In my last post I talked about how to identify risks on a project and how to ensure the risks were specific to the project and not general business-as-usual risks. Here I'd like to focus on how to manage those risks effectively and plan for their occurrence.
The key here is to effectively manage the risks so that those risks that pose a threat to project success are mitigated but also so that those risks that might present new opportunities, such as a better deliverable, quicker or at lower cost, are identified and acted upon.
It's important to remember too that projects are always liable to change as they progress so the risk management process should be responsive to change and the risks should be re-assessed from time to time if the project is long or complex.
Risk management is not a separate discipline but an integral part of project management so should be part of the regular activities of a project manager. One of the most important elements of risk management is complete honesty. Without an honest approach to the risks involved there will always be unvoiced issues and these can be the biggest risks of all.
So how can you be sure that, once you have (honestly) identified your risks, that your risk management procedures are effective and add value to the project?
1. Document the risks
Create a risk log listing each risk with a description, stating who is responsible, the likely impact and the mitigating actions that could be taken. It needs enough information to be useful in monitoring and reporting on risks but not so much that it cannot be easily updated. A straightforward, up-to-date risk log will be useful during the whole life of the project.
2. Prioritise the risks
In order to prioritise effectively you need to understand what factors could make the risk more likely to occur and what impact that would have on cost, timescale and scope/quality of the final deliverable. So prioritise the risks using a combination of a probability rating and an impact rating. Some risks may be very likely to occur but have low impact; others may be less likely to occur but have a major impact so the overall priority needs to take this into account.
3. Plan the response
For each identified risk decide, firstly, what could be done to minimise the chance of it occurring and, secondly, what action could be taken if the risk does occur. You will then be better prepared to deal with it if you have to (any risks that could not be anticipated are, of course, another matter).
The usual options to mitigate risks that are threats (rather than opportunities) are:
And one other point: risk management can and does help ensure more successful projects and it should be an integral part of the project management process but it should not be so large a task that the effort expended is out of all proportion to the size of the project or the potential impact of the risks.
Finally make sure the responses are implemented, without following through on the risk reduction measures then the risk management process will add little value overall.
Other blogs in this series:
- Project management - an introduction
- Project management processes and phases
- Business requirements and project managers
- People and behaviours in project management
- Using a Gantt Chart to manage a project schedule
- Project managers don't forget about behaviours and attitudes
- The basics of an effective project plan
- What are project risks and how can you identify them?
This is a project management fundamentals blog written and sponsored by Parallel Project Training. For more about our project management training courses visit our website or visit Paul Naybour on Google+.