What are the 5 Risk Management

Steps in a Sound Risk

Management Process?

As a project manager or team member, you manage risk

on a daily basis; its one of the most important things you
do. If you learn how to apply a systematic risk
management process, and put into action the core 5 risk
management process steps, then your projects will run
more smoothly and be a positive experience for everyone
involved.
A common definition of risk is an uncertain event that if it occurs, can have a positive or
negative effect on a projects goals. The potential for a risk to have a positive or
negative effect is an important concept. Why? Because it is natural to fall into the trap of
thinking that risks have inherently negative effects. If you are also open to those risks
that create positive opportunities, you can make your project smarter, streamlined and
more profitable. Think of the adage Accept the inevitable and turn it to your
advantage. That is what you do when you mine project risks to create opportunities.

Uncertainty is at the heart of risk. You may be unsure if an event is likely to occur or not.
Also, you may be uncertain what its consequences would be if it did occur. Likelihood
the probability of an event occurring, and consequence the impact or outcome of an
event, are the two components that characterize the magnitude of the risk.

All risk management processes follow the same basic steps, although sometimes
different jargon is used to describe these steps. Together these 5 risk management
process steps combine to deliver a simple and effective risk management process.

Step 1: Identify the Risk. You and your team uncover, recognize and describe
risks that might affect your project or its outcomes. There are a number of techniques
you can use to find project risks. During this step you start to prepare your Project Risk
Register.
Step 2: Analyze the risk. Once risks are identified you determine the likelihood and
consequence of each risk. You develop an understanding of the nature of the risk and
its potential to affect project goals and objectives. This information is also input to your
Project Risk Register.

Step 3: Evaluate or Rank the Risk. You evaluate or rank the risk by determining the
risk magnitude, which is the combination of likelihood and consequence. You make
decisions about whether the risk is acceptable or whether it is serious enough to
warrant treatment. These risk rankings are also added to your Project Risk Register.

Step 4: Treat the Risk. This is also referred to as Risk Response Planning. During this
step you assess your highest ranked risks and set out a plan to treat or modify these
risks to achieve acceptable risk levels. How can you minimize the probability of the
negative risks as well as enhancing the opportunities? You create risk mitigation
strategies, preventive plans and contingency plans in this step. And you add the risk
treatment measures for the highest ranking or most serious risks to your Project Risk
Register.

Step 5: Monitor and Review the risk. This is the step where you take your Project
Risk Register and use it to monitor, track and review risks.

Risk is about uncertainty. If you put a framework around that uncertainty, then you
effectively de-risk your project. And that means you can move much more confidently to
achieve your project goals. By identifying and managing a comprehensive list of project
risks, unpleasant surprises and barriers can be reduced and golden opportunities
discovered. The risk management process also helps to resolve problems when they
occur, because those problems have been envisaged, and plans to treat them have
already been developed and agreed. You avoid impulsive reactions and going into fire-
fighting mode to rectify problems that could have been anticipated. This makes for
happier, less stressed project teams and stakeholders. The end result is that you
minimize the impacts of project threats and capture the opportunities that occur.

For busy professionals who need to meet continuing professional development

requirements and boost their career opportunities, our online courses provide a flexible
and cost-effective way to achieve this by providing anywhere, anytime access and a
supportive online community. Continuing Professional Development offers a series
of online project management courses to advance your project management skills and
your career. Our Risk Management Online Course will give you the practical skills to
develop a comprehensive risk management process. You can purchase it separately, or
as part of our bundled course Project Management Essentials-Part 2.
About the Author
Vivian Kloosterman
Vivian Kloosterman is the founder of Continuing Professional Development which delivers
online learning courses over the web. Advancing personalized learning has been identified as
one of the 14 biggest challenges facing our world in the future, and Vivian is particularly focused
on creating interactive, engaging e-learning courses for professionals that are practical and
relevant to help them meet CPD requirements. She is a professional engineer with 30 years of
business, governance, management and technical experience.

http://continuingprofessionaldevelopment.org
9 Steps to Managing Risk
Risk and uncertainty are inherent parts of all project work. Which is why so many projects
especially large technology projectsrun into trouble. When studies tell us that easily half of all IT
projects run over budget and past deadline, we see how easily risk turns into real trouble for
projects and their organizations.

