Risk Management: How to Handle Risks in Your Projects
The overriding philosophy to risk management is that we must be proactive. We must try to anticipate any risk to the project, evaluate the probability of the risk happening and plan how to deal with the risk if it occurs.
First let’s define what a risk is. Risk is related to an uncertain event and can affect the project in a good or bad manner. Most of the time we think of a risk as something negative but a risk can also have an upside.
Let’s say that we are going to paint a building. A possible negative risk could be that it will rain for several weeks preventing us from painting thus busting our schedule. A positive risk could be that paint will drop dramatically in price allowing us to save money and possibly go under budget. If we know that paint may drop in price, that is a “risk” we must plan for.
As in all knowledge areas we plan how we are going to conduct the remaining risk processes (develop the road-map).
First we must identify all the risks that we can possibly think of. All the risks are entered into the risk register along with their causes. If we already know how to respond to the risk we can update the register with this information also.
As we get more experience with the project types we often work on, we usually can use a risk register from a previous project as a good template for the register for this project.
The risk register is created in this process but will change and get updated throughout the entire project. The risk register is an important part of the project management plan.
Qualitative Risk Analysis
We now take a look at each risk in the register and analyze its probability of occurring and the overall impact on the project in case it should occur. Based on this we can now prioritize and rank (1-10) all the risks in the register. It is important to understand that the risk priorities may change during the project life-cycle thus we must often revisit the risk register often.
Quantitative Risk Analysis
Here we will try to assign a projected value to each risk in the register. As we calculate the value of each risk if occurring we must make a new prioritized list sorted by expected value.
Example of Quantified Risk Register
*Expected Value = Probability x Impact.
Risk Response Planning
In this process we figure out what to do if a risk occurs. There are a several strategies for handling risks.
|Avoid||We may avoid using a particular piece of software or equipment that may cause the risk to happen.|
|Transfer||We can transfer the responsibility to someone else by agreement or insurance|
|Mitigate||We can make the risk less likely to happen.|
|Exploit||We will try to exploit the risk.If we get compensated for completing the project early we can add people to the project to ensure this.|
|Share||Here we share the risk with someone else. It could be a larger order from our customer if we partner with someone else.|
|Enhance||We can try to enhance some of the underlying risk triggers to make this risk more likely to occur.|
Both types of risks
|Acceptance||This is the simplest strategy. We just accept the risk. This strategy is only used if all other strategies are not resulting in any benefit to our project.|
Risk Monitoring and Control
This process is performed continuously throughout the project and involves looking at the original plan and see that we planned properly. We also monitor for risks occurring and if they do we act according to the planned actions in the risk register. We might have to go back to the risk register and reassess the risks and re-qualify/re-quantify the risks.
We can also perform risk audits to evaluate how the risk management plan and the risk response plan are working as the project progresses.
Risk Management is like many other knowledge management areas important to plan correctly. Identifying risks and knowing how to handle them in advance takes some of the stress out of project management. Risks can make the project fail but if we are well prepared we can make sure the project is still delivered to the customer’s expectations.