Risk management

It is recommended that a risk assessment is undertaken for every project and that for larger projects, this will take the form of a workshop. The output of the risk assessment process will be a risk register, which can then be used as the basis for developing plans to control the risk that could prevent project success. The e-PM guide provides a methodology, tools and documentation templates to assist with this (follow the prompts ‘plan’ and ‘if things go wrong’).

The risk management process

• Risk identification; the categories listed below are designed to assist you in considering all areas of project risk
  • Project management risks
  • Business risks
  • People risks
  • Information risks
  • Technical risks
  • Regulatory risks
  • Operational risks
    
• Risk assessment:
• Impact: identified risks should be assessed using the guidelines detailed in the e-PMguide as to what constitutes high, medium and low impact risks based on time, cost, and quality (adverse publicity can also be considered if relevant to the project)
• Likelihood: guidelines are provided in the e-PMguide for what constitutes high, medium and low likelihood ratings
• Assessment criteria should be reviewed and made relevant for each project
• Impact and likelihood assessments should be combined to produce an evaluation of risk severity (high/medium/low)


• Risk control

  The appropriate risk controls should be put in place for each project risk. Possible responses will include:

  • Avoid
  • Reduce (the likelihood of the risk occurring)
  • Transfer (to a third party)
  • Protect (from the impacts of the risk occurring)
  • Mitigate (reduce the severity of the impacts)
    
• The risk register should be reviewed periodically to keep the risk profile for the project up to date.

Training on risk management is carried out by our Insurance & Risk Officer Gary Lambourne (see the training and development section).