But there are ways you can mitigate and manage risk. When teams have a good risk
management process in place, then you can identify and deal with all the projects risks in an
appropriate and thorough manner. When youre good at managing risk, it means that fewer issues
crop up and that youre prepared for all eventualities. (And, people start asking for you to run their
projects!)

Here are nine risk management steps that will keep your project on track.

1. Create a risk register.

Create a risk register for your project in a spreadsheet. Include fields for: date of the risk
being logged, risk description, likelihood, impact, owner, risk response, action and status.
2. Identify risks.
Brainstorm all current risks on your project with the projects key team members and
stakeholders. Go through all the factors that are essential to completing the project and
ask people about their concerns or any potential problems. Identify risks that relate
to requirements, technology, materials, budget, people, quality, suppliers, legislation, and
any other element you can think of.
3. Identify opportunities.
When you identify risks, also factor in positive risks and opportunities. For example,
include all events that in some ways could affect your project in a positive manner. What
would the impact be, for instance, if too many people turned up to the concert? What could
you do to exploit this opportunity and plan for it? Just as you anticipate and plan for
problems, prepare for unlikely successes.
4. Determine likelihood and impact.
Establish how likely the risk is to occur (on a scale from 1-5) and determine the impact of
each risk according to time, cost, quality, and even benefits if it were to occur (again on a
scale from 1-5). For example, a likelihood of five could mean that the risk is almost certain
to occur, and an impact of four could mean that the risk would cause serious delays or
significant rework if it were to happen.
5. Determine risk response.
Focus your attention on those risks that have the highest potential impact and likelihood of
happening (i.e., an estimate of three or more on the scale mentioned in No. 4). Identify
what you can do to lower the likelihood and impact of each risk. To lower the impact, get to
the root cause by asking why, why, why?
6. Estimate the risks.
Once youve determined what youll do to address each risk, estimate how much it will
cost you to do so. For example, using the concert examplehow much will it cost to look
after the performers health before the show, and how much will it cost to prepare for a
backup? Provide a range of estimates (best case/worst case) and add the aggregated
cost of these risk responses to your overall project estimate as contingency.
7. Assign owners.
Assign an owner to each risk. The owner should be the person who is most suited to deal
 with a particular risk and to monitor it. Assign risk owners with involvement from your team
and stakeholders to get the best possible buy-in. Collaborate on the best possible actions
that need to be taken, and by when.
8. Regularly review risks.
Set aside time at least once a week to identify new risks and to monitor the progress of all
logged items. Risk management is not an exercise that only happens at the beginning of
the project, but something that must be attended to in all of the projects lifecycles.
9. Report on risks.
Make sure that all risks with an impact and likelihood of four-and-higher (on the 1 5
scale; see No. 4) are listed on your status report. Encourage a discussion of the top 10
risks at steering committee meetings so that executives get a chance to provide input and
direction.

Knowing how to manage risk on technology projects creates a reverberating impacton

organizations, teams and careers. To learn more about key skills that help manage technology
projects, check out our Best Project Management Practices for Technology Teams.

Reference:
Susanne Madsen | November 30, 2015

9 Steps to Managing Risk

https://www.liquidplanner.com
A Practical Approach to Creating a Risk Management Plan
written by: Amanda Dcosta edited by: Rebecca Scudder updated: 2/4/2014

A good risk management plan is critical to cutting down on unexpected project risks. A strong plan can decrease problems on a
project by as much as 80 to 90 percent. Follow this practical approach to creating an effective risk management plan.

Research has shown that well-designed risk management plans can decrease problems encountered on a project by as much as 90
percent. Combined with a world-class project management methodology, a good risk management process can be essential in
diminishing unexpected project risks.
Risk management planning should be completed early during the project planning stage since it is crucial to successfully
performing the other project management phases. The risk management plan identifies and establishes the activities of risk
management for the project in the project plan.

Definition of Risk
According to PMBOK, Project Management Institute defines a project as 'an endeavor to create a product or service.' A project is
therefore, a large or major undertaking, especially one involving considerable money, personnel, and equipment. By definition,
projects are a risky endeavor. They aim to create new products, services, and processes that do not currently exist. With that
much at stake, a solid risk management plan is critical to the success of a project.

