Risk is an integral part of every project. Some project risks inevitably become problem areas. For example, you may be working on a project while on vacation and need to plan your project schedule accordingly. However, there are many risks associated with any particular project, and without a risk assessment and risk mitigation strategy, it can create unwanted surprises for you and your project management team.
This is where a risk management plan comes in to mitigate risk before it becomes a problem. But first, what is risk management?
What is Risk Management?
Risk Management is the branch of project management that deals with managing potential project risks. Risk management is arguably one of the most important aspects of project management.
The individuals involved in Planning Risk Management include:
- Project Manager
- Sponsor
- Team
- Customer
- Other Stakeholders
- Experts
Risk Management process consists of the following main steps:
Identifying Risks:
The first step in managing project risk is identifying risks. Data sources such as information from previous projects and input from subject matter experts should be used to assess potential risks that could affect the project.
Risk Assessment:
Once project risks have been identified, they should be prioritized in terms of likelihood and magnitude of impact.
Risk Mitigation:
Now is the time to create a contingency plan that includes risk mitigation actions to manage project risk. You should also define team members who will be risk owners, who will be responsible for monitoring and controlling the risk.
Risk Monitoring:
Risks should be monitored and managed throughout the project life cycle.
If the threshold risk condition is met, the entire project may be at risk. Also, there is usually not just one risk per project. There are many risk categories that require evaluation and discussion with stakeholders.
Components of a Project Risk Management Plan
The following components are components of a detailed
Risk management plan.
Define how the identified risks will be managed and how they will be categorized, analyzed and managed.
Please also outline the formula for determining the risk rating: high, medium, or low.
Risk Identification
This process gathers risks using the methods described in the Risk Management Plan.
- Document Review
- Information Gathering Techniques
- Interviews
Document review examines records from past projects that inform potential risks. Documentation can include lessons learned, risk notes, problem logs, project files, and more.
Information gathering techniques involve dialogue with various stakeholders to determine risk. They ask experts to list as many risks as possible. This technique includes brainstorming and the Delphi technique. The Delphi method is an anonymous survey that helps obtain responses from experts who are reluctant to speak up.
Repeat this process until you get the final result. Then put them together and check your answers.
You speak to a busy and important stakeholder in an interview with a team member. Team members record these conversations by asking pre-selected questions during conversations.
Analyze Risks​
Once the risks have been identified, analyze the risks using qualitative and/or quantitative methods.
You should always do a qualitative risk analysis. However, quantitative risk analysis is optional and most likely performed on large and complex projects.
Determine and prioritize the likelihood and impact of each risk here. After completing the qualitative risk analysis review, proceed to the quantitative risk analysis review.
Quantitative risk analysis numerically analyzes risks and their impact on project objectives.
The Expected Monetary Value (EMV) method is a quantitative risk analysis technique. Here we calculate the EMC of each option and choose the best option. EMV helps determine precautionary reserves used to manage identified risks.
Control reserves are used to manage unidentified risks. Administrators can define this reserve and set it as a percentage of the project cost. For example, 5% or 10% of the project cost. The use of administrative contingencies must be approved by the project manager.
Monte Carlo simulations offer the opportunity to complete projects under a variety of conditions. This technique can be run on cost, schedule, or other project objectives and provides a graphical representation of the project’s objectives and likelihood of completion under various conditions.
For example, if you run a Monte Carlo simulation for schedule analysis, you find that the project has an 80% chance of completing in 24 months and a 90% chance of completing in 26 months.
Plan Risk Response
After the risks have been collected and identified, create a risk response plan. This plan outlines the actions that should be taken when the identified risks occur.
Risk can be positive or negative, and strategies for negative and positive risks are different.
Positive risks are called opportunities and negative risks are called threats. A risk treatment plan aims to reduce the likelihood or impact of negative risks and increase the likelihood or benefits of positive risks.
Assign a risk owner to each risk. They are responsible for monitoring risks and implementing risk response plans when risks arise.
Strategies for Addressing Negative Risks:
The following strategies can be used to manage negative risks:
Mitigation: Attempt to reduce the likelihood of a risk occurring or its impact.
Avoid: To eliminate the threat or its effects, we take steps such as: B. Changes to the Project Management Plan.
Transfers: Transferring Risks to Third Parties. Example: Insurance.
Delegate: Delegate responsibility for risk management to senior management.
Accept: Acknowledge and document the risk, but take no action to mitigate the risk or its impact.
Escalate: Risk management is beyond your ability, ask your manager to manage the risk.
Positive Risk Response Strategies
The following strategies can be used to manage positive risk.
Enhancement: Attempts to increase the likelihood of an opportunity or its impact.
Exploit: Do whatever it takes to realize the opportunity.
Sharing: If you can’t realize an opportunity yourself, ask someone else to share it.
Escalate: Delegate responsibility for risk management to senior management.
Accept: acknowledge and document the opportunity, but do nothing to make it happen.
Escalate: Risk management is beyond your ability, ask your manager to manage the risk.
Attempt Quiz-2 on Plan Communication Management Process
Don’t Miss the 1000+ MCQ questions & hundreds of quizzes on PMP Knowledge Areas and Various important sections.Â
Risk Monitoring and Control
We closely monitor these risks as soon as the project is started, control them when they occur, and enter the results into the risk register.
The risk management plan has a risk event tracking and reporting system. It helps project managers analyze the effectiveness of risk management plans and record lessons learned for future risk events.
Project Risk Management Plan Outputs:
- Methodology: Processes for implementing risk management are defined
- Roles and Responsibilities: People Involved Are Identified
- Budgeting: Cost of Risk management is determined
- Timing: Establishing When to Start the Risk Management Process
- Risk Categories
- Probability and Impact Definitions
- Probability and Impact Matrix
- Reports, Records and Audits
FInal Take Away from Project Risk Management Plan
The project risk management plan is a subplan of the project management plan. A successful project depends on a risk management plan. A solid plan will help you complete the project within the approved schedule and budget. You need to be proactive when managing risk, so get professional help in creating a risk response plan.
