Friday 19 April 2019

Project Risk management process

What is a risk management process?

A Risk Management Process is a method by which risks to the project (e.g. to the scope, deliverables, timescales or resources) are formally identified, quantified and managed during the execution of the project. The process entails completing a number of actions to reduce the likelihood of occurrence and the severity of impact of each risk.

A Risk Management Process is used to ensure that every risk is formally:
  1. Identified
  2. Quantified
  3. Monitored
  4. Avoided, transferred or mitigated.

When to use a risk management process

Although the Risk Management Process is undertaken during the ‘Execution’ phase of the project (i.e. the phase within which the deliverables are produced), project risks may be identified at any stage of the project life cycle. In theory, any risk identified during the life of the project will need to be formally managed as part of the Risk Management Process. Without a formal Risk Management Process in place the objective of delivering a solution within ‘time, cost and quality’ may be compromised.

The Risk Management Process is terminated only when the Execution phase of the project is completed (i.e. just prior to Project Closure).

How to use this template?

This document provides a guide on the topics usually included in a Risk Management Process. Sections may be added, removed or redefined at your leisure to meet your particular business circumstance.  Example tables, diagrams and charts have been added (where suitable) to provide further guidance on how to complete each relevant section.

Risk Process

Provide an overview of the Risk Management Process. For example:

"The Risk Management Process is undertaken to ensure that each risk identified within the project environment is documented, escalated and mitigated as appropriate.  Risks are defined as ‘any event which is likely to adversely affect the ability of the project to achieve the defined objectives’."

Risk Management will be undertaken on this project through the implementation of five key processes:
  1. Identification of risks are associated with project
  2. Logging and prioritizing of project risks
  3. The identification of risk mitigating actions
  4. Assignment and monitoring of risk mitigating actions
  5. The closure of project risks.

The following diagram provides an overview of the risk processes and procedures to be undertaken to effectively manage project-related risks. Risk Roles have also been identified.”

Raise Risk

This process provides the ability for any member of the project team to raise a project-related risk.  The following procedures are undertaken:

  • Risk Originator identifies a risk applicable to a particular aspect of the project (e.g. scope, deliverables, timescales or resources)
  • The risk Originator completes a Risk Form and distributes the form to the Project Manager.

A risk form can also be an email communication or an online registration of a risk.

Register risk

The Project Manager reviews all risks raised and determines whether or not each risk identified is applicable to the project. This decision will be primarily based upon whether or not the risk impacts on the:
  • Deliverable specified in the Deliverables Register
  • Quality targets specified in the Quality Plan
  • Delivery targets specified in the Project Plan
  • Resource targets specified in the Resource Plan
  • Financial targets specified in the Financial Plan.

If the risk is considered by the Project Manager to be ‘related to the project’, then a formal risk is raised in the Risk Register and a Risk ID assigned. The Project Manager will assign the level of ‘impact’ and ‘likelihood’ based upon the risk's severity.

The Project Review Group then complete a formal review of each risk listed in the Risk Register and decide (based upon the risk ‘impact’ and ‘likelihood’) whether or not to:
  • Close the risk in the Risk Register if there are no outstanding risk actions and the risk is no longer likely to impact on the project.
  • Raise a change request if a change to the project is required to mitigate the risk
  • Assign risk actions to mitigate the risk.

Implement risk actions

The risk mitigating actions assigned by the Project Review Group are then implemented. These may include:

  • Scheduling each action for implementation
  • Implementing each action scheduled
  • Reviewing the success of each action implemented
  • Communicating the success of each action implemented.

Risk Roles

Define the roles and responsibilities for all human resources (both internal and external to the project) involved with the identification, review and mitigation of risks within the project. An example follows:

Risk Originator

The Risk Originator identifies the risk and formally communicates the risk to the Project Manager. The Risk Originator is responsible for:
  • Identifying the risk within the project
  • Documenting the risk (by completing a Risk Form)
  • Submitting the Risk Form to the Project Manager for review.

Project Manager

The Project Manager receives each Risk Form and records and monitors the progress of all risks within the project. The Project Manager is responsible for:
  • Receiving all Risk Forms and identifying whether the risk is appropriate to the project
  • Recording all risks in the Risk Register
  • Presenting all risks to the Project Review Group
  • Communicating all decisions made by the Project Review Group
  • Monitoring the progress of all risk mitigating actions assigned.

Project review group

The Project Review Group confirm the Risk ‘likelihood’ and ‘impact’ and assign risk mitigating actions where appropriate. The Project Review Group is responsible for:

  • The regular review of all risks recorded in the Risk Register
  • Identifying change requests required to mitigate risks raised
  • Allocating risk mitigating actions
  • Closing risks which are no longer likely to impact on the project.

Project Team

The Project Team undertake all risk mitigating actions delegated by the Project Review Group.

Risk Documents

List any other documentation used to identify, track and control risks to the project.

Risk Register

The ‘Risk Register’ is the log / database where all risks are registered and tracked through to closure. Insert a template for the Risk Register here to show how risks will be recorded and monitored on this project. (NB Refer to the ‘Risk Register' for a complete example or refer to the online Risk list).

Project Risk Register template

Project Risk Register template

No comments:

Post a Comment