The process of project risk management encompasses many different facets. This multi-part whitepaper will discuss specific elements of the major facets as well as cover the definition of risk, Risk Strategy, and how to execute upon that strategy.
Project risk management is a fundamental part of managing any project. Unfortunately, it is a process that is underutilized by project managers and project owners alike. It is a process that is not understood to its fullest extent, and put simply, there is a general lack of knowledge and skill surrounding project risk management. It may also be a simple aversion to risk which forces the psyche to avoid the topic all together. Who likes to think of risk? Regardless of the reasons, avoiding project risk management can and will place your project in unnecessary jeopardy.
Most people define risk as something that could happen, which would negatively impact a project. However, PMBOK defines a risk as a single action or event that impacts a project either negatively or positively. The questions many people struggle with are:
(a) How do I identify risks, and
(b) How do I manage them?
To answer these questions, we must definitively define a risk. The PMBOK certainly has the term defined right, but people struggle with the “positive” portion of the definition. For the sake of the project team’s sanity, it helps to take the PMBOK definition and break it into two parts.
RISK – A single event or action that could have a negative impact on a project
OPPORTUNITY – A single event or action that could have a positive impact on a project.
While these definitions are concise, the pivotal word “could” should be pointed out. “Could” denotes to the reader that the event or action has not yet occurred but a level of probability remains that in can happen. If the event or action has already occurred then it’s too late for risk management!
I separate these terms as they are more consumable for project teams. Both “Risk” and “Opportunity” have the same level of importance and neither should be overlooked. While you want to avoid, or at least minimize, the impact of a risk you will want to capitalize on an opportunity.
The thought of developing a risk strategy can sound daunting, but it’s actually pretty straight-forward. Developing a strategy simply means you will state how the project team will address an individual risk or opportunity. Typically, the four elements below will formulate the basis for your strategy.
Avoidance – Act to eliminate the risk factor that gives risk to the event or action.
Transference – Transfer the risk to another entity (person, company, etc.) to assume some or all of the risk.
Mitigation – Reduce the likelihood that a risk occurs, or minimize the negative impact if it does.
Maximization – Act to increase the likelihood that the opportunity will occur or increase/maximize the positive impact of the opportunity if it should occur.
Now that you’ve developed a Risk Strategy you will need to have the necessary tools in place to execute the strategy. Typically, it is best to start with the least complex toolset available.
A Microsoft Excel spreadsheet can effectively track your risks and opportunities in a Project Risk Log. The spreadsheet can as also help to perform the basic analysis that will be needed as you move forward. While other fields can be tracked (and may be necessary based on your individual project needs), the fields below will provide that level of tracking needed to properly manage the project risks.
|Sequential number for each risk/opportunity that has been identified
|Two selection field indicating either a “RISK” or “OPPORTUNITY”
|A four to five word title to easily identify the risk/opportunity
|A full description of the risk/opportunity
|A full description of the negative/positive impact
|A description of what would trigger this risk (make it an actuality)
|One of the four previously discussed strategies (Avoid, Transfer, Mitigate, Maximize)
|A full description of the actions that are to be taken in the event a risk/opportunity is triggered
|A date in which the risk/opportunity will have passed.
|The date in which the trigger occurred and the risk/opportunity became reality
|The owner of the risk/opportunity. This individual is responsible for monitoring the trigger, managing the strategy and reporting information to the project team.
|A full description of the actions taken once the risk/opportunity has been triggered
|Results of Action
|A full description of the results from the actions that were taken
|The date the risk/opportunity was closed (either through aging or trigger)
Stay tuned for the next installment about risk, where we’ll discuss implementing a Risk Management Strategy.
Core Catalysts is a management consulting firm based in Kansas City, and we serve clients across the U.S. in various industries. Core Catalysts provides services such as process improvement, product/service commercialization, revenue enhancement, financial modeling, program/project management, software selection, enterprise risk management and business performance improvement through a team that is composed of results oriented individuals.
Jo Anne Gabbert
A Guide to the Project Management Body of Knowledge (PMBOK Guide). Newtown Square, Pa: Project Management Institute, 2013.