Risk Management is simply defined as identifying, analyzing and managing the uncertainties in a project -both positive (opportunities) and negative (threats). The benefits of risk management are instrumental to a project’s success. By proactively addressing uncertainties, in combination with a strong project management program, problems within the project can decrease by as much as 60 or 70 %.
The International Organization for Standardization identifies the following principles of risk management.
Risk management should:
|~ create value
|~ be integral to the organization process
|~ be part of the decision making
|~ address uncertainty and assumptions
|~ be systematic and structured
|~ be based on accurate information
|~ be project specific
|~ account for human factors
|~ be transparent and inclusive
|~ be responsive to change
|~ be periodically re-assessed
But what are the steps to building an effective risk management program?
1. Embed risk management as an integral part of the project. Stakeholder buy-in and support is very important to achieve a successful risk management process. It is a good practice to ensure that there are demonstrable benefits to illustrate this approach and make risk management part of the day to day operations.
2. Identify Risk. This step is most effective when done very early in the project. Having a brainstorming session with team member to list out several potential risk items is a good beginning. Include all potential risks, including the risks that are already known and assumed, such as scope creep. Include threats that may stem from human threats, operational issues, procedural impacts, financial threats and natural events. Talk to the industry experts who may have experience in your project type to get a different perspective.
Identify not only the threats, but also any opportunities that may impact your project. Opportunities may assist you in bringing the project in on schedule, perhaps with better deliverables or make it more profitable.
Communication at this stage is crucial. Including communication of risk as part of all meetings is effective to illustrate the importance of risk management, share the risk potentials and provide a platform for discussion.
3. Assign Ownership. Who is going to be responsible for what risk? This person will be accountable to optimize a specific risk-either decrease the threat or capitalize on the opportunity. They will identify the possible triggers to their assigned risk.
Assigning ownership is also important in establishing an effective and clear communication channel. All involved with the project know whom to call when questions arise.
4. Estimate or Prioritize Risks. Once the risks are identified, the next step is to assess the likelihood of the threat being realized. Some risks will have a much higher impact. One approach to estimating the risk is to make a best estimate of the probability and multiply this by the amount it will cost to set things right, if it happens. This will provide an impact value associated with the risk. Another approach is to assign each risk a numerical rating, such as a scale from 1 to 5. Do you have any potentially large events that can cause huge losses OR gains? These will be the number one priorities. Ensure that your priorities are used consistently and focus on the biggest risks first and the lesser priority risks as applicable.
5. Analyze the Risk. What is this risk about? What are the effects of this risk? What causes will make this risk occur? List the different causes and circumstances that affect the risk likelihood; doing a simulation to illustrate how likely the project is to finish on a specific date or at what cost. Gaining a sound understanding of the risk is a solid foundation for an effective proactive response and provides insights to manage the risks.
6. Manage the Risk. Plan out and implement a response for each risk. Typically you will have four options – Transfer the risk (subcontracting scope or adding contractual clauses), risk avoidance (eliminating the source of the risk, such as changing a vendor), risk minimization (influencing the impact) and risk acceptance.
Create a contingency plan for the largest risks. This would encompass all actions taken if a risk were to occur.
7. Create a Risk Register. This will enable you to view progress and stay on top of each risk. A good risk register or log will include a risk description, ownership, and the analysis of cause and effect. This register will also include the associated tasks. A good risk register is a valuable tool in communication project status. It should be easily maintained and updated. By remaining current and up to date, the risk register will be viewed as a relevant and useful tool throughout the project lifecycle.
Once a solid risk management process is established, it forms the basis for crisis prevention and cost effectiveness. Risk management involves adapting the use of existing resources, contingency planning and resource allotment. This process does not need to be complicated. By implementing a project risk management process at the beginning of each project, the team can prepare for whatever may occur and maximize the project results.
Don’t forget to leave your comments below.
Josh Medica, CEO and President of Integrated Consulting. Josh’s passion and commitment to project excellence has established him as a project management/project controls industry expert. He transferred that passion and knowledge into executive level master training classes on all topics related to project management and project controls. Josh has facilitated risk workshops on projects ranging from id=”mce_marker”0 MM to $2 BB . His dynamic and thought provoking presentation style has positioned him as a leading trainer/educator. His speaking circuit also includes house training for large EPC companies, engineering companies, and major oil companies across the globe.