6 February 2007

Risk Management 101: Manage a risk

Once risks are understood and prioritised for action the team needs to determine what sort of action is appropriate? Typical responses to risks are avoidance, transference, mitigation, and acceptance. Each of these responses has certain characteristics and is appropriate to certain types of risks.

Avoid the risk by removing the potential risk through taking precautionary measures, which at extremes can mean cancelling the project.

Usually this means insuring against a risk occurring, but can also include getting the business owner/sponsor to take accountability for the risk outside the scope of the project.

This means minimise the damage a risk can cause or reduce its likelihood of occurring (or both) through taking precautionary actions.

In cases where the risk is considered unworthy of effort to manage it can be accepted. This may occur in instances where the risk is so unlikely to occur as to not warrant attention, or where the impact is insignificant in the content of the business and project’s environment.

Whichever option you pick for your risks you should have a detailed action plan against the risk which includes

  • Who is responsible for managing the risk
  • What is going to be done to manage the risk
  • When are the major work activities to manage the risk going to start and end
  • How the risk will be managed as a result of this management plan – that is the planned outcomes of the risk management plan

For risks that require major bodies of work to be managed appropriately you should consider raising a change request and revising the project management plan to include new or modified work packages including this new work.

1 comment:

  1. Anonymous4:57 am

    You are glossing a little here...
    How do I know that the risk IS being managed? What work is being done to manage the risk? How will we know when the work on the risk is finished or sufficient? How will I see progress on the risk being managed?
    Also you haven't talked about "Inherent Risk" (ie, the probability and impact before any work is done on it to avoid or mitigate it) and residual risk (ie, what will be left after the work on it is completed/sufficient).
    Rob P