Project risk management is the process of identifying, analyzing and then responding to any risk that arises over the life cycle of a project to help the project remain on track and meet its goal. Risk management isn’t reactive only; it should be part of the planning process to figure out risk that might happen in the project and how to control that risk if it in fact occurs.
A risk is anything that could potentially impact your project’s timeline, performance or budget. Risks are potentialities, and in a project management context, if they become realities, they then become classified as “issues” that must be addressed. So risk management, then, is the process of identifying, categorizing, prioritizing and planning for risks before they become issues.
Risk management can mean different things on different types of projects. On large-scale projects, risk management strategies might include extensive detailed planning for each risk to ensure mitigation strategies are in place if issues arise. For smaller projects, risk management might mean a simple, prioritized list of high, medium and low priority risks.
Jason Westland, CEO, ProjectManager.com, offers his take on why you should care about project risk. He also offers some practical measures to apply to managing risk when in the midst of your project. To begin with, he notes, it’s crucial to start with a clear and precise definition of what your project has been tasked to deliver. In other words, write a very detailed project charter, with your project vision, objectives, scope and deliverables. This way risks can be identified at every stage of the project. Then you’ll want to engage your team early in identifying any and all risks.
Devin Deen, Scrum expert and video trainer, says you can’t be afraid to get more than just your team involved to identify and prioritize risks. “Many project managers simply email out to their project team and ask their project team members to send them things they think might go wrong on the project, in terms of a risk to the project,” he says in his training video on how to plot project risk. “But what I like to do is actually get the entire project team together, some of your clients’ representatives on the project, and perhaps some other vendors who might be integrating with your project. Get them all in the room together and do a risk identification session.”
And if you’re not working in an organization with a clear risk management strategy in place? “Talk openly to your boss or project sponsor about risk,” Westland writes. “You want them to be aware of what risks are lurking in the shadows of the project. Never keep this information to yourself, you’ll just be avoiding a problem that is sure to come up later.”
And with every risk you define, you’ll want to put that in your risk tracking template and begin to prioritize the level of risk. Then create a risk management plan to capture the negative and positive impacts to the project and what actions you will use to deal with them. You’ll want to set up regular meetings to monitor risk while your project is ongoing. It’s also good to keep communication with your team ongoing throughout the project. Transparency is critical so everyone knows what to be on the lookout for during the project itself.
Not all risk is created equally. As mentioned, risk can be either positive or negative, though most people assume risks are inherently the latter. Where negative risk implies something unwanted that has the potential to irreparably damage a project, positive risks are opportunities that can affect the project in beneficial ways.
Negative risks are part of your risk management plan, just as positive risk should be, but the difference is in approach. You manage and account for known negative risks to neuter their impact, but positive risks can also be managed to take full advantage of them.
There are many examples of positive risks in projects: you could complete the project early; you could acquire more customers than you accounted for; you could imagine how a delay in shipping might open up a potential window for better marketing opportunities, etc. It’s important to note, though, that these definitions are not etched in stone. Positive risk can quickly turn to negative risk and vice versa, so you must be sure to plan for all eventualities with your team.
Now the rubber hits the road. You’ve found a risk. All that planning you’ve done is going to get implicated. First you need to know if this is a positive or negative risk. Is it something you could exploit for the betterment of the project?
For each major risk identified, you create a plan to mitigate it. You develop a strategy, some preventative or contingency plan. You then act on the risk by how you prioritized it. You have communications with the risk owner and, together, decide on which of the plans you created to implement to resolve the risk.
You can’t just set forces against a risk without tracking the progress of that initiative. That’s where the monitoring comes in. Whoever owns the risk will be responsible for tracking its progress towards resolution. But you will need to stay updated to have an accurate picture of the project’s overall progress to identify and monitor new risks.
You’ll want to set up a series of meetings to manage the risks. Make sure you’ve already decided on the means of communications to do this. It’s best to have various channels dedicated to communication.
You can have face-to-face meetings, but some updates might be best delivered by email or text or through a project management software tool. They might even be able to automate some, keeping the focus on the work and not busywork.
Whatever you choose to do, remember: always be transparent. It’s best if everyone in the project knows what is going on, so they know what to be on the lookout for and help manage the process.