1. Home
  2. Leadership & Management Courses
  3. Principles of Project Management
  4. 4 – How to apply approaches to risk management
Searching...

4 – How to apply approaches to risk management

Contents

Risk management is identifying, assessing, and prioritising risks to minimise their impact on an organisation. It is a crucial aspect of business management, as it helps organisations anticipate and prepare for potential threats or uncertainties that could harm the organisation or its stakeholders. There are various approaches to risk management, including the traditional risk management approach, the enterprise risk management approach, and the project risk management approach. This topic will discuss applying these approaches to risk management to identify, assess, and manage organisational risks effectively.

Project risk management stages

Project risk management is identifying, assessing, and prioritising risks to minimise their impact on a project. It is an important aspect of project management, as it helps project managers anticipate and prepare for potential threats or uncertainties that could harm the project or its stakeholders.

Identifying the risk

Identifying risks is the first stage of the risk management process. It involves identifying potential threats or uncertainties that could impact the project or organisation. Several techniques can be used to identify risks, including:

  1. Information gathering techniques: These techniques involve collecting data from a variety of sources to identify potential risks. Examples include document reviews, interviews, and surveys.
  2. Brainstorming: This group discussion technique involves generating ideas and solutions through an open and creative process. It can be useful for identifying potential risks.
  3. Documentation reviews: This involves reviewing documents related to the project or organisation to identify potential risks.
  4. Interviewing: This involves speaking with stakeholders or subject matter experts to gather information about potential risks.
  5. Delphi technique: This is a group decision-making technique that involves anonymous feedback from a group of experts to reach a consensus on potential risks.
  6. SWOT analysis: This involves analysing the organisation’s strengths, weaknesses, opportunities, and threats to identify potential risks.
  7. Checklists: This involves using a list of common risks to identify potential risks specific to the project or organisation.
  8. Assumption analysis: This involves identifying and examining assumptions made about the project or organisation to identify potential risks.
  9. Diagramming techniques: These techniques involve creating diagrams or charts to visualise potential risks and their relationships to one another. Examples include cause and effect diagrams and fault tree analysis.

By using these techniques, organisations can effectively identify potential risks and take steps to mitigate or eliminate them.

Analysing risks

Once risks have been identified, the next step in the risk management process is to analyse them to determine their likelihood and impact. This involves evaluating or ranking the risks based on the likelihood of their occurrence and the potential impact on the project or organisation.

Several techniques can be used to evaluate or rank risks, including:

  1. Probability and impact matrix: This involves assigning a probability rating and an impact rating to each identified risk and then creating a matrix to visualise the risks based on their likelihood and potential impact.
  2. Risk likelihood and impact assessment: This involves assigning a likelihood and impact rating to each identified risk and multiplying these ratings together to calculate a risk score.
  3. Risk prioritisation. This involves ranking risks based on their risk score or other criteria, such as the potential impact on the project or organisation.

Once the risks have been ranked, the next step is to develop a plan to treat the risks. This involves identifying the most appropriate risk response strategies for each risk, such as avoiding, transferring, mitigating, or accepting the risk.

The final step in the risk management process is to monitor and review the risks on an ongoing basis. This involves regularly reviewing the risks to ensure that they are effectively managed and taking any necessary corrective actions if they change or new risks are identified. It is important to regularly review and monitor risks to ensure that the risk management plan is effective and up-to-date.

Creating awareness

Creating awareness of the risks identified in the planning phase and their triggers is an important part of the risk management process. It involves informing relevant stakeholders about the risks identified and the triggers that could potentially cause them to occur. This helps to ensure that everyone is aware of the potential threats or uncertainties that could impact the project or organisation and can take appropriate action to mitigate or eliminate them.

There are several ways to create awareness of risks and their triggers, including:

  1. Communicating with stakeholders: This involves informing relevant stakeholders about the identified risks and their triggers and keeping them updated on any changes or new risks that may arise.
  2. Documenting risks and triggers: This involves documenting the identified risks and their triggers in a risk register or other document and making this document available to relevant stakeholders.
  3. Providing training: This involves training relevant stakeholders on identifying and managing risks and their triggers.
  4. Conducting regular risk assessments: This involves conducting regular risk assessments to identify any new risks or changes to existing risks and informing relevant stakeholders about these changes.

