Managing project risk is essential to a successful project and to perform effective project risk management requires time set aside during the project planning phase. Formally review potential risks and assess their likelihood and consequences, this risk analysis leads onto planning how to deal with the risks. This process effectively produces the risk management plan, which should be periodically reviewed as the project executes to both evaluate existing risks and also to identify any new ones.
Identify Project Risks
To find project risks requires a systematic approach to looking at each part of the project to identify potential risks. In particular, review:
- Leadership – engagement of project sponsors and senior management support for project
- Project Manager – appropriate selection for type of project and has relevant competence [content knowledge, skills and behaviours] and does active project risk management
- Project Initiation - identifies problem to be solved and benefits to be obtained resulting in a clear scope
- Project Scope – check the boundaries of the project, what is in scope and what has been excluded. Of those things excluded what might impact the project such as an existing business system that needs to be decommissioned or a business unit that will need to change working practices or its inputs or outputs
- Project Planning - complete set of tasks and good project estimates
- Project Governance – appropriate level of representation and seniority of representatives. How project level decisions are made, how changes to scope are controlled and how any changes are approved
- Business Impact – manage the business change, including defining new business processes, training, working practices and standard and local procedures
- Project Structure – organisation of project team and interaction with: suppliers, business units participating in project and other business units that are potentially impacted by project. That interaction should include defining who is accountability for what, who is responsible to do what, who should be consulted and who should be informed
- Project Resources – people and products are available as needed to execute project tasks
- Technology – check compatibility with environment, use of prototypes or pilots to explore vague requirements and design. Informal testing to identify problems early
Project Risk Assessment
Each risk that has been identified must be evaluated in terms of probability of it happening and the seriousness of the consequences if it does happen. For example:
- Risk might be “Lack of test resource to do testing”
- Probability might be “low” because people are already committed
- Impact might be “high” because it would delay the final delivery
[High, medium or low could be replaced with numerical values.] Expected risk could be defined as Probability x Impact and so the risk rating allows the risks to be prioritised.
Managing Project Risk
All of the work to identify and assess risks should then be used to create a risk management plan for managing risk and to avoid project failure. Each item is reviewed with the intent of clarifying whether this risk matters so much that something must be done about it. If so that action will be:
- To avoid the risk so it doesn’t happen
- To accept the risk, do nothing about it and accept the consequences
- Mitigate the risk, influence probability or impact
- To transfer risk, so someone else bears the risk and consequences
Here is an example. Managing project risk will not guarantee a successful project but it will help.
Roger Lever - Early career was in Treasury Banking and this led to my interest in financial investment, especially the stockmarket. Enjoy reading widely ...
