| Every day we take risks. If we cross the street we | | | | - Project description. Only required if it is a |
| risk being run over. If we go down the stairs, we risk | | | | stand-alone document and not part of the PMP; |
| missing a step and tumbling down. Taking risks is such | | | | - Types of risks. Political, technical, financial, |
| a common occurrence, that we tend to ignore it. | | | | environmental, security, safety, programme etc.; |
| Indeed, life would be unbearable if we constantly | | | | - Risk processes. Qualitative and/or quantitative |
| worried whether we should or should not carry out a | | | | methods, max. nos of risks to be listed; |
| certain task or take an action, because the risk is, or | | | | - Tools and techniques. Risk identification methods, |
| is not, acceptable. | | | | size of P-I matrix, computer analysis etc.; |
| With projects, however, this luxury of ignoring the | | | | - Risk reports. Updating periods of Risk Register, |
| risks cannot be permitted. By their very nature, | | | | exception reports, change reports etc.; |
| because projects are inherently unique and often | | | | - Attachments. Important project requirements, |
| incorporate new techniques and procedures, they are | | | | dangers, exceptional problems etc. |
| risk prone and risk has to be considered right from | | | | The Risk Management Plan of an organization should |
| the start. It then has to be subjected to a disciplined | | | | follow a standard pattern in order to increase its |
| regular review and investigative procedure known as | | | | familiarity (rather like standard conditions of contract) |
| risk management. | | | | but each project will require a bespoke version to |
| Before applying risk management procedures, many | | | | cover its specific requirements and anticipated risks. |
| organizations produce a Risk Management Plan. This is | | | | Risk management consists of stages, which, if |
| a document produced at the start of the project | | | | followed religiously, will enable one to obtain a better |
| which sets out the strategic requirements for risk | | | | understanding of those project risks which could |
| assessment and the whole risk management | | | | jeopardize the cost, time, quality and safety criteria |
| procedure. In certain situations the risk management | | | | of the project. The first three stages are often |
| plan should be produced at the estimating or contract | | | | referred to as qualitative analysis and are by far the |
| tender stage to ensure that adequate provisions are | | | | most important stages of the process. |
| made in the cost build-up of the tender document. | | | | Stage 1 Risk awareness: This is the stage at which |
| The Project Management Plan (PMP) should include a | | | | the project team begins to appreciate that there are |
| resume of the Risk Management Plan, which will first | | | | risks to be considered. The risks may be pointed out |
| of all define the scope and areas to which risk | | | | by an outsider, or the team may be able to draw on |
| management applies, particularly the risk types to be | | | | their own collective experience. The important point |
| investigated. It will also specify which techniques will | | | | is that once this attitude of mind has been achieved, |
| be used for risk identification and assessment, | | | | i.e. that the project, or certain facets of it, are at |
| whether SWOT (Strengths, Weaknesses, | | | | risk, it leads very quickly to . . . |
| Opportunities and Threats) analysis is required and | | | | Stage 2 Risk identification: This is essentially a team |
| which risks (if any) require a more rigorous | | | | effort at which the scope of the project, as set out |
| quantitative analysis such as Monte Carlo methods. | | | | in the specification, contract and WBS is examined |
| The Risk Management Plan will set out the type, | | | | and each aspect investigated for a possible risk. |
| content and frequency of reports, the roles of risk | | | | Stage 3 Risk assessment: This is the qualitative stage |
| owners and the definition of the impact and | | | | at which the two main attributes of a risk, probability |
| probability criteria in qualitative and/or quantitative | | | | and impact, are examined. |
| terms covering cost, time and quality/performance. | | | | Stage 4 Risk evaluation |
| The main contents of a Risk Management Plan are as | | | | Stage 5 Risk management: Having listed and |
| follows: | | | | evaluated the risks and established a table of |
| - General introduction explaining the need for the risk | | | | priorities, the next stage is to decide how to manage |
| management process; | | | | the risks. |