Risk management is an inevitable part of any project, business or organization. It is not just a technique to manage risks. It is a technique to unseal business benefits. By following risk management, you will make the project overcome potential threats, fall within the budget plan and get it delivered on schedule. Moreover, it puts your project team at ease. They can concentrate on their task instead of thinning away the focus on risks. Here is an all-inclusive set of project based risk-management principles. It has been compiled from my personal inferences as a project risk management consultant and a full-fledged research on the extensive content available on the subject.

Risk management has to be considered as part of the project and not a separate entity, this is one of the major mistakes committed by businesses. People believe risk management processes can run on their own and shield the organization from all disasters. Well, it is a complete misconception that either a risk management process or project can exist on its own. They rather work collaboratively, unless the project joins forces with the risk management team, you won’t be able to extract the benefits out of it fully. Risk management has to be initiated as a day-to-day approach and at later stages, embraced into the work culture.

  • The First Step is Risk Identification -

The earlier we identify risks, the better it is for the project. You can start by looking at the past risks of a company, investigating the events and documents and inferring information from people. Employees who have experience and expertise in the workspace will have quite a few risk incidents and unaddressed threats. Sit with them and you can find exposure to new risks as well as opportunities. Inspection of documents can be quite monotonous. A person who is skilled to decipher a project risk can expose many of them. And of course, risks and risk consequences from the past are easy to identify.

  • Spread Awareness about Risks -

Risk is a relatively known concept, but the approach towards a solution is not understood correctly, even to people occupying top positions. Risk communication is a necessary step to identify risks in the first place. Most of the time, projects that failed due to unidentified risks had a couple of resources braced with hindsight about them. Hence, being familiar to what risks are and defining a procedure to communicate them can be extremely helpful for risk identification. Encourage employees to focus on individual tasks and project-related risks, and introduce risk communication as a part of their regular activities.

  • Risk Analysis – Learning the Cause-and-effect Scenario -

Understanding risk characteristics is essential before taking measures to mitigate them. You can start by looking at the cause and effects of risks. List out the actions or events that lead to the possibility of risk occurrence. Controlling such events can reduce exposure and at times prevent risks. Look at the impact and the intensity of the impact when a risk occurs. Analyze if the risk occurrence can lead to additional negative consequences. It is also important to analyze the historical consequence of the same risk.

  • Allot and Define Risk Ownership -

Your responsibility doesn’t end with identifying risks. The next step is to identify the owners who should take responsibility for the risks. A risk’s owner should be vigilant about its occurrence and develop ways to efficiently and effectively mitigate the risk for the project. The risk and the risk effects need to be defined comprehensively for the risk owner.

  • Rank the Project Risks -

A risk has to be prioritized according to the fierceness of its impact and probability of occurrence. The impact can be based on the measurement of resulting losses and their types (resource, asset or finance related). Risks at the top of the priority list should be analyzed in depth to create effective risk plans. All risks needn’t be considered with the same gravity, as some have very little effect. You need to productively assign your time and resources for critical risks.

  • Planning & Executing of Risk Responses -

This is the part where you develop methods and techniques to deal with risks.
There are four ways to mitigate risks (The 4 T’s);

  • Treat the risks (Risk control)-

This is the most used technique. People make maximum use of risk analysis to treat a risk. The focus of the approach is on the causes and effects of risk occurrence.

Terminate the Risk: Avoiding a certain product or service all together. Restructure the process or risk events in such a way that you totally get rid of the particular risk. This technique is only available in few cases and should not be used before studying the business consequences carefully.

  • Tolerate the Risk-

When the cost of mitigating the risk exceeds the loss resulting from that risk, you would simply accept the risk.

The set of actions adopted to treat risks are called risk responses. Honestly, it is easier to script risk responses than execute them. This is when leadership skills and work culture drive the team members to accept risk management recommendations.

  • Register and Track Your Risks -

Document your project risks.  A risk register helps to not miss out on any risk (especially if the numbers are too many). An efficient risk register would contain and clearly communicate these – risk descriptions, risk owners, risk causes and risk effects. It is a document that helps project managers determine when, where, how and what are the things that can go wrong negatively impacting the project objectives.

It should also contain the application of risk responses and the risk status. Risk events should also be tracked and registered. They should be analyzed to ensure proper action is taken for the risk not to occur again. With all the variables involved and the need to continuously monitor and update the status of risks, it is necessary to rely on an electronic register (a system) and not to do it manually.

About The Author:-
Mohammed Nasser Barakat– Consultancy Director at CAREweb Corporate Governance Consultancy offering Governance, Risk & Compliance (GRC) software used by the well known global business organizations. Nasser is Certified Control and Risk Self Assessment Practitioner (CCSA) and has 8 years experience in  Internal audit solutions,  Risk Management  and consultancy.

Categories:

0 comments: