In Project Risk Management, we looked at what risk management is and why it’s important in project management. In this article, we review the key elements necessary for implementing risk management into your organization. Together, these concepts build the foundation for effective risk management and setting your organization up for success.
A risk management strategy should be defined during the project planning phase while drafting the Project Management Plan. In fact, when launching the project, it is possible for the project team to identify a large number of potential risks, depending on your risk culture.
The Project Management Plan (also called PMP, and not to be confused with the PMP certification) consists of several parts, including the Risk Management Plan.
A Risk and Opportunity Management Plan, or ROMP, is a comprehensive description of the processes in place to manage a project’s Risks and Opportunities (R&O). It includes the role of the various project stakeholders, steering, and decision-making bodies; tools used; interfaces to be considered; planned reporting; etc.
The ROMP should evolve throughout the life cycle of the project as it will be used as a reference for the project. Newcomers to the project as well as existing team members can refer to it to understand the operating model and raise questions they may have.
For the ROMP to be relevant, the project must first have:
These elements will then make it possible to define the different levels of risk based on clear criteria.
It is recommended to start the implementation of risk management by defining a risk matrix (or a risk assessment matrix). This tool, defined in more detail below, allows risks and opportunities to be assessed objectively and consistently. The impact criteria are then based on the objectives of the project; the most common of which are cost, time, and quality.
The Risk Matrix must objectively define each criterion – probability of occurrence and severity of impact – with differing levels. While we would typically define risk impact by high, medium and low, we at MI-GSO | PCUBED actually recommend completing a quantitative risk analysis, defining risk impact and occurrence with numerical levels.
By quantifying these otherwise qualitative attributes to risks and opportunities, organizations can better place risks on the criticality scale and prioritize them. This also allows for more flexibility in visualizing risks on your risk reporting dashboard, but we are getting ahead of ourselves here. We’ll explain this more in the Risk Management Process.
For example: for the cost impact, it is common to use % of cost at completion; while for the impact to the timeline or schedule, one would use the ability to achieve milestones to define the different levels.
Regarding the probability of risks occurring, conventional percentages can be used such as 5%, 25%, 50% or 75%. Note: associating words with these probabilities will sometimes help managers for whom a number alone may be too abstract. For example: 5% very unlikely vs. 25% not to be ruled out, vs. 75% quite likely. Or even using numbers based on chance: 1 in 2 chance.
Note: Be Careful! Depending on the company, the rating meaning may vary: either 1 represents the least serious impact and probability, because it is very small; or 1 represents the most important level so that it represents priority #1. So be vigilant and remember to refer to the ROMP and the defined risk matrix to know what situation you are in!
A risk matrix can have several configurations:
Once the risk matrix has been defined, it is interesting to think about the characteristics of risks and opportunities: what types of risk will be present in the project?
To achieve this, the Risk Breakdown Structure, commonly called RBS, is used. This is a document listing all the different types of risks and opportunities possible. It organizes them into a hierarchy with each descending level providing greater detail.
This document is useful for two reasons:
Once the risk matrix has been defined and the RBS validated, the Risk and Opportunity Register must be set up. The risk register is a table capturing all the key information about each risk or opportunity. This can be an Excel table or even a specialized software tool (Planisware, Primavera, etc.).
In order to best manage project risks, a dashboard with relevant indicators is critical. Here are some examples of useful indicators for managing risks:
In the next article we will identify the four step risk management process for project management.
This article was written by: Marie BELGODERE, Jérémie CLAUSTRE, Capucine COMTE, Alioune DIALLO, Emmanuel LATGE, Jessy MIGNOT, Ingrid NGOBAY, Pierre PETILLON, Louann SUGDEN, Chris WAMAL.
Loved what you just read?
Let's stay in touch.
No spam, only great things to read in our newsletter.
Perfect jobs also result from great environments : the team, its culture and energy.
So tell us more about you : who you are, your project, your ambitions,
and let’s find your next step together.
A monthly digest of our best articles on all things Project Management.
Our website is not supported on this browser
The browser you are using (Internet Explorer) cannot display our content.
Please come back on a more recent browser to have the best experience possible