Project Risk Management

Knowledge AreaInitiatingPlanningExecutingMonitoring & ControllingClosing
Risk ManagementPlan Risk mgmt; Identify RisksTake Risk Mgmt ActionsManage Risks

Project Risk: “It is an uncertain event or condition that, if it occurs, has a positive or negative effect on at least one project objective such as cost, time, scope, quality.”

Reflect: What is the difference between Risks and Issues?

Typical sources of risks

Risk Identification Approaches

  • Review of Project Documents (including assumptions)
  • Referring Learning from previous projects
  • Stakeholders’ inputs: Gather these through Brainstorming and Interviewing
  • Create and use a Risk Identification Checklist. This is a structured approach to identify risks category-wise. Keep updating this checklist on an ongoing basis.

Reflect: When do we need to identify risks? Is it an one time activity?

Quantitative approach to prioritize risks

Risks are prioritized based on the risk exposure. Risk exposure is the product of probability of occurrence of the risk and the impact of the risk if it occurs. The impact can be quantified in one unit Eg. Cost. The sum of the risk exposure of all risks is the total risk exposure for the project. Based on the organization’s appetite to take risks, the thresholds of risk exposure for categorizing the risks are decided. Risks are then mapped into these categories and managed.

Risk Management Strategies for Threats

  • Threats are risks with negative impact for the project/organization. The following are the risk management strategies for Threats.
  • Mitigate: Reduce the probability of occurrence and/or impact of the risk if it does occur to an acceptable threshold (Mitigation Actions)
  • Avoid: Reduce the probability of occurrence to near zero
  • Transfer: Shift the negative impact of the threat to some other third party.
  • Accept: Accept the risk and provide for managing impact through Reserves (Contingency Actions)

Risk Management Strategies for Opportunities

  • Enhance: Increase the probability of occurrence and/or positive benefit of the risk if it does occur
  • Exploit: Increase the probability of occurrence to near one – ensure that the benefit of the opportunity is realized
  • Share: Share the opportunity (risk) with third party.
  • Accept: Accept the opportunity without actively pursuing it

Few illustrative risk statements in IT projects

  • There is a high probability of misalignment between stakeholders regarding project goals, leading to conflicts, delays, and potential project failure.
  • There is a moderate probability that the chosen technology stack may become outdated during the project lifecycle, impacting system maintainability and increasing future upgrade costs.

References

Project Management Body Of Knowledge PMBOK®