Risk Management Process

It is important that a risk management strategy is established early in a project and that risk is continually addressed throughout the project life cycle. Risk management includes sev eral related actions involving risk: planning, assessment (identification and analysis), handling, and monitoring3:

• Risk planning: This is the process of developing and documenting an organized, comprehensive, and interactive strategy and methods for identifying and analyzing risk issues, developing risk handling plans, and monitoring how risks have changed.

• Risk assessment: This process involves identifying and analyzing program areas and critical technical process risks to increase the likelihood of meeting cost, performance, and schedule objectives. Risk identification is the process of examining the program areas and each critical technical process to identify and document the associated risk. Risk analysis is the process of examining each identified risk issue to estimate the likelihood and predict the impact on the project.

• Risk handling: This is the process that identifies, evaluates, selects, and implements one or more strategies in order to set risk at acceptable levels given program constraints and objectives. This includes the specifics on what should be done, when it should be accomplished, who is responsible, and associated cost and schedule. A risk handling strategy is composed of an option and implementation approach. Risk handling options include assumption, avoidance, control (also known as mitigation), and transfer. The most desirable risk handling option is selected, and a specific implementation approach is then developed for this option.

• Risk monitoring: This is the process that systematically tracks and evaluates the performance of risk handling actions against established metrics throughout the acquisition process and provides inputs to updating risk handling strategies, as appropriate.

