Risk Management – Risk Assessment
Risk Assessment consists of two components –
- Risk identification and
- Risk analysis & prioritization
Risk identification focuses on enumerating possible risks to the project. The basic activity is to try to envision all situations that might go wrong in the project execution.
Risk analysis and prioritization activity considers all aspects (need to specify the aspects) of the risks and prioritizes them for purpose of risk management.
Although these two are distinct activities, they are often carried out simultaneously. All the relevant stakeholders need to be involved during the Risk identification and analysis process.
At the time of project initiation, Project Manager identifies the project risks. Risk identification is an exercise in envisioning what can go wrong. Risks are identified under different categories.
The categories of risks are:
- Business risk
- Technology risk
- Process risks
- Resource risks
- Customer risks
- Schedule risk
These risks are identified along with the category to which that belongs.
Some examples of risks under different categories are –
|Category of risk||Classification of Risks|
Project Manager identifies the category of risk and the risk
Risk Analysis and Prioritization
The risks identified for the project indicate the possible events that can hinder the project in meeting its goals. The consequences of different risks may be different. While identifying strategies for risk management, it is beneficial to analyze and priorities the risks, so that appropriate strategies can be identified and management energies can be focused on high priority risks.
Risk analysis consists of –
- Assessment of the probability of occurrence the risk and
- Level of consequences of the risk.
For each risk identify the probability of risk occurrence as – Low, Medium and High. Risks are prioritized based on the Decision Analysis and Resolution (DAR) identified.
For each risk identify the level of consequence of the risk as – Low, Medium, High and Very High.
Based on the combination of probability of occurrence and level of consequence the risk priority (in terms of impact on the project) is determined. An example for identification of the risk priority is given below
Risk priority (impact on the project) is this table, which is going to be part of our PMP. If so, this should be an annexure.
|Probability of occurrence of risk||
Level of consequences
The risk priorities are only indicative. Based on the project specific risks, the Project Manager needs to identify the risk priority and assign impact values as per the guidance given below.
- Catastrophic (Value: 1)
- Critical (Value: 2)
- Marginal (Value: 3)
- Negligible (Value: 4)
The Project manager provides impact values in the Risk Analysis and Management Plan for each risk.
Risk occurrence thresholds are defined to decide majorly based on the below mentioned factors.
- Risk avoidance
- Risk control
- Risk transfer
- Risk monitor
- Risk acceptance