If you have read all the previous chapters, by now you have a good foundation level understanding of what Project Risk Management is. We have already covered the Risk Management Framework as well as PMBOK Guides Perspective of Risk Management. Now we are going to take a look at the “5 Step Approach to Managing Project Risk” which will enhance your high-level understanding of the whole area of project risk management.
Good Project Risk Management begins early on in the life of the project when the data & information availability is minimal. This is because, this is the stage where uncertainty is at its highest and applying effective Risk Management will be most beneficial.
In order for Risk Management to be effective, we need to ensure that:
a. We have a thorough and realistic understanding of the Project, the Project Goals and Project Scope. If we do not have this basic understanding, then we may end up fighting a losing battle. Think this way, can you effectively prepare for a boxing match when you do not who your opponent is, where it is going to take place and how he fights? Even if you manage to be prepared, what are your chances of success? What is your opponent is 7 feet tall and weighs 450 pounds?
b. Follow good Project Management Practices. This again is extremely vital to ensure project success. A good project manager is one that plans meticulously and ensures that all stakeholders are identified and the scope is clearly defined. The good project manager never leaves anything to be assumed and ensures that all stakeholders are kept at the ideal level of understanding for a smooth project progression. If we can ensure this, we are not only reducing project risk but also increasing the chances of our project’s success.
The Standard Five Step Approach to Managing Project Risk
The Standard 5 step approach to project risk management consists of the following steps:
1. Risk Management Planning – This is the first step. This is where we plan and strategize on how to manage all the risks in our project. This is where the Risk Management Plan is created. We define what a risk is and ensure that everyone is in the same page.
2. Information Gathering & Risk Identification – This is where we gather all the relevant information that will enable us to identify all possible risks that might affect our project or its outcomes.
3. Risk Assessment & Analysis – This is the step where we analyze all those risks identified in the previous step. We will shortlist only those important (high impact/probability) risks and move the lower priority/possibility risks to a watch list.
4. Risk Response Planning – This is the step where all those risks that were identified & analyzed are actually addressed. We work on minimizing the probability of the negative risks as well as on enhancing the opportunities. We create workaround plans, risk mitigation strategies, contingency plans etc. in this step.
5. Plan Execution – This is the step where we implement the Risk Response Plan, monitor all the identified risks, look out for new risks, check the watch-list to ensure that their priority/probability/impact haven’t changed etc.
The picture below explains the same
As you can see, the steps are iterative and occur multiple times during the projects lifecycle. If you thought risk management was a onetime activity, just erase that thought from your mind and re-write the fact that risk management is iterative and happens multiple times during the lifecycle of the project.
Risk Documentation is a part of every single step in this standard 5 step approach to Risk Management.
After reading the above statement, are you wondering why I haven’t included it in the picture or in the explanation? The reason is because, Risk Documentation has to happen at every stage of this process. If I put it as a step then you might be misled into thinking that it happens only at that particular time.
A good Project/Risk Manager is one who documents all vital information at every step of the way. Right from the planning stage to the closing stage, a lot of valuable lessons and risk related data are uncovered. All these must be documented properly and archived towards the end of the project to ensure that all future projects can benefit from our experience or should I say Mistakes…
Prev: Managing Uncertainty
Next: Section Summary