Back2Basics – Project Risk Management- Risk Assessment and Risk Response
Risk Assessment and Risk Response
In the third part of the series ‘Back To Basics’ of Risk Management, we briefly saw what is risk assessment, risk probability, risk impact and risk rating. It is interesting to know the kind of difficulties project managers face in the assessment of risks. The essence of difficulties faced in risk assessment is covered in this part. In the final part of this series, we will look at Risk Rating & how Heat Map depicts risks in graphical form & how it is helpful in responding to risks. Also know why you should consider using risk management software for your organization.
Also read Why You Should Manage Risks | Analyzing Risks | Evaluating Risks | Challenges in Evaluating & Responding to Risks.
Difficulties in Risk Assessment
- The essential difficulty we have observed in risk assessment is estimating rate of occurrence of risk. Simply because statistical data related to risks happened in past is not recorded nor it is managed hence it is not available
- Evaluating severity of risk is not easy because, of the same reason – unavailability of statistical data.
- Even if past data is available for risk evaluated in the past, the subjectivity factors (best educated guess, etc.) observed to play prominent role in such risk evaluation. Such subjective evaluations do not result in correct factoring of the causes-effects (retrospective analysis) associated with these risks
What Is Risk Rating and Heat Map?
As mentioned in above section, once project planner/manager assesses the probability and severity of a given risk, he can calculate Risk Rating. Risk Rating is alternatively called as ‘Risk Exposure or Composite Risk Index’.
Risk Rating= Probability of Occurrence of Risk x Severity of Risk if it occurs |
Heat Map: The exposure of risks can be represented in visual form with the help of heat map. If you have considerable number of risks in the red-coloured boxes, you need to take prompt actions on those. Thus based on numbers in these boxes represented in heat map, you can decide your course of action to tackle those. Such heat map gives high level idea of risks in a given project.
Figure 5: Risk Exposure Explained with Heat Map
How should you respond to Risks?
Prioritize
Once all identified risks are evaluated, project planner/manager can prioritize those based on rating and organization’s/project’s objectives. e.g. of given 10 risks – 3 would be extreme rating, 2 would be of high rating and so on; within these three risks with extreme rating, project manager along with senior management can decide priority of each. Based on the priority, the response plan/action will get effective.
Response Strategy:
- Accept
- Transfer
- Avoid
- Mitigate
- Contingent
The management team can use above strategies independently or collectively as suitable to the context to manage risks.
Escalate &Ask for additional support: If any risk in your kitty is with Extreme or High exposure and requires escalation to higher management; you need to escalate it along with your analysis of mitigation strategy. If mitigation of such risks requires additional support – you need ask for it. The additional support could be in terms of resources, cost, outsourcing, having redundant vendor/supplies, etc. Of course, organization should ensure, such measures are recorded to build better risk management capabilities in future.
Decide and March: If risks with highest priority are concluded for further action, you need to look at risks with next level of priorities.
For all above risks, you can choose to accept those (if there is nothing that you can do about it & has lesser impact on you) or transfer it (to third party, or other group) or avoid it (by discarding that portion of the project), etc.
Contingency Plan: Additionally, you can have contingency plan to cover up if first level of risk tackling strategy does not succeed i.e. Contingency plan is your ‘Plan B’ if your ‘Plan A’ does not work out well.
In all situations, you need to have a mechanism to track, monitor and review risks on a regular basis. Such process of monitoring & review of risks on regular basis, is attributed as good risk management practice
Why you should use Risk Management Software?
- Information, artefacts such as project plan, risks (identification, assessment, communication, response plan, assignment) if not recorded; will simply get lost over the time, so does your organization knowledge & expertise
- The risk management software provides the central place where project managers and in turn organization register, track, manage, communicate the risk details
- The software allows you to precisely identify and categorize business risks within your organization
- The biggest advantage of risk management software is the clear visibility it provides to stakeholders about health of the project, the vulnerability/stability of the project
- It also creates an immensely valuable knowledge base that organization can utilize to prepare better risk management practices, processes and policies thus place itself in a better position to tackle risks. Even if type of risk differs, organization & its resource can follow/comply with laid down process and thus reduce the risk impact on project/ company
- Not all SMBs recognize the importance of proper risk management practices. The great degree of resources (people, material, time and money) they can save with risk management practices. The software can make their process easier to start practicing risk management
- Additionally, the compliance requirements enforced by governments and expectations of consumer/customer groups have mandated companies to get their risk register audited by third parties/auditing firms. No better way of managing such activities than risk management software
- Good number of managers I talked to, have been raising concern about the difficulty, frustration they face in managing umpteen number of spread-sheet versions of risk register. It is funny but I wonder if they have risk recorded, for such risk-management practice itself
Concluding Remarks
The risk management
- Should be an integral part of organizational processes – structured & systematic
- Should be inclusive, transparent, collaborative and make stakeholders accountable
- Should utilize best available inputs and application of resources
- Should register ambiguities and assumptions separately
- Should be agile and flexible to evolve continuously
Let me know how you find this post. I would love to hear your feedback.
Also read Why You Should Manage Risks | Analyzing Risks | Evaluating Risks | Challenges in Evaluating & Responding to Risks.
About Zilicus
Zilicus offers the best project portfolio management tool ZilicusPM, with robust project management tools capabilities and easy ways to track project management KPI,
Know more about project portfolio management, Gantt chart, best project management tool, project management office, project management tips, project planning guide, project risk management, project scope management, effective project management, project manager guides and know more about Project Portfolio Management Software, Project Management Software Guide.
12 Comments
[…] Challenges in Evaluating Project Risks […]
[…] in other post, we looked at risk management and it mentioned that there are four basic steps for risk […]
[…] Back to Basics – Project Risk Management (Part-IV): Risk Response […]
[…] Challenges in risk evaluation […]
[…] read Why You Should Manage Risks | Analyzing Risks | Evaluating Risks | Challenges in Evaluating & Responding to […]
[…] Why You Should Manage Risks | Analyzing Risks | Evaluating Risks | Challenges in Evaluating & Responding to […]
[…] Why You Should Manage Risks | Analyzing Risks | Evaluating Risks | Challenges in Evaluating & Responding to […]
Risk management framework to identify hazards and assess risks with they implement a continuous review process as part of the Safety Management.
Great article! I loved the knowledge and the information given . Further, your blogging style is very pleasing to read. If you have enough time kindly browse my brand new website and tell me what you think.
… [Trackback]…
[…] Read More here: blog.zilicus.com/wordpress/?p=335 […]…
80. I was just seeking this information for a while. After 6 hours of continuous Googleing, finally I got it in your site. I wonder what’s the lack of Google strategy that do not rank this type of informative web sites in top of the list. Usually the top web sites are full of garbage.
Over a 100 million corporations can afford a rating!
Ontonix has developed a global web-based risk rating system that allows to perform objective and fast business diagnosis and risk rating. The service has been specifically engineered for a turbulent economy, providing a comprehensive picture of the state of health of a business as well as a unique measure of its resilience and stability.
Thanks!
Alex