4PM Home Page

Project Management
Certification & Training

Add to Outlook
Project "Best Practices"
Articles & Videos
Newsletter

Risk Analysis & Risk Template

By Dick Billows, PMP, GCA

Project managers often skip the risk management process because the sponsor wants them to start work quickly without wasting time on things like risk management. This may well doom the PM to fighting fires for the rest of the project. On even a small project we can undertake a simple risk assessment process, investing as little as an hour and possibly saving dozens of them by utilizing the form below with our team and/or stakeholders.

Get a Summary of New Articles Each Week

 

Risk Management Options by the Scale of the Project

Risk Management Steps

Small Project Plans
Done within your organization for the manager or your boss

Medium Project Plans
Affects multiple departments within your organization or done for customers/clients

Strategic Project Plans
Organization-wide projects with long term effects
Text book
Course

Risk Management Plan

On a small tier #1 project we may limit the entire risk management effort to 30-60 minutes. The only steps would be to ID risks and plan risk responses for 2-3 major risks.

For tier #2 projects we would add qualitative risk analysis of 10 to 20 significant risks and perhaps quantitative risk analysis of 2 to 3 top risks.  The aim of the risk analyses is to develop cost data as justification for our risk responses.

On tier #3 projects the scale of the effort and the consequences of failure justify extensive risk management.  Spending several weeks and over $10,000 on risk analysis would not be unusual and it would be normal to hire outside experts to assess the risks quantitatively.

Identify Risks

Risk identification could be done over coffee with the sponsor and a few key stakeholders identifying key threats and opportunities (all risks are not bad).

The risk identification is usually broken up by major deliverables with separate groups working through the identification process. The project manager should provide each group with the risk categories they should address.

The project scale justifies the use of multiple teams with each assigned one or more categories of risk by type (regulatory, competitive, technological, etc.) or the risks associated with a specific deliverable (facility construction, systems development, etc.).

Qualitative Risk Analysis

None

Use Qualitative analysis for smaller risks.

Qualitative analysis is used as a screening tool to identify risks with large expected value and to justify more expensive quantitative analysis.

Quantitative Risk Analysis

None

Only for very significant risks or opportunities.

Used to justify risk responses that cost a great deal of money or time.

Risk Response Plan

Short statement of how we will respond to each risk if it occurs.

More detailed set of risk responses using one or more of the following strategies: avoidance, mitigation, deflection or acceptance with a contingency plan.  Larger projects may combine all four of these risk reduction strategies in sophisticated responses with careful monitoring of the project using risk triggers for early warning.

Risk Management in Theory
Risk management is a concept with a very sound foundation.  That is, the cost of responding to unanticipated problems is always much larger than the cost of risk responses planned well in advance.  Further, if we keep the scale and cost of our risk management in proportion to the scale of the project and the risks we are avoiding, risk management always more than pays for itself.
Risk Management in Practice
Project managers routinely feel a great deal of pressure to start work on a project quickly since many executives think planning and risk management are simply bureaucratic paper shuffling processes with no real-world pay off. There is some truth to that assumption, particularly in bureaucratic organizations where any activity like risk management is an opportunity for more papers, more procedures and more endless meetings.  In addition, there is the fantasy that good project managers are good firefighters and so spending time and money on risk management is wasted.  When bad risks flare up; we just fight the fires.
Risk Management "Best Practices"In the Real World
Savvy project managers make a case for limited risk management using examples from previous projects of delays and cost overruns that were avoided because some risk management was done.  Wise executives respond well to those examples, particularly if the data is quantified from a previous project. Even the most skeptical sponsor will usually listen to arguments about the specific damage that can be done to the project completion date and budget by one or two specific risks.  A slow gradual education approach with executives works best.
Supplemental Reading on Project Planning:


Project Plan Approval

Planning Achievements Not Activities

Project Estimating

Project Planning: Creative & Political Process

Fast Food Project Planning

Project Requirements

Qualitative or Quantitative Risk Analysis Template

We are assessing the probability of the risk occurring and then the magnitude of its impact if it does occur. The magnitude of the impact might be measured in dollars for the cost increase/decrease or days for the duration increase/decrease.

Risk Template: Remember there are positive and negative risks

Risk event

Probability of Occurrence

Magnitude of Impact

Risk Response
 

Medium

High

Low

Medium

High

None

Type of Action

               
               
               
               
               
               
               
               
               

The Hampton Group, Inc. 3547 South Ivanhoe St. Denver, CO 80237-1122 USA (877) 332-2599
© 2010 The Hampton Group, Inc. All Rights Reserved. May not be reproduced without written permission . The Microsoft Corporation owns the registered trademark Microsoft Project®. The Project Management Institute, Inc. owns the following registered trade marks: PMI® PMBOK® PMP® and CAPM®. All rights reserved. 2010