Risk is effect of uncertainty on objectives, and an effect is positive or negative deviation from what is expected (ISO31000). As per Project Management Body of Knowledge (PMBOK), individual project risk is an uncertain event or condition that, if it occurs, has positive or negative effect on one of more project objectives. Overall Project risk is the effect of uncertainty on the project as a whole, arising from all sources of uncertainty, including individual project risks, representing the exposure of stakeholders to the implications of variations in project outcome, both positive or negative.
Risk is integral part of any project. Risk is often looked at in negative sense. Risk has both positive and negative side. Following figure gives a perfect definition of Risk.
Risk will have element of Uncertainty and likelihood. Risk once happens becomes an “issue” which will have consequences and impact on objectives. Risk is associated with future event which has not happened yet.
Project Risk Management is the process of identifying, evaluating, and planning responses to events, both positive and negative, that might occur throughout the project life cycle. The objective is to increase probability and or impact of positive risks and decrease the probability and or impact of negative risks, in order to optimise the chances of project success. It is depicted in following picture..
The Benefit of Risk Management Process is
- Better Decision Making Throughout the Project Life Cycle
- Fewer Surprises
- Effective use of resources
- Reassuring Project Stakeholder by increasing the likelihood of project success.
As per PMBOK , there are 7 processes in risk Management. These are given in figure below.
- Plan Risk Management – This is a process which gives a direction and approach on how to conduct a risk management on a project. This is a guiding document which is very important to create at the start of the project. This must be specific to the project.
- Identify Risk -We have to know what our risks are. Some of the best practices refer to the importance of identifying risks at an early stage. This gives higher chance for the project manager to analyse and plan for the possible mitigation techniques. One of the important output document called risk register helps in keeping track of the risks. This is dynamic document which must be updated on periodic basis. The example of risk register is given below. Without risk register the risk management will be futile exercise. There are lot of tools and techniques like data gathering, data analysis, hiring an expert, prompt list ( For Example VUCA- Risks are categorized in terms of Volatility, Uncertainty, Complexity & Ambiguity)..
3. Risk Analysis: This is very important process in Risk Management. It is important to take intelligent risks and it is not possible without proper analysis. There are two types of Analysis of Risk.
- Qualitative Risk Analysis: This is subjective type and mostly done in the early stage of the project when the information is not available in detail. This is quick and less costly.
- Quantitative Risk Analysis: This is a detailed analysis which require a lot of time. It is based on analytics and generally done when more information is available. “Expected Monetary Value” ( EMV) is very important tool and technique which can be used.
Based on above the risks can be plotted on Probability vs Impact grid as give below.
4. Plan Risk Response: Based on Risk Analysis, it is important to get prepared with right responses to deal with the risk if it happens on the project. Instead of looking for mitigation plan later and engaging in firefighting it is important to be ready to deal with it in advance. There are various types of response which can be planned based on the type of risks . Some of them are given in the figure below.
5. Implement Risk Response: It is the processof implementing the consensus risk response plans identified in plan risk management and identify risks processes during the project timeline. The benefits of carrying this process are halt risk threats, maximize project effectiveness, and proactively deal with anticipated risks. This is actual action time to execute effectively the risk response strategies.
6. Monitor Risk: After the issue is well under control, it is important to perform a post action analysis to see what was done well, what could have improved and if there are residual risks (or even new risks). Implementing risk response is not the end. It is important to see effectives of risk response implementation.
There are four elements which are given in figure below.
Risk Management process if implemented well on a project can have very good impact on project Success. This is not a static process as the project goes through different situations and challenges at each stage. It is important to visualize and get prepared well in advance to deal with risks which may occur on project.
“Risk Management is not the same as worrying about your project”_ Tom Demarco