Risk Management is the single most common failure of projects. Risks, when they occur, affect the key areas of the cost, time and quality measures that are set when the business case is developed and the project baseline is set.
So what are the Top 6 reasons why a lack of risk management can kill your project?
The way to overcome these failures
- Failing to identify all potential risk areas.
- Failing to assess the impact that these risks will have on the project.
- Failing to analyse the probability of the risks, and categorising these into Low, Medium and High.
- Failing to calculate the threat and exposure of each risk to the project.
- Failing to have a mitigation strategy in place.
- Failing to monitor and review risk.
is to have a robust RISK MANAGEMENT PROCESS
The aim of risk management is to reduce the undesirable consequences (impact) to a project of a risk occurring. The process is continuous throughout the project but should contain the following six stages:1. Risk Identification
The first step in risk management is to identify and assess all potential risk areas. The thoroughness with which this identification is accomplished will determine the effectiveness of the risk management. There are a variety of techniques which can be used to identify risks such as:Brainstorming
– gather a group of people with the necessary mix of skills and knowledge and allow them to come up with as many different risks to the project as possible.Nominal group technique (NGT)
– Rather than shouting out their ideas the members of the group privately record their perceived risks to the project on post it notes. The project manager then asks each of them to nominate a unique risk event.Interviews
– one to one brainstormingDelphi technique
– This method uses expert judgement to determine the possible risk events on a project that are usually external to the organisation.SWOT analysis
– identifying the areas of strengths, weaknesses, opportunities and threats. In other words, those things which expose the project to risk.
It is also vital that once risks have been identified that they are giving ownership. By allocating an owner to the risk , they then become accountable for that risk or risks.2. Risk Impact Analysis
This stage assesses the impact of the risk. The aim is to identify those risks in the project risk register that will have a significant detrimental impact on the project. If the impact is insignificant then you do not need to manage it or spend effort monitoring it.
You can analyse the effects of risk relating to different impact types: Time, Cost, Quality, Safety, Environment and Reputation. You must also estimate the relative impact each risk may have on the project, using a high/medium/low matrix.3. Probability Analysis
Every risk carries with it uncertainty, i.e. a probability that it may occur. Probabilities are usually expressed as percentages. If a risk has a 100% probability of occurring then it is not a risk, it is a certainty! Again a matrix of probability % can be used to divide the risks into Low, Medium and High areas.4. Risk Exposure
Having performed the previous steps it is now possible to automatically produce an exposure catalogue. The threat of, or exposure to, any risk is a combination of the impact it would have, and the probability of it occurring. The following can be used to assist this stage:
Risk Breakdown Structure (RBS):
5. Mitigation Strategy
- Risk Identification
- Risk Checklist
- Risk assessment
- Risk reporting
The purpose of this stage is to define the most appropriate and cost effective mitigation strategy for each risk remaining on the exposure catalogue.
Mitigation should be conducted in the following sequence:
6. Risk Monitoring and Review
Risk monitoring is carried out to ensure that risks are adequately monitored so timely action can take place.
Monitoring takes place at two levels:Proactive monitoring
– we continuously assess the effectiveness of our mitigating strategy for each risk.Reactive monitoring
– where a risk has occurred, and we now have to take positive, but hopefully anticipated, action to deal with it through contingencies.Risk Reviews
– should be carried out at regular intervals.
As a conclusion there is no text book answer on how to handle risk other than have a risk mitigation strategy prepared. Proper risk management will not only reduce the likelihood of the event occurring but also the magnitude of its impact.
AN ONGOING RISK MANAGEMENT PROCESS OVER THE WHOLE PROJECT LIFE CYCLE WILL ENSURE PROJECT SUCCESS.