Many approaches can be used to address risk and the threats it produces. And, likely, they are all viable. The key is to use whatever works for you, your team, for your customer, and for your organization. And the REAL key is to DO IT. Ignoring risks doesn’t mean they won’t happen. It just means you’re likely to spend your extra time in the unemployment line.
However you go about your process of risk management, remember that no matter how you go about it, you’re likely going to need to include some variation of this basic four-step approach:
Risk identification is the process of determining what threats exist. You and your team – along with the customer’s assistance, if possible - should identify all significant uncertainties (sources of risk), including specific threats (also called potential problems or risk events) that could occur throughout the life of the project.
Risk quantification is the process of determining how big the threats are. During risk quantification, you and your team must obtain information on the range of possible outcomes for all uncertainties and their distribution and/or probabilities of occurrence. This way, you’ll be in a better position to understand the nature of the threats and their potential effects on the project.
Risk analysis is the process of determining which threats are of greatest concern. During risk analysis, you’ll use the knowledge you and your team gained through risk assessment to determine which potential problems represent the greatest danger to achieving a successful and predictable project outcome. Usually, this is done by considering the probability that a specific problem will occur and its anticipated impact on the project.
Finally, risk response is the process of actually dealing with the risks or threats to project success. You and your team must work to determine the best approaches for addressing each high-threat potential problem. This risk response plan may include evaluating and choosing among a number of alternatives, and create specific action plans to follow for each specific potential risk.
By putting meaningful time into identifying potential risks and planning for their mitigation – or even avoidance – you’ll not only be giving your project it’s best chance of success, you’ll also be setting the course for good project planning throughout the engagement. Your confidence, your teams’ confidence, and your customers’ confidence will be greatly enhanced by going through this process because you’ll know that you already have plans in place to deal with these potential threats. However, don’t rest on that notion. It’s still critical to revisit your risk list often – preferably weekly during a status call or similar event – and be prepared to act if it appears that an identified risk – or a new unidentified risk – is about to affect your project.