Security

Managing project risk is easy with the right process

A lot of project managers are intimidated by the notion of risk management. However, this simple five-step process will be more than adequate for most projects.

A reactive project manager tries to resolve issues when they occur. A proactive project manager tries to resolve problems before they occur. Here's a process you can use to identify risks before they occur:

1. Identify all risks

Perform a complete assessment of project risk. The purpose of this step is to cast a wide net to uncover as many potential risks as possible.

2. Analyze the risks

In the prior step, you uncovered as many risks as possible. You'll find there are usually too many potential risks to manage successfully. In fact, many of them don't need to be managed since they have a low probability of occurring or they would have a low impact on your project. In this step, group the identified risks into high, medium, or low categories. For most projects this can be a subjective assignment based on your best estimates. On some projects, this would be based on rigorous risk models, simulations, and quantitative techniques.

3. Respond to the high risks

Create a response plan for each high-level risk that you identified to ensure the risk is managed successfully. This plan should include activities to manage the risk, as well as the people assigned, completion dates, and periodic dates to monitor progress. There are five major responses to a risk — leave it, monitor it, avoid it, move it to a third party, or mitigate it. The risk plan activities should be moved to your project schedule. You should also evaluate the medium-level risks to determine if the impact is severe enough that they should have a risk response plan created for them as well.

4. Create a Contingency Plan (optional)

A Contingency Plan describes the consequences to the project if the risk plan fails and the risk actually occurs. In other words, identify what would happen to the project if the future risk turns into a current issue. This helps you ensure that the effort associated with the risk plan is proportional to the potential consequences. For instance, if the consequence of a potential risk occurring is that the project will need to be stopped, this should be a strong indication that the risk plan must be aggressive and comprehensive to ensure that the risk is managed successfully.

5. Monitor risks

You need to monitor the risks to ensure they are being executed successfully. You should add new risk plan activities if it looks like the risk is not being managed successfully.

You also need to periodically evaluate risks throughout the project based on current circumstances. New risks may arise as the project is unfolding and some risks that were not identified early may become visible at a later date. You should perform this ongoing risk evaluation on a regular basis – say, monthly or at the completion of major milestones.

I know that a lot of project managers are intimidated by the notion of risk management. However, this simple five-step process above will be more than adequate for most projects.

Editor's Picks