Uncertainty, leading to threat or opportunity, is one of project management’s core characteristics. Poorly managed risk can ultimately lead to failure in delivery of objectives and a reduction in, or complete failure to deliver, benefit realisation.
Effective risk management follows the same natural cycle of responses based on experience, evolved over millions of years in natural systems. That is; Identify, Assess, Plan Response, Select and Implement Response and ensure that Monitoring mechanisms are in place to adjust to any change in risk status. ISEB ISPM, PMI, APMP, M_O_R and Prince2 to name but a few all follow the same principle, albeit using their own flavours to describe the major elements of the cycle. We all follow this cycle when crossing a road.
Identify: Normally two steps, identify context and then identify the risks to the project, this phase ensure that risks to the project are catalogued early in the project life cycle. Through the use of techniques such as PESTLE, SWOT and RIPL prompts the ‘unknown’ uncertainties can be uncovered.
Assess: Assessing risk is normally undertaken in 3 key areas. Risk is assessed in terms of ‘Probability’, the likelihood of occurrence. It is analysed in terms of impact to Project ‘Cost, Time. Quality, Scope, Benefits and Resourcing’. It is important to look at these individually as different projects have different appetites for risk. (E.g. 2012 Olympics cannot accept any threat to time). Also, it is imperative to assess the proximity (nearness in terms of time), of the risk.
Plan Responses: Normally undertaken when project planning and may take the form of considering multiple responses to a single risk. The classic responses used would include some proactive measure undertaken to reduce probability, soften impact or both. (Reduce). Removing the risk entirely often referred to as ‘Avoid’ could involve cancelling the project or de-scoping if the risk impact is too high. Other methods such as ‘transferring risk’ through supplier contract liability or insurance and the use of contingency plans (Fallback/plan ‘B’) can be most effective and often prudent.
Select and implement: Choice must be made based appropriateness. Risk budgets can be applied. However, spending more than ‘probability x (£) impact’ must be given careful consideration and is normally the responsibility of the project’s Sponsor.
No risk management is complete or effective without careful monitoring. Risks happen, go away, get worse or improve. Adjusting the response to the changing environment in which uncertainty exists, is key. Regular reviews of risk registers and post implementation reassessments of probability and impact can deduce whether our response is effective. All takes time and resource. So, it needs planning into the project like everything else.