Risk Management: How to Handle Risks in Your Projects

The overriding philosophy to risk management is that we must be proactive. We must try to anticipate any risk to the project, evaluate the probability of the risk happening and plan how to deal with the risk if it occurs.

First let’s define what a risk is. Risk is related to an uncertain event and can affect the project in a good or bad manner. Most of the time we think of a risk as something negative but a risk can also have an upside.

Let’s say that we are going to paint a building. A possible negative risk could be that it will rain for several weeks preventing us from painting thus busting our schedule. A positive risk could be that paint will drop dramatically in price allowing us to save money and possibly go under budget. If we know that paint may drop in price, that is a “risk” we must plan for.

Risk Planning

As in all knowledge areas we plan how we are going to conduct the remaining risk processes (develop the road-map).

Risk Identification

First we must identify all the risks that we can possibly think of. All the risks are entered into the risk register along with their causes. If we already know how to respond to the risk we can update the register with this information also.

As we get more experience with the project types we often work on, we usually can use a risk register from a previous project as a good template for the register for this project.

The risk register is created in this process but will change and get updated throughout the entire project. The risk register is an important part of the project management plan.

Qualitative Risk Analysis

We now take a look at each risk in the register and analyze its probability of occurring and the overall impact on the project in case it should occur. Based on this we can now prioritize and rank (1-10) all the risks in the register. It is important to understand that the risk priorities may change during the project life-cycle thus we must often revisit the risk register often.

Quantitative Risk Analysis

Here we will try to assign a projected value to each risk in the register. As we calculate the value of each risk if occurring we must make a new prioritized list sorted by expected value.

Example of Quantified Risk Register

*Expected Value = Probability x Impact.

Risk Response Planning

In this process we figure out what to do if a risk occurs. There are a several strategies for handling risks.

Negative Risks

Positive Risks

Both types of risks

Risk Monitoring and Control

This process is performed continuously throughout the project and involves looking at the original plan and see that we planned properly. We also monitor for risks occurring and if they do we act according to the planned actions in the risk register. We might have to go back to the risk register and reassess the risks and re-qualify/re-quantify the risks.

We can also perform risk audits to evaluate how the risk management plan and the risk response plan are working as the project progresses.

Risk Management is like many other knowledge management areas important to plan correctly. Identifying risks and knowing how to handle them in advance takes some of the stress out of project management. Risks can make the project fail but if we are well prepared we can make sure the project is still delivered to the customer’s expectations.