Project Risk Management

What is Risk in Risk Management

A risk is any factor (or threat) that may adversely affect the successful completion of the project in terms of achievement of its outcomes, delivery of its outputs or adverse effects upon resourcing, time, cost and quality.

Risk identification is often done by using brainstorming sessions to identify and clarify the main risks that may work against the project achieving its stated outcomes. It is important to clearly define the scope of the project so that the identification of risks can remain focused upon what potentially threatens the achievement of outcomes, delivery of outputs, level of resourcing, time, cost and quality. Establishing categories can also assist in making sure all relevant risks are identified. For example categories might include Corporate Risks, Business Risks, Project Risks and System Risks or categories such as environmental, economic, human, etc. Other ways to categorise risks are in terms of risks external to the project and those that are internal or to take each of the key elements of project management as outlined in Section 1 of the Tasmanian Government Project Management Guidelines and identify which risks may impinge upon the successful application of each of these.

Who is responsible for Project Risk Management

Many people involved in a project have some responsibility for project risk management including the Project Manager, Steering Committee, Project Sponsor, potential Business Owners, Project Team Members and working groups. It is important that they know that watching out for and reporting potential risks is a significant part of their role. The Project Sponsor has ultimate accountability for Risk Management. This includes ensuring that there are adequate resources for managing the project's risks and that there is adequate active participation in the risk management process by a wide cross-section of stakeholders. The Project Sponsor also monitors the progress and effectiveness of the Risk Management Plan.

How much time one spent on Project Risk Management?

This is directly related to the size, complexity and level of risk associated with the project. Larger projects require more time spent on risk management. As a guide, risks and the effectiveness of the mitigation strategies, should be assessed about every two weeks. Over a long, significant project, there should also be regular formal monthly reviews. The time taken for these depends on the size of the Risk Register. In some large projects, a Risk Management specialist may be employed due to the workload involved.