Risk Management - Overview

In this Best Practices article, we will describe how best to manage risk using Clarizen. The process describes a tailored risk management approach according to the main guidelines of PMI® methodologies and ISO standards (see Used References at the end of the article).

Let’s start with a bit of theory.

What is a Risk? According to PMBOK (A Guide to the Project Management Body of Knowledge by PMI) Risk is “An uncertain event or condition that, if it occurs, has a positive or negative effect on a project's objectives.”

Risk is usually caused by uncertainty – uncertainty in the project requirements, accidents, legal liabilities, unplanned resource loss, financial state of the company or market, natural causes and disasters, competition and many other reasons.

Risk can be indentified within a specific project or can be live independently of a specific project.

The objectives of Risk Management are to decrease the probability and impact of negative events on various company activities.

Risk Management therefore is a process of identification, assessment and prioritization of risk, followed by planning activities to minimize, monitor and control the risk’s negative effect on the specific project process or other company activity. A very important part of Risk Management is  response planning and the execution of those plans.

A company can use different strategies for managing risk including:   

• Avoidance strategies– Changing the project management plan to eliminate the threat posed by the risk, to isolate the project objectives from the risks impact, or to relax the objective that is in jeopardy (extending schedule, reducing scope).
• Transference strategies– Shifting the negative impact of a threat, along with ownership of the response, to a third party. This is most  effective when dealing with financial risk exposure,
• Mitigation strategies–Reduction in the probability and\or the impact of a risk to an acceptable level by taking an early action. Taking early action is often more effective than trying to repair the damage after the risk has occurred.
• Acceptance strategies– Recognizing or accepting specific, or all, consequences of the risk. This may be effective when changing the project plan may not be cost effect, or when it is difficult to  identify any other suitable response strategy.

Recommendation:

It is recommended to choose the strategy of dealing with specific risk as early as possible in the process. Take into account that it is usually impossible to eliminate all risks in a project. In many cases you will need to accept the risks and work around them.

These Risk Management processes will help guarantee that all risks are:

• Identified and registered in the system.
• All duplicate risk requests are identified to avoid redundant work and cost-effective utilization of resources.
• Evaluated by the corresponding people. Correct strategy should be selected for managing specific risk.
• Dedicated people should be able to estimate the resource and budget investments required for managing specific risk.
• In case resolution of specific risk causes essential changes in the system, it would be highly recommended to submit corresponding Change Request.

Note:

Take into account that risk management usually faces difficulty when allocating required resources that “could” be spent on more profitable activities

Used References

1.    PMBOK - A Guide to the Project Management Body of Knowledge by PMI, 3rd Edition

2.    Wikipedia –  Risk Management

3.    ISO/IEC Guide 73:2009 (2009).  Risk management — Vocabulary. International Organization for Standardization. 

4.    ISO/DIS 31000 (2009).  Risk management — Principles and guidelines on implementation. International Organization for Standardization.