Project Management and PRINCE2

Project
Management

Welcome

Project Basics

Project Planning

Project Business Case

Project Risk

Project Management - Risk

All projects involve risks. The absence or presence of risks is not an issue - it is just how many risks are there for this project and how serious are they.

One of the pillars of successful project management is effective management of risk.

Risk may be defined as "uncertainty of outcome". Events that have not happened, may never happen but could happen and would have an impact on your project.

By definition risks involve uncertainty - nobody can predict the future.

The first key thing is to have an open, honest and realistic approach. Avoid at all costs the "don't tell me the bad news I only want good news" approach adopted by some managers. Risks exist - period. They cannot simply be ignored.

Obviously projects vary in their risk profile, with some relatively low and some very high. It just depends on what you are doing.

Risk management can be broken down into a series of common sense steps:

Identify the risks and log them
Analyse each risk
Identify possible countermeasures
Weigh up countermeasures and costs against risk
Select appropriate countermeasures (for now)
Implement countermeasures and re-plan accordingly
Keep risks under regular review
Update risks and countermeasures as needed

Identify Risks

What the risks are depends on the nature of the project, the business organisation and the business environment.

Various techniques might be used such as brainstorming, industry standard checklists, lessons learned from previous projects, specialist knowledge of individuals and just common sense.

Risks should be recorded in a Risk Log or Risk Register.

Content of a Risk Log Entry:

Reference Number
Risk Type
Source & Owner
Description
Likelihood
Impact
Proximity
Countermeasures
Status
Date Identified
Date of last review

Analyse Risks

The risk should be analysed and described in as much detail as needed.

Likelihood and Impact can the be assessed as two separate factors.
A default for this might be High, Medium or Low.
Some organisations use a "traffic lights" or "RAG" system of Red, Amber, Green.
Others use a scale of 1-5 or 1-10 for more precision.

Some risks, but not all, have a Proximity associated with them - they may come into effect on a given date and close after a given date.

An owner should be identified - the person best placed to keep an eye on the risk. This might be the Project Manager, a Project Board member or somebody else on the project team.

Countermeasures

Possible actions should be identified. Exactly what these are will naturally depend on the risk. Broadly countermeasures may be classified as either prevention, reduction, transfer, acceptance or contingency.

Most countermeasures involve a cost, so this must be weighed up against the nature and severity of the risk.

A decision can then be made on appropriate measures for now, and these can be implemented. This is likely to involve re-planning in terms of cost, timescales, products and resources.

Risk Review

By their very nature risks are dynamic - they can change literally overnight. Because of this they need to be kept under regular review, both during a project stage and at end stage reviews.

Countermeasures can then be adjusted accordingly.

In some cases a project may even be closed if overall risk has risen to an unacceptable level.

Exercise - Project Risk

Either for a project you are currently working on, or for the London Olympics 2012:

Identify 10 - 15 key risks.

Document 2 or 3 of them in more detail, using the Risk Log Entry template above.

For more information about courses and consultancy contact:
Steve McIntosh on 01736 797122 or 07976 519757

Project Management Books