It is useful to incorporate the risk register as part of the regular, general status reporting for the project. This approach: 1) Ensures mindfulness of the risk as an aspect of the project rather than as a separate concern. 2) Mitigates the possibility that risk awareness will wane among team members (including the risk owners) as their ongoing work demands their attention. Jo e MacNish www.TrackerSuite.Net
Reply | Reply with quote | Quote
0 # paul kostek 2011-12-14 07:04
Good approach, I find many companies complicate their risk programs and lose sight of what it's purpose is and even how it fits on the project.
Reply | Reply with quote | Quote
+2 # Adaweze Ejike-Maduakor 2012-01-04 12:26
Very good article. I have also found that most project managers spend a great deal of time performing qualitative risk analysis and hardly get to perform quantitative risk analysis,The benefits of quantitative risk analysis will further enhance the chances of project success. This involves using software to perform some analysis. This helps with aspects of budgeting like knowing what amount should be set aside in a contigency fund.
Reply | Reply with quote | Quote
0 # Loren Padelford 2012-10-24 09:17
Great article Josh, and I agree with your comment Joe.

Whether it's a project or general risk management, I think people lose sight of what risk management is all about. We are very focused on the downside of risk, and fail to recognize that there is another side of the risk management process, opportunity. Done well, risk management is as much about value creation as it is about value protection.

For risk management to be effective on a project, or within any part of an organization it needs to be simple, and focused on goals -

At the end of the day, project risk is about visibility, accountability and confidence. Effective risk management drives all three, and can significantly improve the chances of delivering on time and on budget.

Reply | Reply with quote | Quote
0 # Sandeep Jain 2012-11-05 06:27
Awesome material!! Good read. The only question I have with "Plan out and implement a response for each risk". Can we really plan out and implement a response for each risk? In ideal world, we may want to skip risk with less score .. isn't it? It is really worth to have response for all the risks? Or if you meant risk response could be not to do anything about it..then I am good.

Thanks for your post!!
Reply | Reply with quote | Quote
0 # Yobes makori 2016-03-01 04:54
The articles has helped me to impart knowledge enabling to teach in a university
Reply | Reply with quote | Quote
0 # chinwe Aguneche 2016-04-26 01:31
I find this very helpful, thanks for the information
Reply | Reply with quote | Quote

Add comment

Security code

Search Articles

© 2016

DC canada 250