SEVEN CRUCIAL STEPS TO EFFECTIVE PROJECT RISK MANAGEMENT
The International Organization for Standardization identifies the following principles of risk management.
Risk management should:
~ create value
~ be integral to the organization process
~ be part of the decision making
~ address uncertainty and assumptions
~ be systematic and structured
~ be based on accurate information
~ be project specific
~ account for human factors
~ be transparent and inclusive
~ be responsive to change
~ be periodically re-assessed
But what are the steps to building an effective risk management program?
Embed risk management as an integral part of the project. Stakeholder buy-in and support is very important to achieve a successful risk management process. It is a good practice to ensure that there are demonstrable benefits to illustrate this approach and make risk management part of the day to day operations.
Identify Risk. This step is most effective when done very early in the project. Having a brainstorming session with team member to list out several potential risk items is a good beginning. Include all potential risks, including the risks that are already known and assumed, such as scope creep. Include threats that may stem from human threats, operational issues, procedural impacts, financial threats and natural events. Talk to the industry experts who may have experience in your project type to get a different perspective.
Identify not only the threats, but also any opportunities that may impact your project. Opportunities may assist you in bringing the project in on schedule, perhaps with better deliverables or make it more profitable.
Communication at this stage is crucial. Including communication of risk as part of all meetings is effective to illustrate the importance of risk management, share the risk potentials and provide a platform for discussion.
Assign Ownership. Who is going to be responsible for what risk? This person will be accountable to optimize a specific risk-either decrease the threat or capitalize on the opportunity. They will identify the possible triggers to their assigned risk.
Assigning ownership is also important in establishing an effective and clear communication channel. All involved with the project know whom to call when questions arise.
Estimate or Prioritize Risks. Once the risks are identified, the next step is to assess the likelihood of the threat being realized. Some risks will have a much higher impact. One approach to estimating the risk is to make a best estimate of the probability and multiply this by the amount it will cost to set things right, if it happens. This will provide an impact value associated with the risk. Another approach is to assign each risk a numerical rating, such as a scale from 1 to 5. Do you have any potentially large events that can cause huge losses OR gains? These will be the number one priorities. Ensure that your priorities are used consistently and focus on the biggest risks first and the lesser priority risks as applicable.
Analyze the Risk. What is this risk about? What are the effects of this risk? What causes will make this risk occur? List the different causes and circumstances that affect the risk likelihood; doing a simulation to illustrate how likely the project is to finish on a specific date or at what cost. Gaining a sound understanding of the risk is a solid foundation for an effective proactive response and provides insights to manage the risks.
Manage the Risk. Plan out and implement a response for each risk. Typically you will have four options – Transfer the risk (subcontracting scope or adding contractual clauses), risk avoidance (eliminating the source of the risk, such as changing a vendor), risk minimization (influencing the impact) and risk acceptance.
Create a contingency plan for the largest risks. This would encompass all actions taken if a risk were to occur.
Create a Risk Register. This will enable you to view progress and stay on top of each risk. A good risk register or log will include a risk description, ownership, and the analysis of cause and effect. This register will also include the associated tasks. A good risk register is a valuable tool in communication project status. It should be easily maintained and updated. By remaining current and up to date, the risk register will be viewed as a relevant and useful tool throughout the project lifecycle.
Once a solid risk management process is established, it forms the basis for crisis prevention and cost effectiveness. Risk management involves adapting the use of existing resources, contingency planning and resource allotment. This process does not need to be complicated. By implementing a project risk management process at the beginning of each project, the team can prepare for whatever may occur and maximize the project results.
I am pleased to share my experience using the PMAspire resource. I accidentally stumbled on PMAspire, and took to it. The free trial opened up a lot of my weaknesses and I had to subscribe since I was preparing for my PMP Exam. The resource proved highly highly invaluable. It's to me a one-stop online shop. This is my experience. I painstakingly tested myself using the Knowledeg area questions and those of the Processes. It exposed my gaps, which I had to work on seriously. There were times of discouragement but I was undaunted as per my knowledge gaps and Gbam! I MADE IT. I GOT MY PMP! I will always reference and recommend PMAspire to anyone who wishes to sit for the PMP certification exam. I am right away recommending this to my colleagues in my office. Thank you PMAspire for such a resource you offer for the exam preparation, it is very useful. It is a one-stop shop. The questions I encountered in my preparation using PMAspire resource helped shape my mind and helped me in the real exam. No regrets at all. I recommend PMAspire to potential candidates. Kudos and keep up the good job