Effective management of risk is important to the successful execution of any project or business venture and benefits from a formal procedural analysis. Risk Management is the overall systematic approach to analyzing risk and implementing appropriate risk responses.
Successful project management has to include good risk management in order to minimize reactive work and instead focus on avoiding problems and planning them out of the project. Unfortunately, risk management is often treated as an administrative task with a risk register filled in and then forgotten. Like planning, project risk analysis and management is only effective when it is actively reviewed and appropriate action taken.
IFS/Risk Management proposes a methodical framework (of activities) through which organizations can address the risks attached to their projects or contracts. The objective of IFS/Risk Management is to bring about a thorough understanding of risks and then mitigate or avoid them. It is able to realize this through a constant process of identification, definition, evaluation, review and action. It also enables the organization to track the progress of risk reduction and overall risk exposure.
IFS/Risk Management provides a structured framework within which a
qualitative risk assessment approach is supported. A risk is a probable event
which, if it occurs, will threaten the success of the project. Some risks can
actually have a positive effect but the focus is generally on the reduction of
the negative effects. Accurate and complete risk identification is vital for
effective risk management.
First the potential problems associated with the project are identified. These
can be categorized for ease of use, reporting and ownership. Next we need a list
of probable consequences that could take place as a result of the problem
becoming a reality. Consequences estimate both time and cost impact and
probability. Calculation of Severity Rating is done by
combining reference values for Probability and Impact. This P-I value is used to
identify the most significant risks and to help prioritise where action needs to
be taken in order to reduce risk
Once consequences have been identified, it logically follows
that the appropriate responses should be identified and defined for each
consequence. Finally the action that can be attributed with a particular
response have to be identified, assigned and executed.
Risk analysis is often an iterative process involving a number of people and
disciplines to build a good picture of uncertainty within a project. Part of the
analysis process is to assess the risk based on knowledge, experience and
sometimes historical data. The relative weighing of risks guides the team to
prioritize areas for their attention.
Projects are very dynamic. As a result so is the risk element associated with a project and this entails that regular review and action of the risk is required. In many ways risk management is like the planning aspect of any project, constantly changing and needing reassessment. Project plans which are created and never reviewed are useless. Similarly a risk analysis which is created and never again reviewed will fail to achieve the objective of continually reducing potential effect on the project.
Initial risk management plans will also never be perfect. Practice, experience, and review based on the continually changing project demands will contribute new ideas to allow different possible solutions and decisions with the key objective of minimizing risk.