Wanna know about Risk ???
Now that most of the teams are done with PI Planning, let’s discuss one topic that was heard by everyone and often ignored. Risk 😒
So what exactly is risk and how to manage it?
Risk : Risk is the uncertainty on the achievement of the stated objectives. The word ‘risk’ can create some level of fear or anxiety as they are unknown and uncertain.
However it is an iterative process. It has to be managed appropriately with a contingency plan.
One has to know that positive risk is an opportunity and positive & negative risk can emanate from an uncertain future event.
Risk Management: The systematic application of management policies, procedures, and practices to the tasks of establishing the context, identifying, analyzing, assessing, treating, monitoring and communicating risks with a view to reducing the negative or alternatively enhancing the positive impact on the organization.
Effective risk management builds confidence for all the stakeholders involved.
A key purpose of risk management is to identify potential opportunities or problems before they occur, so that risk management activities may be planned and implemented as needed across the life cycle of the project in order to leverage opportunities and mitigate adverse impacts.
What and how can we know about risk management?
The answer is pretty simple. Using the risk management canvas.
1. Context and Objectives:
First establishing the context is where formal determination or articulation is made as to where you propose to apply the risk management process.
SMART way of finding the context of risk:
S — Specific
M — Measurable
A — Aligned
R — Realistic
T — Time bound
Now that we know the context, time to identify the types of risks.
- Strategic and Compliant Risks
- Operational Risks
- Potential Risks
- Technical Risks
- Financial Risks
2. Risk Identification:
It is a systematic and detailed approach to ensuring that as many risks as possible are identified with the collaboration of stakeholders to ensure that they can be analyzed and responded to appropriately. It is a skill that improves through experience and practice. Identifying risks and potential risks is key to effective risk management.
Tools to categorize risk is PESTLE.
P:Political,E:Economic,S:Social,T:Technological,L:Legal,E:Environmental
Different ways of identifying risk :
a. The Delphi technique: a way to reach consensus through the use of experts on a particular subject area, such as project risk.
b. Checklists for risk identification.
c. Diagramming techniques (Ishikawa / Fishbone Diagram, Process flowchart, Influence Diagram).
Project Managers (in some cases project team members, business owners and external stakeholders) identify risk and develop the risk register. A risk register contains description of the risk, causes and consequences of the risk and finally the existing internal controls that may reduce the likelihood or consequences of risks.
3. Risk Assessment :
We need to consider two key dimensions:
First : It requires an analysis and assessment of the likelihood or possibility of the risk occurring. Second: It is what the consequence or impact may be on you achieving your project objectives, if those risks occur.
A widely used principle for determining criteria for acceptable risks is ALARP (As Low As Reasonably Practicable) principle.
4. Risk Response: 4 T’s (Take , Treat, Transfer, Terminate)
a. Taking the risk means accepting the gross risk.
b. Treating the risk means putting into place actions or controls that are aimed at reducing that risk/ mitigating the risk .
c. Transferring the risk means assigning responsibility of that risk to another party such as contractor or agency, who will then become responsible for dealing with it.
d. Terminating the risk means eliminating it completely. This can be done by changing an inherently risky process or practice to remove the risk,e.g., changing the project scope.
When implementing a treatment plan, ensure to have adequate resources, time frame, responsibilities and methods.
Risk Ownership: It is incremental in ensuring an identified risk is managed, monitored and controlled throughout the risk management process, which makes it a dynamic and continual process. The risk owner should be capable of managing the risk and have the knowledge , resources and authority to deal with the risk.
5. Communication :
When reporting risks, it is important to identify key risks in the project, explain why these risks are critical, explain risk responses for critical risks, identify any emerging critical risks.
6. Monitor and Review: (Continual Process)
The Risk Management Plan typically includes:
The process to identify, analyze and treat risks and estimated costings. The process to transfer approved risk costings. The process to transfer risk mitigation strategies. How often the Risk Register will be reviewed, the review process and who will be involved. Who will be responsible for which aspects of risk management. How Risk Status will be reported and to whom. A snapshot of major risks, current risk levels, planned response strategies and costings together with who will be responsible for implementing these strategies.
Now that we have a picture about what is risk, and how to identify and also how to especially deal with different kinds of risks, lets plan our next quarters with a plan. 😊
Some useful definitions:
Negligible Risk : These are broadly accepted by most people as they go about their everyday lives such as minor illness or minimal environmental damage.
Tolerable Risk : They would rather not have this risk, but it is tolerable in view of the benefits obtained by accepting it. The cost in inconvenience or in money is balanced against the scale of the risk and a compromise is accepted such as injury that incurs a loss of one or more work days.
Unacceptable Risk : The risk level is so high that we are not prepared to tolerate it. The losses far outweigh any possible benefits in the situation such as partial permanent disability.
Residual Risk : The revised level of risk that is left over. It is the risk that remains after taking controls or treatment actions into account.
Gross Risk : It is the assessed risk level achieved and assumes that there are no controls or treatment actions already in place such as closure of business or loss of life.
Risk Appetite: The amount of risk a project manager will accept in meeting the project’s objectives.
Quantitative Risk Assessment : It is the process of providing numerical or statistical estimates of the overall effect of risks on the project objectives when all the risks are considered simultaneously.
Qualitative Risk Assessment : It has certain series of events such as identifying the risks with the robust information and assessing them, later determining the likelihood and consequences of each of those risks and finally by determining the overall risk level by risk management matrix.
Risk Assessment Record: It serves as a purpose to remind the priority hazards, standards to be maintained and what action has been taken or still needs to be taken.