What is Risk Management?
 Information management
& technology projects continue to become larger, more complicated
and more difficult to manage. The
risks of project failure escalate in proportion to the complexity of the
project.
The
discipline of risk management provides a method to identify
any threats to the project, and designs strategies to increase
the chances of a successful outcome.
All
current project management methodologies (and some business management
methodologies) require some form of risk management process be
undertaken.
Why
Bother?
Organisations
often make large investments in their information assets. Despite
growing levels of professionalism, many projects fail to deliver the
promised outcomes on time, or within budget.
Some
of these failures are due to inadequate risk management. By exercising
proper risk management controls, it is possible to increase the
likelihood that the project will complete on time and budget, and
realise the anticipated return on investment.
How To ‘Manage’ Risk
The concept of risk management is simple.
There are six basic steps:
-
Define
the project profile
-
Identify possible risks
-
Rate
the risks
-
Develop
mitigation strategies
-
Implement
strategies
-
Monitor
and review
The project profile
is normally already defined in the project plan. This profile outlines
the business impact of project success or failure.
The
next three steps are achieved through facilitated workshops. The
facilitator leads a team through a process of identifying risks. They
draw upon their experience and / or databases of common project risks,
and the knowledge of key project team members and business owners.
Using
one of a number of techniques, the risks are assigned a rating. These
are usually in terms of:-
-
Probability:
How likely is it that the ‘threat’ will eventuate
-
Impact:
What are the potential consequences to the project and the
organisation of this risk?
The
next step is to develop and/or document any mitigation strategies to
reduce the likelihood and impact of the identified risks, assign
responsibilities, and implement.
An
optional step is to recalculate the risk ratings, taking the mitigation
strategies into account.
The final
‘step’ requires regular reviews to ensure that mitigation strategies
were implemented and are working. It is important to review the risk
management plan to determine the effectiveness of the strategies, revise
the risk ratings, and determine whether any new threats have arisen.
Related Topics
Following
are topics which are components of risk management. We are in the
process of developing information for each one. As hyperlinks
appear, you will be able to click on them for more information. Titles
with (FAQ) after them indicate that these can also be accessed via the
'FAQ' button on the left.
|
