On any project there are risks. In many organizations project risk planning is completely overlooked. Project risk is defined by the PMI as “an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives.” Note that risk is not just about negative event planning, but is also about planning for positive risks that may come up as opportunities.
A risk planning process should have three key stages:
- Identify the risks
- Analyze the risks
- Develop a response plan for the top risks
The process of identifying risk is really about getting everyone on the project together and getting their ideas on what could go right or wrong on the project. This can be done using common brainstorming methods or more advanced methods such as the Delphi technique. It is important during this process to try and be open to any suggestions that may be made, no matter how ridiculous they may seem at the moment. Once a list of risks has been created from this process it is important to try to analyze them to come up with risk score by deciding on a probability and rating the impact, and then multiplying them. Once each risk has a risk rating, you can focus on the top risks and come up with a response plan. For negative risks you can try and transfer the risk to another party, you can take actions to try and avoid the risk altogether, or you can come up with contingency plans to deal with the risk if it occurs. With positive risks you can put plans in place to try and make sure that it occurs. This is known as risk exploitation.
This information can be organized in the form of a risk register. The risk register usually have the following information:
- An identification number assigned to each risk event identified
- The risk rank that was determined from the risk score (probability #10 * impact #11)
- A short name to identify the risk
- A longer description of the risk
- A risk category such as technology or procurement
- The potential root cause of the risk
- The triggers, or indicators, for each risk (These are events that signal that a risk event is occurring or about to occur)
- The potential response to the risk
- The risk owner, or the person who will take responsibility monitoring and dealing with the risk
- The probability that the risk will occur
- The impact to the project if the risk occurs
- The status of the risk, i.e. did it happen or was it avoided?
Outside of the benefits avoiding risks altogether using this method, managers, customers and team members will have more confidence in the likelihood of a successful project outcome if they can see that a good risk management plan is in place.
This video by Andy Kaufman, PMP is a great, brief introduction to risk management on projects: