Definition

Vulnerabilities caused by external or internal factors are more likely to cause damage, liability, loss, or any other negative outcome.

Risks exist in every project, some will disappear, some will become problems that will require attention to be fixed, and some will become crises that will threaten the project. Risks have become problems when they materialize.

The six sub processes of risk management are as follows:

1. Identify Risk and create a register of risks

2. Assess and evaluate risks

3. Engage all stakeholders to gain insight, expertise to help identify triggers propose preventative measures.

4. Solution Ideas includes preventative measures. Plan B.

5. Develop your plan

6. Review and monitor your progress

Risk Identification

• The following information is needed: deliverables, WBS, resource estimates, and team knowledge.

• Organise and prioritize risks based on their severity.

• In considering all aspects of the project, it is important to consider potential problems that may arise.

• A project may be at risk due to staffing issues, equipment failures, client problems, technology problems, delivery problems, or physical issues.

Risk Analysis

As described previously, after risks are identified and sorted by severity and likelihood, a list of key risks should be maintained in order, reviewed, and updated as the project moves forward, since some risks may pass and new ones may appear. In this way, no unexpected risks will remain.

Qualitative Risk Analysis (gathering of non-numerical data): This should take place early in the project to minimize the impact on scope, time, and cost.

Scenario analysis and Failure Mode and Effect Analysis are two methods for conducting Qualitative Risk Analysis.

Analyzing scenarios involves imagining possible outcomes that may affect the project and then identifying the resulting consequences. Stakeholders or parties outside of the project who have experience with similar projects can identify and evaluate these risks. By analyzing the project plan and the work breakdown structure (WBS) along with the PERT chart, highly probable risks, extremely serious risks, or highly vulnerable areas can be identified. In general, risk assessment involves gathering as much information as possible to make an accurate assessment of the risk. It is better to make an educated guess than to have no information at all.

FMEA is another method. Risk management is a structured approach to identifying, prioritizing, and managing risks. The following steps are followed:

• Write down all the ways the project could fail (before the product or service even exists)

• Assess the severity (S) of each failure and the consequences. The severity of a failure is rated on a ten-point scale, where 1 means that there is no effect and 10 means that there is severe and dangerous failure.

• Describe what might cause each failure and its occurence (O). An overall failure likelihood is ranked on a scale of 1 to 10, with 1 indicating a very low chance of failure and 10 indicating almost certain failure.

• Evaluate the likelihood of detecting each failure. Failures are ranked according to their detectability (D) using a ten-point system. Monitoring and control are more likely to detect failures at 1 than at 10, when they are not almost certain to detect failures at all.

• Multiply S by O by D to determine the Risk Priority Number

• As a last step, sort the potential failure list according to its RPNs and see if there are any ways to reduce the risk associated with failures that have a higher RPN.

Quantitative Risk Analysis

Measures the profit and length of each project. For instance, which project is quick, less risky, and more profitable. Budget estimates and their formulas are useful tools for estimating the budget. A less bad option can also be selected using game theory. There are many uses for this theory.

Risk Response Planning

It is usually up to the risk responder to decide which risks to prepare for and which to ignore and accept as potential threats.

An important part of preparing for a risk is creating a risk response plan.

1. Procurement – shift risks to other parties

2. Alternative strategies involve changes in approach

3. Insurance

4. Contingency planning – measures to take if a risk occurs
   

Risk control

Final point: keeping records of what risks were identified, how they were analyzed and how these were addressed, and what the results were are crucial to adjusting the current project as well as improving the systems in place for future projects.

Risk control tools:

• Remove Excuses - Understand expectations, communicate timetables, and communicate consequences.

• Demand Visibility - Set benchmarks and checkpoints. Establish a Communication Plan.

• Communicate effectively and avoid the spread of 'surprise' information.

• Prepare a fall back plan: "What if?" Be prepared with a backup plan.