Risk Management in Six Sigma – Identify, Assess, Plan, Monitor and Control Risk

Risk has two key elements

  • An uncertainty
  • An impact in terms of potential loss (if it happens).

Risk management is a continuous process. Risk management process involves following key steps: Identify risks Assess each risk Rank all risks according to their severity Plan for risk mitigation and contingency on the basis of outcome of step 3 Monitor each risk Control deviations (if any) from risk mitigation plan.


Risk identification is carried out at the beginning of every project. It is revisited during each project review on an ongoing basis for all residual risks and new risks. The identification of risk is highly project specific.

Any project has three key dimensions:

  • Cost
  • Specifications
  • Time


Risk assessment involves determining

  • Uncertainty
  • Impact
  • First risk indicator.


The uncertainty is the probability of occurrence of the risk. This probability can be determined either qualitatively or quantitatively.

Qualitative Measure
Recommended to use 4 categories (to avoid middle point bias) such as 1-low, 2-medium, 3-high, and 4-very high. The quantitative measure is a normal probability scale measure from 0 to 1.


The impact can be determined in terms of its severity, preferably a value from 1 (lowest) to 4 (highest).

First Risk Indicator

The first risk indicator is earliest condition or event that signals risk turning in to a problem.


  • A mitigation approach is developed for each risk, to either avoid or reduce the impact of risk.
  • The responsibility to implement the mitigation strategy is assigned to a team member along with a target date.
  • The actual execution of the mitigation plan is called risk resolution.
  • A contingency plan is also developed to handle the situation when a risk turns in to a problem.


It involves regular tracking of risk resolution process and first risk indicator. The deviations in the risk resolution process are recorded.


Strategy to reduce deviation in the risk resolution process is developed and implemented.

Minimum Risk Documentation Format

Unique ID Unique Risk Identification Code
Classification Category according to the taxonomy
Identification Date Date on which the risk was identified
Description Clear risk definition in  “condition” and “consequence” format
Probability Qualitative or quantitative probability of occurrence
Impact Impact in terms of severity
Exposure (Probability X impact) Product of probability and Impact
First Risk Indicator Condition or event that indicates a risk turning into a problem
Mitigation Approach Approaches to avoid or reduce the impact of risk
Assigned To Person(s) responsible for risk resolution
Target Date Date by which resolution must be achieved
Contigency Plan Detailed plan to handle the situation when a risk turns into a problem.
Status Active/Resolved/Expired
Tracking Risk resolution process tracking information
<<< Six Sigma Techniques – Internal Benchmarking, Functional Benchmarking, Competitive benchmarking, Brainstorming and Pareto Chart
Copyright 2005-2016 KnowledgeHills. Privacy Policy. Contact .