What is a risk management process?
A Risk Management Process is a method by which risks to the
project (e.g. to the scope, deliverables, timescales or resources) are formally
identified, quantified and managed during the execution of the project. The
process entails completing a number of actions to reduce the likelihood of
occurrence and the severity of impact of each risk.
A Risk Management Process is used to ensure that every risk
is formally:
- Identified
- Quantified
- Monitored
- Avoided, transferred or mitigated.
When to use a risk management process
Although the Risk Management Process is undertaken during
the ‘Execution’ phase of the project (i.e. the phase within which the
deliverables are produced), project risks may be identified at any stage of the
project life cycle. In theory, any risk identified during the life of the
project will need to be formally managed as part of the Risk Management
Process. Without a formal Risk Management Process in place the objective of delivering
a solution within ‘time, cost and quality’ may be compromised.
The Risk Management Process is terminated only when the
Execution phase of the project is completed (i.e. just prior to Project
Closure).
How to use this template?
This document provides a guide on the topics usually
included in a Risk Management Process. Sections may be added, removed or
redefined at your leisure to meet your particular business circumstance. Example tables, diagrams and charts have been
added (where suitable) to provide further guidance on how to complete each
relevant section.
Risk Process
Provide an overview of the Risk Management Process. For
example:
"The Risk Management Process is undertaken to ensure
that each risk identified within the project environment is documented,
escalated and mitigated as appropriate.
Risks are defined as ‘any event which is likely to adversely affect the
ability of the project to achieve the defined objectives’."
Risk Management will be undertaken on this project through
the implementation of five key processes:
- Identification of risks are associated with project
- Logging and prioritizing of project risks
- The identification of risk mitigating actions
- Assignment and monitoring of risk mitigating actions
- The closure of project risks.
The following diagram provides an overview of the risk
processes and procedures to be undertaken to effectively manage project-related
risks. Risk Roles have also been identified.”
Raise Risk
This process provides the ability for any member of the
project team to raise a project-related risk.
The following procedures are undertaken:
- Risk Originator identifies a risk applicable to a particular aspect of the project (e.g. scope, deliverables, timescales or resources)
- The risk Originator completes a Risk Form and distributes the form to the Project Manager.
A risk form can also be an email communication or an online
registration of a risk.
Register risk
The Project Manager reviews all risks raised and determines
whether or not each risk identified is applicable to the project. This decision
will be primarily based upon whether or not the risk impacts on the:
- Deliverable specified in the Deliverables Register
- Quality targets specified in the Quality Plan
- Delivery targets specified in the Project Plan
- Resource targets specified in the Resource Plan
- Financial targets specified in the Financial Plan.
If the risk is considered by the Project Manager to be
‘related to the project’, then a formal risk is raised in the Risk Register and
a Risk ID assigned. The Project Manager will assign the level of ‘impact’ and
‘likelihood’ based upon the risk's severity.
The Project Review Group then complete a formal review of
each risk listed in the Risk Register and decide (based upon the risk ‘impact’
and ‘likelihood’) whether or not to:
- Close the risk in the Risk Register if there are no outstanding risk actions and the risk is no longer likely to impact on the project.
- Raise a change request if a change to the project is required to mitigate the risk
- Assign risk actions to mitigate the risk.
Implement risk actions
The risk mitigating actions assigned by the Project Review
Group are then implemented. These may include:
- Scheduling each action for implementation
- Implementing each action scheduled
- Reviewing the success of each action implemented
- Communicating the success of each action implemented.
Risk Roles
Define the roles and responsibilities for all human
resources (both internal and external to the project) involved with the
identification, review and mitigation of risks within the project. An example
follows:
Risk Originator
The Risk Originator identifies the risk and formally
communicates the risk to the Project Manager. The Risk Originator is
responsible for:
- Identifying the risk within the project
- Documenting the risk (by completing a Risk Form)
- Submitting the Risk Form to the Project Manager for review.
Project Manager
The Project Manager receives each Risk Form and records and
monitors the progress of all risks within the project. The Project Manager is
responsible for:
- Receiving all Risk Forms and identifying whether the risk is appropriate to the project
- Recording all risks in the Risk Register
- Presenting all risks to the Project Review Group
- Communicating all decisions made by the Project Review Group
- Monitoring the progress of all risk mitigating actions assigned.
Project review group
The Project Review Group confirm the Risk ‘likelihood’ and
‘impact’ and assign risk mitigating actions where appropriate. The Project
Review Group is responsible for:
- The regular review of all risks recorded in the Risk Register
- Identifying change requests required to mitigate risks raised
- Allocating risk mitigating actions
- Closing risks which are no longer likely to impact on the project.
Project Team
The Project Team undertake all risk mitigating actions
delegated by the Project Review Group.
Risk Documents
List any other documentation used to identify, track and
control risks to the project.
Risk Register
The ‘Risk Register’ is the log / database where all risks
are registered and tracked through to closure. Insert a template for the Risk
Register here to show how risks will be recorded and monitored on this project.
(NB Refer to the ‘Risk Register' for a complete example or refer to the online
Risk list).
No comments:
Post a Comment