Risk has two key elements
Risk management is a continuous process. Risk management process involves following key steps: Identify risks Assess each risk Rank all risks according to their severity Plan for risk mitigation and contingency on the basis of outcome of step 3 Monitor each risk Control deviations (if any) from risk mitigation plan.
Risk identification is carried out at the beginning of every project. It is revisited during each project review on an ongoing basis for all residual risks and new risks. The identification of risk is highly project specific.
Any project has three key dimensions:
Risk assessment involves determining
The uncertainty is the probability of occurrence of the risk. This probability can be determined either qualitatively or quantitatively.
Recommended to use 4 categories (to avoid middle point bias) such as 1-low, 2-medium, 3-high, and 4-very high. The quantitative measure is a normal probability scale measure from 0 to 1.
The impact can be determined in terms of its severity, preferably a value from 1 (lowest) to 4 (highest).
The first risk indicator is earliest condition or event that signals risk turning in to a problem.
It involves regular tracking of risk resolution process and first risk indicator. The deviations in the risk resolution process are recorded.
Strategy to reduce deviation in the risk resolution process is developed and implemented.
|Unique ID||Unique Risk Identification Code|
|Classification||Category according to the taxonomy|
|Identification Date||Date on which the risk was identified|
|Description||Clear risk definition in “condition” and “consequence” format|
|Probability||Qualitative or quantitative probability of occurrence|
|Impact||Impact in terms of severity|
|Exposure (Probability X impact)||Product of probability and Impact|
|First Risk Indicator||Condition or event that indicates a risk turning into a problem|
|Mitigation Approach||Approaches to avoid or reduce the impact of risk|
|Assigned To||Person(s) responsible for risk resolution|
|Target Date||Date by which resolution must be achieved|
|Contigency Plan||Detailed plan to handle the situation when a risk turns into a problem.|
|Tracking||Risk resolution process tracking information|