In project management, there is no such thing as “zero risk”. What more, unmanaged or poorly managed project risk can expose an organization to significant harm. Hence the importance of risk monitoring and management, which can be defined as the process of identifying risks and devising ways of dealing with them. Here is the key information that project managers and other project management professionals should have about risk monitoring and management.


Download EBook: 7 Ongoing Challenges for the PMO

The Philosophy Behind Project Risk Management

The 6th edition of PMI’s PMBOK introduces a significant change in the move from “Control Risks” to “Monitor Risks.” More specifically: “Monitor Risks is the process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project.”

The rationale behind this edit is easy to grasp: risks are, by nature, outside of your control. They belong to the realm of uncertainty — otherwise they wouldn’t be risks! Therefore, there is no point in hoping to shield your projects, portfolio or organization from risk completely. But you can and should identify, evaluate, monitor, and mitigate them.

Monitoring project risks is essentially about managing changes (both expected and unexpected) to the project. Following PMI’s definition of risk monitoring we suggest a 5-step approach:

  • identifying and analyzing the risks to your projects
  • coming up with appropriate response plans for each risk
  • tracking the evolution of the risk landscape
  • identifying new risks as they arise
  • running and evaluating the effectiveness of response plans

Step 1: Identify Risks

The very first step is to recognize the threats to your projects and portfolios. Try to determine what could threaten the cost structure, schedule, or scope of your projects. Then analyze the nature, probability, and potential impact of the threats in order to qualify and quantify the risks, categorize and prioritize them, and get a reliable mapping of your project risks.

Risk management professionals usually break down risk in four main families:

  • technical risk (e.g. technology- or production-related risk)
  • external risk (from market, customers, regulation, or even weather!)
  • organizational risk (tied with resources, funding, project dependency)
  • project management risk (culture, planning, collaboration…)

Step 2: Prepare and Monitor Specific Risk Response Plans

Each and every risk requires a planned response. Some risks warrant immediate, decisive action. For instance, if a key supplier fails to meet an important delivery deadline, one must activate plan B — i.e. placing an order with another vendor — without delay. On the other hand, if your supplier increases the price agreed upon for delivery, your response plan may involve less urgent yet more complex trade-off decisions.

In any case, we recommend you assign a person responsible for managing each risk (the ‘risk owner’). They will also execute the response plan and of working with project managers to evaluate the effectiveness of the responses and adjust as needed.

Step 3: Track Identified Risks

Risk owners, project managers, and portfolio managers should work together to track the overall risk to their projects over time, making sure that the agreed upon response plans are activated in a timely manner when the related trigger conditions occur. The support of a dedicated risk management tool or a robust Project Portfolio Management tool with powerful risk management capabilities can be decisive to make sure that risk realization doesn’t go unnoticed.

Risk tracking also involves reviewing and reassessing project risks and the planned response plans on a regular basis. As the project moves forward, as market and business conditions evolve, you may find out that some of the threats you had identified are no longer relevant, or that some risks are more or less threatening than you had initially assumed. The probability of occurrence and potential consequences of contingencies may have changed. Similarly, the effectiveness of your risk response plans may be affected by new developments — either internal or external.

Step 4: Identify New Risks Along the Road

The world changes. Projects change. This also means that new risks arise over time. Major changes to the project or its environment, such as the occurrence of a severe disaster, a reshuffle in leadership or competitive landscape, a key technology breakthrough, are just some of the events that may bring about new risks and threats to your projects. It is essential to identify new contingencies early and analyze them appropriately to keep your risk mapping up to date.

Step 5: Evaluate the Effectiveness of Your Risk Management Process

Actual performance doesn’t always match planned performance. Some risks may have been overlooked or misestimated (sometimes with reason: it is impractical to plan for outliers, yet they can and do happen!), or the response plan may not stand the test of reality. It is critical to candidly and objectively assess the results of your project risk monitoring and response strategy in order to pave the way for continuous improvement.

 

More about project risk monitoring and management:


Download EBook: Your PMO's Value

Share the article