Management Tutor
A Project Management Blog

Risk Management Processes

This page describes what is risk and Risk Management. It covers processes Plan Risk Management, Identify Risks, Perform Qualitative Risk Analysis, Perform Quantitative Risk Analysis, Plan Risk Responses and monitor and control risks. It mentions strategies to deal with negative and positive risks.

As we know even most carefully planned project can also run into trouble due to unavoidable risks. Hence we need to plan to tackle these unknown problems which may cause trouble for the project. To do risk planning is must which will identify risks, analyze the risks and prevent the risks if possible. If the risk can not be prevented than either it need to be avoided or mitigated.

What is Risk?

risk example

In generic term, a risk is any uncertain event or condition that might affect the project. The risks can be negative or positive. Positive risk is referred as opportunity.

In project management, any time there is anything that might occur on your project and change the outcome of a project activity, this is referred as risk.

Examples: Event (e.g. fire), Event (e.g. finding easier way to do an activity), Condition (e.g. lower prices for certain materials)

Let us assume that the project requires you to stand on the edge of a cliff. Here there is a risk that you could fall. We will understand the risk mitigation techniques using this example. There are four basic ways one can manage this risk as mentioned below.

Avoid: The best thing that you can do with a risk is to avoid it. If you can prevent it from happening, it definitely would not hurt your project.

Mitigate: If you cannot avoid the risk, you can mitigate it. This means taking some action that will cause it to do as little damage to the project as possible.

Transfer: One effective way to deal with a risk is to pay someone else to accept it on your behalf. For example, buying insurance.

Accept:When you can not avoid, mitigate or transfer a risk then you have to accept it and face the consequences and look at the alternatives after that.

The strategies for handling positive risks are as follows:

Exploit: This is when you do everything you can to make sure that you take all the benefits of an opportunity. You could assign best resources and allocate more funds to get most out of this opportunity.

Share: Sometimes it is harder to take advantage of an opportunity on your own. In this condition, you will bring another company to share or work along with you. This way one can take maximum benefits of having an opportunity rather than leaving it.

Enhance: This is when you try to create opportunity more probable by influencing its triggers. For example, you want to click picture of a rare bird. To make this happen you will put more food to attract the bird.

Accept: Just like accepting a negative risk, sometimes an opportunity just falls in your lap. In this condition best thing is to just accept it immediately.

Risk Management

Figure mentions inputs and outputs for the risk management knowledge area.
Risk Management deals with following processes:

•  Plan Risk Management: This process produces risk plan which is useful for managing risks. Here risks in various categories are defined. It is referred as risk breakdown structure.

•  Identify Risks: In this process more and more risks are identified using information gathering techniques. The four techniques are brainstorming, interviews, delphi technique and root cause identification. The other basic techniques for identify risks are documentation reviews, checklist analysis, diagramming techniques, SWOT analysis and assumptions analysis.

•  Perform Qualitative Risk Analysis: In this process we need to look at each risk and figure out how likely it is and how big its impact will be.

•  Perform Quantitative Risk Analysis: Here numbers will be assigned to each risk based on probability and impact.

•  Plan Risk Responses : The ways to tackle positive risk("opportunity") and negative risk("threat") as explained above need to be worked upon and suitable action to be taken.

•  Monitor and Control Risks: The process has been explained below.

Monitoring and control risks

The risk monitoring and control process is exactly like other change control processes. Here risk manager or project manager need to continuously monitor the project's progress with respect to risk register. If a new risk happens, it has to be immediately tackle with. Risk monitoring should be done at every status meeting. If you need to implement a risk response, you take it to change control board because it affects project constraints.

monitoring and control risks

Constant review of all the project data will help to react if a new risk is uncovered or risk response strategies need to be applied quickly. Careful monitoring is a must to avoid any risk. The other techniques for controlling risks are risk re-assessment, variance and trend analysis, reserve analysis, risk audits, technical performance measurement and status meetings as mentioned above.