Projects always have issues. It is a project manager’s job to find events that cause issues and manage them proactively.
These events are negative risks, and risk management helps you find and manage them.
Risks do not always harm the project; they can have a positive impact. Risks with positive effects are known as positive risks. Risk management helps you with positive risks as well.
Without risk management, your project has less chance of succeeding. You must have a risk management plan; it is a component of the project management plan.
What is a Risk Management Plan?
Risk management is a process of identifying risks, analyzing the risks, developing a risk response plan and monitoring them throughout the project life cycle. The risk management plan helps you carry out risk management activities.
A risk management plan has identify risks, analyze the risks, develop responses, and implement those responses. It describes how risk management activities will be carried out.
The Components of a Risk Management Plan
The following are the components of a risk management plan:
- Plan Risk Management
- Identify Risks
- Analyze Risks
- Plan the Responses
- Monitor and Control the Risks
Plan Risk Management
Here, you define how you will conduct various risk management activities.
You define how you’re going to identify the risks, and how they will be categorized, analyzed, etc.
You will lay down the formula to determine risk ranking; which risks are high, medium or low.
In this process, you collect risks using the methods described in the risk management plan. A few risk identification techniques are:
- Document Review
- Information Gathering Techniques
In document review, you look over records of past projects. These documents provide you with many possible risks. The documents may include lessons learned, risk register, issue log, project files, and more.
In information-gathering techniques, you interact with various stakeholders to collect the risks. You ask experts to list as many risks as they can. This technique includes brainstorming, the Delphi technique, etc.
The Delphi technique helps you get responses from experts who are not comfortable expressing their opinions by circulating a questionnaire to experts anonymously.
You repeat this procedure until you get your conclusive results. Afterward, you compile them and review the responses.
In an interview, you approach busy and important stakeholders with a team member. You ask pre-selected questions during your conversation. The team member records these conversations.
Analyze the Risks
You will analyze risks using qualitative and/or quantitative methods after risk identification is complete.
You always perform a qualitative risk analysis process. However, quantitative risk analysis is optional. The quantitative risk analysis process is most likely to be performed on large and complex projects.
Here, you determine the probability and impact of each risk, and then you prioritize them. After completing the qualitative risk analysis review, you move on to the quantitative risk analysis review.
In quantitative risk analysis, you numerically analyze the risks and their effect on the project objectives.
Expected Monetary Value (EMV) Method is a quantitative risk analysis technique. Here, you calculate the EMV of each choice and then select the best choice. It helps you to determine the contingency reserve, which is used to manage identified risks.
To manage unidentified risks, you use the management reserve. Management defines this reserve; they can set this as a percentage of the project cost, for example, 5% or 10% of the project cost. A project manager needs the approval to use the management reserve.
A Monte Carlo simulation provides the chances of completing the project in different conditions. You can run this technique with cost, schedule, or any other project objectives. It graphically shows you a project’s objective vs. its chance of being completed under various conditions.
For example, if you run the Monte Carlo simulation for schedule analysis, you will know that you have an 80% chance of completing the project within 24 months and a 90% chance of completing it in 26 months.
Plan Risk Responses
After collecting and qualifying risks, you will develop the risk response plan. This plan describes actions that you should take when an identified risk occurs.
Risks can be positive or negative. Positive risks are known as opportunities, and negative risks are threats. The risk response plan aims to reduce the probability or impact of negative risks and increase the chance or benefits of positive risks.
You will assign a risk owner to each risk. They will be responsible for monitoring the risk and if it occurs, they will implement the risk response plan.
Strategies for negative and positive risks are different.
Negative Risk Response Strategies:
You can use the following strategies to manage negative risks:
- Mitigate: You try to reduce the chance of the risk occurring, or its impact.
- Avoid: You take measures to eliminate the threat or its effect, like, changing the project management plan.
- Transfer: You transfer the risk to a third party: e.g., insurance.
- Escalate: You shift the responsibility of managing the risk to higher management.
- Accept: You acknowledge the risk and document it, but do not take any action to mitigate it or its effect.
Positive Risk Response Strategies
You can use the following strategies to manage positive risks:
- Enhance: You try to increase the chance of an opportunity or its impact.
- Exploit: You do everything to make sure that the opportunity is realized.
- Share: If you are not capable of realizing the opportunity on your own, so you ask someone to share in the opportunity.
- Escalate: You transfer the responsibility of managing the risk to higher management.
- Accept: You acknowledge the opportunity and document it, but do not take any action to realize it.
You can use accept and escalate risk response strategies with both types of risks.
After completing the risk response strategy, you will update the risk register.
Monitor and Control Risks
You watch for these risks once the project starts. You will control them when they occur and record the outcome into the risk register.
The risk management plan has a tracking and reporting system for risk events. This helps the project manager analyze the efficiency of the risk management plan and record lessons learned for future risk events.
The risk management plan is a subsidiary plan of the project management plan. Your project success depends on the risk management plan. A sound plan can help you complete the project within the approved schedule and budget. You have to be proactive with risk management. Use experts’ help in developing a risk response plan.
How do you develop risk management plans for your projects? Please share your experiences in the comments section.
Kindly note that when you calculate the reserve for the cost, you also have to calculate the reserve for the schedule. Here, the contingency reserve may be known as the time reserve or buffers. They are part of the schedule baseline. However, the management time reserve is not a part of the schedule baseline but a part of the overall project duration.