The Hello Bar is a simple web toolbar that engages users and communicates a call to action.

Project Risk Management: A Seven-Step Approach

by Jim Berkowitz on February 11, 2008

leadership2 Project Risk Management: A Seven Step Approach
Here is a summary of an excellent article by Vicki Wrona, president of Forward Momentum, LLC, Risk Management: A Seven-Step Approach:

A risk management process does not have to be complicated or time consuming to be effective. By following a simple, tested, proven approach that involves seven or fewer steps at the beginning of each project, your team can reduce surprises and be better prepared to respond when they do occur.

Some experts say a strong risk management process can decrease problems on a project by as much as 90 percent. In combination with solid project management practices — having a well-defined scope, incorporating input from the appropriate stakeholders, following a good change management process, and keeping open the lines of communication — a good risk management process is critical in cutting down on surprises, or unexpected project risks. Such a process can also help with problem resolution when changes occur, because now those changes are anticipated and actions have already been reviewed and approved, avoiding knee jerk reactions.


Defining “Risk”

Before one can embark on a risk management process, one must have a solid understanding of some key definitions. Project risks as defined from a PMI perspective are, at their core, unknown events. These events can be positive or negative, so that the word “risk” is inherently neutral. That said, most of the time and focus is spent handling negative project risks, or “threats,” rather than positive project risks, or “opportunities.”

Often, companies that do perform a risk management process on a fairly typical multi-month project (no longer than 12 months) will identify and manage possibly five to ten easily recognized project risks. However, that number should in fact be much higher. With a high number of project risks identified early on, a team’s awareness of what to look for is increased, so that potential problems are recognized earlier and opportunities are seen more readily.

It may seem that project risks cannot be managed without taking away from the actual work of the project. However, this can effectively be accomplished with a seven-step risk management process that can be utilized and modified with each project.

The Risk Management Process

Step one of the risk management process is to have each person involved in the planning process individually list at least ten potential risk items.

Step two of the risk management process is to collect the lists of project risks and compile them into a single list with the duplicates removed.

Step three of the risk management process is to assess the probability (or likelihood), the impact (or consequence) and the detectability of each item on the master list.

Step four of the risk management process is to break the planning team into subgroups and to give a portion of the master list to each subgroup. Each subgroup can then identify the triggers (warning signs) for its assigned list of project risks.

Step five of the risk management process is for those same subgroups to identify possible preventive actions for the threats and enhancement actions for the opportunities.

Step six of the risk management process is for the subgroups to then create a contingency plan for most but not all project risks – a plan that includes the actions one would take if a trigger or a risk were to occur.

Step seven, the final step in planning the risk management process, is to determine the owner of each risk on the list. The owner is the person who is responsible for watching out for triggers and then for responding appropriately if the triggers do in fact occur by implementing the pre-approved and now established contingency plan.

Creating a Risk Register or Matrix

Upon completion of the risk management process, a master document, known as a risk register or risk matrix, is created. The most effective format for this document is a table, because it will allow a great deal of information to be conveyed in a few pages.

Important Things to Remember

Often, the steps in which triggers and preventive actions are identified are overlooked. However, these are vital to the entire risk management process. After a team has completed this exercise once, the members will be better conditioned on what to pay attention to while managing the project so they are more proactive in catching changes or issues early.

Once the risk register is complete, it is easy to maintain. It can be reviewed during regular status meetings, with as little as 15 minutes spent making sure the list is still current. Determine if any project risks can be closed (but not removed completely), if any risks have increased or decreased in value, and if there are any new project risks to add. This will ensure that the list is continually seen as relevant and useful throughout the life of the project.

{ 1 comment… read it below or add one }

Ashley October 5, 2009 at 10:43 pm

Elaborate and step by step explanation of Risk Management. Thanks for it.

Leave a Comment

Security Code:

Previous post: Analytics in a Post-Web 2.0 World

Next post: E-retail Opportunities Missed After Checking Out