A risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives. Managing those events is what project risk management is all about. Sometimes, you want to avoid a threat happening; sometimes it’s worth encouraging it.
If that sounds strange – why would we want to encourage something risky to happen? – then let’s look again at what risk really is.
Risk can be thought of as ‘uncertainty that matters’. Risks that matter include those with positive effects as well as those with negative effects (which you’ll see referred to as opportunities and threats). They can also affect any project objective, not just time or cost.
We have many podcasts to help you build your project management skills, and risk management strategies are definitely a topic worth learning more about! In this article we’ll look at the types of risk management, techniques you can use, the 5 ways to manage risk and lots of tips for handling this complex knowledge area on your own projects.
Listen now to this featured podcast on managing project risk.
Project Risk Management is the process of identifying and responding to project risks with the objective of managing the impact of that risk.
Risk management on projects is important because it decreases the probability and impact of risk, making it more likely that the project will be successful. It helps us predict and manage what might happen in the future and make the best of that situation.
When most people talk about risk on a project, they are thinking about the things that might go wrong. There’s always something that could happen which would have a negative effect on the project’s performance. Maybe it would delay the project, or increase the cost. Generally, people think about risk in terms of things that would affect the project schedule and budget, but risk can impact any of the project’s objectives.
However, the other reason why managing project risk is important is because some risks are positive: we want to take the risk because if it pays off, there is a benefit to the project.
It’s important to think broadly and deeply about what kind of threat or opportunity could affect the project, so you can make adequate plans to manage the impact appropriately. And risk isn’t only limited to the project’s objectives. You will also see risk in your project as a result of variability, ambiguity and emergence. Risk leadership is a huge area!
One exercise you can do to help the team come up with potential problems is to think about how certain things could affect the project. Create with a list of categories (or use a prompt sheet from the PMO if you have one) and see what you can think of that would cause your project a problem from those categories. The categories could be anything: the names of departments, the workstream on the project they impact, for example. One of the ways we like to categorize our registers is by type. The three categories are:
Let project team members know that they can come to you at any time if they have identified a project risk. They should be able to raise concerns and add their newly-identified opportunities and threats to the register at any point during the project.
Project risk identification typically happens at the start of the project, but it is not a one-off exercise. Risk identification should also happen throughout the project as the work evolves and people get a clearer idea about what could potentially impact the work. Let's look at what is involved.
Project risk identification is the process of identifying what risks might affect the project and how much of an impact they would have.
Now you have your risk register populated with the potential problems and opportunities that you have identified. You are ready to prepare actions plans for each of them. Here are the risk management steps to work through with your team.
There are several different options for risk management on projects, and the appropriate action depends on many factors. The risk management process below covers what you should consider at each point.
Use the context of the project to inform your actions. Scrum helps manage risk: if you use that approach to completing projects, you will already be managing your exposure because of the rules you apply to doing work.
Whether you work in a predictive or agile environment, consider the risk appetite of the project sponsor and what else is going on in the organization. It might not be an appropriate time to be taking chances with a project, even if the impact seems to be relatively small. That’s why project risk management should integrate into the risk management frameworks and governance approach that exist in the organization overall.
Risk management in business is a detailed subject, and we’ve only touched on it here. Why not pick a couple of podcasts with our risk management expert interview guests and listen to them discuss the theory and practice of risk on projects in more detail?
Risk management has to be something supported at the top level and driven down. The program manager can identify risk and attempt to mitigate and manage them. That really wasn’t something that was done formally 30 years ago and we can do it today because of technology. Does it add a little bit of time and burden to the organization? Yes, but that’s essential if you’re going to keep risks from impacting a program.
Whether you are new to project risk management, or whether you can fluently use terms like ‘stochastic’ and ‘aleatoric’ in your conversations with stakeholders, there is always more to find out about the emerging professional discipline of project risk management.
We’ve had the pleasure of speaking to some of the world’s foremost experts in project risk management, and sharing their wisdom and knowledge with you in our range of free and premium expert interviews. Enjoy the episodes!
PM PrepCast, Agile PrepCast, PM Exam Simulator, PDU Podcast, PM Podcast are marks of OSP International LLC. PMI, PMBOK, PMP, PgMP, PfMP, CAPM, PMI-SP, PMI-RMP, PMI-ACP, and PMI-PBA are registered marks of the Project Management Institute, Inc.
Copyright © 2023 OSP International LLC. All Rights Reserved. Our Privacy Notice: http://www.osp-international.com/privacynotice