The term ‘Risk Management’ will cause many people to glaze over. However, the process can be designed to be a simple, engaging and proactive part of the project or your business risk management cycle. Risk based thinking applies to the whole lifecycle and should be proactively encouraged within the project team.
Cause, Event, Impact?
There are several terms used within a risk statement, and working out which element of the statement is which can cause confusion during a risk identification brainstorm. However, keep it simple and encourage the team to put everything down, whether it’s an event, a cause, impact, etc to avoid lengthy explanations and discussions at this point. The items can then be grouped together during the assess step.
So, what is a risk? The risk sits in the middle of the risk statement connecting the root cause to the impact:
If [event] occurs due to [cause], then there is a risk [impact] will result
Or
If [event] happens then there is a risk [impact] will occur
Event: The specific, uncertain event or hazard that could occur.
Cause: The condition that creates the potential for risk.
Impact: The consequence or negative impact on project goals/objectives, such as cost, schedule, or quality.
Identify
Keep it simple: ‘what might go wrong?’ Get the team active and have them post it note their ideas. If you wish you can set up categories for ease of grouping during the assess step.
The team don’t need to write perfect statements or split out hazards from causes, you can do this for them, just remember to put this statement up as guidance:
If [event] occurs due to [cause], then there is a risk [impact] will result
Assess
There are two areas being assessed in this step: likelihoood and impact. Try to keep it simple and provide the team with a basic matrix which combines the scoring for both likelihood and impact.
Work through the post its with the team; group similar items, prompt explanations, and translate the brainstorm content .
Check out the links provided for 2 simple risk management log template downloads, both with example scoring matrices, which you can use during the risk management exercise and for the write up.
Risk Management Log - PowerPoint
Mitigate
This step aims to identify actions which will reduce either the likelihood of occurrence or the impact of the risk. The resulting actions may need to be added to the project plan or drawn up in an action plan, depending on your reason for performing the risk assessment.
The mitigate step can either be a brainstorm or a walk through the post-its with the team and simply involves starting with the highest risk item and identifying actions to mitigate and agreeing owners/timeline/constraints.
When agreeing mitigations, it’s important to balance realism against elimination of risk as it will not be practical to mitigate all risks; in these cases, there may be a ‘Plan B’ to reduce the impact of when a risk is realised.
Prioritise
Not all risks are equal, there will be those which can be parked, those which just require monitoring and those which need some form of immediate mitigation.
Prioritise getting the mitigations delivered based on the scores or traffic lights from the ‘Assess’ step.
When prioritising risk mitigation actions, I find it helpful to consider the following:
Review
Risks, along with their causes and impacts, are not static, a risk which was considered low in impact and likelihood may subsequently be realised following a change in circumstance and vice versa. Additionally new risks will appear. Keep your risk assessment or risk log alive and relevant by:
In summary
Risk management is a part of everyday activities, in situations where the output needs to be formalised and documented the action of doing so can be made interesting and collaborative for a participating team!
Keep the team active while performing the exercise, whether it’s a new risk assessment or changes to an existing one. Promote discussion and participation and keep each part of the session short. Be sure to include a break if the meeting is longer than 2 hours!
If you’re unsure about facilitating a session like this then ask if there are any colleagues who have facilitating skills who could mentor you. It’s not an easy thing to stand up in front of a cross functional and cross structural team and act in control.
This is also something I can help with, I’ve 20 years’ experience in Risk Management and training in ISO 14971, along with extensive meeting facilitation experience. Just sent me a PM or email!