Project managers must identify and record risks in a way that it generates value for the project and business. This article explains how this can be done by defining risks initially then following a consistent format, adopting multiple tools and techniques, engaging appropriate stakeholders to identify risks and maintaining a central risk repository.
Let’s first look at the definition of the Risk. As per the dictionary risk is the possibility of a negative event or probability of a negative occurrence caused by internal or external vulnerabilities. If we carefully look into this definition, it only terms risk as a negative occurrence or event, whereas according to the definition in the Project Management Body of Knowledge, Risk is an uncertain event or condition that, if occurs, has a positive or negative effect on a project’s objectives.
So, there is uncertainty and there are threats plus there are also opportunities.
Hence, as a project manager it is crucial to not neglect the opportunities, which would be a very powerful way of achieving project’s objectives.
When talking about risks, one must not forget the stakeholders as they play a very crucial role in risk identification or analysis. And it is important that all the project stakeholders are on the same page when it comes to understanding the definition of risk.
When you’ve knowledge of any risks, then you should note them down. You may ask if there’s a specific format one should follow when it comes to noting down risks. How to take note of risks? Every project manager may have his own way of doing this. But it is recommended to note down the risks in a consistent format. A very simple format may be to note down the Cause Risk Effect/Impact OR If Occurrence then Consequence.
A typical example of a risk statement can be as below:
|Unavailability of design resource||Design would be delayed||Prolonged Schedule, Late Submission|
|Lack of user involvement in collection requirements process||Incomplete or Inaccurate Scope/requirements||Incomplete deliverables, Rework and Increased activity time|
|Early material delivery||No warehouse or storage space||Material storage in open area can cause quality damage or increased costs due to extra space for material storage|
It is to be noted that the cause and effects are not risks, rather risks are the events or conditions that are uncertain (may or may not occur). If a cause is uncertain then it may lead to another risk. In case of the impact, one should drill down into details until the root cause (actual reason that gives rise to the risk) is known.
Now that risks are being noted down in a consistent manner, you may ask what tools to be used to manage these risks. Is a single tool enough or do you require multiple tools and techniques to manage risks? It would be good to let you know that risk identification and analysis happens throughout the project. So, to think that one meeting or a single brainstorm session would be enough to identify, analyse or manage the risks, would be a mistake.
Guide to Project Management Body of Knowledge (6th ed) suggests the following tools and techniques to identify risks.
How about using the root-cause analysis to uncover the hidden cause of your threats and opportunities! Or the SWOT analysis can be of help of determine the Strengths, Weaknesses, Opportunities and Threats.
You can perform the assumption analysis to test your assumptions and the constraint analysis to identify limitations in order to overcome them.
Finally, a prompt list (pre-set list of risk categories) should be considered. For instance, you could facilitate a meeting with your stakeholders to identify risks pertaining to your project scope, schedule, cost and quality.
It is the job of a smart project manager to include right stakeholders to identify project risks, rather than doing all alone which is inappropriate. Focus on the term ‘right’, if the stakeholders involved aren’t the right ones, then you’ll most likely miss some of the most substantial risks. It is your jobs as the project manager to make sure you get the subject matter experts to help you identify risks on your project.
And to know WHO to engage, you must already know this whilst you’re in the project initiation phase, as that is the time when stakeholders are identified. So, if you’ve done the stakeholder analysis in the right time, then you’ll already know the individuals, groups and organizations who could impact your project. If you need any kind of help related to project management at any phase during the project lifecycle, please feel free to contact us at firstname.lastname@example.org and we’ll be pleased to be at your service.
When Identifying stakeholders, remember that anyone who may impact your project or may be impacted by your project, becomes a stakeholder on your project. And by this, I mean, even the people or groups or establishments outside your organization.
Always review your stakeholder register, every time you plan for a risk identification meeting and engage the suitable stakeholders.
It is not right to look only for the obvious risks on your project, rather you should also look around the corners to figure out the potential risks. To get a better idea of this, assume that you want to buy a home and before considering you’d want to inspect the home, you or your home inspector would check every area of the house, in every corner, performing a thorough inspection of every room and all the electrical/mechanical systems. Similarly, you need to take a universal approach to risk management. Scanning for potential risks can essentially save you time and cost on your project.
This can also be done by analysing risks more deeply, through perform quantitative risk analysis and perform qualitative risk analysis for quantified risks to realise the level of impact, and then you can calculate the financial impact of the risk. Should you need consultation or support with risk identification, analysis and management, do not hesitate to mail us at email@example.com
Once the risks are identified, you should record all your risks in a risk register. It is highly recommended that you store all your risk-related data in one place.
You many now ask what exactly goes into the risk register? Generally, the risk register includes:
a. Risk ID
b. Risk Category
c. Risk Statement
d. Risk Trigger
e. Risk Score
f. Risk Probability
g. Risk Impact
h. Risk Owner
i. Risk Response Plan
j. Response Strategy (exploit or mitigate for example)
k. Risk Trend
l. Residual Risks
As mentioned earlier, risk identification is not a one-time task, rather it starts during project initiation, reviewed periodically and updated for existing current risks or newly identified risks.
Risks cannot be managed until first identified, thus the information presented in this article now gives you a kick start to begin with.
1. Risk Definition
3. Risk Identification Tools & Techniques (RITT)
4. Stakeholder Engagement
5. Scanning for Potential Risks
6. Recording Project Risks
All this will help you reduce the uncertainty (it can never be eliminated completely), lessen the mistakes and provide a constructive approach to tackle with your project risks.
So, what are you waiting for? Start incorporating one or more of these steps in your projects and as you move on take additional steps to better identify your project risks.