Below is a six step practical approach to creating a risk management plan.

The 6 Step Process

Step One: Risk Identification & Risk Register

The first step in writing the plan is to assemble all stakeholders and identify all possible project risks. This can be done from
various reports, project documents, through various departments and also from prior project reports. The project scope is the rule
book that guides the project, therefore all possible risks that the scope indicates will also have to be documented. All
documentation of risks will have to be done in the Risk Register.
Step Two: Risk Analysis Methods

Every project is faced with risks. There is no 100% certainty that risks will not occur. There are risks that creep up at various
phases of the project that the team has to be vigilant and ready to handle. However, while some risks may be beneficial, in that
the sponsor and all team members have to take them to reach the end product, there are many risks that harm and hinder the
project.

The risks that are identified have to be analysed for their probability and impact using the PI Matrix and also translated into
numerical values so as to accurately know the outcome of these risks on the cost, time and resource factors. There are two
methods of risk analysis; Qualitative and Quantitive Risk Analysis.

Step Three: Identify Risk Triggers

Divide the risk management planning team into subgroups and assign segments of the master risk list to each subgroup. The job
of each subgroup is to identify triggers, or warning signs, for each risk on its segment of the master list. Again, it is important to
document all triggers associated with each risk. Three triggers per risk are standard.

Step Four: Risk Resolution ideas

In Step Four, the sub-teams identify and document preventive actions for the "threats" and enhancement actions for the
"opportunities." This can be approached through the various departments involved, such as Financial Risk reports, HR Risk
Reports, IT Risk Reports, etc.
Risks are unknown events that are inherently neutral. They can be characterized as either positive or negative. Unfortunately, a
lot of time and energy is spent handling negative project risks, or "threats" rather than positive risks, or "opportunities". No
organization should overlook the chance to benefit from any opportunities that present themselves.

Step Five: Risk Resolution Action Plan In Step Five, based on the collective ideas of all the departmental teams, the project
manager will have to decide on a plan of action to bring about risk resolution. Risks with a high P-I valuewill have to be treated
with utmost urgency while those with the least probability or impact can just be monitored without having any real action plan.
Identifying the most serious risks at the onset of a project saves time, cost and resources, and likewise identification of such risks
also trigger the resolution plan at the earliest moment.
Step Six: Responsibility and Accountability
The last step in writing a risk management plan is assigning an owner for each risk on the master list. Use the Responsibility
Assignment matrix. Using this chart, various teams and team members may be assigned responsibility for carrying out the risk
resolution plans. At the end, the project manager is solely accountable to the project sponsor for all the plans and actions related
to the risks and project at large.

Proper documentation, such as risk assessment reports, is important during every step of the planning process. A risk
management plan should be incorporated into every project management plan. A generic list of risks and triggers can be
generated from this initial plan. To apply the risk plan to future projects, simply add project-specific risks and triggers and assess
the probability, impact, and detectability for each risk. This, in turn, will save time and help institutionalize the risk management
plan into the project team's culture. This practical approach to writing a project management plan holds good for all project types
and works well as basic risk management guidelines.

REFERENCE:
Amanda Dcosta edited by: Rebecca Scudder updated: 2/4/2014
http://www.brighthubpm.com
10 GOLDEN RULES OF PROJECT RISK
MANAGEMENT
~ By Bart Jutte

The benefits of risk management in projects are huge. You can gain a lot
of money if you deal with uncertain project events in a proactive
manner. The result will be that you minimise the impact of project
threats and seize the opportunities that occur. This allows you to deliver
your project on time, on budget and with the quality results that your
project sponsor demands. Also, your team members will be much
happier if they do not enter a fire fighting mode needed to repair the
failures that could have been prevented.

This article gives you the ten golden rules to apply risk management
successfully in your project. They are based on personal experiences of the
author who has been involved in projects for over fifteen years. Also, the big
pile of literature available on the subject has been condensed in this article.

