Risk Analysis is not a simple process. It involves many steps and different levels of granularity to identify, analyze and respond to the identified risks. As this topic was just recently covered in class, I decided to find out how the company I currently work for performs risks analysis.
Based on the methodology currently used within the organization, risk analysis process includes input deliverables, such as stakeholder analysis, legal contract, project management plan and issues log, and output deliverables such as project schedule and risk register where the risks are further subdivided based on the categories (technical risk, cost risks, schedule risk, quality risk, contract, legal risk, etc.).
I found it interesting that the first step in the process is identified as stakeholder analysis. As we all know stakeholder involvement, active participation and support are some of the important keys to project success. The goal of this deliverable is to analyze the relationship, level of engagement and future adoption levels for stakeholders and identify any issues or potential risks. This activity is usually performed by organizational control management team at the beginning of the project and is continuously updated throughout the project as well.
The deliverable of legal contract is self-explanatory – it includes project definition, project scope, description of services to be provided as well as pricing and payment terms, and is used as a building block for identification and analysis of potential legal issues and risks.
Another deliverable is project management plan that identifies main project management processes such as scope management, schedule management, cost management, quality management, resource management and communication management, and serves as an input to identify and analyze risks associated with direct project activities.
Issues log deliverable contains other problems that come up on regular basis, require to be resolved, but might not necessarily fall under any of the deliverables mentioned above. Typically additional project issues could be process or system requirements that are not compatible with each other, incorrect assumptions, missing information, etc.
After these input deliverables are collected, the risk analysis process is performed that includes risk identification, prioritization and response strategy steps. Although risk identification step is done in the beginning, it is also a continuous process as new risks may emerge and become apparent during project. Risk prioritization is done in order to identify high-priority and high-impact risks which are calculated based on the risk exposure, probability of occurrence and level of impact variables. Finally, the response strategies are developed in order to reduce impact and threat to the project as well as to assign resources that will be responsible for executing the response when needed.
Therefore, by using input and output deliverables, risk analysis process provides structured plan with the main purpose to minimize the probability of adverse and detrimental events happening during the project as well as to lower the negative impact of these adverse events if they occur.
Additionally, when researching the risk management topic, I came across an article – “The Six Mistakes Executives Make in Risk Management”, that highlights some of the interesting facts and discusses six mistakes that are made during risk management. Do you agree or disagree with some of the statements made by the author?
One thought on “Risk Management Process”
I particularly like the first 2 mistakes listed in this article:
1. We think we can manage risk by predicting extreme events.
2. We are convinced that studying the past will help us manage risk.
When people think about risk, they think about worst case scenarios. Although it is important to keep these in mind and have a plan in place to mitigate the risks, some of the things that may cause more damage over time are those small risk factors that don’t make much of a splash but are continuous and consistent. If they are not handled properly, they can cause a ripple effect and correcting the problem at that point can be costly.
Mistake number two is true to an extent because not all situations will be the same and the circumstances surrounding a risk changes through time. On the other hand, many risks are similar in nature and having a precedent is a good foundation for resolving the conflicts that may arise.