Any project is associated with uncertainty and risk. Therefore, one of the main processes in project management is risk management at all stages of the life cycle.
“A project risk is an uncertain event or condition that, if it occurs, has a positive or negative impact on at least one of the project’s objectives, such as time, cost, content, or quality.” © defining a project management standard PMBOK.
The risk in a project can have not only a negative but also a positive impact. It can lead to an improvement in the qualitative and quantitative characteristics of the final goals. There are negative risks, positive risks, and unforeseen circumstances.
- Negative risks are events leading to a deterioration in the quality of project execution. They require additional resources and time or reduce the quality characteristics of the result.
- Positive risks are events that provide an opportunity to improve the quality of project implementation and achieve goals with fewer resources and time or with higher quality.
- Unforeseen circumstances are events that were impossible or could not be foreseen at the stage of identification of risks.
Risk management is a systematic process of reducing uncertainty and managing the likelihood of events in a project. The purpose of project risk management is to increase the likelihood and impact of favorable and reduce the likelihood and impact of adverse events for the project.
The entire project risk management process is divided into separate sub-processes. Some of them are implemented at several stages of the project. At the project planning stage, you should choose an approach to planning and performing project risk management operations. Also, at the project planning stage, you should identify risks. For example, determine which risks may affect the project and document their characteristics.
The next “must” is a qualitative analysis of risks. You should sort risks according to the degree of priority; estimate and sum-up the probability of their occurrence and impact. Quantitative risk analysis implies a quantitative analysis of the potential impact on the overall objectives of the project. The risk management plan includes a specific set of sections. Consider this example:
- The main characteristics of the company.
- The statutory characteristics of the project.
- Goals, objectives of risk management.
- Methodological section. The methodology includes methods, tools for analysis and evaluation, sources of information that are recommended for managing risks.
- Organizational section. It includes the distribution of the roles of the project team members, their responsibilities, and the relationships with other components of the project portfolio management.
- Budget section. It includes rules for creating and enforcing a risk management budget.
- The regulatory section includes the timing, frequency, and duration of risk management operations.
- Section metrology (evaluation and conversion). It includes the principles of evaluation. The rules for recalculation of the parameters and reference scales must be defined in advance.
- Risk thresholds. Establish acceptable values of risk parameters at the project level and individual threats, given the importance of the project.
- The monitoring and reporting section documentary supports the risk management effort.
- Section of templates for risk management.
Risk Response Planning
Throughout the project’s lifecycle, you should monitor and manage risks by tracking identified risks, monitoring residual risks, identifying new risks, etc. Also, you should develop response plans, execute risk response plans, and evaluate their effectiveness. Planning risk responses is a chain of risk management events.
- Identify the sources of risk.
- Identify the risks that follow from these sources.
- Find out what it affects.
- Build a dependency model.
- Determine the identity of risks according to the level of admissibility and consequences.
- Develop a plan to minimize the identified threats.
In practice, there are four types of consequences that affect the budget, time, quality of the product, or its operation. Planning response methods is a regulated procedure for developing a threat minimization plan. There are four main methods of responding to risks, in the PMBOK Guide:
- Complete elimination of sources of risk is the most active response method. It is not always possible to apply. It is allowed when it is possible to eliminate the source of risk: for example, if the source of risk is associated with the absence of any information.
- Reduced probability and reduced risk is the second active way to respond. The types of risks for which this method is applied must be fully controlled. These are usually external risks.
- It is supposed to find a third party ready to take the risk and its negative consequences on itself. In this method, the best conditions are given to those who have a stronger bargaining position (a monopoly position on the project).
- It assumes a conscious willingness to take risks. All efforts are directed at eliminating the consequences.
This is a brief theoretical review of the methodological basis of the project risk management in its modern interpretation. Development trends of project management are constantly increasing the value of this component of the Project Portfolio Management systems. PMO as a key figure in a team effort to achieve the result needs this knowledge. But practical skills in identifying, analyzing probable threats, and responding to the possible challenges of adverse events are even more important.