By creating awareness of the risks and their triggers, organisations can ensure that everyone knows the potential threats or uncertainties that could impact the project or organisation and can take appropriate action to mitigate or eliminate them.

Regular review

Regularly reviewing the risk log is an important part of the risk management process. It involves regularly reviewing the risk log to identify any changes to the likelihood of risks occurring and taking appropriate action to address these changes. This can help to ensure that the risk management plan remains effective and up-to-date.

There are several things to consider when reviewing the risk log:

  1. Changes to risk probability: It is important to regularly review the risk log to identify any changes to the likelihood of risks occurring. If the probability of a risk occurring has increased, it may be necessary to take additional steps to mitigate or eliminate the risk.
  2. Activities already completed: When reviewing the risk log, it is also important to check off risks related to activities that have already been completed. This helps to ensure that the risk log is accurate and reflects the current status of the project or organisation.
  3. New risks: It is important to regularly review the risk log to identify any new risks that may have arisen. These risks should be added to the risk log, and appropriate risk response strategies should be developed.

By regularly reviewing the risk log, organisations can ensure that their risk management plan is effective and up-to-date and that they are taking appropriate action to address any changes to the likelihood of risks occurring.

Monitoring high-risk tasks

Close monitoring of high-risk tasks and stages is an important part of the risk management process. High-risk tasks and stages are more likely to result in negative outcomes or impacts. They, therefore, require closer attention and monitoring to minimise their impact. Examples of high-risk tasks and stages include tasks that take a long time to complete, tasks involving new technology, and stages with little slack.

There are several ways to monitor high-risk tasks and stages, including:

  1. Regular progress updates: This involves
  2.  checking in on the progress of high-risk tasks and stages to ensure that they are on track and that any potential risks are effectively managed.
  3. Risk assessments: This involves conducting regular risk assessments to identify any new risks or changes to existing risks that may have arisen.
  4. Risk mitigation strategies: This involves implementing risk mitigation strategies, such as contingency plans or backup plans, to minimise the impact of potential risks.
  5. Communication: This involves keeping relevant stakeholders informed about the progress of high-risk tasks and stages and any potential risks that may arise.

By closely monitoring high-risk tasks and stages, organisations can effectively manage potential risks and minimise their impact on the project or organisation.

Risk mitigation strategies

Once risks have been identified and ranked, the next step in the risk management process is to develop a plan to treat the risks. This involves identifying the most appropriate risk response strategies for each risk, such as avoiding, transferring, mitigating, or accepting the risk.

Several risk response strategies can be applied where risks have materialised, including:

  1. Risk avoidance: This involves eliminating the risk, such as changing the project’s scope or choosing a different supplier.
  2. Risk sharing: This involves sharing the risk with another party, such as by entering into a partnership or purchasing insurance.
  3. Risk reduction: This involves taking steps to minimise the impact of the risk, such as by implementing contingency plans or backup plans.
  4. Risk transfer: This involves transferring the risk to another party, such as by purchasing insurance or entering into a contract.

By applying agreed risk response strategies where risks have materialised, organisations can effectively manage the risks and minimise their impact on the project or organisation.

Communication with stakeholders

Effective communication with stakeholders is an important part of the risk management process. It is important to keep stakeholders informed about the risks identified, the risk response strategies implemented, and any changes to the risks or the risk management plan.

There are several ways to communicate with stakeholders about risks, including:

  1. Risk reports: This involves preparing reports on the identified risks and the risk management plan and sharing these reports with stakeholders.
  2. Meetings: This involves meeting stakeholders to discuss the identified risks and the risk management plan.
  3. Email updates: This involves regular email updates to stakeholders about the identified risks and the risk management plan.
  4. Risk Register: This involves maintaining a risk register or other document that lists the identified risks and the risk management plan and making this document available to stakeholders.

By effectively communicating with stakeholders about risks, organisations can ensure that everyone is aware of the potential threats or uncertainties that could impact the project or organisation and can take appropriate action to mitigate or eliminate them.

Amending project plans

If risks materialise and impact a project’s critical path or timelines, it may be necessary to amend the project plan to address these impacts. The critical path is the series of tasks that must be completed for the project to be completed on time. If a task on the critical path is delayed or disrupted due to risk, it can have a cascading effect on the entire project, causing delays and increasing costs.

