A reactive project manager tries to resolve issues when they occur. A proactive project
manager tries to resolve problems before
they occur. Here’s a process you can use to identify risks before they occur:

1. Identify all risks

Perform a complete assessment of project risk. The purpose
of this step is to cast a wide net to uncover as many potential risks as
possible.

2. Analyze the risks

In the prior step, you uncovered as many risks as possible. You’ll
find there are usually too many potential risks to manage successfully. In
fact, many of them don’t need to be managed since they have a low probability of
occurring or they would have a low impact on your project. In this step, group
the identified risks into high, medium, or low categories. For most projects
this can be a subjective assignment based on your best estimates. On some
projects, this would be based on rigorous risk models, simulations, and
quantitative techniques.

3. Respond to the high risks

Create a response plan for each high-level risk that you
identified to ensure the risk is managed successfully. This plan should include
activities to manage the risk, as well as the people assigned, completion dates,
and periodic dates to monitor progress. There are five major responses to a
risk — leave it, monitor it, avoid it, move it to a third party, or mitigate
it. The risk plan activities should be moved to your project schedule. You
should also evaluate the medium-level risks to determine if the impact is
severe enough that they should have a risk response plan created for them as
well.

4. Create a Contingency Plan (optional)

A Contingency Plan describes the consequences to the project
if the risk plan fails and the risk actually occurs. In other words, identify
what would happen to the project if the future risk turns into a current issue.
This helps you ensure that the effort associated with the risk plan is
proportional to the potential consequences. For instance, if the consequence of
a potential risk occurring is that the project will need to be stopped, this should be a strong indication that the risk
plan must be aggressive and comprehensive to ensure that the risk is managed
successfully.

5. Monitor risks

You need to monitor the risks to ensure they are being
executed successfully. You should add new risk plan
activities if it looks like the risk is not being managed successfully.

You also need to periodically evaluate risks throughout the
project based on current circumstances. New risks may arise as the project is
unfolding and some risks that were not identified early may become visible at a
later date. You should perform this ongoing risk evaluation on a regular basis –
say, monthly or at the completion of major milestones.

I know that a lot of project managers are intimidated by the
notion of risk management. However, this simple five-step process above will be
more than adequate for most projects.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays