15 49.0138 8.38624 1 0 4000 1 http://blog.zilicus.com 800 true

Back2Basics – Project Risk Management- Risk Assessment and Risk Response

Risk Assessment and Risk Response

In the third part of the series ‘Back To Basics’ of Risk Management, we briefly saw what is risk assessment, risk probability, risk impact and risk rating. It is interesting to know the kind of difficulties project managers face in the assessment of risks. The essence of difficulties faced in risk assessment is covered in this part. In the final part of this series, we will look at Risk Rating & how Heat Map depicts risks in graphical form & how it is helpful in responding to risks. Also know why you should consider using risk management software for your organization.

Also read Why You Should Manage Risks | Analyzing Risks | Evaluating Risks | Challenges in Evaluating & Responding to Risks.

Difficulties in Risk Assessment

difficulty in risk assessment

  • The essential difficulty we have observed in risk assessment is estimating rate of occurrence of risk. Simply because statistical data related to risks happened in past is not recorded nor it is managed hence it is not available
  • Evaluating severity of risk is not easy because, of the same reason – unavailability of statistical data.
  • Even if past data is available for risk evaluated in the past, the subjectivity factors (best educated guess, etc.) observed to play prominent role in such risk evaluation. Such subjective evaluations do not result in correct factoring of the causes-effects (retrospective analysis) associated with these risks

What Is Risk Rating and Heat Map?

As mentioned in above section, once project planner/manager assesses the probability and severity of a given risk, he can calculate Risk Rating. Risk Rating is alternatively called as ‘Risk Exposure or Composite Risk Index’.

Risk Rating= Probability of Occurrence of Risk x Severity of Risk if it occurs

Heat Map: The exposure of risks can be represented in visual form with the help of heat map. If you have considerable number of risks in the red-coloured boxes, you need to take prompt actions on those. Thus based on numbers in these boxes represented in heat map, you can decide your course of action to tackle those. Such heat map gives high level idea of risks in a given project.

Heat Map helps prioritisation of risksFigure 5: Risk Exposure Explained with Heat Map


How should you respond to Risks?


Once all identified risks are evaluated, project planner/manager can prioritize those based on rating and organization’s/project’s objectives. e.g. of given 10 risks – 3 would be extreme rating, 2 would be of high rating and so on; within these three risks with extreme rating, project manager along with senior management can decide priority of each. Based on the priority, the response plan/action will get effective.

Response Strategy:

  • Accept
  • Transfer
  • Avoid
  • Mitigate
  • Contingent

The management team can use above strategies independently or collectively as suitable to the context to manage risks.

Escalate &Ask for additional support: If any risk in your kitty is with Extreme or High exposure and requires escalation to higher management; you need to escalate it along with your analysis of mitigation strategy. If mitigation of such risks requires additional support – you need ask for it. The additional support could be in terms of resources, cost, outsourcing, having redundant vendor/supplies, etc. Of course, organization should ensure, such measures are recorded to build better risk management capabilities in future.

Decide and March: If risks with highest priority are concluded for further action, you need to look at risks with next level of priorities.

For all above risks, you can choose to accept those (if there is nothing that you can do about it & has lesser impact on you) or transfer it (to third party, or other group) or avoid it (by discarding that portion of the project), etc.

Contingency Plan: Additionally, you can have contingency plan to cover up if first level of risk tackling strategy does not succeed i.e. Contingency plan is your ‘Plan B’ if your ‘Plan A’ does not work out well.

 In all situations, you need to have a mechanism to track, monitor and review risks on a regular basis. Such process of monitoring & review of risks on regular basis, is attributed as good risk management practice

Why you should use Risk Management Software?

  • Information, artefacts such as project plan, risks (identification, assessment, communication, response plan, assignment) if not recorded; will simply get lost over the time, so does your organization knowledge & expertise
  • The risk management software provides the central place where project managers and in turn organization register, track, manage, communicate the risk details
  • The software allows you to precisely identify and categorize business risks within your organization
  • The biggest advantage of risk management software is the clear visibility it provides to stakeholders about health of the project, the vulnerability/stability of the project
  • It also creates an immensely valuable knowledge base that organization can utilize to prepare better risk management practices, processes and policies thus place itself in a better position to tackle risks. Even if type of risk differs, organization & its resource can follow/comply with laid down process and thus reduce the risk impact on project/ company
  • Not all SMBs recognize the importance of proper risk management practices. The great degree of resources (people, material, time and money) they can save with risk management practices. The software can make their process easier to start practicing risk management
  • Additionally, the compliance requirements enforced by governments and expectations of consumer/customer groups have mandated companies to get their risk register audited by third parties/auditing firms. No better way of managing such activities than risk management software
  • Good number of managers I talked to, have been raising concern about the difficulty, frustration they face in managing umpteen number of spread-sheet versions of risk register. It is funny but I wonder if they have risk recorded, for such risk-management practice itself

Concluding Remarks

The risk management

  • Should be an integral part of organizational processes – structured & systematic
  • Should be inclusive, transparent, collaborative and make stakeholders accountable
  • Should utilize best available inputs and application of resources
  • Should register ambiguities and assumptions separately
  • Should be agile and flexible to evolve continuously

Let me know how you find this post. I would love to hear your feedback.

Also read Why You Should Manage Risks | Analyzing Risks | Evaluating Risks | Challenges in Evaluating & Responding to Risks.

About Zilicus

Zilicus offers the best project portfolio management tool ZilicusPM, with robust project management tools capabilities and easy ways to track project management KPI,

Know more about project portfolio managementGantt chartbest project management toolproject management office, project management tips, project planning guideproject risk managementproject scope management, effective project management, project manager guides and know more about Project Portfolio Management Software, Project Management Software Guide.

Back2Basics – Project Risk Management: Project Risk Evaluation
Project Organization Hierarchy / Organogram in ZilicusPM

I am a co-founder of Zilicus Solution and I write about project management, collaboration, productivity, project management software, cloud computing, requirement management and business empowerment.