Modern organisations pay increasingly greater attention to risk management. It is a common knowledge that risk management is costly. However, many cases have shown that the lack of risk management costs significantly more. Various risk management methods give hints how to avoid, prevent, or react to project risk in order to effectively minimise losses and use opportunities.
Do you know what risk can occur during project management?
Overdue execution of works by external company, delivery of defective parts, or even a sudden illness of a small child of so far irreplaceable project manager – those are just few of many possible project risks. In terms of a project, risk is recorded as an uncertain event (or series of events), the occurrence of which will influence the project (positively or negatively) . The causes or a risk can be diverse, but their results focus around three project parameters – scope, time, and budget. The specificity of project business is inherently related to a certain uncertainty element. Even the most repeatable project is always burdened with certain risk. You should not forget about this risk even if it seems to be low.
5 steps of risk management
To the most popular project risk management models belong i.e. those proposed by PMBOK® and PRINCE2®. The model based on PMBOK® covers 6 risk management stages:
- Planning the risk management
- Identification of risks
- Performance of a qualitative risk analysis
- Performance of a quantitive risk analysis
- Planning the reaction to risks
- Monitoring and controlling risks
These steps constitute as a cycle in closed circuit. We carry them out in a determined sequence and repeat them numerous times within the project. PRINCE2 uses the M_o_R® (Management of Risk) model. This model is divided into 5 steps of risk management – including 4 steps that occur in consecutive order: identification, assessment, planning, and implementation of risk and a step that accompanies them throughout the whole time: communication.
Risk identification consists of recognising threats and opportunities, preparing a risk registry and early warning indexes, and familiarising with the point of view of stakeholders. Identified risk should be described in a way that is understandable for stakeholders.
Risk assessment allows to determine the probability of occurrence of each risk, its influence (on goals) and proximity (distance in time), and gives the ability to estimate the expected value (EMV).
The planning step aims to prepare a reaction to identified risks, which in turn will enable to minimise the occurring threats and maximise the appearing opportunities. Taking care of this step give a chance that materialised risk will not constitute as a surprise in the project and its results will not be too severe. However, we are not able to propose a proactive reaction to each risk. Nonetheless, it is worth to implement such reactions where it is feasible to do so.
Possible reactions to the occurring risk are planned and evaluated under this step. It is important that the reactions are proportionate to the scale of risk and incurred expenditure has a justification.
Among possible reactions to threat are listed: avoidance, reduction (of probability or influence), backup plan, transfer, sharing, and acceptance. Reaction to opportunity can be usage, reinforcement, sharing, or rejection.
Implementation of reaction plans
In this step, the most important part is guaranteeing that the planned reactions to risk are carried out and observed, as well as taking care of undertaking corrective steps if necessary. It is important to assign clear roles and duties that support the Project Manager in risk management. Roles in this are: risk owner (person responsible for managing actions related to a specific risk) and risk reaction performer (person responsible for the performance of such actions).
Communication in the M_o_R model is not a separate stage, but rather a constant activity that should be conducted throughout the whole duration of process. An effective communication has an enormous meaning for the identification of new or change of already known (identified) risks. The “Communicate” step should provide a correct transmission of information about threats and opportunities for a project, both inside and outside – to stakeholders. It is important that the communication has a two-way nature and covers constructive return information.
The M_O_R methodology concept
The mentioned M_o_R® (Management of Risk) methodology belongs to a group of British Best Management Practice standards. This risk management model can be successfully used in any organisation regardless of its size and complexity, location, or operating sector. It consists of four main terms: Principles, Approach, Process, and Implementation and reviews that, when systematically used, allow the organisation to undertake aware decisions regarding risks.
The M_o_R principles are not injunctions (as in the case of PRINCE2), but rather universal guidelines, recommendations on how to proceed in risk management. These principles are universal (they can be used in any organisation), self-affirming (proven in many years of practice), and inspiring (they add certainty and ability to influence risk management in the whole organisation).
The M_o_R model adopts eight principles:
- compliance with goals,
- adaptation to context,
- engagement of stakeholders,
- clear rules,
- support in the decision-making process,
- constant improvement,
- supportive culture,
- calculable effects.
Together, those principles create a seamless whole, which aims to guarantee effective risk management. Accredited training courses from this methodology are carried out at two levels: M_o_R Foundation and M_o_R Practitioner.
The Foundation level introduces participants to the perspectives of risk management and provides them with knowledge about its adjustment to organisation. It allows to learn various risk management techniques and procedures and acquire skills to put them to practice.
More information about the M_o_R Foundation training can be found on website: M_o_R Foundation
The M_o_R Practitioner level provides advanced knowledge related to managing risk in organisation according to the best practices. The course shapes skills of influencing risk management in an organisation and helps to understand how risk influences strategic and operating goals, as well as how to effectively minimise risk threatening an organisation.
Details of the M_o_R Practitioner training are available on website: M_o_R Practitioner
Risk management techniques
The effectiveness of risk management mostly depends on its skilful assessment. In order to determine risk as accurately as possible, it is worth to use proven techniques. To the recommended risk identification techniques belong, among others: checklists, lists of areas, cause and effect diagrams, analysis of objectives, analysis of limits, or group techniques such as: brainstorm, nominal groups, or Delphi Technique.
In order to estimate the risk, you can use such techniques as: probability trees or probability/influence matrix. Among the risk evaluation techniques present in M_o_R are such techniques as resulting (total) risk profile, calculation of total expected value, or probabilistic risk models. The recommended planning stage techniques are i.e.: planning reaction to risk, analysis of costs and benefits, and decision trees.
The total elimination of risk in a project is impossible and it is likely that it will never be possible due to the difference of each undertaking. Nonetheless, it is worth to take care of acquiring risk assessment skill and learning methods how to handle risk. This helps in a maximum preparation and planning of the most optimal reactions to various unforeseen situations.
- Prywata M., Zarządzanie ryzykiem w małych projektach, Polska Agencja Rozwoju Przedsiębiorczości (PARP), Warszawa 2010
- Zarządzanie ryzykiem. Przegląd wybranych metodyk, [red.] bryg. dr inż. D.Wróblewski, Wydawnictwo CNBOP-PIB, Józefów 2015
- PRINCE2, Skuteczne zarządzanie projektami, 2009
- D. Skorupka, D. Kuchta, M. Górski, Zarządzanie ryzykiem w projekcie, Wrocław 2012