Risk Analysis

Risk analysis is essential for effective management of risk. It comprises three activities:

*

Risk identification, which determines the potential risks that could be faced by the project

*

Risk estimation, which determines how important each risk is, based on an assessment of its likelihood and consequences to the project and business

*

Risk evaluation, which decides whether the level of each risk is acceptable or not and, if not, what actions can be taken to make it more acceptable.

The actions break into broadly five types:

*

Prevention, where countermeasures are put in place which either stop the threat or problem from occurring, or prevent it having any impact on the project or business

*

Reduction, where the actions either reduce the likelihood of the risk developing, or limit the impact on the project to acceptable levels

*

Transference, which is a specialist form of risk reduction where the impact of the risk is passed to a third party via, for instance, an insurance policy or penalty clause

*

Contingency, where actions are planned and organised to come into force as and when the risk occurs

*

Acceptance, where the Project Board decides to go ahead and accept the possibility that the risk might occur (believing that either the risk will not occur or the countermeasures are too expensive).

Any given risk could have appropriate actions in any or all of the above categories. Alternatively, there may be no cost-effective actions available to deal with a risk, in which case the risk must be accepted, or the justification for the project re-visited, i.e. is the project too risky?

The results of the risk analysis activities are documented in the Risk Log. If the project is part of a programme, project risks should be examined for any impact on the programme (and vice versa). Where any cross-impact is found the risk should be added to the other Risk Log.

Risk analysis activities are overlapping, with possibly many iterations involved. Risk analysis is a process that will be conducted continuously throughout the project as information becomes available, and as circumstances change. However, there is a need to carry out a major risk analysis at the start of the project as part of the processes:

*

Preparing a Project Directive

*

Planning a Project

*

Refining the Business Case.

Project risks may, in turn, impact the Business Case. There must also be at least an assessment of all risks during Stage Transitioning. Depending on the individual project, there may be a need to re-assess risks on a more frequent basis. The Project Manager and Project Board must constantly be on the lookout for new or changed risks in the business and project environment, which will render the project (as currently planned) wasteful or useless.