Role

Managing Risk (Medium Projects)

1

Project Manager

Identify all potential risks

When you are defining the project, perform a complete assessment of project risk. The risk assessment is done in two parts. First look at inherent risks. Inherent risks are based on the characteristics of the project – regardless of the specific deliverables being produced. The good thing about these inherent risks is that, since they apply to all projects, they can be identified on a checklist. See 2.4.2T Inherent Risk Factors for further help and examples for defining inherent risks.

Second, look for risks that are specific to your project. These risks normally cannot be identified on a checklist since they are specific to your project and may not apply to other projects. For instance, you may identify a risk of a key supplier going out of business or perhaps weather problems causing shipping delays or perhaps you will have difficulty finding resources with a specific set of skills.

There are a couple ways to perform the risk assessment. The project manager can create an initial draft of project risks based on what he knows and circulate the draft for additions, changes and comments. Another technique is to gather all the key stakeholders and discuss these potential risks of the project all at once. This is a better alternative since it gets the key stakeholders all thinking about the project at the same time. You are more likely to end up with a more exhaustive list of real project risks. You want to be careful about being too optimistic during the risk assessment. Remember, you are trying to identify potential risks. It is good to have skeptics or pessimists in these sessions to make sure that all of the potential risks are identified.

2

Project Manager

Analyze the risks using qualitative techniques

In the first step of this process you identified all potential risks. This will likely leave you with many more risks that you can focus on. In fact, it probably doesn’t make sense to focus on managing risks that have a low impact to your project. Therefore, before you go through the trouble of putting risk plans in place, you need to determine which risks are the ones that you really want to focus on. The first step of risk analysis is qualitative risk analysis. See 2.4.2.1P for more information on qualitative risk analysis.

3

Project Manager

Create a response plan for each high-level risk

You should first focus on creating a risk response plan for all high-level risks that you identified to ensure the risk is managed successfully. There are five major responses to a risk - leave it, monitor it, avoid it, move it to a third party or mitigate it. For further information on these alternatives see 2.4T Plan Risk Management / Techniques.

4

Project Manager

Evaluate the medium-level risks

Check all medium-level risks to determine if the impact is severe enough that they should have a risk response plan created for them as well.

5

Project Manager

Evaluate any low-risk risks

Now check the low-level risk items and see if they should be listed as assumptions. In this way you recognize that there is a potential for problems, but because the risk is low, you are 'assuming' that the condition will not occur. See 2.4.2.2P Assumptions and Risks for more information.

6

Project Manager

Move the risk plan activities to the project schedule

Move the activities associated with the Risk Management Plans to the project schedule. You will also add the people assigned, effort hours, start dates, etc. Moving the activities to the schedule should help ensure that the work is actually completed and keeps the schedule the primary focus of all work planning and monitoring.