Risk management is an all-pervasive component of project management. A degree of uncertainty is prevalent across all the phases of the project, and the uncertainty occurs due the constraints that every project has. Refer to Triple Constraint article to know more about the constraints in Project Management.
Risk Management is simply, managing Project Risks in projects. Project Risk, as defined in PMBOK ®, is an uncertain event or condition that, if it occurs, has a positive or negative effect on at least one project objective, such as time, cost, scope or quality.
Let us analyse some of the phrases in the definition -
A Risk is an uncertain event or condition:At the start of the project we as project managers are given a set of business needs, we estimate costs and timelines during the pre – initiation phases of the project, however as we start delving into the granular levels of the project scope we realize a degree of uncertainty and ambiguity. As per the definition above, presence of an uncertain event or condition may trigger project risk.
Has a positive or negative effect:In the event that we become aware of an uncertain event or condition, we then have to analyse the event. The analysis would help answer on whether they a) have any impact at all, (b) has a negative impact, and (c) has a positive impact. Its important here to realise that Risks could be positive impacts as well. Note: there is a myth in the outside world that Risks always imply negative impacts.
Effect on at least one project objective, such as time, cost, scope or quality:As we do the analysis on the uncertain event, we need to understand the impact of the occurrence of the risk on factor such as time, costs, scope or quality. Due to the presence of the triple constraints in project management, it is likely that the impact would be on more than one such factor. Once again remember, the effect of the Risk could have a positive impact on projects as well, such as a condition that should the event occur, the project timeline and costs may reduce considerably.
As part of the Risk Management, once you have identified and analyzed the Risk, you would enter the information in a Risk Register. A Risk Register is a document that is maintained across the project, and enumerates the risks on the project and usually includes parameters such as:
Risk ID: Unique ID associated to a Risk.
Risk Description: A summary of the uncertain event or condition.
Risk Cause: What would cause the occurrence of the risk.
Impact Probability on Time, Costs, Scope and Quality: Usually entered as a percentage of the occurrence of the Risk (Up to 10% – Low, 20% – Moderate, 40% – High, 80% Very High).
Risk Score – This a statistical calculation that considers the Probability of occurrence and Impact of occurrence entered as a percentage.
The Risk Score, and the associated Risk RAG Status (Red, Amber, Green) determines the mitigation approaches for the Risks. Once the Risks have been identified (as this is a continuous process across the project lifecycle), they would need to be responded to. A Risk Response is the action that the project team needs to take in preparation of the occurrence of the risk. Such Risk Responses differ on whether the impacts are negative or positive to the project objective. The Risk Responses to a negative impact may include the following risk response strategies:
Avoid – This would involve eliminating the Risks completely from the project – such that should the risk occur, there would be no impact on the project objectives.
Transfer – They would involve transferring the impact and ownership of the risk to an organisation or department outside of the project team. The project team then would not be responsible for managing the risk and its impacts.
Mitigate – This would involve actions that the project team would need to take to reduce the impacts of the risks. This would remain within the responsibility of the project team, and would need careful watch on the occurrence of the risk,
Accept – In the event that the project team has no mitigation actions to adopt or rely upon, the team would simply have to accept the risk and bear the consequences of the impacts to the project time, costs, scope and quality.
The Risk Responses to a positive impact may include the following risk response strategies:
Exploit – This would involve proactively taking actions to realize the risks and ensure occurrence of the risk, so that the project could reap the positive impacts.
Share – Sharing the risk would entail that the benefits would be reaped in collaboration with other teams and departments who would benefit from the positive impacts as well.
Enhance – This would be to ensure that the benefits of the impact of the risk occurrence increase, and this strategy usually works very well along side the Exploit strategy.
In conclusion, Risk Management is a continuous process and one of the critical activities throughout the lifecycle of the project. Early identification of risks helps in establishing strong risk response strategies, while the project team can only accept very late identification, especially for the negative risks.
To the readers: If you have enjoyed reading the article, please could you ‘Like’ us on our Facebook page at PROJMENTING – FACEBOOK, thank you. Also if you like to subscribe to the blogs via email, please add your email address and click on Subscribe on the right hand panel of the page.