Blog Post Image

Risk Management: An Overview

Paul Naybour Paul Naybour

Published: 9th May 2016

This is a transcript of a distance learning video, which you can also watch in our Videos section.

In this video we are going to look at Risk Management.


But why do we want to look at Risk Management?


Well, because we’ve finished the plan, looked at costs, looked at resources and looked at the schedule but it’s worth considering what potential risks there are in the project.


So let’s look at the definition – the APM define a risk as


The potential for an action or event to impact the achievement of the project objectives


Either it’s late or overspent or poor quality, or we’re not going to realise the benefits.


So what is Risk Management?


Risk Management is another process a bit like Stakeholder Management. It’s a process that allows individual risk elements and overall risk to the project to be understood and managed in a proactive way – optimising the benefits from opportunities and minimising the risk from threats.


So from there you’ll recognise that risks can be both opportunities and threats.


So we’re project managers and we would like a process so what’s the process going to be?


Well, it’s very similar to the one we saw for Stakeholder Management  – we need to initiate the risk management process, we need to identify risks and assess how important they are, we need to plan how we are going to manage those key risks and then implement those responses


So let’s look at the 1st stage…




Initiation is about writing the risk management plan – that’s not the risk register; it is our strategy for how we are going to manage risks in this project. It defines processes, roles & responsibilities, and the templates that we are going to use – so what our risk register will look like, for instance


So having defined our approach to risk management the next thing is to identify risks – there are several ways we can do this:


Brainstorming is the most common – get a group of people together to shout out risks in a creative way.


Checklist is more structured – we go through the risks and highlight those risks that are specific to our project – tick them off basically. You can think about copying your last risk register and use it as a checklist


Prompt Lists are headings so some organisations might have


·    Commercial


·    Safety


·    Technical


·    Legal


They are reminders of areas we need to look at


Assumptions – one of my favourites – anything you have assumed to be true but if it’s not actually true that’s a potential risk


Or we can do things like Delphi – that is consulting particular experts about what sort of risks there are.


Document Reviews are also another way of identifying risks.


So we use a wide range of techniques to understand what the risks are, but is every risk equally important or are some risks more important than others?


Well most of us use a probability impact grid where we look at how likely the risk is going to be and what would be the impact if that risk were to occur. Assuming we’ve got some reasonable mitigations in place first – which is the biggest risk? The most significant is the one that is very high probability and the biggest impact if it happens.


So let’s take an example – you are going on holiday and you park your car at the airport. While you’re away your car may be stolen – that is a potential risk. What would we do about it? Well we’ve got some different strategies we could follow:


·    We could avoid that risk altogether  – we could get someone to give us a lift or get a taxi. That means our car isn’t at the airport so it wouldn’t be stolen.


·    We could transfer the risk to someone else. We could pay someone to guard our car while we’re on holiday. And that would mean that if our car was stolen we would get compensation. Or we could buy insurance – most of us have comprehensive insurance – so that transfers the financial risk associated with our car being stolen.


·    We could reduce the risk – we could leave it in a secure car park or put a crook lock on the steering wheel to reduce the likelihood of the risk  happening.


·    Or we could just say well you know I quite often park my car in a car park – it’s quite secure and I’m quite happy with the risk and I’m just going to live with it – that’s accept.


So that’s Threats covered.




·    You don’t avoid opportunities –  you exploit them.


·    You don’t transfer the best opportunities –  you share them with partners.


·    You don’t try to reduce opportunities – you maximise or enhance them


·    You don’t accept your opportunities you just reject them.


Most people structure their risks in a simple risk register so an example might include:


·    Risk ID


·    Description


·    Assessment of the probability and impact


·    Owner of the risk


·    Quite often the category if we’ve used a Prompt List


·    What action we’re going to take


That’s a really simple risk register – some organisations have slightly more complicated ones.


So what are the benefits of risk management ?


·    We know we’ve got a systematic approach.


·    We know there are mechanisms in place to manage the risk.


·    We know we’ve got proper contingencies.


·    We know the risk we take with the projects we manage


·    We know we have a proper process in place


·    But most importantly we’re much more confident that if we address the risks that we’re going to deliver the project to time, cost and quality;  and deliver the benefits that the sponsor wants.