Risk Management is a process of identifying risks, analyse them, planning responses and control them throughout the project life cycle. But the first step is the Risk Management Plan which is a document that contains a detailed plan of how to execute the above mentioned. In other words it describes how the risk management activities will be carried out in the project.
The steps of Risk Management are:
- Plan Risk Management
- Identify Risks
- Analyze Risks
- Planning the Responses
- Monitor and Control the Risks
Plan Risk Management
In the plan risk management process, you define how you’re going to conduct the various risk management activities. You define how you’re going to identify the risks, and once they are identified, how they will be categorized. In this process, you will lay down the formula which will determine the criteria to identify which risks are high, medium or low.
In this process, you start to collect risks by using the techniques defined in your risk management plan. Some techniques extensively used in the process of identifying risk are as follows:
- Documents review
- Information Gathering Technique ( e.g. Brainstorming, Delphi, etc.)
- Interviews with SME’s
- Other techniques
Analyze the Risks
Once all risks are identified and noted in the risk register, you will start analyzing them. You will analyze them using Qualitatively and/or Quantitatively Risks Analysis process, as set in the Risk Management Plan.
The Qualitative Risk Analysis process is performed on almost all projects, while the Quantitative Risk Analysis process is optional. The Quantitative Risk Analysis process is most likely to perform on complex, critical and important projects. In the Qualitative Risk Analysis process, you determine the probability and impact of each risk, and then you prioritize the risks.
After completing the Qualitative Risk Analysis review, you move on to Quantitative Risk Analysis review.In the Quantitative Risk Analysis process, you numerically analyze the risks and their effect on the project objective. Here you are using Monte Carlo analysis, Sensitivity Analysis, EMV etc.
Planning Risk Responses
Until now you have identified and analyzed risks, its time now to make a plan to manage these risks. This process is called Plan Risk Responses.
Strategies for dealing with negative risks are different than the strategies used for positive risks. Strategies used to deal with negative risks are as follows:
- Mitigate: In mitigation, you try to reduce the chance of the risk occurring, or its impact.
- Avoid: In avoid risk response strategy you take measures to completely eliminate the threat or its effect.
- Transfer: Here, you transfer the risk to a third party; e.g. insurance.
- Accept: Here, you acknowledge the risk and document it, but do not take any action to mitigate it or its effect.
While for positive risks, you can use any of the below:
- Enhance: Here, you only try to increase the chance of happening of an opportunity or its impact.
- Exploit: In this strategy, not only do you try to increase the probability of risks, but you also do everything to make sure that opportunity is realized.
- Share: If you are not capable of realizing the opportunity on your own, or due to some other reason, you cannot go alone, you ask someone to join you to share the opportunity.
- Accept: Here, you acknowledge the opportunity and document it, but do not take any action to realize it.
You have identified risks, analyzed them and made a plan to manage them. Now your project is started, and you have to keep looking for these risks and control them when they happen. During this process you will continuously watch for risk occurrences and manage them as per the plan, and record the outcome into the risk register.
In this post I have tried to cover some basics of Risk Management.
Let me know if you have anything to add or need some discussion.