October 14, 2019

7 Risk Management Process Steps | Roles and Responsibilities

Risk Management

Murphy’s Law is no strange to project management: whatever can go wrong, will go wrong. Fortunately for projects, we have this little magic thing called risk management which can help us to become more comfortable in dealing with the unexpected.

Risk Management Process Steps
Risk Management Process Steps


Risks are events which, should they occur, can have an impact (typically negative) in the objectives of the project, causing delays, costs overruns, or affecting quality. Risk management is, therefore, the science and art of minimizing these threats by experience, competencies, and effective tools and processes in the management of the project, usually documented in the Project Risk Management Plan.

What is a Risk Management Plan?

A Project Risk Management Plan is a comprehensive document that describes how risk is going to be managed in the project. It is produced by the project manager and should be completed in the planning phase of the project, often being incorporated into the project management plan.

One of the key attributes of a Risk Management Plan is that of detailing each of the steps in the risk management process, namely:

Risk Management Process Steps - 

Risk Identification: 

how, when, where, and by whom are risks going to be identified in the project? The identification of risks should be encouraged to anyone and should be part of regular project meetings. Risks identified are typically captured in a Risk Register.

Risk Assessment:

Project Management Risk Assessment, Risk Management Assessment
Risk Management Assessment

so that focus can be put in the higher risks and effort can be proportionate and risk-based it is important to assess each of the risks identified. Two types of assessment are typically performed:
  • Qualitative Assessment: identifies the likelihood and impact of the materialization of the risk. When combined, these two variables determine the exposure rating of the risk, typically categorised as a red, amber, or green risks. You got it, red risks are the serious ones!
  • Quantitative Assessment: quantitative assessment takes the analysis of the risk one step further by calculating what would be the financial implications for the project should the risk materializes. While it requires a certain level of risk management maturity to be reliable, this type of assessment brings a new focus to risks since, after all, it’s always about the money.

Risk Mitigation Planning: 

once risks have been assessed, it’s time to put in place a plan to minimize their impact and probability, that is, mitigate them. Various response strategies are available to the project management team, from an avoidance strategy, to acceptance or transfer of the risk, who should identify a clearly defined set of mitigation actions and assign an accountable for implementing them. 

Risk Monitoring: 

risks should be monitored and communicated throughout the project, since news risks might arise, or the mitigation actions might not fully remove the risk. Additionally, risks should be reported and escalated as needed to the project steering committee, for which clear escalation routes should be defined.

Risk Closing: 

once the risk is no longer active, the project management team will update its status in the risk register. Particular attention should be given to risks which have materialized and turned into issues in the project.

In addition to the risk management process, the Risk Management Plan also describes the roles and responsibilities for managing risks, as well as identifies any tools, methods and/or techniques to be used in the project and where it differs from any existing corporate risk management standards. The Risk Management Plan is therefore the go-to place for understanding how risks are going to be addressed in and by the project.

"Risk management is how adults manage projects” (Tom DeMarco): are you up for the challenge?

No comments:

Post a Comment