Managing risk

The objective of risk management is to avoid or minimize the adverse effects of unforeseen events by avoiding the risks or drawing up contingency plans for dealing with them.

There are a number of models for risk management, but most are similar, in that they identify two main components - risk identification and risk management. An example of an often-used model is that in Figure 7.2, which shows a task breakdown structure for what Barry Boehm calls risk engineering.

• Risk identification consists of listing all of the risks that can adversely affect the successful execution of the project. We discuss this in more detail in Section 7.4.

• Risk estimation consists of assessing the likelihood and impact of each hazard. We discuss this in more detail in Section 7.5 under the broader topic of risk analysis.

This is based on the breakdown presented by Barry Boehm in his Tutorial on Software Risk Management, IEEE Computer Society, 1989.

Risk analysis

Risk identification

Risk estimation

Risk evaluation











Figure 7.2 Boehm \s risk engineering task breakdown.

Dwayne Phillips, The Project Manager's Handbook, IEEE Computer Society, 1998.

• Risk evaluation consists of ranking the risks and determining risk aversion strategies. We discuss this in Section 7.5 on risk analysis and Section 7.6 where we discuss strategies for risk aversion.

• Risk planning consists of drawing up contingency plans and, where appropriate, adding these to the project's task structure. With small projects, risk planning is likely to be the responsibility of the project manager but medium or large projects will benefit from the appointment of a full-time risk manager.

• Risk control concerns the main functions of the risk manager in minimising and reacting to problems throughout the project. This function will include aspects of quality control in addition to dealing with problems as they occur.

• Risk monitoring must be an ongoing activity, as the importance and likelihood of particular risks can change as the project proceeds. Risk monitoring is discussed in Chapter 9.

• Risk directing and risk staffing are concerned with the day-to-day management of risk. Risk aversion and problem solving strategies frequently involve the use of additional staff and this must be planned for and directed.

Whatever task model or whichever techniques are used, risk management will not be effective unless all project staff are risk-oriented and are provided with an environment where they can freely discuss the risks that might affect a project. All too often, team members who identify potential risks at an early stage are seen as having a negative attitude.

Writing about attitudes to risk, Dwayne Phillips remarks that 'I have seen a room get suddenly quiet when someone brings up a "concern"' but says that 'pretending that problems will not occur will not prevent them'. For effective risk management, it is important that the project team are encouraged to identify and discuss risks as early as possible in the project's life.

7.4 RISK identification

The techniques described in the rest of this chapter describe how risks can be identified and quantified and are designed to provide a framework that engenders a positive attitude to the analysis and management of project risks.

Project Management Made Easy

Project Management Made Easy

What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.

Get My Free Ebook

Post a comment