Risk Management. Part III. Process main steps

Aside Nika ReAnalyst

Risk-Managment-1

Hey, how is going?

Let’s get started with learning Risk Management process: main steps.

For the research I take 5 sources:

[1] https://www.mbaknol.com/project-management/project-risk-management-process/

[2] https://www.investopedia.com/exam-guide/cfp/principles-of-risk-and-insurance/cfp2.asp

[3] https://iedunote.com/risk-management

[4] https://www.solarwindsmsp.com/content/risk-management-process-definition

[5] https://www.projectmanager.com/blog/risk-management-process-steps

This is a great sources list.

According to these sources, I got the following table with main steps of the Risk Management process:

Source ID [1] [2] [3] [4] [5]
Step 1 Risk Management Planning Identify goals and objectives Establish the context Risk assessment and analysis Identify
Step 2 Identification Gather pertinent data to determine the risk exposure Identification Risk evaluation Analyze
Step 3 Qualitative Analysis Analyze and Evaluate the Client’s status Assessment Risk treatment and response Prioritize
Step 4 Quantitative Analysis Develop and P{resent Risk management recommendations Potential risk treatments Ownership
Step 5 Response Planning Implementation Create the plan Respond
Step 6 Monitoring and Control Ongoing Monitoring Implementation Monitor
Step 7 Review and evaluation of the plan

 

Personally, it’s a good idea to call the following steps:

  1. Risk Identification
  2. Qualitative analysis
  3. Quantitative analysis
  4. Ownership
  5. Create the plan
  6. Implementation
  7. Risk monitoring and control

 

Move further and pinpointing each step.

shutterstock_ID-Risk1-1024x777

Risk Identification – step for determining which risk might affect the project and document their characteristics.

Participants at this step can be the following:

  • Project Manager
  • Project Team members
  • Stakeholders
  • End-users
  • Subject matter experts from the outside
  • Risk management experts

Qualitative Analysis – identified risks prioritizing step for further actions.

Quantitative Risk Analysis – analyzes the effect of those risk events and assigns a numerical rating to those risks. It also presents a quantitative approach to making decisions in the presence of uncertainty. This process uses techniques such as Monte Carlo simulation and decision tree analysis to:

  • Quantify the possible outcomes for the project and their probabilities;
  • Assess the probability of achieving specific project objectives;
  • Identify risks requiring the most attention by quantifying their relative contribution to overall project risk;
  • Identify realistic and achievable cost, schedule, or scope targets, given the project risks;
  • Determine the best project management decision when some conditions or outcomes are uncertain.

 

щцтукыршзOwnership – Who is the person who is responsible for that risk, identifying it when and if it should occur and then leading the work towards resolving it?

There might be a team member who is more skilled or experienced in the risk. Then that person should lead the charge to resolve it. Or it might just be an arbitrary choice. Of course, it’s better to assign the task to the right person, but equally important in making sure that every risk has a person responsible for it.

All your hard work identifying and evaluating risk is for naught if you don’t assign someone to oversee the risk. In fact, this is something that you should do when listing the risks. Who is the person who is responsible for that risk, identifying it when and if it should occur and then leading the work towards resolving it?

That determination is up to you. There might be a team member who is more skilled or experienced in the risk. Then that person should lead the charge to resolve it. Or it might just be an arbitrary choice. Of course, it’s better to assign the task to the right person, but equally important in making sure that every risk has a person responsible for it.

Think about it. If you don’t give each risk a person tasked with watching out for it and then dealing with resolving it when and if it should arise, you’re opening yourself up to more risk. It’s one thing to identify risk, but if you don’t manage it then you’re not protecting the project.

planning

Create the Plan  – Decide on the combination of methods to be used for each risk. Each risk management decision should be recorded and approved by the appropriate level of management.

The risk management plan should propose applicable and effective security controls for managing the risks.

A good risk management plan should contain a schedule for control implementation and responsible persons for those actions.

The risk management concept is old but is still net very effectively measured. Example: An observed high risk of computer viruses could be mitigated by acquiring and implementing anti-virus software.

implementation 2

Implementation – step for Following all of the planned methods for mitigating the effect of the risks.

Purchase insurance policies for the risks that have been decided to be transferred to an insurer, avoid all risks that can be avoided without sacrificing the entity’s goals, reduce others, and retain the rest.

monitoring 2Risk monitoring and control – Planned risk responses that are included in the project management plan are executed during the life cycle of the project, but the project work should be continuously monitored for new and changing risks.

Risk Monitoring and Control is the process of identifying, analyzing, and planning for newly arising risks, keeping track of the identified risks and those on the watch list, reanalyzing existing risks, monitoring trigger conditions for contingency plans, monitoring residual risks, and reviewing the execution of risk responses while evaluating their effectiveness. The Risk Monitoring and Control process apply techniques, such as variance and trend analysis, which require the use of performance data generated during project execution. Risk Monitoring and Control, as well as the other risk management processes, is an ongoing process for the life of the project. Other purposes of Risk Monitoring and Control are to determine if:

  • Project assumptions are still valid
  • Risk, as assessed, has changed from its prior state, with analysis of trends
  • Proper risk management policies and procedures are being followed
  • Contingency reserves of cost or schedule should be modified in line with the risks of the project.

Risk Monitoring and Control can involve choosing alternative strategies, executing a contingency or rollback plan, taking corrective action, and modifying the project management plan. The risk response owner reports periodically to the project manager on the effectiveness of the plan, any unanticipated effects, and any mid-course correction needed to handle the risk appropriately. Risk Monitoring and Control also includes updating the organizational process assets, including project lessons-learned databases and risk management templates for the benefit of future projects.

It’s all for today. See you soon. 😉

Leave a comment