What is Project Risk Management?
Project Risk Management is the identification, assessment, and prioritization of project risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.
In project management, risk management includes the following activities:
- Planning how risk will be managed in the particular project. Plans should include risk management tasks, responsibilities, activities and budget.
- Assigning a risk officer – a team member other than a project manager who is responsible for foreseeing potential project problems. Typical characteristic of risk officer is a healthy skepticism.
- Maintaining live project risk database. Each risk should have the following attributes: opening date, title, short description, probability and importance. Optionally a risk may have an assigned person responsible for its resolution and a date by which the risk must be resolved.
- Creating anonymous risk reporting channel. Each team member should have possibility to report risk that he/she foresees in the project.
- Preparing mitigation plans for risks that are chosen to be mitigated. The purpose of the mitigation plan is to describe how this particular risk will be handled – what, when, by who and how will it be done to avoid it or minimize consequences if it becomes a liability.
- Summarizing planned and faced risks, effectiveness of mitigation activities, and effort spent for the risk management.
How to manage project risks?
Project risk is always in the future. Risk is an uncertain event or condition that, if it occurs, has an effect on at least one project objective. Objectives can include scope, schedule, cost, and quality. A risk may have one or more causes and, if it occurs, it may have one or more impacts. A cause may be a requirement, assumption, constraint, or condition that creates the possibility of negative or positive outcomes.
Project risk management is a challenge job for project managers, they need a specific theory urgently to guide them finish the work. As defined in PMBOK, there are six stages to manage project risks. They are:
Plan Risk Management: Define how to conduct risk management activities for a project.
Identify Risks: Determine which risks may affect the project and documenting their characteristics.
Perform Qualitative Risk Analysis: Prioritize risks for further analysis or action by assessing and combining their probability of occurrence and impact.
Perform Quantitative Risk Analysis: Analyze the effect of identified risks on overall project objectives.
Plan Risk Responses: Develope options and actions to enhance opportunities and to reduce threats to project objectives.
Monitor and Control Risks: Implement risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness throughout the project.
Project risk has its origins in the uncertainty present in all projects. Known risks are those that have been identified and analyzed, making it possible to plan responses for those risks. Specific unknown risks cannot be managed proactively, which suggests that the project team should create a contingency plan. A project risk that has occurred can also be considered an issue.
Chanllenges for project risk management
1. In ideal risk management, a prioritization process is followed whereby the risks with the greatest loss and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled in descending order. In practice the process can be very difficult, and balancing between risks with a high probability of occurrence but lower loss versus a risk with high loss but lower probability of occurrence can often be mishandled.
2. Intangible risk management identifies a new type of a risk that has a 100% probability of occurring but is ignored by the organization due to a lack of identification ability. So, to some degree, project’s success always depends on project manager and organization’s capability of risk identification. That itself is a risk.
3. If risks are improperly assessed and prioritized, time can be wasted in dealing with risk of losses that are not likely to occur. Spending too much time assessing and managing unlikely risks can divert resources that could be used more profitably. Unlikely events do occur but if the risk is unlikely enough to occur it may be better to simply retain the risk and deal with the result if the loss does in fact occur. Qualitative risk assessment is subjective and lacks consistency. The primary justification for a formal risk assessment process is legal and bureaucratic.
4. Risk management also faces difficulties in allocating resources. This is the idea of opportunity cost. Resources spent on risk management could have been spent on more profitable activities. Again, ideal risk management minimizes spending and minimizes the negative effects of risks.
Project risk management is an important concept that many project managers, and stakeholders refer to when they are concerned about the effects of a certain move on reaching key objectives. To do it well, appropriate strategies and execution is a must.