Back2Basics – Project Risk Management: Project Risk Evaluation

Project Risk Evaluation

In the second part of the series ‘Back To Basics’ of Risk Management, we looked at what is risk management, lifecycle of risk in risk management process and what is risk analysis. In this part, we will explore – details of Risk Evaluation or Risk Assessment.

Also read Why You Should Manage Risks | Analyzing Risks | Evaluating Risks | Challenges in Evaluating & Responding to Risks.

What is Project Risk Evaluation | Risk Assessment?

Project Management Guide - Project Risk Evaluation

There are primarily two aspects of project risk assessment:

Probability of a risk: How much likely that the risk will happen?
Consequence of a risk: How severely will it affect us?

These two factors determine what is called as : Risk Exposure

Project risk evaluation is subjective to greater extent but with properly established policies, guidelines and practices it can be standardized to greater degree. Based on above two aspects, the rating for a given risk can be determined.

Determine likelihood of occurrence of a risk

This field gives the probability of occurrence of a given risk. Project planner/manager along with team members can determine probability (Rare, unlikely, Possible, Likely and Almost Certain)

Rating	Description	Likelihood of Occurrence
1	Rare	Risk occurrence is highly unlikely.Exceptionally it may occur, but most likely it will never occur
2	Unlikely	The risk occurrence is not expected. But in slight probability, it may occur
3	Possible	This risk may occur some times as organization has observed historical trace of such risks
4	Likely	This risk has strong possibility of occurrence as organization has frequently observed trace of such risks
5	Almost Certain	This risk is most likely to occur. The instance/incidence is expected to occur in speculated timeframe as organization has observed trace of regular occurrence of such type of risks

Table 1: Probability of Risk

Determine Consequence of occurrence or a risk

The severity of the potential loss, if risk occurs is the second parameter of risk evaluation. Again, this parameter is highly contextual. When team members register a risk, he/she may not have the complete idea of the situation. Hence project planner or manager is expected to take the context into consideration and determine the consequence of the risk if occur in future. Based on the learning from previous risks/history, organization may create a reference or guideline to determine severity of the risk. Project planner/manager refers such guideline and uses his/her judgment to determine the consequence of the risk in consideration.

Rating	Description	Example to illustrate
1	Insignificant	Minimal project delay\| loss; Less than a week\| < few hundred $
2	Minor	Minor project delay \| loss; more than 3 weeks\| $100k< x <$10k
3	Moderate	Moderate project delay\| loss; more than 12 weeks \| $1M<x<$100k
4	Major	Major project delay\| loss; More than 2 month \| $1M<x<$100k
5	Catastrophic	Intolerable project delay\| loss; More than 6 month \| $x >$5M

Table 2: Consequence of risk

Determine the rating of risk

Based on probability of occurrence of risk and potential severity that it may cause, project managers can derive the rating the risk. Organizations with good project risk management practice have escalation guidelines based on the project risk rating. Which specifies what escalation matrix should be used depending on the rating of the risk.

The table below gives indicating ‘Required Action’ based on the rating of a risk. Your organization will have different required action or escalation matrix based on your industry/organization’s practices.

Rating	Required Action
Low	Acceptable: Not mandated to deploy additional resources; Such risk is expected to be managed through normal routine. *Action:*Track and review
Moderate	Acceptable:Such risk is not expected to cause much damage or jeopardize the overall objective or effectiveness of project *Action*: Project Manager to create a response plan. Track and Respond.
High	Not Acceptable to larger extent: Such a risk is highly likely to cause considerable damage or jeopardies overall project objective or effectiveness.

Extreme

Action: Project Manager to bring-to-notice of Senior management, mentioning expected support.Response plan to be created & reported to Director/ CxO

Not Acceptable at all:Such a risk is extremely likely to pose as a threat to the continuation/functioning of a project/ organization.

Action: Project Manager to bring-to-notice of Senior management for immediate action.Response plan to be created, managed by Director/ CxO.

Table 3: Risk Rating

As mentioned earlier, the organization as a whole need to assess these parameters, significance of each parameter and required action i.e. a meaningful guideline to state which risk can be assessed as ‘Major’ severity with what probability as ‘Likely’. Though ‘Likely’, ‘Extreme’, ‘Moderate’, ‘Catastrophic’ are generic terms, the resource who will work with reference to these terms need to understand clearly, what they need to do with it.

Let me know how you find this post. I would love to hear your feedback.

Also read Why You Should Manage Risks | Analyzing Risks | Evaluating Risks | Challenges in Evaluating & Responding to Risks.

About Zilicus

Zilicus offers the best project portfolio management tool ZilicusPM, with robust project management tools capabilities and easy ways to track project management KPI,

Know more about project portfolio management, Gantt chart, best project management tool, project management office, project management tips, project planning guide, project risk management, project scope management, effective project management, project manager guides and know more about Project Portfolio Management Software, Project Management Software Guide.