Risk is something that is likely to occur in a project and can have its positive or negative impact on the entire project. Project risk management helps the project managers to identify and manage the significant risks associated with a project. It is very necessary to implement risk management in a project management for reducing the risk factors or combating them effectively.
Risk management involves identification, assessment, and prioritisation of risks in the project and then minimise, monitor and control the probability of risk through effective assessment, coordination and economic application of available resources.
The major objectives of the project risk management process are to:
Characteristics of an effective project risk management within an organization:
Project risk management is an integration of four phases also referred as risk management plan. The four aspects are:
This is the initial phase of risk management in which the risks concerned with the project are identified. The most suitable method for identifying risk is a workshop with business and IT people. In addition to that, a combination of brainstorming and reviewing of standard risk lists can be quite beneficial.
The type of risk depends upon the type of project and varies from project to project. The most common types of risks involved in a project management are:
This is the risk associated with the business aspect and are best handled by the business. Most commonly the business uses a contingency approach to manage such types of risks.
These are the most common type of risks involves almost in all projects. This may include the unavailability of requirements or absence of business users. Every organisation develops some standard responses to such type of generic risks.
Risks can be defined in two parts. The first includes the cause of the risk such as vendor not meeting the deadline, business users not available, unavailability of raw materials etc. and the second part defines the impact of the risks that may occur. The impacts may be increase in budget, the set goal may not be achieved and many others.
Risk quantification involves the measurement of risk in two dimensions. In this phase the impact of risk need is accessed along with the probability of risk occurring needs. The priority is established using a matrix that is rated on a scale of 1 to 4. The larger will be the number, the more will be the impact or probability.
It is to be noted that, if the probability is high, the impact will be low and if the impact is low than the risk will be medium.
There are basically four things that can be done for managing risk. These are called risk response. The strategies that can be used for risk control are:
Avoid the risk:
The initial phase is to avoid or remove the risk before occurring by implementing some effective measures.
Transfer the risk:
Transfer the risk to some other party to avoid the sufferings involved due to the risk. For example, make the vendors responsible for the most risky part of the project.
Mitigate the risk:
Another thing that can be done is to reduce the chance of the risk and lessen the impact of the risk by taking necessary actions.
Accept the risk:
This is done when the risk is too small and the efforts to avoid it may not be worth in comparison to the impact of the risk. In such cases the risk can be accepted.
An effective risk response plan should include the list of strategy and action to be taken in order to form the strategy for fighting the risk. The actions should include what needs to be done, who is doing it, and when it should be accomplished.
This is the final stage of risk management that involves the continuous monitoring of the risk to find any changes in the current status and act accordingly. In addition to that, this involves regular risk reviews, risk probability, identify and impact of risk. This helps in removing or mitigating the risk and impact of risk and also in identifying new risks.