Risk Management - Is it really necessary?Risk Management is so important to project success that it is described as one of the seven themes of PRINCE2®. Anticipating and handling risks prevents project failure and reduces excess spending of time, money and resources. Risk management is one of the topics covered on a PRINCE2 training course.
PRINCE2 specifies a four-step plan for handling potential risks to your project:
1. Identify
The first thing you need to do is work out what the risks are. It is the responsibility of the Project Board to inform the Project Manager of external risks to the project, but this does not mean that you can sit back and let them do all the work.
Tools for identifying project risks include: research (ask project specialists what risks they foresee to their own areas of the project), visualisation (how might the project environment change before the completion of the project? Will the product still be viable?), mind-mapping (group risks according to the areas that they affect: risks to resources, risks to the schedule, risks to quality control etc.
2. Evaluate
What is the likelihood of the risk occuring? What impact would the risk have on your project?
PRINCE2 suggests using a risk profile tool to facilitate evaluation. A risk profile is essentially a matrix in which one axis represents risk probability and the other risk impact. In the diagram below, the risk profile has been used to rank the risks from one to four.
| Probability | 2 | 4 |
| 1 | 3 | |
|
Impact
|
||
Risk 1 = unlikely and low impact (for example: the risk that it will rain all weekend is unlikely and has a low impact for a project to hold an indoor summer party in Australia)
Risk 2 = likely but low impact (for example: the same risk is highly likely but has an equally low impact for an indoor summer party held in the UK)
Risk 3 = unlikely but high impact (for example: the risk of rain on the beach barbeque planned as part of the summer party in Australia)
Risk 4 = likely and high impact (for example: the risk that it will rain on an outdoor picnic held in the UK)
3. Consider
Once you have evaluated the risk, you must consider possible responses. There are five basic strategies for dealing with project risks:
- Avoidance (for example: to avoid Risk 3, the organiser could choose not to include a barbeque in the plans)
- Acceptance (for example: the organisers of the summer party in the UK [Risk 2] choose to accept that it will probably rain)
- Reduction (for example: to reduce the impact of Risk 4, the organiser of the picnic could provide all guests with umbrellas)
- Transference (for example: to transfer Risk 4 the organiser could hire somebody else to provide suitable shelter if it should rain)
- Contingency (for example: if it were to rain during our outdoor summer party, then our plan B would be to move everyone to the nearest pub and have the larty there instead)
4. Decide
Finally you must select a suitable strategy after weighing up the probability of the risk and it’s impact if it were to occur. Choose a strategy whose cost is in proportion to the probability and impact. It would be a mistake to spend too much on a strategy, if anything at all, if the impact were low and it were unlikely anyway.
