Risk Management Methodology
By Ray W. Frohnhoefer
We have already covered the sources of risk, and now we’ll start looking at a simple methodology which can be employed to evaluate these risks and promote proper risk management. This methodology weaves itself throughout all project management processes since risk should be addressed from project concept through project closure and ongoing operations.
- Step 1: The first step begins with starting the risk management plan (note: link points to a PDF file on PM Hut and will open in a new window). This document is going to tell stakeholders how we are going to manage risk. Incorporating this methodology can provide most of the “meat” for this type of document.
Step 2: The real work begins with risk identification. This typically comes when much of the planning is done so the “hows” of our plan can be used to determine the sources of risk we need to look at. I usually like to get the team together to review the sources of risk for our project, brainstorm the specific risks, then have some of the local subject matter experts review the generated list.
Steps 3: This is where the quantitative (determine the probability and impact of risks) analysis occurs. There may be some objective facts and other information to consider, brainstorming, consultation with experts, and review of historical projects necessary to make the proper judgments. The results of this step is the list of risks prioritized by probability and impact (possibly the two multiplied together to give a separate number or organized on a probability impact matrix). Note this step is also a part of project planning.
Step 4: Here we are more subjective and qualitative in our analysis. This might include a rank ordering or placement on a probability impact matrix. This is so we can plan our responses to risk (share, transfer, accept, avoid). Note in the diagram there is a loop back to the identification of risks. Why? As we plan our responses, we will need to alter our project plans. As we alter our project plans, we may introduce more risks, so we need to once again make sure we have identified all the risks.
At this point, we’ve completed our planning and the project is ready to go into execution.
Steps 5: As our project progresses, we need to monitor for risks. If one occurs, we need to implement our mitigation strategy. Some larger projects have designated risk monitors who are empowered to employ the mitigation strategies if a risk occurs. As we implement, we need to both go back to monitoring and identification. Why? If our project is constantly in motion, we need to continue to monitor for risks. Also, if we have deployed a mitigation strategy, we’ve once again changed the course of the project and need to go back to see if there are new risk possibilities.
Ray W. Frohnhoefer, MBA, PMP is the Director of the Project Support Office at EDmin as well as a consultant, speaker, writer, educator, and mentor on Project Management. Ray is also the Component Mentor for PMI Region 7 (Southwest North America), a Past President of PMI, San Diego Chapter, Inc., and an adjunct faculty member at three San Diego universities. You can find out more about his professional roles at http://www.edmin.com/company/index.cfm?function=showBioDetail&id=80 and through his blog, Tales from the Project Notebook, at http://projectnotebook.blogspot.com.