Project Risk Management

Project Risk Management - The Step By Step Guide

Cora’s Project Risk Management Guide – 7 steps to success

Project Risk Management is the identification, evaluation, and prioritization of risks that may impact the delivery of your project.

Risk is something that is inevitable in all projects, big or small, making it an important issue for any project manager to be aware of. Although there is risk attached to all projects, it can become a huge problem if it is not identified and overcome in a timely fashion. If risks are not identified in time, it may have a knock-on effect on the timeline of the project, the allocated budget or even the overall delivery!

This blog post aims to help new project managers identify potential risks in their projects from the very beginning, ultimately reducing the chances of project failure.

A compiled list of risks can be a huge help to a project manager when beginning a project allowing them to identify possible risks with a greater degree of accuracy. This list can be compiled from risks that other project managers have come up against along with a number of pre-existing risks that will always be related to that particular project type.
PMBOK by the Project Management Institute states: “risk management is one of 10 knowledge areas in which a project manager must be competent”. It defines project risk as an “uncertain event” that has the ability to alter the outcome of a project in either a positive or negative way.

Project Risk Identification then is referred to by Mitre as the process of determining the risks that could affect the project, program or even the enterprise from achieving the objectives set out. They also note that properly documenting and communicating the risk is included at this stage.

7 Risk Management Process Steps

Below is a step-by-step guide that a project manager can follow to identify and eliminate risks in any type of project.

1) Integrate Risk Management with Project Management

This is a focal starting point. When beginning to manage a project, you must accept that risk management plays an important role.  Project managers often fail in this area if they believe there is no risk to their project. Every project has potential risks. Risk management should be an integral part of any project and should be discussed in all team meetings.

2) Identify Risks as Early as Possible

This is the first step in properly integrating project risk management and quite possibly the most important. If this step is not completed in detail at the start, then we cannot follow through the rest of the steps accurately. This step involves a through scan to detect risks or potential risks that exist in your project. A good approach for identifying these risks would be through scenario planning. If you map out different scenarios on routes the project may take, you can evaluate risks for each of these. Experience from your peers on risks identified from other similar projects is invaluable and should be sought before going any further. External sources may also give you some potential risks that you may not even have considered. Brainstorming can be a very effective method for identifying risks in a project as it can spur a lot more in-depth thought than any one-on-one conversation could.

3) Communication

In order to keep up to date with new and developing risks, communication among the team is vital. To facilitate this communication, it must be easy for all members of the team to bring up their concerns in a scheduled way. This would possibly be done by including risk management as an important item on the agenda for all team meetings. Often members of the project team may be aware of risks that the project manager does not know about, making poor communication a detrimental part of project risk management!

4) Organise Logically

All risks should be organised in terms of priority, meaning that those with the ability to derail the project have the highest priority and should be considered before the others. Ideally a project manager would like to be able to treat all risks in this category; however, often due to time constraints, this may not be possible. Once all risks are laid out in this order, members of the team should be given ownership status over each to oversee that it is being dealt with correctly.

5) Analyse Risks

The next step in the process is to analyse the risks. In order to respond effectively to a risk, you must understand it by researching it thoroughly. When risks are analysed at an individual level, all effects can then be merged to show the overall effects on a project. Looking at the time and cost implications of a potential risk on a project is extremely important here as it will give a true reflection of the proposed impact.

6) Risk Responses

Now you have identified and researched the potential risks to your project, what’s next? There is no point in knowing about the risks if you don’t have a plan in place to deal with them if and when they arise. This is where risk responses come into play. In general, at top-level, there are three responses to a risk: avoidance, minimisation and acceptance. Risk avoidance involves altering your project in such a way that a particular risk is not an issue any longer. This can often be a costly response and may leave the project vulnerable to other threats. Risk minimisation involves attempting to alter the causes of a particular risk or altering its impact on the project, aiming to make it irrelevant to the outcome. Risk acceptance then involves accepting the effects of a particular risk. This may be an option for minimal risks where the bottom line of the project will not be affected.

7) Register and Track Risks

Maintaining a risk register allows a top-level overview of all risks related to a project to be accessed easily, making it easy to track progress and ensure that all risk owners are following up correctly. ProjectVision, Cora’s project management software, allows risks to be analysed by their effects on the project and displayed on a RAG (red, amber, green) status report, showing visually the number of risks from red to green in regard to their significance. Each risk can then be looked at in detail by clicking through to it. A risk register means there is always visibility as to what is happening so that the risk doesn’t cause the project to fail in the background. The project manager should then track risks on a daily basis as changes can creep up on the short term. The PM is likely to evaluate which risks are most likely to happen as part of this process.

The above points should give you a general work plan on areas to focus on when dealing with project risk management; however, this is a learning curve and improvements can always be made to your process!

Find Out More

Project Risk Management and Project Reporting is a key part of the functionality of Cora PPM. To see how we can help you identify, evaluate and prioritize risks within your projects why not watch an overview of the platform here: