Project Risk Management is the process of identifying, analyzing and then responding to any risk that arises over the life cycle of a project to help the project remain on track and meet its goal. Risk management isn’t reactive only; it should be part of the planning process to figure out risk that might happen in the project and how to control that risk if it in fact occurs.
A risk is anything that could potentially impact your project’s timeline, performance or budget. Risks are potentialities, and in a project management context, if they become realities, they then become classified as “issues” that must be addressed. So risk management, then, is the process of identifying, categorizing, prioritizing and planning for risks before they become issues.
Risk management can mean different things on different types of projects. On large-scale projects, risk management strategies might include extensive detailed planning for each risk to ensure mitigation strategies are in place if issues arise. For smaller projects, risk management might mean a simple, prioritized list of high, medium and low priority risks.
How to Manage Risk?
Jason Westland, CEO, ProjectManager.com, offers his take on why you should care about project risk. He also offers some practical measures to apply to managing risk when in the midst of your project. To begin with, he notes, it’s crucial to start with a clear and precise definition of what your project has been tasked to deliver. In other words, write a very detailed project charter, with your project vision, objectives, scope and deliverables. This way risks can be identified at every stage of the project. Then you’ll want to engage your team early in identifying any and all risks.
Types of Risk in Project Management
The most common project risks are:
- Cost risk, typically escalation of project costs due to poor cost estimating accuracy and scope creep.
- Schedule risk, the risk that activities will take longer than expected. Slippages in schedule typically increase costs and, also, delay the receipt of project benefits, with a possible loss of competitive advantage.
- Performance risk, the risk that the project will fail to produce results consistent with project specifications.
There are many other types of risks of concern to projects. These risks can result in cost, schedule, or performance problems and create other types of adverse consequences for the organization. For example:
- Governance risk relates to board and management performance with regard to ethics, community stewardship, and company reputation.
- Strategic risks result from errors in strategy, such as choosing a technology that can’t be made to work.
- Operational risk includes risks from poor implementation and process problems such as procurement, production, and distribution.
- Market risks include competition, foreign exchange, commodity markets, and interest rate risk, as well as liquidity and credit risks.
- Legal risks arise from legal and regulatory obligations, including contract risks and litigation brought against the organization.
- Risks associated with external hazards, including storms, floods, and earthquakes; vandalism, sabotage, and terrorism; labor strikes; and civil unrest.
As indicated by these examples, project risks include both internal risks associated with successfully completing each stage of the project, plus risks that are beyond the control of the project team. These latter types include external risks that arise from outside the organization but affect the ultimate value to be derived from the project. In all cases, the seriousness of the risk depends on the nature and magnitude of the possible end consequences and their probabilities.
In addition to project risk, project deferral risk can be important. Project deferral risk refers to the risks associated with failing to do a project. Like project risk, project deferral risk can arise from any of the bulleted risk sources listed above (the second list). Project deferral risk can also occur if there is only a limited window of opportunity for conducting a project—if the project is not conducted now, there may be a risk that it might never be possible to effectively do it later.
Oftentimes, external risks contribute more to portfolio risk because they impact multiple projects simultaneously. For example, a pharmaceutical company’s R&D project is affected by the uncertain outcomes surrounding the specific compound involved, however many projects could be impacted by a change in regulations. Similarly, a petroleum firm’s exploration project depends on uncertainty over whether oil is present at the given location, but uncertainties over the market price of oil affect many projects. Likewise, a construction company might have many projects threatened by the external risk of an increase in steel or commodity prices.