When is the best time to undertake risk management?

While every project differs in size, time and degree of criticality, there are some guidelines that apply almost universally:
  • A Risk assessment should be initiated at the outset, when first considering the feasibility of a project. Unless the risks are fully understood, how can you truly have determined the feasibility of the project?
  • Even at that early stage, a risk management matrix . register should be established. This should be maintained and updated throughout the life of the project until after the post implementation review.
  • Apart from anything else, this sets a benchmark, and sends a clear message that risk management is taken seriously.
  • As one of the final steps in creating the project execution plan (detailed project plan) the risk analysis should be updated.
  • At regular intervals, undertake risk analysis reviews to determine the effectiveness of any mitigation strategies, and to uncover any new threats that may have occurred.
  • Make sure to do another thorough workshop at before moving into the implementation stage.  This is when there is a greater temptation to skip 'non-core' elements of the project, and it is often one of the riskiest parts of any project. 
  • Ideally, the risk management register should be a core input into the post implementation review. This will help to determine how well risks were identified and managed. It can highlight any shortcomings and help the organisation to improve its risk management into the future.
Next FAQ

Photo used under Creative Commons from LuMaxArt