Skip to content
risk management

What is risk management?

Bertrand
Risk Management, PMO, Project Controls, Project Management
Publié le

Risk management is an integral part of project management. Risk management is a task performed by the project manager. This process includes the assessment of risks upstream and during the course of the project and, more importantly, the development of risk mitigation strategies.

The risk management process can be broken down schematically into 3 main stages, which we will discuss below:

  • Risk identification
  • Risk analysis
  • Mitigation plan

Identifying risks

Risk management (and the mitigation strategy that accompanies it) is a process that requires reflection, creativity and organisation. In most cases, it begins with a general brainstorming session with the project team to identify all the possible risks. This can be done using reports from previous similar projects that are likely to have encountered the same obstacles.

Some organisations use risk checklists to assess the likelihood of these risks occurring during the project. The checklist is specific to each company, as it is influenced by its area of activity and the type of projects it usually carries out.

These lists and reports are invaluable sources of information, saving considerable time in identifying immediate and potential risks.

Business or enterprise risks can be of different types, such as:

  • Operational risks
  • Financial risks
  • Occupational risks
  • Strategic risks
  • Technological risks
  • Industrial risks
  • Legal and regulatory risks

This list is not exhaustive and can be adapted to suit each company.

Risk analysis

RBS - Risk Breakdown Structure

Once the risks have been identified, they can be classified and mapped using the RBS (Risk Breakdown Structure). The RBS takes the form of a hierarchical, organisational chart, classifying each risk into the category to which it belongs, which in turn contains sub-categories.

The RBS has the advantage of providing a clear view of all identified risks and help comparing them with those of previous projects.

Qualitative Risk Analysis

It is important to determine the level of risk exposure. To do this, it is recommended to carry out a risk assessment. Generally the scoring scheme is based on three main indexes, namely the severity of the risk (G), the probability of occurrence of the risk (P), allowing the calculation of the impact of the risk (I) and therefore the degree of intervention to be undertaken.

The assessment is represented as follows:

Severity of risk (G): 

  • Negligible (1)
  • Minor (2)
  • Moderate (3)
  • Major (4)
  • Catastrophic (5)

Probability of occurrence of the risk (P) :

  • Very likely (5)
  • Probable (4)
  • Possible (3)
  • Unlikely (2)
  • Very unlikely (1)

Impact of risk (I) :

  • Low (1 to 6)
  • Medium (7 to 12)
  • High (13 to 25)

To determine the impact of the risk, the formula to be applied is as follows: G x P = I

Example: a moderate risk (3) considered probable (4) represents a medium impact (3 x 4 = 12).

Quantitative Risk Analysis

A Monte Carlo simulation is a static model used to simulate the probability of a certain number of outcomes linked to an uncertain event, in this case, a risk. It can be used to quantify risks, predict the likelihood of cost overruns and delays, and better understand how a risk will affect the project.

Risks are not equal, some are more likely to occur than others. Depending on the risks involved, the project schedule may need to be adjusted. For example, if the project involves a large number of risks, it may be necessary to revise the budget. By drawing up a risk mitigation plan, it will then be possible to identify critical risks that could have major repercussions on the project.

These risk analysis methods will facilitate decision-making and help assess the costs incurred, as well as the strategies required to mitigate them.
Although planning is not compulsory, it is strongly recommended, particularly for more complex projects, or when a company is managing several projects simultaneously.

Risk mitigation

In the third stage, the project team is responsible for drawing up a risk mitigation plan based on the information gathered during the risk identification and, more particularly, the risk assessment phases. Why have a risk mitigation plan? The risk mitigation plan will make it possible to limit, and in some cases avoid, potential damage that could hinder the success of all or part of the project.

There are four types of risk mitigation, described in more detail below.

Risk avoidance

Risk avoidance is recommended when the consequences of a risk are significant for the positive outcome of the project. The aim in this case is to avoid the risk altogether, often by ceasing activities. This can be quite costly for the company.

Risk reduction

Here, the aim is to implement a strategy to reduce the impact of the risk. It can involve, for example, taking preventive measures to avoid the risk, diversifying activities or investments so that the consequences are not too severe for a single division, or improving processes. 

Transfer of risk

Risk transfer involves shifting the risk by transferring responsibility to a third party. This is especially the case when the company has taken out an insurance policy and decides to apply for it in a very specific context.

Risk acceptance

In the latter case, the risks incurred are accepted without attempt at mitigation. So the project proceeds, in full awareness of the risks involved. This method is used for low probability risks.

 

Once the risk mitigation plan is implemented, assessment meetings can be set up throughout the project’s lifecycle to evaluate the risks at different stages.

In conclusion

Risk management involves a series of management processes and tools by which risks are identified, assessed, classified and managed effectively. In risk assessment, it is necessary to identify all the risks to which the company is exposed, using management tools such as documentation, identification of potential and identified risks, and analysis of the probability of occurrence and impact of risks on the company. This assessment enables risks to be ranked according to their criticality and serves to determine appropriate management measures. 

Risk management also requires the implementation of a management system that integrates risk management into all the company’s activities. This includes outlining a risk management policy, training risk managers, implementing risk management processes, drawing up risk management action plans and measures, setting up an internal control and information system, and regularly monitoring and evaluating risk management activities. The ultimate aim of risk management is to enable the company to effectively manage the risks to which it is exposed, minimising negative consequences and maximising opportunities.

Choosing PROPRISM to ensure controls of your projects

PROPRISM deploys its expertise in Project Controls to offer you solutions tailored to the management and control of your projects. We have a team of experts capable of improving the quality of your projects, promoting productivity and strategic alignment, as well as reducing costs and ensuring deadlines. PROPRISM operates in the pharmaceutical, marine, construction, engineering, transport and infrastructure, and chemical industries.

Our experts play a key role in the success of your projects. Their experience is employed to ensure that resources are properly allocated and that budget forecasts are adhered to. Using agile methods and project management tools that encourage adaptability and responsiveness to change, they encourage improvement and productivity in project management. PROPRISM also plays an essential role in providing advice and assistance, and supports your teams throughout the project life cycle with ongoing training. We also ensure coordination and motivation throughout the project to guarantee its success. Thanks to our solid expertise and essential teamwork, we can work with you to make your projects successful.

Plus d'articles ?