Risk Management Process

There is a potential risk involved in any project that is being planned and conducted. It is important to account for those in the process of planning so that those risks are identified, analyzed and responded to on time in order to avoid potential issues. Risk management process is not only reactive, or in other words it is not only intended to resolve issues when they arise but it should be included in planning process to understand how to avoid and deal with them even before they become a problem. The chances of a risk event occurring (e.g., an error in time estimates, cost estimates, or design technology) are greatest in the concept, planning, and start-up phases of the project. The sooner the risks are identified, the more cost effective is to mitigate them.

The steps in risk management process are:

1. Risk identification - Project manager creates a risk management team consisting of core team members and other relevant stakeholders who are then responsible for generating a list of all the potential risks that could affect the project. Organizations use risk breakdown structures (RBSs) in conjunction with work breakdown structures (WBSs) to help management teams identify and eventually analyze risks. Another useful tool is creating a risk profile. A risk profile is a list of questions that address traditional areas of uncertainty on a project.

2. Risk assessment - Scenario analysis is the easiest and most commonly used technique for analyzing risks. Team members assess the significance of each risk event in terms of probability of the event and the Impact of the event. Because impact ultimately needs to be assessed in terms of project priorities, different kinds of impact scales are used. Some scales may simply use rank-order descriptors, such as “low,” “moderate,” “high,” and “very high,” whereas others use numeric weights (e.g., 1o–10). The risk severity matrix provides a basis for prioritizing which risks to address divided by zones - red, yellow and green.

3. Risk response development - When a risk event is identified and assessed, a decision must be made concerning which response is appropriate for the specific event. Responses to risk can be classified as mitigating, avoiding, transferring, sharing, or retaining. Testing and prototyping are frequently used to prevent problems from surfacing later in a project. Identifying the root causes of an event can be very beneficial. A contingency plan is an alternative plan that will be used if a possible foreseen risk event actually occurs. It represents actions that will reduce or mitigate the negative impact of the risk event. A key distinction between a risk response and a contingency plan is that a response is part of the actual implementation plan and action is taken before the risk happens, while a contingency plan only goes into effect after the risk is recognized.

4. Risk response control - the results of the first three steps of the risk management process are summarized in a document called the risk register which entails all identified risks, including descriptions, category, and probability of occurring, impact, responses, contingency plans, and so on. . Risk control involves executing the risk response strategy, monitoring triggering events, initiating contingency plans, and watching for new risks.