Risk Management Process

Describe the risk management process which is to be applied in your organisation. A typical risk management process is as follows:

Identify Potential Risk Events

Risk identification and analysis will need to be carried out throughout the project lifecycle. At the commencement of the project, an initial identification of risks is undertaken. Risks will vary dependent upon the size and complexity of the project and fall into two categories, those that directly relate to the project deliverables (e.g. new technology and those that relate to the periphery of the project such as organisational changes affecting key stakeholders). The project team should brainstorm all of the likely risks and then review them for validity by looking at whether the risk impacts on scope, cost or timescale.

Record on Risk Register

Once the risks have been identified as valid risks you should record them on a risk register. A typical risk register will have the following format:

At this point, it will not be possible to input information on probability, impact, status, owner and mitigation cross reference, that information will be included as part of the later processes.

Risk Analysis and Quantification

Assess the probability of the risk occurring and the impact of the risk. Probability of the risk materialising should be reviewed, and each risk should be categorised as follows:

• low probability
• medium probability
• high probability.

The impact on the project, should the risk materialise, is then assessed. Categories are as follows:
high impact means there is a significant effect on the schedule and costs

• medium impact means a less serious effect on the schedule, and some impact on costs
• low impact means a minor effect on schedule with little impact on costs.

The probability and impact categorisations should then be updated onto the risk register.

Risk Mitigation Plan

Once the probability and impact categorisation is complete, mitigation strategies and actions should be pursued. The mitigation strategy and associated actions will vary depending upon the probability and impact. An example of a mitigation strategy for a situation where a supplier of a key deliverable in the project is failing would be to line up another supplier and agree contractual terms whilst putting pressure on the current supplier to perform. Associated actions would be determined to enable this twin prong strategy to be implemented. It is important that each risk on the risk register is allocated an owner, and that this owner takes responsibility for the mitigation strategy and actions.

The mitigation strategy and actions for each risk should be documented formally on a risk mitigation form, see below. The risk register should be updated with the owner, the mitigation cross reference, and the status (active, cancelled, postponed or completed).
 

Risk Monitoring

Once the initial risk assessment has been carried out, a risk register created and risk mitigation actions planned, it is important that the risk register is reviewed on a regular basis, ensuring not only that actions are progressed but that any change in status (probability or impact) of any risk is captured.

This checklist provides guidelines on the typical contents that should be included in a project plan document, and the typical approach that should be adopted in the production and agreement of a project plan. The project plan determines the route by which the project objectives, outlined in the PID, will be achieved. A project plan document should be produced though it is likely that the vast majority of the output will come from the project management software tool.

Already have an account? Login