The purpose of risk management process is to identify, analyze and minimize the potential problems that could affect the activities of a project. Managing the risks facing a project is important as it ensures the stability of the activities of the project. If the risks are not identified and managed, they would result in loss of valuable resources especially an increase in the budget allocated for the project, and the time planned. The basis of this process is the PMBOK framework, which confirms that the process is a proven practice that is used extensively in project management.
The risk management process aims at handling anything that may hinder the project from attaining its ultimate goal. If the risks are not identified, avoided, or resolved the project may end up with a bigger budget, be delayed or even end up completely stalled.
Risk may arise any time over the project lifecycle. Thus, there is need to help the project remain afloat and achieve its goal. Risk management is not only reactive, but should therefore be part of the planning process to figure out all the risks that may happen in the project, and the possible ways that could be used to control the risks if at all they occur.
The risks identified in a project should be evaluated in order to determine the number of resources to be allocated to them. This helps especially when it comes to risk prioritization. This is important since some risks would cause the project to stall if delayed or if not handled with the urgency required.
The objectives of the risk management process are:
- To identify the risks.
- To avoid the risks.
- To prevent the risks.
- To control the possible risks.
- To reduce the possible risks.
- To mitigate the possible risks.
The scope of the risk management process involves the key stakeholders of the project such as the project manager, the project team, and the project sponsor. They all ensure that all possible risks have been identified and planned for beforehand.
The scope of the process comprises:
- Development of a risk management plan
- Risk workshop
- Risk identification and evaluation
- Risk analysis and planning risk responses
- Risk control
- Implementing the risk response strategy
- Risk reassessment
1. Plan Risk Management
Planning risk management aims to define how the risks involved in the project will be managed. The project manager is tasked with planning on how the risk management process will be carried out.
2. Develop Risk Management Plan
The purpose of this activity is to document how the risks will be assessed, who will handle it, and how often the risk planning will be done. This is because risks are bound to come up throughout the project. The project manager is mandated with the development of the risk management plan.
The plan developed should provide a scale that would help in figuring out the probability of every risk. This is because some risks are more likely to occur than others.
The Risk Management Plan is the output document of the develop risk management plan activity. It details how the risks facing a project will be handled. It also captures the positive and negative impacts on the project and the actions that will be required to deal with each one of them.
The Risk Management Plan is then forwarded to the project sponsor for review and approval. The project sponsor reviews the document to ensure that it satisfactorily covers all possible risks of the project and their possible ways of mitigation. The project sponsor then approves the document.
3. Conduct Risk Workshop
The objective of this activity is to brief all key stakeholders on the assessment of the risks involved in the project. The project manager brings together all key stakeholders of the project to conduct a formal assessment of the project. This ensures a good understanding of the tools and benefits of a well-structured analysis of the risks of a project.
At this stage, proactive project managers come up with elaborate management programs for risks for their projects.
4. Identify Risks
This activity aims to identify all the risks that are involved in a project from its initiation to closure. The project team conducts brainstorming sessions where they create a list of all things that could possibly go wrong. It also involves the use of checklists of potential risks and evaluation of how likely those events may occur on the project.
The checklist is important for risk identification as they help in determining specific risks on the checklist, and to also expand the thinking of the team to identify those that may not be included on the checklist. Sources of risks can also be identified in categories while exploring potential risks in a project.
The Risk Registeris the output document for the identify risks activity. It therefore registers all risks identified on the project.
- Project Initiation Process: 6 Key Activities
- Project Planning Process: 7 Key Activities
- Project Execution Process: 8 Key Activities
- Project Monitoring and Control Process: 10 Key Activities
- Project Closing Process: 8 Key Activities
- Project Handover Process: 11 Key Activities
- Quality Management Process: 9 Key Activities
- Change Control Process: 8 Key Activities
- Issue Management Process: 9 Key Activities
5. Analyze Risks
The purpose of this activity is to determine the probability of each of the risks identified is to happen. The project team analyses and determines the risk factor by how it impacts on your project across different metrics. Rules are therefore applied depending on the influences the risks have on the project’s activity resources, timeline, and the cost estimates.
An assessment should be carried out to determine the impact of the risks on the project’s schedule and budget, quality, and procurements. All this will therefore help the project team to understand the full effect of the risks on the project. The Risk Probability and Impact Assessmentdocumentis the output document of the analyze risks activity.
6. Evaluate Risks
This activity aims to evaluate the risks based on the probability that it may occur, and the potential loss that its occurrence may cause to the project. The project team evaluates the probability of the occurrence of the risk and the potential and severity of the loss it may bring along. This is because some risks are more likely to occur than others, and their severity also varies.
Evaluation of risks involves development of an understanding of the potential risks that have the highest possibility of occurring and can therefore greatly impact the project negatively. The Risk Prioritization document is the output for the evaluate risks activity.
7. Plan Risk Responses
The purpose of this activity is to establish strategies that are to be put in place to mitigate the risks identified. The project team may come up with either a preventative or a contingency plan.
The plans are created in containing all possible solutions to the risks identified. The team therefore responds to the risks with the best possible solution and in order of priority. The output document for this activity is the Risk Response Strategy.
8. Control Risks
The aim of this activity is to solve or control all the risks that may occur in the project. The project manager sets the required forces for the risk control, while the person responsible for handling the risk will track its progress to ensure it is fully resolved. The project manager will therefore need to be updated from time to time to ensure he has accurate information on the project’s overall progress in order to be able to identify and control the risks that may come up.
There is also a need for transparent communication during the control of risks. This ensures that all key stakeholders involved in the project are aware of the happenings and are therefore on the lookout for any new risks, and can help manage the process. The risk management plan document acts as the point of reference in the control risks activity.
9. Implement Risk Response Strategy
The purpose of this activity is to implement the strategies established for the risk response. The project team implements the policies and procedures that would help in avoiding or minimizing the risks.
While implementing the risk response strategy, it is important to categorize the risks as high, medium, or low. This helps in the implementation as it is clear which risks should be prioritized as they may have an urgent need for resolution and therefore needs immediate attention. This is because some risks may cause the project to come to a standstill and may not even be completed without giving a priority to solving those risks.
10. Risk Reassessment
This activity aims to re-evaluate the risks identified to ensure that they have been fully mitigated. The project manager reassesses the risk to ensure that they have been dealt with accordingly. This is important because failure to fully mitigate risk could cause a big loss to the project, especially on the resources allocated to it. These resources could be monetary as on the budget, or on the timeline set for the project.
After the reassessment of the risks, the project manager is tasked with making the decision whether the risk has been fully mitigated or not. If risk is not mitigated, implementation of risk response strategy is done again followed by risk reassessment. Otherwise, if mitigation was effective, the risk management process is closed.
11. Close Risk
This is the last activity and end of the risk management process.
With every new project, there are new risks that lay in waiting. While it is difficult to entirely avoid all risks, they can be anticipated, mitigated, and eliminated systematically through the risk management process. Ensure to follow all activities involved in this process to make the project team more responsive and agile when risks occur.