Common Position on Risk Management
Not all, in fact most, projects fail to effectively manage risks. The default position is to record risks but not to actively manage them. Even projects that have well established governance practices and are actively managing risks can fail. Falling into a state of confusion over correctly documenting and managing both risks and issues. For example, there are circumstances where issues may also have further risk and more significant impact at some future point.
Control and understanding
It is vital, in managing projects to a successful conclusion, that risks and issues are identified early. This forms a basis to effectively analyse and control them during project execution. In the case of risks the following governance should be in place:
- A concise definition of all of the risks to the successful delivery of the project. Good practice is to hold these in a risk log which is accessible by all members of the project team.
- Analysis of the impact if it were to mature and probability of risk being an issue
- Clear definition of the mitigation used to minimise or completely negate the risk
- Documentation of an action log with risk mitigation. Along with an action owner and dates for actions to be completed
- Appropriate and agreed risk ownership (mitigation actions may or may not be appropriate to be undertaken by overall risk owner)
- Ongoing and regular reviews of the risks analysing progress and any new scoring of risk level
- Escalation of high level risks or movement into the issues log if the risk has actually matured.