I was sitting in the office at my laptop. I’ve created a perfect plan to fix the problem that may appear in a few days.
It was my first project. And it made me a little proud of the solution I developed.
In a few days, it happened!
With all enthusiasm, I escalated it to the management.
At once I provided my plan to overcome the problem.
In a few hours of intensive meetings, senior management accepted the plan.
The problem was solved fast and easy.
But once everyone left my mentor came to me:
It was a hard hit.
But, if you think about it:
- It was much cheaper and less stressful to inform about the possible issue.
- Discuss it with an expert in a quiet meeting.
- Do not disturb several senior-level managers and engineers. And,
- We could come to the same result without escalation.
That’s how I came up to use this risk management process.
Short Glossary of Project Risk Management
A Risk in terms of PMBOK Guide is:
An uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives.
But you should also keep in mind this critical aspect of risk management. As David Hillson points out in his article:
“Unfortunately, the concept of overall project risk is usually overlooked in the Project Risk Management approach adopted by most organizations. This means that our risk processes focus exclusively on individual risks and we fail to identify or proactively manage the overall risk exposure associated with our projects.”
So, as we talk, keep in mind the overall project risk level as well.
An Opportunity is an event or condition that has a positive effect. As a project manager, you need to try and leverage opportunities.
The Impact is the effect of risk or opportunity. The effect may influence the feasibility, costs, durations, overall risk level, availability of resources, a person, and so on.
We can assess risks qualitatively as Low, Medium, High impact.
We can also describe the impact as a monetary or duration value as $2450 or 7 calendar days of delay.
Probability is the likelihood of risk or opportunity to happen.
Again it can be Qualitative like Low, Medium, High probability. Or Quantitative as 75%.
Risk Response or Risk Respons Plan is the action you will take to try to avoid or mitigate risk.
Example of Risk Management Process
Before you start digging into each step. Here’s what I want to show you:
The examples of the process!
You may have a limited view on risk management. You may think about it only in terms of scope, time, and costs.
Therefore, you will develop responses to the plans with this limited mindset.
However, dealing with risks and opportunities, you need to be creative.
It helps you to come up with more efficient solutions.
So, review this article to learn what you can do with a risk:
Seven Steps of Project Risk Management Process
Below is an overview of the seven steps of risk management.
Each step is a separate process. There are in-depth articles for these steps. So, you can dive deep into each different process.
Risk Management Process Overview
1. Plan Risk Management
As all in project management – it starts with planning.
Well, there’re many reasons:
- Risk Management takes all the project documentation, processes, and workflows as an input. Everything is a source of risks.
- You don’t do Risk Management alone. You need to know your stakeholders. So, you need to plan their engagement.
- You need to collect the assets and knowledge that your organization has. It helps you to avoid creating a wheel.
So, you need a simple Project Risk Management Plan.
It should cover the details for each step we discuss below.
Keep in mind:
There is no such thing as a universal risk management approach. You need to select tools, techniques, and processes for each project individually.
You can find all the details here:
2. Identify Risks
The next step is to identify risks.
You do it with techniques described in the Risk Management Plan. You use these techniques at the spots and with project information you identified in the plan.
Here, you can learn about the most efficient risk identification techniques:
There’s one technique that makes the process efficient.
But many companies neglect it.
It takes efforts and dedication to collect lessons learned.
The main by-product of lessons learned for Risk Management is the List of Risk Categories.
Below you will find 43 Risk Categories as a kickstart. Expand it with your own ones throughout your career.
Read about it here:
How many risks should you have after Risk Identification?
Here’s the truth:
Even on a small project, there are up to a hundred of risks.
What should you do with all of them?
You need to log them all into a Risk Register.
Don’t evaluate them – write them down!
Here you can learn everything about the Risk Register and get a template:
3. Perform Qualitative Risk Analysis
Dealing with all risks is costly.
You will never have a project that allows tackling all the risks.
You need to select risks that have the most severe adverse effect on the project. Moreover, the probability of such a threat should be adequate.
Therefore, by performing Qualitative Risk Analysis, you go from a hundred of risks to maybe a dozen.
You take this dozen of risks to the next step in the process. You will Plan Risk Responses.
The rest of the risks remain in the Risk Register and get into a Watch List section.
Risks can evolve and change their Impact and Probability during the project lifetime.
Learn how to perform Qualitative Risk Analysis here:
4. Perform Quantitative Risk Analysis
(Optional for small and medium projects)
You may analyze risks further by identifying specific numbers for probability in percents and Impact – in dollars.
By multiplying the numbers, you get the monetary impact of a risk. It’s called the Expected Monetary Value (EVM).
Here’s an excellent article by Harry Hall on this topic:
But for smaller projects, you usually don’t need quantitative risk analysis. It doesn’t provide many benefits for the efforts you put into it.
5. Plan Risk Responses
So, now you have a dozen of risks you will work with.
What should you do?
- You can do something to avoid risk.
- You can do something to reduce Impact and/or Probability of a threat.
- You can do nothing and let the risk happen but use the reserves to minimize the negative impact.
- You can do nothing and accept the risk and its effects.
But don’t limit yourself to some standard actions:
Sometimes you need to look beyond your Gantt Chart, your budget, and the team that you have.
Here, you can read more about Risk Response Strategies:
6. Implement Risk Responses
Each Risk Response Plan is a part of your Project Management Plan.
- It’s an amount of budget allocated for the specific risk.
- It’s a separate task someone needs to perform.
- It’s a new process you developed.
So, at a specific moment of your project, someone needs to implement the Risk Response plan. Moreover, this person should report on progress.
Also, you need to do specific actions:
- Assign a Risk Owner. Each risk should have an owner. This person will monitor and work specifically on allocated risk when the time comes.
- Communicate with stakeholders about the upcoming risks and responses you will do.
- Collect data about the risks: number of risks that happen or didn’t occur. The efficiency of risk responses and impact of risks on schedule, budget, scope of work. Also, don’t forget about the client’s happiness.
- Identify any residual risk after you implemented risk responses.
These activities go across the board of all project management efforts. Each risk response is like a micro sub-project.
Here’s a tip:
Delegate ownership for implementing risk responses as much as possible. You need to focus on the bigger picture of project progress, overall risk levels, and new sources of risks.
7. Monitor Risks
As with all controlling processes in project management, it’s the same thing here.
You need to ensure that your risk responses are efficient and timely.
You need to keep an eye on new risks that appear. And they do appear all the time!
Also, you need to control the overall risk level for the project.
At some point, you may feel the need to make changes to the project baselines or your risk management approach.
Sometimes new risks may challenge the feasibility of your project.
So, you need to assess all the input that you get.
Here are some more practical tips on identifying new risks:
If you want to get all these articles as one PDF get access to PM Basics Library.
What Should You Do if Risks Messed Up Your Project
Following this process doesn’t safeguard you from problems.
- You may fail to identify a severe risk.
- Your risk response plan may appear inefficient.
- Small risks may get a severe commutative effect.
- Some risks will be out of your control.
So, you need to be ready to lead your project through this crisis.
And here the catch:
You need to focus your efforts on getting your project back to the project plan.
I mean you should not re-plan the whole project. That will create new risks.
You need to develop corrective actions that will put the project back on track.
If there is no way you can do that – only then recommend canceling the project. You can start all over again with new input.
It will ensure you will waste the client’s money for nothing.
Read more about resolving project management crises here:
Test Yourself in Risk Management
Do you think you know enough about Project Risk Management?
Take this short quiz and identify gaps in your knowledge.
In the end, I provide correct answers and explanations.