• Define & Focus
o Define the project (e.g. scope, benefits, objectives, budget)
o Focus the Risk Process (i.e. purpose, objectives, detail)
• Identification (What could possibly go wrong?)
o Techniques include brainstorming, interviewing, prompt lists, Ishikawa ‘fish’ diagrams (cause & effect), previous experience, SWOT analysis etc…
o Develop Risk Register
• Assessment & Modelling (How likely is it and what are its consequences?)
o Qualitative assessment (Probability-Impact Analysis)
o Quantitative assessment (Risk Simulation Software)
• Planning (What can we actually do about it?)
o Action plans & strategies
• Management - Ongoing
o Focus the Team
o Determine ways to stay on top of Risk
o Monitoring & reviewing
o Feedback (Learning from experience)
The process should be iterative – not a one off exercise – needing to be repeated at regular intervals and whenever new risks are identified. Beginning at the inception of the project, the process only ends when the project is completed, delivered and closed.
Risk arises out of the uncertainties associated with assumptions and ignorance. A risk management process is, therefore, a forensic process. It involves a collective investigation, which seeks to confirm what we think we know and to find out what we do not. A risk management process that does not include procedures and methods for gathering intelligence is unlikely to be effective.