Risk Management is a process that has to be carried out at the start of every project. The most ideal phase is the initial 'Planning' stage when all possible risks have to be identified and eliminated. If these risks cannot be eliminated, they have to be managed so as not to jeopardize the implementation and success of the project. Risk Management also helps to bring a certain level of 'quality' to the project. In essence, it is a process of attaining the first level of quality towards zero defects.
Project risk management ideally follows four steps. They are a) identification, b) assessment, c) Implementation of correction, and d) on-going follow-up.
a) Identification: It is mandatory that at the start of every project, the project team brainstorms ideas for probable risks that could happen in a project. This identification could be through different techniques such as brainstorming, Delphi Technique, Blind reviews, surveys, etc. The processes and results of the identification procedure should be assimilated and presented in the identification report which is part of the risk management register. Usually the stakeholders are the main sources for input for this report.
b) Assessment: Assessment is the process of gauging or calculating the seriousness of the risk that is identified. Based on past reports for similar projects, case studies and various forms of company-related assessments, this report can be generated. However, for whatever the type of study, there are two methods to calculate the risk level. The first is the qualitative method which is also called qualitative risk assessment. These are basically hypothetical and give only a generalized idea of how serious an identified risk is.
The second method for assessing risks in a project is by the quantitative method. In this, all identified risks are assigned a value and drawn up against time and cost. Ultimately it gives the project team an idea of how this risk is going to affect the project in terms of cost and time. Since the quantitative method gives specific answers in terms of numeral values, this method is more reliable of the two. Reports of the risk assessment process are the second part of the risk management register.
c) Implementation of Correction: This is an important step in the project risk management procedure. It is not just enough to identify or assess a risk. It is equally important to implement an action to counteract the risk. In some cases, it might be necessary to add funds into the project or change the timeline for carrying out the project while retaining the scope of the project. However, at some point, if the risk factors are too serious, it might call for a unanimous cancellation of the project or the entire scope of the project. Whatever the action, this is a step that has to be given a lot of though, team work and action. This step is documented as a report which is the third part of the risk management register.
d) Follow-up: The follow-up is just as important as any other phase in the risk management process. Though it might seem simple, the follow-up requires constant vigilance and documentation for the period that the risk can seem a threat, if unattended. Should the level of the risk factor drop, the follow-up may not have to be as frequent as otherwise. This again, becomes part of the risk management register.
In conclusion, it can be seen that the ideal way to handle risks in a project is to first break it down into bite-size proportions. Once these broken-down steps are understood, the project team can set out with the risk management techniques with ease.