Risk assessment best practices
Life is full of surprises, and even if you plan everything as accurate as possible and map out each milestone, project risk can sneak up and affect your scope, schedule or budget. You can’t predict the future, but by using these best practices you will identify risks earlier and prepare a response plan for them.
1. Do not confuse risk causes, events, and impacts
The causes are events or set of consequences that exist in the project.
Example of causes:
- doing a project in a developing country
- using unproven technology
- lacking skilled personnel
Events are uncertain activities that, if they occur, will affect the project objectives.
Example of events:
- exchange rate fluctuation
- contractor delivery
- client expectation misunderstood
The impact represents the unplanned variation from project objectives (positive or negative) which is the result of risks occurring.
Example of impact:
- milestone date missed
- budget underrun
- failure to meet the performance target
DUE TO <cause>, <risk event> COULD OCCUR, RESULTING IN <impact>.
Example: Due to many job opportunities for programmers, the loss of key personnel for the project could occur, resulting in higher costs and an extended schedule.
2. Use a checklist with scanning for other risks
The checklist will help you assess specific risks to your project in an easy-to-view table format.
3. Check the risk impacts and look at the most significant impact on:
4. Use also 100% probability during planning
|1.0||Certain to occur ( 100% )|
|0.9||Almost certain ( >90% )|
|0.7||Highly likely ( >70% )|
|0.5||Likely ( >50% )|
|0.3||Low likelihood ( <30% )|
|0.1||Very unlikely ( <10% )|
The project team needs to take actions to reduce the probability below 100% or somehow incorporate the items into the Project Plan.
5. Do not confuse mitigation plan with risk response
The mitigation plan is created during the process of risk identification. The activities associated with mitigation plans are usually part of the schedule, and they are executed together with other activities of the schedule.
The Risk Response Plan is also a set activities plan which is designed to eliminate and minimize the impact of threats and maximize the effect of opportunities. However, the risk response plan is created during the process of project planning but executed after risk occurred.
|Risk response techniques|
6. Consider contingency plans along with response plans
You have a risk event of missing the critical project resource.
Mitigation plan: include in the resource plan the activities and hours needed by the key resource
Contingency plan: if the key resource is not available, elevate issue to the Project Sponsor
7. Consider also the opportunities, not just the threats
Example of opportunities:
- special pricing for a supplier
- competitive market conditions
- the sudden availability of a key resource for a short period
- availability of some needed equipment
- availability of government funds for the project’s industry
8. Make project team members responsible for specific risks
While doing the risk assessment, it is essential to identify the owner of the risk and assign the specific tasks to that person.
9. Make risk management an on-going process during project reviews
At each team meeting you should:
- ask if any new risks may appear
- check to see if any risk triggers occurred
- update the status on the execution of risk plans
- update probability and impact values based on actions taken
- evaluate the effectiveness of actions taken in managing risks