To address risks that impact the critical path or timelines, it may be necessary to:

  1. Re-evaluate the project schedule: This involves reviewing the project schedule to identify any tasks that the risk may impact and adjusting the schedule as needed to account for these impacts.
  2. Implement contingency plans: This involves implementing backup plans or alternative courses of action if the risk materialises and disrupts the project.
  3. Communicate with stakeholders: This involves informing relevant stakeholders about the impact of the risk on the project schedule and any changes that have been made to the project plan.

By amending the project plan where risks impact the critical path or timelines, organisations can ensure that the project stays on track and is completed on time and within budget.

Approaches to risk management

There are various approaches to risk management, including the traditional risk management approach, the enterprise risk management approach, and the project risk management approach.

Risk probability

Risk probability and impact assessment are used to evaluate the likelihood and potential impact of risks. It involves assigning probability and impact ratings to each identified risk and multiplying them to calculate a risk score. The risk score can then prioritise risks and determine the most appropriate risk response strategies.

The complexity of the work can affect the sophistication of the risk probability and impact assessment. A basic probability and impact assessment may be sufficient for simple or low-risk projects. However, a more sophisticated assessment may be necessary for more complex or high-risk projects. This may involve using more detailed probability and impact ratings or additional techniques such as decision trees or Monte Carlo simulations to more accurately assess the likelihood and potential impact of risks.

By conducting a risk probability and impact assessment, organisations can effectively evaluate their risks and take appropriate action to mitigate or eliminate them.

Probability and impact matrix

A probability and impact matrix visualises the risk management processes’ relationship between probability and impact. It involves assigning a probability and impact rating to each identified risk and creating a matrix to visualise the risks based on their likelihood and potential impact. The matrix typically includes four quadrants, with low probability and low impact in one quadrant, low probability and high impact in another quadrant, high probability and low impact in another quadrant, and high probability and high impact in the final quadrant.

risk matrix

 

The probability distribution of possible combinations of probability and impact can be used to identify the most significant risks. For example, risks that fall into the matrix’s high probability and high impact quadrant may be the most significant. They may require the most attention and resources to mitigate or eliminate them. Risks that fall into the other quadrants may be considered less significant and require less attention or resources.

Using a probability and impact matrix, organisations can effectively visualise their risks and prioritise their efforts to mitigate or eliminate them.

Expert judgement

Expert judgment is a technique used in the risk management process that involves using the subjective judgment of decision-makers to assess the likelihood and potential impact of risks. It is based on the level of knowledge, risk attitude, and assumptions of the decision-makers.

Expert judgment can be useful in situations with limited data or information about the risks being assessed. However, it is important to note that expert judgment is subjective and can be influenced by the personal biases and assumptions of the decision-makers. As a result, it is important to involve a diverse group of experts with different backgrounds and perspectives in the risk assessment process to help mitigate these biases and increase the objectivity of the assessment.

By using expert judgment in the risk management process, organisations can leverage the knowledge and experience of decision-makers to identify and assess risks and take appropriate action to mitigate or eliminate them.

Prioritisation of risks

After risks have been identified and assessed, the next step in the risk management process is to prioritise the risks. This involves ranking the risks based on the likelihood of their occurrence and the potential impact on the project or organisation. The risk assessment results can be used to establish a most-to-least-critical importance ranking, which can help organisations focus their efforts and resources on the most significant risks.

Available tools

Several tools can be used to manage risks in the risk management process, including:

  1. Risk maps: Risk maps are visual representations of risks that can help organisations to understand the relationships between different risks and identify potential areas of concern.
  2. Risk logs: Risk logs list the identified risks and the risk management plan. They can help organisations to keep track of risks and monitor their status over time.
  3. Fishbone diagrams: Fishbone diagrams, also known as cause and effect diagrams, represent the potential risk causes. They can help organisations identify the root causes of risks and take appropriate action to mitigate or eliminate them.
  4. RAG (red, amber, green) analysis: RAG analysis is a technique that involves assigning a red, amber or green rating to each identified risk based on its likelihood and potential impact. Risks with a red rating are considered high risk and should be given priority, while risks with an amber rating are considered a medium risk and should be monitored closely. Risks with a green rating are considered low and may be given lower priority.

Using these tools, organisations can effectively manage risks and take appropriate action to mitigate or eliminate them.

 

Tagged:

Was this Topic helpful?

Yes No

Related Topics