The following diagram shows the flow of Risk Management life-cycle:
Managing a risk undergoes following stages in its life cycle: 1. Risk Identification 2. Risk Analyses 3. Risk Response Planning 4. Risk Response Execution & Monitoring 5. Execution Verification
1. Risk Identification
During the first state of Risk Identification, the list of risks are submitted to Clarizen’s Issues/Risk page. The application allows you to determine which risks may affect the project or other business process and document their characteristics.
In Clarizen’s Risk Management life cycle you are at the Evaluation stage:
It is highly recommended that you accurately enter all available information about the Risk, including Severity and Priority. It is important to categorize Risks using the Category field, this will help you in building strict risk classifications.
It is a best practice to include a description of the risk with the use case scenarios.
Tip! You can use Notes and Attachments to provide additional information such as guidelines, specifications and other types of materials available for the risk. You will use these collaboration tools throughout the Risk life cycle to provide, save and track essential information.
If the Risk was identified by the customer, link it to the corresponding customer(s), identify if the resolution of the Risk was committed to and include the commitment date, if any. Properly identifying the source of Risk will help you in giving the best possible service to your customers.
If a Risk was identified within specific project, define To be Resolved in project already at this stage.
The Risk should undergo the process of analysis and planning by a team of specialists. In many cases, the risk management team are the people that help to assess the risk impact as well as its strategy and the response execution plan. This team can differ from the core project. It is best practice to assemble such team for the Risk.
Recommendation: Subscribe the team members of the Risk for corresponding alerts and notifications using Subscription command available from the Change Request page.
It is recommended to document the responses of the Approvers in the document attached to the Change Request.
It is a common practice to list Risks using a Risk Register list.
A Risk Register is a tool widely used in Risk management for indentifying, analyzing and planning risks.
Tip! You can easily create a Risk Register report in Clarizen. Just enter the Reports page and create a report named Risk Register. Select the Risk entry in the Show results from list and add the following columns to be displayed:
Response Plan Description
You can filter the report by the To be Resolved in field or by the State Submitted or Assign to fields for a specific user or by any other relevant condition.
It may be helpful to review the useful tools for Risk Identification in the section Risk Management - Useful Tools and Techniques.
2. Risk Analysis
Risk Analysis is the next step within the Evaluation stage:
In this phase you prioritize risks for further action by assessing and combining their probability of occurrence and impact, also called qualitative risk analysis. You may also numerically analyze the effect of identifies risks on overall project objectives (cost impact, schedule impact, etc), also called quantitative risk analysis. The findings are to be documented in the properties of the corresponding Risk. This will guarantee that at all phases you will be able to provide your team members with the most complete and most up to date information on the Risk. It may be helpful to review the tools for Risk Analysis tips in the section Risk Management - Useful Tools and Techniques.
3. Risk Response Planning
At this step, still within the Evaluation stage, you develop options and actions to enhance opportunities and to reduce the threats created by the risk.
In our block diagram, the planning steps follow the analysis stage. You need to take into account that in many cases you will divide the planning step into two steps – preliminary and final planning. Preliminary planning is done to provide the team who is analyzing and decisiding on the strategy of managing the risk with the estimations of work, time and budget investments. Final planning is done to provide the implementation team with the schedule and content of the required related works. You can decide to go for one of the three possible options to provide the execution plan: 1. Describe the plan in the Risk property card in the corresponding fields of the Assessment & Plan tab. 2. Define a work plan for Risk response execution by linking a Risk to the work item: Project, Milestone or Task, in the corresponding project, and scheduling required activities. 3. Both
When you link a Risk to a work item (option 2 and 3 above), this work item and its subordinate work items represent the work plan for risk response execution.
Clarizen will automatically calculate the estimated Work that should be invested in the risk response execution and you will be able to review it directly in the properties of the Risk. The budget investments can be viewed in the properties of the work item itself.
Recommendation: Be sure you delegate detailed planning to your team as you usually do to facilitate collaborative Top-Down or Bottom-Up approach.
After the risk response execution starts %Completed, Actual and Remaining effort fields in the Risk properties instantly represent the progress of the related work. The Project team can track the progress of the risk response execution without going into the related work plan details.
Tip! There are two techniques for linking Risk and related work:
1. From the Risk (Issues) page: Link work item to the selected Risk in the “Related Work” tab of the right side Info card (you can learn more about how to create related work for a Risk in the Issues tutorial).
2. From the Current Project page or Work Items page: Link the Risk to the selected work item in the “Related Issue” tab of the right side Info Card.Clarizen will complete the To be Resolved in field automatically with the project corresponding to the linked work item.
Please see a brief on the useful tools for Risk Response planning in the section Risk Management - Useful Tools and Techniques.
After you are done with Planning you are ready for the next phase of the Risk life cycle called Resolution or Risk Response Execution. Use the Mark as Opened command to switch to the next phase of the life cycle.
4. Risk Response Execution & Monitoring
You are now in the Resolution phase of the life cycle.
This is a phase where you execute the response to the risk or, in other words, perform activities to implement the strategy selected for Risk management.
Now you can proceed to actually perform the work detailed in the execution response using Clarizen to track and monitor all activities. The related work plan can still be fine tuned at this phase. Risk team members can review the progress of the work in the %Completed, Actual and Remaining effort fields of the Risk property card.
If you do not work with related work plan, you can manually update %Completed, Actual and Remaining effort fields in the Risk properties.
Use the Mark Resolved command to switch to the next Verification phase of the life cycle after you completed all works required for implementing response plan of risk management.
5. Execution Verification
You are now in the Verification phase of the life cycle.
In this phase you will verify the Risk Response Execution.
You will use the Risk definitions defined in the first phase of the life cycle, requirement documents and collaboration materials that were created through all phases.
Use the Reopen command if the risk response execution did not pass the verification criterions.
Use the command Close to close the Risk upon successful verification.