How to manage risk

The concept of risk management is simple.  There are six basic steps:
  1. Define the project profile
  2. Identify possible risks
  3. Rate the risks
  4. Develop mitigation strategies
  5. Implement strategies
  6. Monitor and review

The project profile is normally already defined in the project plan. This profile outlines the business impact of project success or failure.

The next three steps are achieved through facilitated workshops. The facilitator leads a team through a process of identifying risks. They draw upon their experience and / or databases of common project risks, and the knowledge of key project team members and business owners.

Using one of a number of techniques, the risks are assigned a rating. These are usually in terms of:- 
  1. Probability:  How likely is it that the ‘threat’ will eventuate
  2. Impact: What are the potential consequences to the project and the organisation of this risk?

The next step is to develop and/or document any mitigation strategies to reduce the likelihood and impact of the identified risks, assign responsibilities, and implement.

An optional step is to recalculate the risk ratings, taking the mitigation strategies into account.

The final ‘step’ requires regular reviews to ensure that mitigation strategies were implemented and are working. It is important to review the risk management plan to determine the effectiveness of the strategies, revise the risk ratings, and determine whether any new threats have arisen.

Photo used under Creative Commons from Goldguys