Risk management header
products page

Risk management - Define the project management process

The Risk Management process

Define the project management processDefine the project management process

DEFINE (the project management process)

In terms of Rudyard Kipling’s honest serving men we are concerned with identifying:

WHO:Do we want to proceed with the risk assessment process using some form of risk analysis? If this is the case, who is going to do it?
In general, what will be the resources we employ for the whole process?
WHY:What is the point of this analysis? What will be the benefits?
WHAT:What will be the format?
HOW:How will we carry it out in terms of the process?
WHEN:When will we carry it out?

In other words, we will need to define exactly what the RISK MANAGEMENT PROCESS is, including the resource and then to plan how it will be managed.

WHO:

Make sure we get the backing of senior managers by finding out exactly what is required and getting suitable input from them.
In addition, make sure other managers and key staff are involved in the input.
This will include technical expertise and the make up of the risk analysis team.

Identify the communication channels and links between the risk analysis team and the other personnel.
The nature of the risk analysis team and its remit needs clarification. Do they report to the project manager or do they report to a higher level e.g. the board.

If the team reports to the board then they must be able to do this in an objective manner.

Remember that the efficiency of the project management team in general can be the highest risk to the project.
If the quality of staff is poor then this will need to be addressed early and not avoided.

Make sure that we maintain control of the risk management process. Although a body outside of the immediate organisation could carry out the risk assessment, this may cause its own problems. For example, contractors would view the project from their perspective.

Also, if the risk analysis team gains their information from groups within the organisation then each of these groups must be aware of the ramifications of their views. There should be an opportunity to modify parts of a report before it is presented to either the project manager or the board.

This step clarifies everyone’s role in the process.

The project manager will be accountable for all of the risk assessments and their conclusions even if he / she delegates part of the process to others.

WHY:

What is the point of the risk analysis?

Most project managers will need to know the potential budget for the project and more importantly will want to get it approved.
Many people will inflate a possible budget in order to increase the potential for success. This is not good practice for all sorts of reasons and may actually lead to project rejection from senior managers as being too expensive.
In order to avoid rejection, the project manager will need a better assessment of the cost.
A risk management process can provide this using quantitative analysis as well as a knowledge of the limits to the cost.

We will need to properly assess the risk of resources not turning up on time which can dramatically affect the project.

WHAT:

The problem with risk analysis is that it points out potential ‘problems’ that the board must either directly or indirectly take action to avoid.
This would seem to be a negative activity that the project manager is involved in which may not be appreciated by those higher up the ladder.
However, it is up to the project manager to raise such issues even if they are completely ignored.

Thus, the project manager has to take a top down view of the business risk situation with regard to the project. If the project manager dose not do this he will not clarify his / her position with respect to some of the risks raised. In most cases it will be the project manager’s responsibility to deal with them and for others it will be the direct responsibility of the board.

Once the business risk has been clarified the ‘project’ related ones can be identified in terms of potential costs or delays to the project.

When an assessment is complete the project may have a range of potential costs with even the extreme value having significant risk of being exceeded.
However, provided this is backed up by logical reasons and an associated plan of action to reduce the risk there should be no obvious problem when seeking project approval.

HOW:

How exactly do we intend to approach the risk analysis process?
The process used must fit the nature and size of the project.

This will include the type of model we wish to use to analyse the data.
One model in popular use has been PERT (Program Evaluation Review Technique) which traditionally uses activity – on – node diagrams etc.
However, early use of this technique to look at the relationships of activities did not take into account the dependent nature of one activity on another when considering the overall risk.

It is important to identify not only the risk but the underlying cause that may realise it. The response must vary according to the potential underlying cause.

WHEN:

It is clear that the risk management process should be an integral part of the project management process.
Risk management is not a nice to have aspect of project management [see ‘The Complete Project Management package’] and [see 'The Complete Project Management plus PRINCE2'].

We will need to have a good idea, depending on the nature of the project, of how long it will take us to carry out the assessment.
There is often a temptation, particularly with smaller projects, to put together the initial plan based upon a perceived assessment of all of the risks from individual departments. This may not afford the complete consideration that some of the risks may deserve and may miss key ones.

At the end of this phase you will need to:

  • Document the activity
  • Identify all input to the report and circulate it to check it for errors
  • Check that the information content in the report is adequate and suitable for the forthcoming RISK MANAGEMENT PROCESS
  • Circulate the report and present it as necessary

The output of this phase should decide if the risk management process will go ahead.
It is unlikely to be cancelled, but there may be problems if the process requires the identification of risks that the senior managers wish to ignore.

It is also possible that the project could be put on hold if, for example, issues have been raised that require further investigation and the gathering of more data. Some risks could be ‘put to one side’ if they are beyond the control of the project manager and the company.