How to Categorise and Respond to Risks
In project management we talk about Risk when we are talking about uncertainty - the risk that x, y or z may happen and cause a problem for our project.
Usually, and justifiably, we focus on threats to our project – what can go wrong – but there are also opportunities and proper planning means we can take full advantage of these.
For example:
Existing hardware may be too old and need to be replaced resulting in extra time and cost.
Another project may be cancelled and our project would have access to more resources shortening project duration.
Note that when a risk (threat or opportunity) becomes at or near 100 % likely it is no longer a risk and it becomes an Issue.
Risks need to be considered right from the very beginning of a project. Some project ideas are so risky that they don’t get past the idea stage.
So how can we control risks? We can’t just hope that bad things won’t happen!
Each risk needs to be thought about and discussed and what you decide to do will likely fall in to one of the following approaches:
Avoid (Threats)
Sometimes simply avoiding a risk is the sensible approach.
It may be possible to simply re-plan the project to avoid a risk.
Reduce (Threats)
If you can’t avoid a risk perhaps you can reduce the probability or the impact of the risk.
It may be possible to re-plan the project to so that the threat is less likely to happen or if it does it will cause less of a problem.
Fallback (Threats)
If you can’t avoid the risk nor reduce it’s likelihood or impact then you can, at least, plan what you would do if it were to happen.
Having a contingency plan in place can be a great help.
TransferAnce (Threats)
Threats can sometimes be transferred or transformed.
One example of this is to take out insurance. You pay a pre-arranged premium and then if the specified event occurs the insurance covers the cost.
Acceptance (Threats)
Sometimes the chosen approach is to simply accept the risk.
This is particularly likely for risks with less probability or impact. It’s deciding that you’ll figure out what to do when it happens.
Share (Threat or an Opportunity)
Threats and opportunities can be shared.
Exploit (Opportunities)
For a potential opportunity deciding in advance how best to make use of it will maximise the benefit.
For example, if there is a risk that you will get additional resources due to another project being cancelled then it makes sense to consider in advance how you would use those resources in order to get the most benefit. You could modify your plan so that if the additional resources do become available they just slot right in.
Enhance (Opportunities)
Just as you might want to reduce the likelihood or impact of a threat you would want to increase the likelihood and benefit of an opportunity.
Reject (Opportunities)
Sometimes it is decided to reject an opportunity. If the likelihood and impact are small then it may not be worth the time planning how to exploit it if it were to happen.
Sometimes there are other reasons to reject an opportunity. Following the earlier example, if additional resources become available perhaps there is another project that ought to get the additional resources rather than yours.
Deciding this early on can save unnecessary discussion later on.
When you have considered and discussed all the risks that are currently known make sure that the agreed position for each of them is clearly documented. Continue this throughout the project - watching out for new risks and deciding what to do about them.
It’s important to have a record of what factors were considered and how you reached your conclusion. If the factors and circumstances change then this will point you towards reopening discussion. Having good documentation also means that if you receive any questions later on you can simply use your documentation to respond. It also means for longer projects where people will join and leave that everyone can benefit from discussions that were held before they joined.
However, the risks should be reviewed routinely throughout a project so that always have a clear picture of what your risks (threats and opportunities) are and what you plan to do about them.