We have successfully arrived at the end of the Qualitative Risk Analysis process. In the section summary chapter of the previous section which was titled “Qualitative Risk Analysis” I had mentioned that there is going to be a separate section that covers all the updates or outputs generated in the qualitative risk analysis process. Well, here we are.
The Risk Register was created as an output of the “Identify Risks” process. As mentioned in the chapter titled “Contents of the Risk Register” the Risk Register is the key document that is going to contain all the information we know about risks and it will be constantly updated throughout the project’s risk management lifecycle.
In this case, the qualitative risk analysis process does not create a separate output by itself. It will only update the Risk Register will all the new information we have uncovered regarding each of the risks so far.
All the updates to the risk register as a result of Qualitative Risk Analysis can be summarized using the picture below:
The updates to the Risk Register – in detail are as follows:
Update to Risk Priority & Ranking
Do you remember that, in the Qualitative Risk Analysis process, we assigned a risk rating score to our risk? Now, we will take the risk register and update the priority of each risk based on this score.
Sounds straightforward doesn’t it? It is straightforward in terms of what needs to be done as well. All you are going to do in this step is, update the risks in the risk register with their respective priority based on the qualitative analysis we just finished.
We must remember the following at this point:
• We prioritized our risks using the probability and impact matrix and we cannot use this matrix until we finish the risk probability and impact assessment
• Risks can be separately listed by project objectives like scope, cost, quality etc. each project may place a certain amount of importance to each of the objectives and may concentrate on one or more objectives and place lower importance to the others.
• We must document the basis of all the assessments we have made. We can’t just say that the probability of a risk is 0.8. We need to substantiate and explain how we arrived at that number. This not only adds credibility to the data you have arrived at but also reduces uncertainty.
The Risk Ranking & Priority is updated based on the outputs of the Risk Probability & Impact Assessment activity of Qualitative risk analysis.
Update to Risk Categories & Grouping
As outlined in the chapter on “Risk Categorization” in the Qualitative Analysis process, risks can be categorized and grouped based on the source of the risk. This categorization can be based on the following:
a. Risk Breakdown Structure (RBS)As part of the updates to the Risk Register, we will be grouping risks by category to give an overall picture of the number of risks in each category so that the manager can prioritize those categories that contribute the most number of critical or high priority risks.
b. Work Breakdown Structure (WBS) and
c. Project Phase
The Watchlist is a subset of the risk register. It is nothing but a list of low priority risks that are not important as of now. However, we do not ignore those risks. We make a note of these risks in the “Watchlist” so that we can track their status periodically. If the status (priority or impact) of any of these risks changes, then we may have to analyze/assess them and formulate a response to handle the risk.
Near-Term Response List
The Near-Term Response list too is a subset of the risk register. It is the total opposite of the Watchlist. This contains a list of high priority risks that may materialize in the very near future. We must be prepared to handle them appropriately.
Both the Watchlist and Near-Term response list are created/updated as a result of the “Risk Urgency Assessment” technique of Qualitative Risk Analysis.
Trends in Qualitative Risk Analysis:
This is the update that often causes confusion to everyone. The other updates were simple and easy to understand but this one is kind of misleading.
Remember that several of the risk management processes are iterative and occur multiples times throughout the life of the project. The qualitative analysis process too is iterative in nature. Trends begin to emerge whenever a process is repeated. The purpose of this update is to capture details reg. these trends in our risk register. One trend could be:
• High priority risks in the Quality category are caused when project requirements change towards the later stage of the project
When trends emerge, they may guide the risk management team in:
• Formulating effective risk responses
• Guiding the team to take up additional analysis as required
With trends documented in the risk register, we may try to figure out why these trends are occurring and in turn use that knowledge to identify better responses.
Can you guess which process this trends is an input to???
The answer is - The plan risk response process
Each project/organization could have a separate template for how they want to track the risks. For ex: we can create a simple Microsoft excel spreadsheet format with different categories of risks as lists in different tables in the spreadsheet. We can also have a summary tab that lists all the risks. The individual tabs may have additional details like priority, justification etc. The watchlist or the near-term response list too could be separate tabs in our spreadsheet.
As we keep updating the risk register, we must make sure that we expand the risk register template to suit our project needs. There is no one-stop-template for risk registers that can be used by all projects. The register for a short-term project could be very simple while the register for a long-term strategic project could be pretty complicated.
Prev: Section Summary - Qualitative Risk Analysis
Next: Introduction to Quantitative Risk Analysis