For most companies the key to project management is delivery to time, cost and quality. Ensuring that appropriate action is taken against potential risks during the project lifecycle, minimizing potential impact and safeguarding the project is key. This cannot be achieved without robust risk management which should always be seen as an integral part of project management facilitating projects to achieve their goals.
Risk management is best achieved through a methodical approach employing best practice management principles – a sporadic and rushed approach (“we do it because we have to, not because we value it”) will not work. All too often risk management is looked at in terms of undertaking a risk review to pass a phase gate or get a project initiated not because its important to do it! Risk management processes aim to identify risks that might affect a project’s objective and therefore should be seen as integral to the performance of the project.
It goes without saying that risks should be assessed and appropriate mitigation actions developed. Where many project managers fail is that risk management stops at the point where the mitigation is identified and the project team convince themselves that they have solved the problem. Its vital that the output of the mitigation activity is reviewed and that the risks are monitored consistently and throughout the project lifetime to ensure that they are both up to date and that the mitigation activity is still valid.
Typically these risk reviews will focus on 4 key aspects
1/ Risk Identification
Identify the risks detailing the probable consequences should the risk be realized.
2/ Risk Assessment
Estimate the probability of the risk occurring and determine the impact on the project. Most projects will record risks in a register or log – this activity helps prioritize defining key risks and maintain an action list.
3/ Risk Mitigation
Develop and execute mitigation plans to help reduce occurrence and impact whilst developing contingency plans should the risk be realized.
4/ Risk Monitoring
Review the changes to the impact of the risk borne out of the mitigation strategy. Consider changes to the mitigation as required.
While these four steps are fairly typical of most projects risk management strategies – the risk management process can often fall short in terms of effectiveness. This is often as a result of increasing disinterest as the project matures (the team feel they have identified all relevant risks and move on to the next problem). Its important to remember that risk management is a cyclical process, one that doesn’t stop and requires constant (and consistent) review.