Project Risk Management - Process Landscape
4 Core Steps to An Effective Risk Management Process
Project Risk Management is an important set of processes – designed to ensure that the least number of unplanned disruptions occur during project execution, and when they do, be prepared to deal with them. While we can never predict the future with certainty, we can apply a simple and streamlined risk management process to determine risk items within a project and minimize the impact should they occur.
This article presents the overall structure of a thorough risk management process. It provides a review of the major process steps comprising project risk management.
Implementing a project risk management approach is vital for any project organization. Risk management doesn’t have to be resource intensive or difficult for organizations to undertake. With some formalization, structure, and a reasonable amount of effort on the part of the project team, risk management can provide very tangible benefits.
In General, the effectiveness of risk management efforts will be dependent on three factors:
- How determined the effort to manage risks
- Maturity of the project team / organization
- The state of risk management process and tools
Determination and maturity are environmental variables related to the project team and the organization. Item three is the focus of our upcoming series of articles – provide an efficient but effective risk management protocol that is easy to understand and simple to use.
Let’s begin with a robust definition for Project Risk Management.
Project risk management is the process of identifying, assessing, controlling (via risk response development) and monitoring risks over the life cycle of a project – repeating the process periodically – such that the delivered project satisfies its objectives.
There seems to be only one guarantee in risk management – the project team will never identify all of the risks.
Simply put, we know what the project risks are, how much they can hurt us, and we’ve got a plan to deal with them – while keeping a watchful eye out for their arrival. And we’ll do this as many times as necessary throughout the project to ensure its satisfactory delivery.
Project Risk Management Challenges
There seems to be only one guarantee in risk management – the project team will never identify all of the risks. Here are typical risk management challenges that I’ve faced as a PM.
- Poorly defined processes
- Cumbersome or bureaucratic processes
- Lack of interest leading to lack of effort
- Lack of skills
- Risks are not communicated
- Risks, when identified, are not assessed or planned for
- A tendency to hide potentially bad news
- Disinterested sponsorship
- ‘Get in and do it’ attitude – foregoing proper planning and risk management
- Failure to integrate risk beyond planning stage
- Poor project planning processes
In our 5-part series we will endeavor to provide a solution to each of these issues via an effective and efficient process structure and tool set.
Benefits of an Effective Risk Management Program
For our purposes, the cumulative benefits of project management improve 3 major project areas: communications; data; and decision making.
In summary, a properly run project risk effort forces a deeper understanding of the project. As a result, the project team has access to data and the logical decisions made from that data that it otherwise would not have. Risk management is now augmenting other project monitoring functions – if not outright exceeding them. Properly communicating project risks has the effect of marshaling organizational interest and resources which would not otherwise have been available. To review a detailed examination of the benefits of project risk management see our article entitled “10 Benefits of Project Risk Management.”
Ultimately, the convergence of data, communication and decision making will have a decisive impact on your project’s performance – up to and including the point of its salvation.
For those doubting the power of risk management, checkout some of the minefields it can uncover in the “Project Management Basics” article entitled “Risk Management Examples: 9 Behind the Scenes Stories.“
Risk Management Processes
As our first of a series of 5 articles regarding Project Risk Management, this effort is intended to provide a summary overview of risk management and its 4 major processes. These 4 processes include:
- Risk Identification
- Risk Assessment
- Risk Control
- Risk Monitoring
In the first step of the risk management process, the project team will proceed to identify any and all risks that threaten the successful delivery of the project.
Generally speaking, there are a number of approaches used to identify risks. These will involve ‘brainstorming’ to some degree. In addition, there are systematic methods and use of historical project risk and performance data.
The output from this step will be a partially constructed Risk Register. The Risk Register will become quite familiar to all during the course of this blog series, but for now suffice it to say that the register is a tabular spreadsheet like document containing all of the details of a particular risk – including a response plan and an owner. For those ready to jump ahead, checkout “projectmanager.com’s” article entitled “Guide to Using a Risk Register.”
Once project risks are identified, we transition into the Risk Assessment process. The steps here will fully define the risk in terms of its probability and impact as well as other qualitative factors.
Once completed, this phase will leave us with a fully assessed and ranked/prioritized set of project risks rounding out the Risk Register.
Project Risk Control means the development of a risk response strategy for selected ‘over the threshold’ risks in the Risk Register. These responses are the individual plans the team will put in place to minimize the likelihood of occurrence and/or impact of a given ‘significant’ risk.
With a now completed Risk Register, the Risk Monitoring will detail the project team’s responsibility of periodically monitoring the individual risks defined in the register.
This risk process also defines the periodicity of continuing risk management efforts – identifying, analyzing, and controlling new or emergent risks – throughout the project life-cycle.
Thus, we begin a brief and hopefully illuminating journey into an often-stubborn area of project management – the identification and management of project risks. Our introduction has included briefs of challenges, benefits, background and a risk management definition.
Join Our Community
Latest Posts from the
Managing Software Vendors – 6 Practices for Project Success
This paper addresses the most common issues facing companies that make use of vendors and sub-contractors in a software development environment. It attempts to address the myth that you can exercise little control over vendors and sub-contractors.
Application Portfolio Management 101 – Method and Benefits
APM is one of the single most effective IT management paradigms ever developed. When implemented properly, its impacts on the software inventory, its associated infrastructure and the cost of external organizations supporting it are astonishing.
3 Stages of PPM Maturity
Our third and final stage of PPM Maturity establishes 3 different sets of functions. First – Infrastructure is developed, meaning Services, Assets, and Applications as the infrastructure components of Enterprise PPM. Second, external Products and Services that the organization sells are defined. Finally, we add a Benefits Realization process to capture both tangible and non-tangible benefits.
PLEASE – What is Project Governance Really About?
The accepted definition and associated conventions of project governance have arrived. The challenge will be how individual organizations introduce, standardize and mature it into and along with the breadth of their project, program, and portfolio systems.
Projects, Programs & Portfolios in Action
The architecture of our portfolio models provide continuous visibility into the current state, the future state and progress to date of our organizational initiatives and allows us to adapt to the internal and external drivers of change