Risk management is one of those areas that are too often “somebody else’s responsibility”. Whether through lack of knowledge or indifference, it gets shunted off somewhere else and replaced with an approach of “it’ll be alright on the night”. Unfortunately, it frequently isn’t. Like business continuity or information security awareness, risk management should ideally be everybody’s business and accepted by each member of an organisation as an individual as well as a collective responsibility. Risk management on a per-project basis can help move the needle in the desired direction.
The common sense principles that drive good corporate risk management carry over immediately to project management. The following list is based on one drawn up by Bart Jutte and published in an article at http://www.projectsmart.co.uk/10-golden-rules-of-project-risk-management.php
- Make risk management part of your project from the start. Risk management needs to become a reflex, not an afterthought.
- Consider both threats and opportunities. Projects are smaller than corporations, which can make it easier to identify positive as well as negative risk. Projects can be a good training ground before looking for even bigger opportunities back at corporate level.
- Communicate about risks. Risks that are known and understood by a team can benefit from additional constructive ideas and suggestions.
- Identify risk owners. Again, the smaller scale of projects can provide good practice for assigning corporate level risk ownership.
- Prioritise risks. The conventional grid of risk probability (low, medium, high) and risk impact (small, medium, serious) works well here too and keeps risk management simple as well as realistic.
- Plan and implement risk responses. Self-evident, we hope!
- Register and track project risks. Projects don’t have to be agile for risks to change. Risk tracking needs to be done for waterfall-style project management too.
If you feel unsure of your overall company risk management direction, you can also try risk management out on suitable projects (see some of the points above) to extrapolate to a more general application. In addition, successful risk management at a project level can create a real-life example that other teams and departments can follow too.