Rule 1: Make Risk Management Part of Your

Project
The first rule is essential to the success of project risk management. If you don't
truly embed risk management in your project, you can not reap the full benefits
of this approach. You can encounter a number of faulty approaches in
companies. Some projects use no approach whatsoever to risk management.
They are either ignorant, running their first project or they are somehow
confident that no risks will occur in their project (which of course will happen).
Some people blindly trust the project manager, especially if he or she looks like
a battered army veteran who has been in the trenches for the last two decades.
Professional companies make risk management part of their day to day
operations and include it in project meetings and the training of staff.
Rule 2: Identify Risks Early in Your Project
The first step in project risk management is to identify the risks that are present
in your project. This requires an open mindset that focuses on future scenarios
that may occur. Two main sources exist to identify risks, people and paper.
People are your team members that each brings along their personal experiences
and expertise. Other people to talk to are experts outside your project that have a
track record of the type of project or work you are facing. They can reveal some
booby traps you will encounter or some golden opportunities that may not have
crossed your mind. Interviews and team sessions (risk brainstorming) are the
common methods to discover the risks people know. Paper is a different story.
Projects tend to generate a significant number of (electronic) documents that
contain project risks. They may not always have that name, but someone who
reads carefully (between the lines) will find them. The project plan, business
case and resource planning are good starters. Other categories are old project
plans, your company Intranet and specialist websites.

Are you able to identify all project risks before they occur? Probably not.
However if you combine a number of different identification methods, you are
likely to find the vast majority. If you deal with them properly, you will have
enough time left for the unexpected risks that take place.

Rule 3: Communicate About Risks

Failed projects show that project managers in such projects were frequently
unaware of the big hammer that was about to hit them. The frightening finding
was that frequently someone of the project organisation actually did see the
hammer, but didn't inform the project manager of its existence. If you don't want
this to happen in your project, you better pay attention to risk communication.

A good approach is to consistently include risk communication in the tasks you

carry out. If you have a team meeting, make project risks part of the default
agenda (and not the final item on the list!) This shows risks are important to the
project manager and gives team members a natural moment to discuss them and
report new ones.

Another important line of communication is that of the project manager and

project sponsor or principal. Focus your communication efforts on the big risks
here and make sure you don't surprise the boss or the customer! Also, take care
that the sponsor makes decisions on the top risks because usually some of them
exceed the mandate of the project manager.

Rule 4: Consider Both Threats and

Opportunities
Project risks have a negative connotation: they are the bad guys that can harm
your project. However, modern risk approaches also focus on positive risks, the
project opportunities. These are the uncertain events that are beneficial to your
project and organisation. These good guys make your project faster, better and
more profitable.

Unfortunately, a lot of project teams struggle to cross the finish line, being
overloaded with work that needs to be done quickly. This creates a project
dynamic where only negative risks matter (if the team considers any risks at all).
Make sure you create some time to deal with the opportunities in your project,
even if it is only half an hour. The chances are that you will see a couple of
opportunities with a high payoff that doesn't require a big investment of time or
resources.

Rule 5: Clarify Ownership Issues

Some project managers think they are done once they have created a list of
risks. However, this is only a starting point. The next step is to make clear who
is responsible for what risk! Someone has to feel the heat if a risk is not taken
care of properly. The trick is simple: assign a risk owner for each risk that you
have found. The risk owner is the person in your team that has the responsibility
to optimise this risk for the project. The effects are really positive. At first,
people usually feel uncomfortable that they are actually responsible for certain
risks, but as time passes they will act and carry out tasks to decrease threats and
enhance opportunities.

Ownership also exists on another level. If a project threat occurs, someone has
to pay the bill. This sounds logical, but it is an issue you have to address before
a risk occurs. Especially if different business units, departments and suppliers
are involved in your project, it becomes important who bears the consequences
and has to empty his wallet. An important side effect of clarifying the ownership
of risk effects is that line managers start to pay attention to a project, especially
when a lot of money is at stake. The ownership issue is equally important to
project opportunities. Fights over (unexpected) revenues can become a long-
term pastime of management.

Rule 6: Prioritise Risks

A project manager once told me, I treat all risks equally. This makes project life
really simple. However, it doesn't deliver the best results possible. Some risks
have a higher impact than others. Therefore, you better spend your time on the
risks that can cause the biggest losses and gains. Check if you have any
showstoppers that could derail your project. If so, these are your number one
priority. The other risks can be prioritised on gut feeling or, more objectively,
on a set of criteria. The criteria most project teams use is to consider the effects
of a risk and the likelihood that it will occur. Whatever prioritisation measure
you use, use it consistently and focus on the big risks.

