Murphy’s Law is no strange to project management: whatever can go wrong, will go wrong. Fortunately for projects, we have this little magic thing called risk management, which can help us become more comfortable dealing with the unexpected.
Risks are events that should they occur, can have an impact (typically negative) on the project's objectives, causing delays, costs overruns, or affecting quality. Therefore, risk management is the science and art of minimizing these threats by experience, competencies, and useful tools and processes in the management of the project, usually documented in the Project Risk Management Plan.
What is a Risk Management Plan?
A Project Risk Management Plan is a comprehensive document that describes how risk will be managed in the project. It is produced by the project manager and should be completed in the project's planning phase, often being incorporated into the project management plan.
One of the key attributes of a Risk Management Plan is that of detailing each of the steps in the risk management process, namely:
Risk Management Process Steps -
How, when, where, and by whom are risks going to be identified in the project? The identification of risks should be encouraged to anyone and should be part of regular project meetings. Risks identified are typically captured in a Risk Register.
- Qualitative Assessment: identifies the likelihood and impact of the materialization of the risk. When combined, these two variables determine the risk's exposure rating, typically categorized as red, amber, or green risks. You got it; red risks are the serious ones!
- Quantitative Assessment: quantitative assessment takes the risk one step further by calculating the financial implications for the project should the risk materializes. While it requires a certain level of risk management maturity to be reliable, this type of assessment brings a new focus to risks since, after all, it’s always about the money.
Risk Mitigation Planning:
Once risks have been assessed, it’s time to put in place a plan to minimize their impact and probability, that is, mitigate them. Various response strategies are available to the project management team, from an avoidance strategy to acceptance or transfer of the risk, identifying a clearly defined set of mitigation actions and assigning accountability for implementing them.
Risks should be monitored and communicated throughout the project since news risks might arise, or the mitigation actions might not entirely remove the risk. Additionally, risks should be reported and escalated as needed to the project steering committee, for which clear escalation routes should be defined.
Once the risk is no longer active, the project management team will update its status in the risk register. Particular attention should be given to risks that have materialized and turned into issues in the project.
In addition to the risk management process, the Risk Management Plan also describes the roles and responsibilities for managing risks. It identifies any tools, methods, and/or techniques to be used in the project and differs from any existing corporate risk management standards. Therefore, the Risk Management Plan is the go-to place for understanding how risks are going to be addressed in and by the project.
"Risk management is how adults manage projects” (Tom DeMarco): are you up for the challenge?