Skip to content

An introduction to risk management

Added to your CPD log

View or edit this activity in your CPD log.

Go to My CPD
Only APM members have access to CPD features Become a member Already added to CPD log

View or edit this activity in your CPD log.

Go to My CPD
Added to your Saved Content Go to my Saved Content

BAWA was the venue for this recent SWWE event, providing an introduction to risk management.  This was a ‘basic’ level event aimed specifically at developing the knowledge and understanding of less experienced members across the South West.

Our speaker, Tim Colton, shared his personal experience as a risk practitioner talking about good practice and some of the pitfalls to avoid. He structured his talk around the generic APM risk process and techniques to provide an introduction to risk management.

Tim started with some definitions from the APM Project Risk Analysis and Management (PRAM) guide and the APM Body of Knowledge (BoK 7), of what a risk is, what uncertainty is and what an issue is compared with a risk.  A risk has a probability of occurring or not, an issue has or will happen, therefore there is no uncertainty.  Both the PRAM guide and BoK are available to APM members to down load from the APM website.

Tim explained that risk management was used to manage a projects exposure to risk, both impact and probability. If risk management is working well, then it goes unnoticed.  

He then looked at the APM risk process, which includes the following stages: iitiate identify, assess, plan responses and implement responses.

The initiate stage is about understanding the context, for the project, for the customer and for the supplying organisation. What level of risk management is appropriate and what approach should be taken.  If one of the organisations is risk adverse, or has a critical business dependency, then a higher level of risk management would be appropriate, with significant resource allocated and more formal and in depth techniques used.

Tim explained that the identify stage needs time and effort to get right. He explained the outputs of the stage and the potential pitfalls, including being aware of the dangers of ‘group think’. He explained about uncertainty and the need for 3 point estimates, and discrete risk events and techniques for identifying risks, including brain storming and learning from experience.  The cause of the risk must be identified and the effect it has as a threat / impact, or as an opportunity.

Risk assessment is about estimating the probability of occurrence and the impact on project objectives if the risk did occur. Both threat and opportunity need to be considered. For example, there may be an opportunity of save costs if an uncertain event does occur.  Tim explained that one of the main challenges was that humans are inherently poor at estimating, being subject to a number of biases. He explained some of the techniques which can help improve estimation, including scenario planning and the use of subject matter experts.

Planned responses should be ‘SMART’, specific, measurable, action oriented, realistic and time bound and should state their planned impact to reduce the risk or enhance the opportunity. Responses to threats include: mitigate (to reduce the impact of a risk), avoid, transfer, accept and fall back, (plan B).  Responses to opportunities are about increasing the probability of occurrence and include: exploit, enhance, share, and accept.

Managing the implementation of responses is focused on proactively managing the risk reduction or opportunity enhancement.  The danger of ‘risk admiration’ should be avoided, risks will not manage themselves.  The main approach is regular reviews with risk owners and stakeholders to confirm progress and to react to changes.  As the project progresses, good risk management will reduce the level of risk and uncertainty.

Tim concluded with explaining that risk management is integral to the other project management processes, in particular, change management, planning and scheduling.  Risk management can never be done in isolation. 

The evening finished with a lively debate and discussion.  Risk management is an essential project management process which at its most powerful is used to facilitate discussion and dialogue between stakeholders so that there is a common understanding of the challenges and opportunities faced by a project, and how they are to be managed to increase the probability of project success.

Tim's presentation can be viewed below.

Martin Gosden
SWWE branch Chair



Join the conversation!

Log in to post a comment, or create an account if you don't have one already.