Effective Risk Management
The goal of Risk Management?is to reduce potential harm or threats to your project objectives. Additionally, as a PM, Im always looking for opportunities that could lead to better results. By having a risk management plan in place, we can be prepared for certain obstacles that might come in our way and to reduce the likelihood of disruptions or uncertainties, and to increase the likelihood of meeting the project's schedule ( time ) , budget ( Cost ) , and goals ( Scope ). This leads to more realistic plans and estimates, improved?stakeholder management, and the ability to "capture and document" in order to apply lessons learned to future projects.
Based on PMI.org, there are five domains that have to be tackled to ensure that risks are managed ( in construction and can be used in general fields ) :
Domain I: Risk Strategy and Planning
Domain II: Risk Identification
Domain III: Risk Analysis
Domain IV: Risk Response
Domain V: Monitor and Close Risks
Risk comes from not knowing what you're doing.?
Warren Buffett
Domain I: Risk Strategy and Planning
The first critical domain which focuses on developing strategies to manage risks effectively; involves identifying potential risks, assessing their likelihood and impact, and determining how best to address them. This requires a thorough understanding of the organization's objectives, the Project's scope and objectives, risk tolerance levels, and current risk management processes. The goal is to develop a comprehensive plan that outlines how risks will be monitored, assessed, controlled, or mitigated.
Domain II: Risk Identification
We move to the process of identifying all potential sources of risk within an organization or a project, This might include internal factors such as:
operational processes, employee experience and behavior, financial status, and management maturity level, Safety hazards, accidents and thefts of material, Incomplete inputs like drawings or missing scope, resource shortages, false estimates/forecasts, wrongly managing discrepancies and variation orders.
We might need to include external factors like:
Client/contractor strategic relations, delay in receiving approvals and permits/clearances to commence work, delay in receiving ordered material, governmental and regulatory changes or international disruptions that might cause an increase or scarcity of material. Identifying these risks allows organizations to prioritize which ones pose the greatest threat so they can allocate resources accordingly.
Domain III: Risk Analysis:
When evaluating identified risks in terms of their probability and potential impact on an organization's objectives or the delivery of a project, we support the organization's management to be informed and to be able to make informed decisions about risks that need immediate attention versus those that can be managed over time. Common analysis processes can be exercised?:
领英推荐
a) Qualitative analysis:
which provides a quick, early view of important risks, based on subjective judgments from the project team and stakeholders and uses non-numerical ratings and rankings of risks
as an example:
Risk Ranking -?Start with prioritizing risks, which can be ranked from low to high based on a scale (1 to 5, OR Small, Med, and Large) which gives a simple prioritization of risks.
Risk Rating - Risks are rated on measures like impact (low, medium, high) and likelihood (unlikely, possible, likely). as you may notice these are subjective ratings based on stakeholders' feedback.
Risk Priority Number -?We may compare risks by identifying ( Impact?and?likelihood) ratings?are combined into a single priority number to rank risks.
b) Quantitative data analysis:
which is based on actual data, metrics, and models, and shall utilize numerical values ( excel sheets or data drawn from other Large scale data-sets DBs) to measure the risk's parameters, and will provide a precise numeric view of risk impact and likelihood. it is an accurate method to measure risks. as: working to find the exact cost of subcontracting a particular scope to an external contractor, or the exact time ( number of days ) it takes a subcontractor to install a 4-meter light pole. As an example, Sensitivity Analysis; Identifies which risks have the greatest influence, and calculates how dependent the project outcomes are on changes in risk parameters.
It is also common to find Monetary Value, where we assign monetary values or the possible financial exposure to risk outcomes based on their probability and impact.
Domain IV: Risk Response
The next step is to create a response plan to the risks identified based on their severity level. Responses may include 1) avoiding certain activities altogether if they pose a great risk; as canceling the work in bad weather conditions, 2) transferring some responsibility for managing the risk outside the organization, like in subcontracting or outsourcing ( additional risk itself ), and as the case of insurance; 3) reducing the likelihood or consequences of an event occurring; or 4) accepting some degree of residual risk while putting measures in place designed to minimize its impact as in deploying controls in HSE risks.
Domain V: Monitor and Close Risks
Monitoring is a live and continuous process that is aimed to ensuring previously identified risks remain under control while also being alert ( hunting ) for new areas where additional action may be necessary. Monitoring typically involves regular assessments against predetermined performance metrics along with reporting mechanisms that enable prompt corrective action if needed. Once a risk has been fully mitigated or transferred, it can be closed and removed from the project's risk register.
Note: These steps require massive support from all stakeholders and the organization's management as it adds tons of loads to the organization and the project.