A 5 Step Risk Management Approach & Examples

A 5 Step Risk Management Approach & Examples
A 5 Step Risk Management Approach & Examples

The five step risk management approach involves;

  1. Risk Analysis –Planning
  2. Planning Risk Response –Planning
  3. Implementing Risk Response –Executing
  4. Monitoring Risks –Mostly Executing
Step 1: Risk Identification

Risk Identification involves identifying:

  • Individual project risks
  • Sources of overall project risk

Risk identification can be done by a large number of stakeholders or non-stakeholders, like the project manager, project team members, project risk specialist (if assigned), customers, subject matter experts from outside the project team, end users, other project managers, operations managers, risk management experts within the organization, etc.

Risks identified early in the project; however, not possible to identify all the risks at the outset of a project; therefore, risks identified throughout the project; but earlier the better

High-level Risks identified in the Project Charter

Step 2: Risk Analysis

Qualitative Risk Analysis of all Identified Risks is carried to prioritize them into Low, Medium and High, depending on their Scores, for further analysis or action, by assessing their probability.

  • A Risk Probability & Impact Matrix helps prioritization of the Risks as Low, Medium or High. For Probability & Impact, a standard scale is used, usually 10 for each, which leads to a maximum Risk Score of 10×10=100.
  • Risks with Low Score are put in the Watch List and no Response is planned for them. However, they are regularly watched in case their Probability or Impact escalates

The Medium and High risks may be further analyzed in Quantitative Risk Analysis, followed by planning a Response, or a Response may be planned straightaway for them without the Quantitative Analysis

Risk Probability & Impact Matrix
Step 3: Planning Risk Responses
  1. Planning Risk Responses is the process of developing options to deal with Risks should they occur. Involves doing one or combination of the following:
  • Do something to eliminate the threats before they happen, or, to make sure the opportunities happen
  • Decrease the probability and/ or impact of threats, or, to increase the probability and/or impact of Opportunities
  1. Allocates Resources and inserts Activities into Project Plans as needed
  2. Response for each High and Medium Risk is transcribed in the Risk Register; no Response is planned for Low Risks
  3. Risk Response specifies the measures to be taken should a particular risk occur while considering the overall Strategy –Avoid, Transfer, Mitigate, Accept, Escalate, Enhance, Share or Exploit
  4. The overall strategies may be used singly or in combination
  • Risk: Fire in the warehouse
  • Strategy: Transfer & Mitigate
  • Response: Insure the goods (Transference)

Install Auto Fire Detection & Fighting System (Mitigation)

Step 4: Implementing Risk Responses
  • As the Project starts, and Identified Risks occur, the agreed-upon Risk Response Plans are implemented
  • Good planning followed by good implementation ensures that:
  1. The overall Project exposure to Risks is addressed
  2. Individual project Threats are minimized
  3. Individual project Opportunities are maximized
  • If the Identified Risks do not occur, the sources tied to the Risk are released back to the Organization
  • If any Unidentified Risk occurs, Corrective Actions are taken to minimize the impact of the Risk, and MR are sought from the Management
  • As Identified/Unidentified Risks occur and Response Plans/Corrective Actions respectively are applied, the situation is keenly monitored for any Residual Risk or emergence of any Secondary Risk
  • The Risk Register is updated with the developments; Risks which are no more valid are crossed out. At the end of the Project, all entries in the Risk Register would have been crossed out
Risk Response Strategies
A 5 Step Risk Management Approach & Examples
A 5 Step Risk Management Approach & Examples
Step 5: Monitoring Risk Management

Implementation of the agreed-upon Risk Response Plans is monitored, Identified Risks are tracked, New Risks are Identified and analyzed, outdated Risks are discarded, and Risk Management evaluated.  Specifically, Monitoring determines if:

  • Risk Responses are effective
  • Level of overall Project Risk has changed
  • New individual Project Risks have arisen
  • Risk Management approach is still appropriate
  • Project Assumptions are still valid
Risk Management Situations and controlling Risks
A 5 Step Risk Management Approach & Examples
A 5 Step Risk Management Approach & Examples

Leave a Reply