In the previous sections we have taken a detailed look at the Risk Management Plan, Risk Register and almost everything else that you do in the starting stages of your projects risk management. You have identified the risks and have communicated it with your stakeholders. So, as per the risk management process flow, what will you do next?
“Analyze those Risks”
People easily confuse risk analysis and risk management. They think that analyzing risks is all risk management does. Unfortunately, they fail to realize that analyzing risks is only a part of risk management and there are a lot of activities after we actually finish analyzing the risks. In a majority of cases, people don’t do any dedicated risk management activity at all. So, I would say that, those who confuse these two activities and at least do perform risk analysis are better than those who don’t perform any risk management activities at all.
What is Risk Analysis?
If you ask this question to someone who has been working on multiple projects in their career, the will answer in either of the below ways:
a. It involves numerical analysis
b. It heavily revolves around the risk’s impact and probability
c. It requires expert judgment
d. It relies on stakeholder tolerance of risks
Actually speaking all of these responses above is correct.
Yes, risk analysis involves numerical analysis. The person is probably referring to the Quantitative Analysis part of risk analysis. During the course of risk analysis we are always concerned about the chances as to whether a risk will happen or not and the impact of a risk if it happens. So, point no.2 is right as well. The whole risk analysis activity is not stand-alone. The project or the risk manager cannot do risk management by himself. He will enlist the help and expertise of SMEs both internal and external to the organization (as required) along with the help of risk experts who may be either within or outside the project. So, all in all, the whole risk management activity utilizes the expertise of numerous experts and hence point no.3 is right as well.
All said and done, the analysis we do and the steps we take to manage risks will all be guided by the “Stakeholder Risk Tolerance”. If your project sponsor or customer is old-school and doesn’t like taking chances, then in all probabilities you won’t be taking any major risks in your project. So, point no.4 is correct as well.
Risk Analysis typically involves:
a. Risk Identification
b. Risk Assessment and
c. Numerical Analysis of Risks
In the previous chapters we learnt about the creation of the Risk Register and the Risk Management Plan. Do you remember that the Risk Management Plan contains the Probability & Impact Matrix? This probability and impact matrix will be used in risk analysis. It is those risks that we identified and added to the Risk Register that will be analyzed in this stage. Risk Analysis tells us what areas of the project are prone to be affected by risks. It guides us in developing better responses. It also helps us understand which risks require a response, if so when along with details on how drastic a response is required for the risk. Unless we do proper risk analysis, there is no way we can come up with a proper response that can actually help us manage the risk.
Prev: Section Summary - Communicating Project Risks
Next: Goals & Benefits of Risk Analysis