Categorising risk is important in making sure the right people are consulted during a project lifecycle
Resource
Risk is defined as the uncertain outcome of actions and events, either a positive opportunity or a negative threat, which may be within or outside the control of a project. The identification, assessment, and management of such factors are core activities of risk management. Effective risk management is a fundamental part of successful project management. It is critical to project success, not only increasing the likelihood of meeting the project’s objectives, but also generating efficiencies in delivery, improving the quality of results, maximising value for money, and optimising societal value.
Risk management applies across many areas of public sector activity, and this includes the development of decarbonisation projects. Your organisation will have its own approach to identifying, quantifying, and reporting on risks. You will need to identify these and follow as required.
A core component of risk management is the process of identifying potential events or situations which, if they occur, will negatively impact on the activity in question or ability to deliver it.
What is a risk?
Risks are typically characterised and evaluated based on two aspects: the chance or likelihood that an event occurs, and the impact on the project or organisation should that event occur.
- Likelihood – The chance or likelihood that an event occurs is often quantified in terms of its likelihood (e.g. highly likely, or more than 80% chance) as well as when it might occur (e.g. near term, or within one month).
- Impact – The impact on the project or organisation should that event occur. The impact could be very small or a major blocker to a project.
- Mitigating risk – When identifying risks, it is good practice to identify mitigation actions – these are approaches that allow you to either reduce the likelihood that the risk occurs or to reduce the impact of it should it arise.
How do I categorise risks?
A risk event will often lead to a number of aspects being affected – for example, an issue that leads to a health and safety risk may breach health and safety regulations, which would have a negative impact on reputation and may lead to a financial penalty.
The main goal of categorising risk is to avoid any unpleasant surprises. It also provides a systemic, structured and consistent approach to identifying the risks. It also provides better management focus in identifying a wide range of risks. It can help the risk assessment process by providing a framework to cooperate with stakeholders within a specific risk category.
The framework outlined here is the result of work carried out as part of ERIS at the Energy Systems Catapult.
Risk types
Business Risks
These risks remain entirely with the organisation, cannot be transferred by the organisation and include political and reputational risks.
Service Risks
These associated risks fall within the design, build, financing and operational phases of the project and may be shared with others from outside the organisation.
External Risks
These non-systemic risks affect everyone in society and are not connected directly with the proposal. They are inherently unpredictable and random in nature. They include technological disruption, legislation, general inflation and catastrophic risks.
Guest preview of selected publicly available resources