By Jayci Minjares
UIT Project Management Office
In project meetings we unknowingly discuss risk, in the context of “what-ifs?” The project team may not realize these risk factors, so risks are not assessed or managed until the risk occurs. There are also many different types of risks that can affect a project, such as schedule, cost, scope, environment, new or old technology, executive support, and security. Risk is one of many reasons why a project manager can help your projects be successful.
3.5 steps to effective risk management
Risk Management is the identification, assessment, and prioritization of risks. The Project Management Institute (PMI) outlines the risk management processes as:
- Plan Risk Management
- Identify Risks
- Qualitative Risk Analysis
- Quantitative Risk Analysis
- Plan Risk Response
- Control Risk
Step 0.5: Ask questions
Before starting the risk management process, meet with the project sponsor and other stakeholders to ask a few questions, such as "Is time or cost the key driver on this project?" and, "If an event occurs where the timing of the project could be saved by going over budget, would that be acceptable?" These types of questions ensure the next three steps will focus on what exactly is critical to key stakeholders (rather than what is assumed to be important).
Step 1: Identify what could go wrong
The goal of step 1 is to identify possible threats to a project. Risk identification techniques include: researching publicly available risk registers; meeting with subject matter experts to ask what they're most concerned about; reviewing past projects; and brainstorming (Nominal Group Technique).
Step 2: Prioritize
Step 2 involves prioritizing your list of risks, such as high/low, or most likely, likely, not likely, never.
Step 3: Take proactive action
Address the prioritized risks using these four methods (to easily remember this strategy, use the mnemonic "A-CAT")
- Avoid risk: change plans to circumvent the problem
- Control/mitigate risk: reduces impact or likelihood (or both) through intermediate steps
- Accept risk: take the change of negative impact (or auto-insurance), eventually budget the cost (e.g. via contingency budget plan)
- Transfer risk: outsource risk (or a portion of the risk) to a third party or parties that can manage the outcome
Risk management then continues through the project lifecycle, meaning the previous 3.5 steps discussed are revisited until the project is complete.
Did you know?
There are positive risk opportunities that need to be identified, too. Both positive and negative risks should be tracked in your project’s risk management plan. Per the PMBOK Guide 5th edition, the following are used to manage positive risks:
- Enhance – Increase the chance of a risk happening in order to realize the benefit
- Exploit – Do not try to realize the opportunity; work hard to ensure that the opportunity does not go unrealized
- Accept – Don’t take any action to realize the opportunity
- Share – When you aren't capable of realizing this opportunity on your own, team up with another company and work together to realize the opportunity
Examples of positive risks include reducing your workload, growing your business, and completing a project early.