Risks in project management
How to deal with risks so that your project is successful
Projects generally involve risks – no matter how well planned, how big or how small they are. Proceeding according to the motto “it will all work out” is therefore not a good solution, as the consequences can be fatal for the success of your project and your company. In the hectic day-to-day project life risks are often ignored or simply forgotten. If you want to avoid, reduce and identify risks at an early stage, you need good risk management. An effective risk management process not only helps you to plan your project, but also supports you in adapting to risks, minimising their probability of occurrence as well as their impact, and keeping a cool head in case of emergency.
What are risks and risk management in projects?
In project management, a risk is an event with uncertain occurrence that has negative consequences for the project. In contrast, opportunities are events of uncertain occurrence, but with positive consequences.
A project can be exposed to various risks:
- entrepreneurial risks
- technical risks
- time or schedule risks
- cost risks
- resource and personnel risks
- quality risks
- legal or contractual risks
- risks concerning the scope of the project, etc.
Risk management is the early identification and analysis of such potential risks. This makes it possible to adopt a risk strategy and define countermeasures to prevent project failure and ensure the best possible project outcome. Risk management is an iterative process as projects change in the course of their implementation, some risks may come to pass or opportunities may be seized. This means that during the implementation of the project, it should be regularly checked whether the identified risks still correspond to reality, they should be reassessed and measures should be adapted accordingly.
When do I need risk management?
If you are only implementing small, manageable projects with few risks, then it is probably enough to discuss potential risks with your team members. For more complex projects with many people involved and a large amount of work, or for projects that involve a large financial risk, it will be worthwhile to have a good risk management system in place.
The industry also plays a big role in risk management. Highly regulated or risky industries, such as finance, or industries that carry a lot of responsibility, such as aviation, automotive or construction, need good risk management.
The risk management process
Good risk management starts during the planning phase of your project. This way you can identify potential risks and their consequences in advance and monitor them during the course of the project. By doing so, you can avoid unpleasant surprises even before the project starts. In addition, the earlier in the project process you take care of a risk, the cheaper and more effective it usually is.
1. Identify risks
The first step in risk management is to make a list of all potential risks. There are a variety of ways and techniques to identify risks:
- Interviewing experts
- Evaluation of past projects
- Use of risk catalogues, etc.
Often a combination of the different options is used to identify as many risks as possible. It is also important to include as much experience and different perspectives as possible. Therefore, risk identification is often done in groups. Nevertheless, expect that unidentified risks may emerge at any time.
The identified risks are then summarised in a risk register. This will help to determine the probability of occurrence, the consequences or impacts if the risk occurs, as well as the priority to be given to the risk in the next step. In addition, this document helps with communication, e.g. with stakeholders.
2. Carry out a risk analysis
The following analysis is about assigning a significance to the identified risks within the project. To do this, they are evaluated, e.g. based on their probability of occurrence as well as the severity of the damage if the risk were to occur. Financial, qualitative and temporal impacts are considered. The risks are then categorised into different levels, for example “low”, “medium” and “high”. Alternatively, risk priority numbers are calculated, for example the product of the estimated probability of occurrence and the amount of damage. In this way, a quantitative scale can be created where the level of the percentage indicates how high the importance of the risk is. At a value of 100 per cent, the risk is a certain outcome that will occur and is therefore established as a framework condition for the project.
In both cases, however, the assessment is strongly based on your experience and intuition. Therefore, it is also useful to discuss this with your team and thus look at the risks from different angles.
3. Weighting of the risks
In the next step, the risks are weighted and prioritised. For a more detailed analysis, there are various techniques, such as the Monte Carlo simulation to run through different scenarios using a random generator, the tornado diagram to visualise the estimated impact or decision trees to narrow down possible measures. We recommend setting up a risk matrix that shows the active risks in terms of impact and probability. Such a matrix supports you in communicating with your project team or stakeholders, as well as in setting priorities and developing strategies and measures against the risks.
It is also particularly important to keep an eye on possible financial losses in order to be able to cushion them in the event of an occurrence. You can use the EMV analysis (Expected Monetary Value Analysis) for this. The expected monetary value is given here using methods of probability calculation.
EMV = probability of a risk in percent * expected financial impact
In the next step, the EMV helps you to derive risk premiums and to decide on optimal measures.
4. Define risk strategies and create action plans
Based on the analysis and assessment, you can now derive measures or entire packages of measures for the risks. Initially, you should focus particularly on the risks with a high priority.
- Low risks do not necessarily need measures, but it may be sufficient to factor in possible losses, for example by setting up risk surcharges or reserves or by transferring these risks to another party, such as an insurance company.
- For medium risks, you should develop preventive measures as well as contingency plans that will be used in case of an occurance. You should keep an eye on these risks during the course of the project and review them regularly.
- In the case of high risks, you should take immediate measures to prevent the occurrence of the risk as well as to reduce the probability or extent of the resulting damage. Adjust your project planning accordingly.
5. Monitor and respond to risks
Risks change during the course of the project. For example, a risk may occur, the probability of occurrence or the extent of the damage may change, new risks may be added, or individual risks may be eliminated. Therefore, it is important to continuously monitor the risks during the implementation of the project and to regularly update your risk register, the weighting as well as your action plan. In addition, implemented measures should be reviewed for their success. Lessons learned can be derived from this and successful measures can be stored in the risk catalogue as a template.
You cannot monitor all risks yourself? Then designate risk owners, i.e. team members who are responsible for monitoring certain risks and who will either inform you of changes or define and take measures if this should be necessary.
Should a risk actually occur at any time, you can fall back on the previously defined emergency measures and thus make the best of the situation.
Good risk management should be part of project planning. It allows you to identify risks at an early stage and include them in the planning. In this way, you can prevent risks from occurring, mitigate the damage and react competently in an emergency.
The project management software myPARM has an integrated risk and opportunity management system that not only supports you in the risk management process, but also helps you to seize potential opportunities. Identified risks entered into the software are classified, presented in a risk matrix and the EMV is calculated automatically. The risks can also be maintained in risk catalogues with recommended measures. Furthermore, it is possible to define measures in the software and immediately convert them into activities in the integrated task management. In addition, the software makes it easier to evaluate the risks of similar projects and to keep an eye on the development of the risks over the course of the project as well as to continuously re-evaluate them.
Learn more about the project and portfolio management software myPARM:
Would you like to get to know myPARM in a demo presentation? Then make an appointment with us right away!