Rule 7: Analyse Risks

Understanding the nature of a risk is a precondition for a good response.
Therefore, take some time to have a closer look at individual risks and don't
jump to conclusions without knowing what a risk is about.

Risk analysis occurs at different levels. If you want to understand a risk at an

individual level, it is most fruitful to think about the effects that it has and the
causes that can make it happen. Looking at the effects, you can describe what
effects take place immediately after a risk occurs and what effects happen as a
result of the primary effects or because time elapses. A more detailed analysis
may show the order of magnitude effect in a certain effect category like costs,
lead time or product quality. Another angle to look at risks is to focus on the
events that precede a risk occurrence, the risk causes. List the different causes
and the circumstances that decrease or increase the likelihood.

Another level of risk analysis investigates the entire project. Each project
manager needs to answer the usual questions about the total budget needed or
the date the project will finish. If you take risks into account, you can do a
simulation to show your project sponsor how likely it is that you finish on a
given date or within a certain time frame. A similar exercise can be done for
project costs.

The information you gather in a risk analysis will provide valuable insights into
your project and the necessary input to find effective responses to optimise the
risks.

Rule 8: Plan and Implement Risk Responses

Implementing a risk response is the activity that actually adds value to your
project. You prevent a threat occurring or minimise negative effects. Execution
is key here. The other rules have helped you to map, prioritise and understand
risks. This will help you to make a sound risk response plan that focuses on the
big wins.

If you deal with threats, you have three options, risk avoidance, risk
minimisation and risk acceptance. Avoiding risks means you organise your
project in such a way that you don't encounter a risk anymore. This could mean
changing supplier or adopting a different technology or, if you deal with a fatal
risk, terminating a project. Spending more money on a doomed project is a bad
investment.

The biggest category of responses are the ones to minimise risks. You can try to
prevent a risk occurring by influencing the causes or decreasing the negative
effects that could result. If you have carried out rule 7 properly (risk analysis)
you will have plenty of opportunities to influence it. A final response is to
accept a risk. This is a good choice if the effects on the project are minimal or
the possibilities to influence it prove to be very difficult, time-consuming or
relatively expensive. Just make sure that it is a conscious choice to accept a
particular risk.

Responses to risk opportunities are the reverse of the ones for threats. They will
focus on seeking risks, maximising them or ignoring them (if opportunities
prove to be too small).
Rule 9: Register Project Risks
This rule is about bookkeeping (however don't stop reading). Maintaining a risk
log enables you to view progress and make sure that you won't forget a risk or
two. It is also a perfect communication tool that informs your team members
and stakeholders what is going on (rule 3).

A good risk log contains risk descriptions, clarifies ownership issues (rule 5)
and enables you to carry our some basic analyses with regard to causes and
effects (rule 7). Most project managers aren't fond of administrative tasks, but
doing your bookkeeping with regards to risks pays off, especially if the number
of risks is large. Some project managers don't want to record risks because they
feel this makes it easier to blame them in case things go wrong. However, the
reverse is true. If you record project risks and the effective responses you have
implemented, you create a track record that no one can deny. Even if a risk
happens that derails the project. Doing projects is taking risks.

Rule 10: Track Risks and Associated Tasks

The risk register you have created as a result of rule 9, will help you to track
risks and their associated tasks. Tracking tasks is a day-to-day job for each
project manager. Integrating risk tasks into that daily routine is the easiest
solution. Risk tasks may be carried out to identify or analyse risks or to
generate, select and implement responses.

Tracking risks differs from tracking tasks. It focuses on the current situation of
risks. Which risks are more likely to happen? Has the relative importance of
risks changed? Answering these questions will help to pay attention to the risks
that matter most for your project value.

In Summary
The ten golden risk rules above give you guidelines on how to implement risk
management successfully in your project. However, keep in mind that you can
always improve. Therefore, rule number 11 would be to use the Japanese
Kaizen approach: measure the effects of your risk management efforts and
continuously implement improvements to make it even better.
I wish you success with your project!

Reference: Bart Jutte is a founder and consultant at Concilio, a Netherlands-

based company specialising in project risk management. Concilio offers
consultancy, training and sells its own easy to use risk management software.

\https://www.projectsmart.co.uk