(Risk Management lifecycle).
Risk is defined as “uncertainty on the achievement of project objectives.”Risk management is always related to a specific context.
In a project setting, the context of risk management relates to the stages of the project management life cycle, being initiation, planning, execution, closure, and monitor and review.
(Project Management lifecycle).
The risk management process should be applied as early as possible in the project life cycle, so that risks are identified, assessed, and appropriate responses developed before moving to execution.
Risk management canvas has six segments and each item represents a stage of risk management. The monitor and review stage is shown as a continuous activity throughout the process.
CONTEXT AND SPECIFIES OBJECTIVES
The first stage of the risk management process sets the context and specifies objectives. Being the first stage, it is vital that there is absolute clarity on the context in which the risk management process is to be applied. This is followed by specifying key objectives to be achieved. It is important to consider that the process can be applied at the strategic, operational, departmental, or functional level within an organisation.
Key questions
- What is the context?
- What are the key objectives?
Key Tools and reporting systems
- Information Gathering (document, researches, view of the Project Charter, meeting with an overview).
RISK IDENTIFICATION
Risk identification considers the types of risks or uncertainties that may impact on achieving of set objectives. Identifying a range of possible risks takes practice and experience.
Key questions
- How will identify risks to objectives?
- What categories will be used?
- What are the cause and effect of risks on project objectives?
Key Tools and reporting systems
- Formal meeting
- Brainstorming
- PESTLE
- Risk Management Plan
- Risk Register
- Risk Breakdown Structure
- Delphy Techniques
- Checklist
- Diagram Techniques
- Ishikawa
- Flow Chart
- Decision Diagram
RISK ASSESSMENT
Risk assessment is the key tool to estimate uncertainty in achieving goals, identify prevention and protection measures and plan their implementation, improvement and control in order to verify their effectiveness and efficiency. A combination of both the likelihood and consequence enables an initial risk assessment to be performed.
In this stage it is required to consider the Risk Appetite that respond to the ALARP criteria (following the logic As Low As Reasonably Praticable).
There are Negligible Risk, Tolerable Risk, Unacceptable Risk.
During the risk assessment stage it is necessary to estimate both the Residual Risk and the Gross Risk.
Key questions and reporting systems
- How will you assess likelihood and consequence of each risk?
- How would you determine the overall risk level?
- Are there any existing controls in place?
Key tools and reporting system
- Risk Register
- Risk Management Plan
- Risk Matrix (qualitative risk assessment)
- Montecarlo simulation (quantitative risk assessment)
(Examples of Risk Matrix and Montecarlo simulation)
RISK RESPONSE
After the risk assessment stage, it is required to decide how to respond to the assessed risks and to decide which typologies of actions need to adopt in order to minimise threats and maximize opportunities to the achievement of project’s objectives. The focus is therefore about finding ways of reducing the negative risks, leveraging the positive risks, or simply accepting the risks in an informed manner.
It is necessary to consider the 4 T to handle the risk and to understand what response strains are taken.
- Take
- Treat
- Transfer
- Terminate
Key questions
- What response options will you consider?
- What additional resources will you require?
- Who will be responsible for managing and implementing risk response?
- How will you document the outcomes?
Key tools and reporting systems
- Risk Response Plan
- Risk Register (Risk Response and Risk Owner)
- Risk Management Plan
- Risk Contingency Plan
- Meetings on the state of progress of the project
(Risk Register Example)
COMMUNICATING
Communicating the identified risks and responses to the team and stakeholders underpins the successful management of the risk management process. Communication needs to occur regularly, openly, and formally, to ensure that all stakeholders are aware of the risks and planned responses. Open and honest communication further allows for all stakeholders to be involved in the risk management process and offer input where necessary.
Key questions
- What do I need to communicate?
- To whom do I need to communicate?
- What strategies can I use to communicate?
Key tools and reporting systems
- Risk Management Plan
- Conference Call, meeting
- Software of sharing issues, progress, RACI
MONITOR AND REVIEW
Monitor and review is a continuous circular activity that occurs at each stage throughout the process. Therefore, to be effective, the risk management process must remain dynamic.
Key questions
- What are the timelines I need to consider?
- How often do I review and revise the risk work undertaken?
- How effective is our risk management strategy?
- How effective is a risk identification process?
- How accurate and effective is risk assessment?
- Have risk response methods been effective?
- What records do I need to keep? and Are safety procedures being followed?
Tools and reporting system
- KPI
- Dashboard
Risk management is a standardised process; therefore, can be applied in a number of different contexts. Application of the process in a project setting is not only essential, but it also requires early adoption and continuous review and updating throughout the entire project life cycle.
Author
Valerio Gambino