4 Core Steps to An Effective Risk Management Process
Apr 3, 2019
Project Risk Management is an important set of processes – designed to ensure that the least number of unplanned disruptions occur during project execution, and when they do, be prepared to deal with them. While we can never predict the future with certainty, we can apply a simple and streamlined risk management process to determine risk items within a project and minimize the impact should they occur.
This article presents the overall structure of a thorough risk management process. It provides a review of the major process steps comprising project risk management.
Implementing a project risk management approach is vital for any project organization. Risk management doesn’t have to be resource intensive or difficult for organizations to undertake. With some formalization, structure, and a reasonable amount of effort on the part of the project team, risk management can provide very tangible benefits.
In General, the effectiveness of risk management efforts will be dependent on three factors:
How determined the effort to manage risks
Maturity of the project team / organization
The state of risk management process and tools
Determination and maturity are environmental variables related to the project team and the organization. Item three is the focus of our upcoming series of articles – provide an efficient but effective risk management protocol that is easy to understand and simple to use.
Let’s begin with a robust definition for Project Risk Management.
Project risk management is the process of identifying, assessing, controlling (via risk response development) and monitoring risks over the life cycle of a project – repeating the process periodically – such that the delivered project satisfies its objectives.
There seems to be only one guarantee in risk management – the project team will never identify all of the risks.
Simply put, we know what the project risks are, how much they can hurt us, and we’ve got a plan to deal with them – while keeping a watchful eye out for their arrival. And we’ll do this as many times as necessary throughout the project to ensure its satisfactory delivery.
Project Risk Management Challenges
There seems to be only one guarantee in risk management – the project team will never identify all of the risks. Here are typical risk management challenges that I’ve faced as a PM.
Poorly defined processes
Cumbersome or bureaucratic processes
Lack of interest leading to lack of effort
Lack of skills
Risks are not communicated
Risks, when identified, are not assessed or planned for
A tendency to hide potentially bad news
‘Get in and do it’ attitude – foregoing proper planning and risk management
Failure to integrate risk beyond planning stage
Poor project planning processes
In our 5-part series we will endeavor to provide a solution to each of these issues via an effective and efficient process structure and tool set.
Benefits of an Effective Risk Management Program
For our purposes, the cumulative benefits of project management improve 3 major project areas: communications; data; and decision making.
In summary, a properly run project risk effort forces a deeper understanding of the project. As a result, the project team has access to data and the logical decisions made from that data that it otherwise would not have. Risk management is now augmenting other project monitoring functions – if not outright exceeding them. Properly communicating project risks has the effect of marshaling organizational interest and resources which would not otherwise have been available. To review a detailed examination of the benefits of project risk management see our article entitled “10 Benefits of Project Risk Management.”
Ultimately, the convergence of data, communication and decision making will have a decisive impact on your project’s performance – up to and including the point of its salvation.
As our first of a series of 5 articles regarding Project Risk Management, this effort is intended to provide a summary overview of risk management and its 4 major processes. These 4 processes include:
In the first step of the risk management process, the project team will proceed to identify any and all risks that threaten the successful delivery of the project.
Generally speaking, there are a number of approaches used to identify risks. These will involve ‘brainstorming’ to some degree. In addition, there are systematic methods and use of historical project risk and performance data.
The output from this step will be a partially constructed Risk Register. The Risk Register will become quite familiar to all during the course of this blog series, but for now suffice it to say that the register is a tabular spreadsheet like document containing all of the details of a particular risk – including a response plan and an owner. For those ready to jump ahead, checkout “projectmanager.com’s” article entitled “Guide to Using a Risk Register.”
Once project risks are identified, we transition into the Risk Assessment process. The steps here will fully define the risk in terms of its probability and impact as well as other qualitative factors.
Once completed, this phase will leave us with a fully assessed and ranked/prioritized set of project risks rounding out the Risk Register.
Project Risk Control means the development of a risk response strategy for selected ‘over the threshold’ risks in the Risk Register. These responses are the individual plans the team will put in place to minimize the likelihood of occurrence and/or impact of a given ‘significant’ risk.
With a now completed Risk Register, the Risk Monitoring will detail the project team’s responsibility of periodically monitoring the individual risks defined in the register.
This risk process also defines the periodicity of continuing risk management efforts – identifying, analyzing, and controlling new or emergent risks – throughout the project life-cycle.
Thus, we begin a brief and hopefully illuminating journey into an often-stubborn area of project management – the identification and management of project risks. Our introduction has included briefs of challenges, benefits, background and a risk management definition.