Applying Risk Management

Risk Management
Risk Management is an essential part of a project’s success. It is a process that helps to identify potential problems early, so that action plans can be put into place to keep them from turning into real problems or issues later on in the project life cycle.

Risk Management Process
Essentially there are 5 stages to the risk management process:
* Planning
* Identifying
* Assessing
* Handling
* Monitoring and Reporting

The following paragraphs will describe a little bit about each step.

The planning step sets the stage on how the project is going to manage risks on the project. This is accomplished by first developing a risk management plan for the project. This plan will identify the Risk Management Team, define their roles and responsibilities, and document the risk assessment criteria that will be used to assess the identified risks. In addition, it will describe the Teams plan on how to monitor and report the risks.


The second step is the identification of risks. This is where the Team gets together to identify potential risks on the project and document them in the projects risk register. Risks can come from many different areas such as the manufacturing process, instrument usage, staffing, project plan, budget and schedule. Risks can also come from past experience and lessons learned from other projects as well. Holding a brainstorming meeting, as a group, is a good way to identify risks. It gets people thinking and allows people to build on each others thoughts and experience. It is important to remember that the identification of risks doesn’t end in one meeting. New and different risks will come up as the project moves through its project life cycle.

In defining a risk it is helpful to use an “If” “Then” type of statement as shown below.

If the condition, then consequence will occur.

Using this kind of statement helps to clearly define and describe the risk and standardizes the way we talk about risks.


The third step is the assessment of the identified risks. Using the assessment criteria defined in the Risk Management Plan the risks should be assessed based on the probability of the risk happening and consequence if the risk were to happen. It is important to assess the risk consequence on cost, schedule, and technical and choose the consequence level that could have the highest impact. For example when assessing a risk from a cost stand point it might not be too high, but from a schedule stand point it would be higher then the higher consequence level for schedule should be chosen.


The forth step in the risk process is handling the risks. There are 4 ways to handle risks:
* Mitigation- Which is developing action plans to reduce the probability and/or consequence of the risk.
* Avoidance- Which is changing something to completely avoid the risk (i.e. change of design to completely avoid a risk)
* Transference- Which is transferring the risk to another party (i.e. buying insurance).
* Acceptance- This is allowing the risk to potentially happen without putting any mitigation plans in place. This may be due to the cost of mitigation plan is more than if the risk is realized.

Mitigation plans are the common way to reduce the overall risk level. Mitigation plans should be reviewed to ensure no new risks have been introduced as a result of the mitigation plan. If any new risks have been developed by the mitigation plan then they should be added to the risk register for assessment by the Team.

Monitoring and Reporting

The fifth step is the monitoring and reporting. This step is to ensure the handling plans put in place are working effectively to reduce the probability and consequence of the risk. The risk should be reviewed and reassessed to determine the probability and consequence of the risk as the steps in the action plans are completed. Although the risk may never be completely eliminated it should be reduced to an acceptable level with minimal residual risk. Even low risks should be monitored to make sure they remain a low risk.

Risks on a project should be reported in a risk management report. The report should show a listing of the identified risks, the handling plans to reduce the risks, and a risk matrix to show how the risks fall into the category of high, medium, and low.

Benefits of Risk Management
Risk Management is an important activity that can prove to be beneficial to a projects success if started early on in the project life cycle. It can be a powerful tool to identify the weaknesses early so that the Team can put together action plans to handle the risks and prevent them from turning into an issue later on. This in turn saves time and money as you are proactively responding to a potential issue instead of reacting to a problem or issue in the future.

Jim Hardin

More Process Applying Loan Articles