Risk Management

Top 10 reasons why Risk Management is failing in today's Poject Management Context:

10. Failing to perform Formal Risk Assessment at the stated periodic intervals.
9. Failing to deploy right risk strategies. (Risk Assessment teams either are not fully budgeted or not fully empowered.)
8. No Management commitment: Suggestions from Risk Management team are ignored
7.  Risk Management Function does not go to the needed depth and verify the artefacts – Thus, risk management recommendations may look to be impractical to the delivery team.
6. Failing to define the purpose and scope of the assessment
5 Failing to understand stakeholder’s tolerance/acceptance level.
4. Failing to identify risks and update the plan periodically
3.  Failing to prioritize the risks
2. Failing to quantify the risk the risk impact to the scope, time, cost and quality.
1. Failing to position best possible team to perform the Risk assessments.
Top 4 Benefits with Effective Risk Management:

1. Better risk management planning means fewer delays
2. Improved contingency planning means cost overruns are reduced or avoided
3. On time delivery without cost overruns means a faster and improved return on investment
4.  You are better able to seize opportunities by taking calculated risks

Risk is an uncertain event or condition that, if it occurs can create the possibility of negative or positive outcome on the project objectives (i.e. on scope, schedule, cost, quality etc.).  The objectives of Project risk management are to increase the probability and impact of positive events and decrease the probability and impact of negative events in the projects. A Risk can have one or more causes and, if occurs, it may have one or more impacts. A cause may be a requirement, assumption, constraint or condition that creates the possibility of negative or positive outcomes.  Project risks management includes below processes:
1.     Plan Risk Management – The processes of defining how to conduct risk management activities for a project.
2.     Identify Risks – The process of determining which risks may affect the project and document their characteristics.
3.     Perform Qualitative Risk analysis – The process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.
4.     Perform Quantitative Risk Analysis – The process of numerically analysing the effect of identified risks on all overall project objectives
5.     Plan Risk Responses – The process of developing options and actions to enhance opportunities and to reduce threats to a projects objectives
6.    Monitor and Control Risks – The process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks and evaluating risk process effectiveness throughout the project.
A project risk that has occurred can also be considered as an issue.
Risks can be undertaken only if its negative impacts are in balance with the positive impact/rewards we get. Risk tolerance is the degree within which stakeholders are willing to accept the effect of the risk on the project objectives. Thus risk impacts can be accepted if their impacts/threats may be within tolerances and are in balance with the rewards that may be gained by taking the risks. For example, if we are asked to manage a complex engagement, the impacts may include (1) Failure to meet stated objectives, this lead to negative branding about our organization or our own credibility – This may prevent us from future business in this domain for the organization - Our own job or credibility in the company and thus it can lead to exit from the company (2) Attrition from the company or lose of health for the individual. The reward we get are (1) Sustained business from the customer, Positioning or benchmarking in the new domain space for the organization (2) Job exists for the employee and promotion comes. As long as risk negative impacts are within the acceptable tolerances and are in balances with the rewards that may be gained by taking the risks, we are good to take up such risks.
Our Attitudes à Our Response:à Consistent Approach to risk responses:à Openness / efficient communication about risk monitoring and control :àTransparency across Stakeholders :à openness and honest behaviour about risk handling: Our attitudes influence the way we respond to a risk. Our attitudes are driven by perception, tolerance and other biases. These attitudes should be made explicit wherever possible. When attitudes are explicit, it will be possible to predict our risk response. For example, a person given his family history touch points may not be willing to go a doctor. He bears the pain as much possible before seeking doctor advice. Thus, when this attitude is clear, it will help either to predict the risk response or cure the behaviours that predicate our attitudes.  Once our attitudes are clear then it will help us provide consistant approach towards risk handling and at the end, it will lead to openness and honest behaviour about risk handling.
Risk response reflects organization’s perceived balance between risk taking and risk avoidance.
To be successful, the organization should be committed to address risk management proactively and consistently throughout project through conscious choices at all levels of the organization. Risk exists the moment a project is conceived. Moving forward on a project, without a proactive focus on risk management can lead to project failure.


Plan Risk Management: The processes of defining how to conduct risk management activities for a project.
The above picture is referred from PMI's PMBOK 4th edition
Risk can occur from any of the inputs provided above.
  Project Scope Statement – Provides a sense of the range of possibilities associated with the project and its deliverables
  Cost Management Plan – How Risk Budgets, Contingency and management reserves will be reported and accessed.
  Schedule Management Plan – How schedule contingencies will be reported and assessed
  Communication Management Plan – It has two aspects. (1) How interactions are planned on the project?  - This is to assess possible risks (2) Risk Communication - Decide the risk owner who owns the communication in the event of risk occurrence to all stakeholders
  Enterprise environmental factors – Risk attitudes, tolerances that describe the degree of risk that an organization will withstand.
  Organizational Process Assets - Risk Categories, Standard Templates, Roles and responsibilities, Authority levels for decision making, Stakeholder registers which are critical assets to be reviewed