The concept of risk management is simple.
There are six basic steps:
Define
the project profile
Identify possible risks
Rate
the risks
Develop
mitigation strategies
Implement
strategies
Monitor
and review
The project profile
is normally already defined in the project plan. This profile outlines
the business impact of project success or failure.
The
next three steps are achieved through facilitated workshops. The
facilitator leads a team through a process of identifying risks. They
draw upon their experience and / or databases of common project risks,
and the knowledge of key project team members and business owners.
Using
one of a number of techniques, the risks are assigned a rating. These
are usually in terms of:-
Probability:
How likely is it that the ‘threat’ will eventuate
Impact:
What are the potential consequences to the project and the
organisation of this risk?
The
next step is to develop and/or document any mitigation strategies to
reduce the likelihood and impact of the identified risks, assign
responsibilities, and implement.
An
optional step is to recalculate the risk ratings, taking the mitigation
strategies into account.
The final
‘step’ requires regular reviews to ensure that mitigation strategies
were implemented and are working. It is important to review the risk
management plan to determine the effectiveness of the strategies, revise
the risk ratings, and determine whether any new threats have arisen.