The article presents knowledge on the topic of Risk Management that helps while preparing for exams.
In the first part of the articles on Risk Management, I shall focus on a general introduction and in the later parts of the articles I will focus on the subject from PMI® and project management perspective to provide a broader framework.
From the PMP training point of view, this is one of the most critical topics that needs to be understood and mastered.
Risk is the potential that a chosen action or activity (including the choice of inaction) will lead to a loss (an undesirable outcome). The notion implies that a choice having an influence on the outcome exists (or existed). Potential losses themselves might be called as "risks".
The terms “risk” and “risk management” are some of the most widely discussed and used terms. The general concept of risk management is not unknown to almost everyone, with the various concepts being deployed daily in every profession or occupation. It would not be unnatural then to assume that the field would have many experts and would rather be error free. It is hardly like that. In fact, risk management is susceptible to errors repeated over projects even in the same organization across similar portfolios.
Risk management is the identification; assessment and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives, whether positive or negative) followed by coordinated and economical application of resources to minimize, monitor and control the probability and/or impact of unfortunate events and / or to maximize the realization of opportunities. Risks can come from project failures at any phase in design, development, production or sustainment life-cycles.
Risk Management Planning
Risk Planning is usually the last project management course process to be completed during the planning phase as the overall plan and scope are needed to find out where exactly risk management tasks can be allotted. The level of risk management is decided as it needs to be in line with the risk and importance of the project as a whole.
The goal of risk planning is to establish how the overall risk management will be conducted for the project. The time spent, the role and responsibilities and template formats of the reports should all be established in this process. Once the preliminary work is done, identifying, analyzing and adjusting for risks can be done.
Risk Assessment Methods
Risk assessment consists of the following elements, performed, more or less in the following order:
- Identify, characterize threats
- Assess the vulnerability of critical assets to specific threats
- Determine the risk (i.e. the expected likelihood and consequences of specific types of attacks on specific assets)
- Identify ways to reduce those risks
- Prioritize risk reduction measures based on a strategy
The goal of risk management is to increase the impact and probability of positive risks and decrease them for negative risks. The point is not only avoiding failure, but to bring about opportunities.
Basic Concepts
Before going further, let’s look at some of the basic concepts:
- Threats and Opportunities – A risk is an event identified in advance that may or may not happen. When it does happen, it may have a positive or negative impact. Threat is any such negative impact, while opportunity is a positive impact of risk event. The goal is to minimize threats and their impact, while maximizing opportunities and the impact of those.
- Uncertainty – This is lack of knowledge about an event that reduces confidence in conclusions drawn. Investigation of such uncertainties can help you in identifying risks.
- Risk averseness – This is the amount and level of risks one is willing to take. Someone who does not want to take risks is known as risk averse.
- Risk tolerances and threshold – A project manager must critically identify these before beginning work on risk planning or identification. Risk tolerance is the degree or level of risk that is acceptable to a person or in organization. A risk threshold is that point at which the risk becomes unacceptable. For example, one can accept the risk of delayed shipment or price rise or both so long as they don’t result in delay of greater than two weeks or cost an escalation of > 5%.
- Risk factors – When looking at a risk, one should answer these questions
- The probability that an even will occur
- Range of possible outcomes (tangible impact, minimum and maximum estimate point)
- Expected time the risk event may occur
- Anticipated frequency of risk events from any one source
- Types of risk
- Business risk – risk event of gain or loss resulting from business activities
- Pure risk – only a risk of loss, like fire and theft. Also known as insurable risks
In the next part of the article, more details on PMBOK® processes will be provided.
Rattan N Whig, PMP
The views presented in this article are solely my personal views. I advise all the readers to exercise discretion while adopting any views listed in this article or anywhere in the other articles for their benefits. Another important aspect is that, whenever there is a difference or conflict in information presented in these articles and those listed in PMBOK® guide or any other publication by the PMI® institute, the dispute must be resolved in favor of the information published by PMI® institute.
