Why Risk Management is important for Project

success?

If you don't invest in risk management, it doesn't matter what business you're in, it's a risky business. -Gary Cohn

Let’s understand Risk and different types of Risks...

Risks are future problems; focus is on Future consequences.

Risk - An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.

Positive Risks - Are the opportunities that may have positive impacts on the project’s objectives.

e.g., let us say that there is a possibility that if you complete your project a few days before the scheduled date, you will get another project.

Negative Risks - Are threats that may have negative impacts on the project’s objectives.

e.g., let us say that in your project there is a possibility that some equipment may break due to workload; this is an example of a negative risk, and if this happens, it will damage your project.

Pure Risks - A risk that can have only negative impact on a project.

Known Risks - Known risks are risks that have been identified.

e.g., you know that there is a chance that one of your team members may go on leave during the peak of your project. This is a known risk, and to manage this you plan to bring in another identified employee.

Contingency Reserves are used to manage known risks.

Unknown Risks - These are unidentified; they are not known until they happen. Response plan cannot be created for these risks, and these cannot be managed proactively. Unknown risks are managed through workarounds.

Management Reserves are used to manage unknown risks.

Secondary Risk - Secondary risks are “those risks that arise as a direct result of implementing a risk response.” Simply put, you have developed a response plan for risk, and this caused a new one. This new risk is secondary risk.

Let’s say you have studied whole night to cover the exam material and pass the exam but due to whole night awakening you fall sick in morning. This is a secondary risk that may originate from studying whole night without rest.

A contingency plan or Response Plan is used to manage primary or secondary risks.

Residual Risk - Residual Risks are the risks that are expected to remain after the planned responses of risk has been taken, as well as those that have been deliberately accepted.

Let’s say you have identified a risk that it may rain for one to two hours. Therefore, you have created a contingency plan to manage this risk. But what will happen if the rain falls for more than two hours? There will be a need to develop a fallback plan.

A fallback plan is used to manage residual risks.

Let’s understand role of Contingency and Management reserve in Risk Management…

Contingency and Management Reserves

Both Contingency plan and Fallback plan use Contingency Reserve.

Contingency Reserve - A Contingency Reserve is a calculated reserve used to manage Identified Risks (known-unknown).This is a part of the cost baseline and a project manager does not need any approval to use this reserve.

Management Reserves - A Management Reserve is created by expert judgement based on the project’s complexity and uncertainty. Usually, it is a percentage of the cost baseline, for example, 5% or 10% and is used for Un-Identified risks. The management reserve is part of the project budget, and a project manager needs management’s approval to use this reserve.

Contingency Plan and fallback Plan

Both Contingency plan and Fallback plan use Contingency Reserve.

Contingency Plan – A contingency is an event that may or may not occur. Therefore, we can say that the contingency plan deals with events that may or may not occur. A contingency plan is a part of the project management plan; it describes every action that you will take if any identified risk occurs.

e.g.-Team outing is planned and there is a risk there is a risk that rain may fall during that period, which will affect their planned games & activities.
Response plan was in place “to wait under shed if rain continues for 1 hour”.
This is contingency plan for the risk event.

Fallback Plan – The fallback plan is a part of the project management plan and defines under which circumstances action must be taken. A fallback plan is implemented when the contingency plan fails or is not fully effective. It is a backup for the contingency plan.

e.g.-let’s reconsider above given example.
Suppose rain continued to fall for an exceptionally long time, longer than expected, due to which your Response plan/Contingency plan “to wait under shed for 1 hour was failed” and team could continue any open games or activity.
Then team decided to re-schedule the team outing, which is a fallback plan.

Workaround – Workarounds are responses to unidentified or passively accepted risks. Put simply, if any unidentified risk occurs, you will manage it through a workaround. If you have any identified risks, you did not plan for, you will use a workaround to manage them.
The project environment is dynamic and even an experienced project manager cannot identify all risks. Workarounds are common.

Management reserves will be used for workaround.

Risk Response strategies for Positive risks

Escalate
Enhance
Exploit
Accept
Share

Risk Response strategies for Negative risks

Escalate
Mitigate
Transfer
Avoid
Accept

How Issue is different than Risk

Issue is a Risk that has been realized. Issues should be resolved immediately or have a workaround. Issues are current problems; focus is on Real-Time consequences.

Issue is… what has gone wrong?

Importance of Risk Management

Effective Risk Management strategies help to identify project’s strengths, weaknesses, opportunities, and threats. planning for unexpected events, prepare us to respond if they arise. project’s success robustly depends on plan to handle potential risks .Successful project managers recognize that risk management is important, because achieving a project’s goals depends on planning, preparation, results, and evaluation that contribute to achieving strategic goals.

Proper Risk Management decreases the possibility and impact of negative risks and increase the possibility and impact of positive risks. enhances ability to control project’s implementation with awareness of what can go wrong and readiness with Risk response Plan and its Action owner.

Projects have Assumptions, projects are planned today to implement tomorrow. While planning we therefore make assumptions about some key aspects that are at this time not normally known. It may occur different than what was assumed, thus resulting in a Risk.

Projects have Constraints which are limitations imposed on a project and projects must be done within these constraints. The main constraints are schedule, scope, quality, budget, resources, and risk.

What exactly is Risk Management?

Risk management is the process of Identifying, Analyzing, and Responding to risk factors throughout the life of a project and in the best interests of its objectives. Proper risk management implies control of possible future events and is proactive rather than reactive. Proper risk management will reduce, not only the likelihood of an event occurring, but also the enormity of its impact.

Identification of Risk

Identify Risk early in your project by reviewing all possible Risk sources as well as team experience and knowledge. Brainstorm all possible Risks and list them. e.g., legal risks, environmental risks, market risks, regulatory risks, and much more.

What has, can , or will go wrong?

Analysis of Risk

Once all potential risks are identified, determine the odds of them occurring, as well as their consequences. The goal of Risk Analysis is to further understand each specific instance of risk, and how it could influence the company's projects and objectives.

What is the likelihood of the Risk and the consequences of the risk?

Assessment and Evaluation of Risk

The Risk is then further evaluated after determining the risk's overall likelihood of occurrence combined with its overall consequence. Then decisions need to be made on whether the risk is acceptable and whether project is willing to take it on based on its appetite. Risks need to be ranked and prioritized e.g., Low, Moderate, High.

Assess whether the risk is acceptable as per risk appetite?

Action to Mitigate Risk

Highest-ranked risks are assessed, and plan is developed to alleviate them using specific risk controls. These plans include risk mitigation processes, risk prevention tactics and contingency plans in the event the risk comes to realization.

What, if anything, will be done about the Risk or Issue?

Monitoring of Risk

Both the risks and the plan are continuously monitored to track new and existing risks. The overall risk management process should also be reviewed and updated accordingly.

How has the Risk or Issue changed?

Communicate and Consult

Internal and external shareholders should be included in communication and consultation at each appropriate step of the risk management process and regarding the process as a whole.

Risk status should be transparent to stakeholders