Risk and uncertainty are inherent parts of all project work. Which is why so many projects—especially large technology projects—run into trouble. When studies tell us that easily half of all IT projects run over budget and past deadline, we see how easily risk turns into real trouble for projects and their organizations.
But there are ways you can mitigate and manage risk. When teams have a good risk management process in place, then you can identify and deal with all the project’s risks in an appropriate and thorough manner. When you’re good at managing risk, it means that fewer issues crop up and that you’re prepared for all eventualities. (And, people start asking for you to run their projects!)
Here are nine risk management steps that will keep your project on track.
- Create a risk register.
Create a risk register for your project in a spreadsheet. Include fields for: date of the risk being logged, risk description, likelihood, impact, owner, risk response, action and status.
- Identify risks.
Brainstorm all current risks on your project with the project’s key team members and stakeholders. Go through all the factors that are essential to completing the project and ask people about their concerns or any potential problems. Identify risks that relate to requirements, technology, materials, budget, people, quality, suppliers, legislation, and any other element you can think of.
- Identify opportunities.
When you identify risks, also factor in positive risks and opportunities. For example, include all events that in some ways could affect your project in a positive manner. What would the impact be, for instance, if too many people turned up to the concert? What could you do to exploit this opportunity and plan for it? Just as you anticipate and plan for problems, prepare for unlikely successes.
- Determine likelihood and impact.
Establish how likely the risk is to occur (on a scale from 1-5) and determine the impact of each risk according to time, cost, quality, and even benefits if it were to occur (again on a scale from 1-5). For example, a likelihood of five could mean that the risk is almost certain to occur, and an impact of four could mean that the risk would cause serious delays or significant rework if it were to happen.
- Determine risk response.
Focus your attention on those risks that have the highest potential impact and likelihood of happening (i.e., an estimate of three or more on the scale mentioned in No. 4). Identify what you can do to lower the likelihood and impact of each risk. To lower the impact, get to the root cause by asking why, why, why?
- Estimate the risks.
Once you’ve determined what you’ll do to address each risk, estimate how much it will cost you to do so. For example, using the concert example—how much will it cost to look after the performer’s health before the show, and how much will it cost to prepare for a backup? Provide a range of estimates (best case/worst case) and add the aggregated cost of these risk responses to your overall project estimate as contingency.
- Assign owners.
Assign an owner to each risk. The owner should be the person who is most suited to deal with a particular risk and to monitor it. Assign risk owners with involvement from your team and stakeholders to get the best possible buy-in. Collaborate on the best possible actions that need to be taken, and by when.
- Regularly review risks.
Set aside time at least once a week to identify new risks and to monitor the progress of all logged items. Risk management is not an exercise that only happens at the beginning of the project, but something that must be attended to in all of the project’s lifecycles.
- Report on risks.
Make sure that all risks with an impact and likelihood of four-and-higher (on the 1 – 5 scale; see No. 4) are listed on your status report. Encourage a discussion of the top 10 risks at steering committee meetings so that executives get a chance to provide input and direction.