|Risk management sub processes (Photo credit: Wikipedia)|
There are many definitions to Risk Management; however, it can be summed up as the process of identifying, categorizing, analyzing and responding to risks through the project management cycle in order to assist in rational decision making. Projects often get started on time, but sometime in the future they go off-track. Brakes are applied on a fast paced project because of untimely collision with risks. Often, such risks are unexpected in nature which ambush an otherwise unprepared team during the project. It is this nature of risks which make them all the more dangerous. What makes situation worse is the reactive attitude of teams in such situations. Teams get into a rapid fire-fighting mode and start making hasty decisions due to time and delivery pressures. Without a sound action plan in place for handling such risks, judgments are made on loose experiences thus causing an untamable crisis to erupt. Ultimately all unmanaged risks have a financial impact, which is why risk management has assumed an important place in project management.
·Interviews: In this technique, personal interviews are conducted with project managers of varying experience levels to get their inputs on possible risks areas.
|Dangerous Risk – Adrenaline Suicide by Fear of Falling (Photo credit: epSos.de)|
Categorize Risks: Risks are broadly categorized into business risks and generic risks. Business risks are risks specific to a particular business area. For example, a pharmaceutical industry may have a different set of risk factors as compared to an oil industry. Such a categorization will help in collective assessment of risks and identify common preventive or corrective actions. The second category of risks is generic risk which is common to all projects irrespective of the industry/business process. Financial risk may be an example of such a generic risk. Each project may have its own structure and differences, but there are some categories which are common to all. The project team should be able to relate to these risks use them in assessment process. These generic risks can further be divided as operational risks which include risks related to delivery, costs, capability, time etc. and stakeholder risks which involve risks that can be generated by the various parties involved in the project. Other than the abovementioned categorization, risks can also be classified on the threat levels (High, Medium, and Low). Categorizing risks will help in organizing risks into broader headings, thereby facilitating a macroscopic level risk assessment. Finally, categorization will help in creating a foundation for common awareness, understanding and attention.
·Mitigate: This is the most common action plan deployed for risks. Although identified at the earliest stages, there are some risks which cannot be avoided at any cost. In such circumstances, there is no option but to take the risk head on and devise a mitigating plan for the same. Since the plan is put in place before the risk is encountered, minor/negligible impact on the project is expected. The initial mitigation strategy should minimize the chances of the risk occurrence. In spite of minimizing, should the risk continue to haunt the project, a contingency plan needs to be put in place to ward off the risk. In certain cases, the project may be brought to a complete standstill till some risks are fully mitigated. Such exigencies should be considered when the project charter is being drawn up.
·Transfer: This strategy involves altering the project plan so that a third party assumes responsibility for the risk. Ex: Buying insurance cover on a project so that the company doesn’t have to take full responsibility during an unforeseen eventuality. This can be deployed only if there is an outside agency ready to assume the responsibility, failing which the team has to double back on the above two strategies.
·Aid in capturing, tracking and mitigating key program risks throughout the project cycle
·Should have resolute strategies for handling risks
·Aid in proactive decision making
·Provide for an effective communication mechanism for key stakeholders
·Addressing known risks proactively
·Provide for a simple governance framework which will help in risk control mechanism
·Simple to adopt, yet detailed in approach
[The article has been written by Nitin Bhat. He is presently working as Senior Associate Consultant with Infosys.]