When is the best time to undertake risk management?
While every
project differs in size, time and degree of criticality, there are some guidelines that apply almost universally:
A
Risk assessment should be initiated at the outset, when first
considering the feasibility of a project. Unless the risks are fully
understood, how can you truly have determined the feasibility of the
project?
Even at that early stage, a risk management matrix .
register should be established. This should be maintained and updated
throughout the life of the project until after the post implementation
review.
Apart from anything else, this sets a benchmark, and sends a clear message that
risk management is taken seriously.
As one of the final steps in creating the
project execution plan (detailed project plan) the risk analysis
should be updated.
At regular intervals, undertake risk analysis
reviews to determine the effectiveness of any mitigation strategies, and to
uncover any new threats that may have occurred.
Make sure to do another thorough
workshop at before moving into the implementation stage. This is when
there is a greater temptation to skip 'non-core' elements of the project,
and it is often one of the riskiest parts of any project.
Ideally,
the risk management register should be a core input into the post
implementation review. This will help to determine how well risks were
identified and managed. It can highlight any shortcomings and help the
organisation to improve its risk management into the future.