Back2Basics – Project Risk Management: Project Risk Evaluation

Project Risk Evaluation

In the second part of the series ‘Back To Basics’ of Risk Management, we looked at what is risk management, lifecycle of risk in risk management process and what is risk analysis. In this part, we will explore – details of Risk Evaluation or Risk Assessment.

Also read Why You Should Manage Risks | Analyzing Risks | Evaluating Risks | Challenges in Evaluating & Responding to Risks.

What is Project Risk Evaluation | Risk Assessment?

Project Management Guide - Project Risk Evaluation

There are primarily two aspects of project risk assessment:

  • Probability of a risk: How much likely that the risk will happen?
  • Consequence of a risk: How severely will it affect us?

These two factors determine what is called as : Risk Exposure

Project risk evaluation is subjective to greater extent but with properly established policies, guidelines and practices it can be standardized to greater degree. Based on above two aspects, the rating for a given risk can be determined.

  • Determine likelihood of occurrence of a risk

This field gives the probability of occurrence of a given risk. Project planner/manager along with team members can determine probability (Rare, unlikely, Possible, Likely and Almost Certain)

Rating

Description

Likelihood of Occurrence

1

Rare

Risk occurrence is highly unlikely.Exceptionally it may occur,

but most likely it will never occur

2

Unlikely

The risk occurrence is not expected. But in slight probability,

it may occur

3

Possible

This risk may occur some times as organization has

observed historical trace of such risks

4

Likely

This risk has strong possibility of occurrence as organization

has frequently observed trace of such risks

5

Almost Certain

This risk is most likely to occur. The instance/incidence

is expected to occur in speculated timeframe as

organization has observed trace of regular occurrence

of such type of risks

Table 1: Probability of Risk

  • Determine Consequence of occurrence or a risk

The severity of the potential loss, if risk occurs is the second parameter of risk evaluation. Again, this parameter is highly contextual. When team members register a risk, he/she may not have the complete idea of the situation. Hence project planner or manager is expected to take the context into consideration and determine the consequence of the risk if occur in future. Based on the learning from previous risks/history, organization may create a reference or guideline to determine severity of the risk. Project planner/manager refers such guideline and uses his/her judgment to determine the consequence of the risk in consideration.

Rating

Description

Example to illustrate

1

Insignificant

Minimal project delay| loss; Less than a week| < few hundred $

2

Minor

Minor project delay | loss; more than 3 weeks| $100k< x <$10k

3

Moderate

Moderate project
delay| loss; more than 12 weeks | $1M<x<$100k

4

Major

Major project delay| loss; More than 2 month | $1M<x<$100k

5

Catastrophic

Intolerable project delay| loss; More than 6 month | $x >$5M

Table 2: Consequence of risk

  • Determine the rating of risk

Based on probability of occurrence of risk and potential severity that it may cause, project managers can derive the rating the risk. Organizations with good project risk management practice have escalation guidelines based on the project risk rating. Which specifies what escalation matrix should be used depending on the rating of the risk.

The table below gives indicating ‘Required Action’ based on the rating of a risk. Your organization will have different required action or escalation matrix based on your industry/organization’s practices.

Rating

Required Action

Low

Acceptable: Not mandated to deploy additional resources; Such risk is expected to be managed through normal routine.

Action:Track and review

Moderate

Acceptable:Such risk is not expected to cause much damage or jeopardize the overall objective or effectiveness of project

Action: Project Manager to create a response plan.
Track and Respond.

High

Not Acceptable to larger extent: Such a risk is highly likely to cause considerable damage or jeopardies overall project objective or effectiveness.

Extreme

Action: Project Manager to bring-to-notice of Senior management, mentioning expected support.Response plan to be created & reported to Director/ CxO

Not Acceptable at all:Such a risk is extremely likely to pose as a threat to the continuation/functioning of a project/ organization.

Action: Project Manager to bring-to-notice of Senior management for immediate action.Response plan to be created, managed by Director/ CxO.

Table 3: Risk Rating

As mentioned earlier, the organization as a whole need to assess these parameters, significance of each parameter and required action i.e. a meaningful guideline to state which risk can be assessed as ‘Major’ severity with what probability as ‘Likely’. Though ‘Likely’, ‘Extreme’, ‘Moderate’, ‘Catastrophic’ are generic terms, the resource who will work with reference to these terms need to understand clearly, what they need to do with it.

Let me know how you find this post. I would love to hear your feedback.

_____________________________________________________________________________

Project Management Software by Zilicus
ZilicusPM – Online Project Management Software

Use project management software for project planning & scheduling – Try ZilicusPM a powerful tool that enable online project planning – WBS, online scheduling, resource assignment, Gantt chart, project tracking, issue management, online calendar, risk register and much more.

Trackbacks & Pings

Leave a Reply

Your email address will not be published. Required fields are marked *