The Risk Management Process

Some experts have said that a strong risk management process can decrease problems on a project by as much as 80 or 90 per cent. In combination with solid project management practices — having a well-defined scope, incorporating input from the appropriate stakeholders, following a good change

management process, and keeping open the lines of communication — a good risk management process is critical in cutting down on surprises, or unexpected project risks.

Step one of the risk management process is to have each person involved in the planning process individually list at least 10 potential risk items. Often with this step, team members will assume that certain project risks are already known, and therefore do not need to be listed.

Step two of the risk management process is to collect the lists of project risks and compile them into a single list with the duplicates removed.

Step three of the risk management process is to assess the probability (or likelihood), the impact (or consequence) and the detectability of each item on the master list. This can be

done by assigning to each item on the list a numerical rating such as on a scale of 1 to 4 or a subjective term such as high, medium, or low.

Step four of the risk management process is to break the planning team into subgroups and to give a portion of the master list to each subgroup. Each subgroup can then identify the triggers (warning signs) for its assigned list of project risks. All triggers should be noted, even minor ones. Normally there will be at least three triggers for each risk.

Step five of the risk management process is for those same subgroups to identify possible preventive actions for the threats and enhancement actions for the opportunities.

Step six of the risk management process is for the subgroups to then create a contingency plan for most but not all project risks – a plan that includes the actions one would take if a trigger or a risk were to occur. This plan will be created for those risks scoring above a certain cut-off point, which is determined after looking at the total scores for all risks.

Step seven, the final step in planning the risk management process, is to determine the owner of each risk on the list. The owner is the person who is responsible for watching out for triggers and then for responding appropriately if the triggers do in fact occur by implementing the pre-approved and now established contingency plan.
Rather than start this risk management process from scratch for every new project, it can be followed once to establish a list of generic project risks and triggers, skipping step three. Then, a team simply has to add project-specific risks and triggers and assess the probability, impact, and detectability for each risk, saving a great amount of time and helping to ingrain a risk mentality into your project culture.

By Viki Wrona
President, Forward Momentum, LLC, a consulting and training company, and an instructor with Westlake Training and Development