Project risk management is the art and science of identifying, assigning, and responding to risk throughout the life of a project and in the best interests of meeting project objectives. Risk management is often overlooked on projects, but it can help improve project success by helping select good projects, determining project scope, and developing realistic estimates. A study by Ibbs and Kwak show how risk management is neglected, especially on IT projects. KPMG study found that 55 percent of runaway projects did no risk management at all.
A dictionary definition of risk is “the possibility of loss or injury”. Project risk involves understanding potential problems that might occur on the project and how they might impede project success. Risk management is like a form of insurance; it is an investment.
Project Risk Management has six phases. There are,
- Plan Risk Management -The process of defining how to conduct risk management activities for a project.
- Identify Risks – The process of determining which risks may affect the project and documenting their characteristics. Risk identification is the process of understanding what potential unsatisfactory outcomes are associated with a particular project. Several risk identification tools and techniques include Brainstorming, The Delphi technique, Interviewing and SWOT analysis.
- Perform Qualitative Risk Analysis – The process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact. Assess the likelihood and impact of identified risks to determine their magnitude and priority. Risk quantification tools and techniques include Probability/Impact matrixes, The Top 10 Risk Item Tracking technique and Expert judgment.
- Perform Quantitative Analysis – The process of numerically analyzing the effect of identified risks on overall project objectivities.
- Plan Risk Responses – The process of developing options and actions to enhance opportunities and to reduce threats to project objectives. After identifying and quantifying risks, you must decide how to respond to them.
Four main strategies: Risk avoidance: eliminating a specific threat or risk, usually by eliminating its causes. Risk acceptance: accepting the consequences should a risk occur. Risk transference: shifting the consequence of a risk and responsibility for its management to a third party.
Risk Mitigation: reducing the impact of a risk event by reducing the probability of its occurrence
- Control Risks – The process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks and evaluating risk process effectiveness throughout the project. Risk response control involves executing the risk management processes and the risk management plan to respond to risk events.