According to the global standard for project management (as established by Project Management Institute), before you go off to do anything, you should plan what you are going to do. That even includes planning how you will manage risks. Yes, you must decide upfront (before you are deep into the muck of your project) how you will handle several key questions:

  1. How are you going to identify risks?
  2. How will you rank the identified risks?
  3. To what degree of risk will action plans be established?
  4. Who will manage risks?
  5. How will risks and their associated action plans be tracked?
  6. What is the process for reviewing current risks and adding new ones?

These are important to doing risk management well.

1. How are you going to identify risks?

Decide what sources (e.g. project charter and objectives, contracts, schedules, historical documents, stakeholder) you will use to identify risks and how you will collect the information. Determine what process (e.g. meeting, interviews, emails, etc.) will be used to gather inputs from these sources.

2. How will you rank order the identified risks?

Determine what process will be used to rank order the risks. I often do a qualitative approach to ranking risks considering both the probability of the risk happening and the impact if it does happen. With the help of the team, assign high/medium/low for the probability and impact of each risk. In order for everyone to use the same definition of high/medium/low, it is necessary to create these definitions at this time.

3. To what degree of risk will action plans be established?

Based on your organization and stakeholder risk tolerance, determine which level of risks you will work to mitigate or eliminate. The remaining will be on a watch list. If you do a good job identifying the risks, the list will be too long to proactively work on all of them.

4. Who will manage risks?

As the project manager, you do not have to own all of the risks. The responsibilities can be assigned to team members, just like any activities are assigned. In addition, one team member may be assigned to manage the reporting and follow-up of risks. This can be a great mentoring opportunity.

5. How will risks and their associated action plans be tracked?

Determine what template you will use and where it will be stored. Determine rules of engagement for dealing with this document.

6. What is the process for reviewing current risks and adding new ones?

Determine when, how, and where risks will be reviewed, discussed, and/or added. The team needs to be proactive in looking for new risks that crop up throughout the project’s life cycle. There is no need to give status updates. However, there needs to be a forum to discuss concerns with current risks or new ones.

This is a summary for planning to do risk management. The next post will cover the process of identifying risks in greater detail.

Let me leave you with this: plan how you will do risk management, and then work to your plan.

Advertisements