Risk Management
Procedures to control potential risks that may hurt the project
The management of risks involves the following processes, in this order:
- risk identification
- assessment of the probability of occurrence
- estimation of exposure, that is the economic cost in case of materialization of the risk
- definition of the proper response(s)
- monitoring by the owner of the risk
The Risk Matrix plots the risks along two dimensions: probability of occurrence and exposure. Risks that are high in both dimensions represent high impact risks, that have to be directly monitored by the project manager (red). Medium impact risks can be delegated to the owner or the PMO (yellow). The low impact risks (green) should not take time in monitoring, it is likely tobe more expensive to monitor than to let it happen.
Once identified, assessed and estimated risks must be documented in the Risk Register.
Plan one or more responses to each risk
In the risk register one or more proper responses must be documented. These responses can be:
- avoidance: eliminate the cause of the risk
- mitigation: reduce the likelihood and / or impact
- transfer: send the liability to a third party (insurance, supplier)
- acceptance: accept and create contingency reserves
Responses to risk can be ordered according to the best option:
- When you plan a process, you can choose between two processes and avoid the risky one.
- The residual risk should be mitigated by, for example, taking precautions like dressing people in bright colors.
- If some undesired risks remain, consider transferring them to a third party, either by purchasing an insurance contract or by hiring a knowledgeable supplier.
- Finally, you may have to accept any residual risks, but discuss them with the client/sponsor before making this decision.
