It is almost naive to expect that the project would advance through its life-cycle stages without encountering any unwanted and/or unplanned events. These unexpected events usually complicate the normal execution of the project by way of expanding the scope, increasing the cost, and delaying the delivery date. Although these deleterious events cannot be prevented, the team can put measures in place that would mitigate the consequences of such occurrences. With a logical overall project risk management plan, and risk-specific response plans, the team can minimize the impact of these risk events on the progress of the project somewhat gracefully.
There are four major steps in risk management: identification, quantification, analysis, and response development (Figure 2.10). At the beginning of the project, a database of all nonnegligible project risks must be developed and then continually maintained throughout the life of the project. This list of risks must be updated throughout the life of the project, since risk management is a continuous activity. Then, for each risk event, the probability of occurrence and its impact on the project will be estimated. The impact can be on scope, cost, or schedule. The team will identify specific warning signs and/or triggers of the possible risk event. Next, the team must outline responses that would be required to mitigate the risks that have been identified. A characteristic of the risk planning process is that any or all of the identified risks might occur, occur in a form not envisioned , or fail to occur at all. Also, by extension, and as probabilities go, risks other than those on the official list might also surface. None of these predicaments should deter the project team member from having a project risk management plan in place, because, on balance, risk management plans facilitate a more effective completion of the project. The impact of a risk event on the overall performance of the project is usually negative, although it can be positive on rare occasions. Thus, a beneficial side effect of a risk plan is that it identifies unexpected events, even those that are favorable in terms of the project deliverable . This side effect of predicting and capitalizing on favorable unplanned events could become the payoff for the efforts spent in conducting a detailed risk management effort. The benefits are twofold: one is the actual tangible impact on the project outcome, and the other is the subtle but important feeling that the project team is aware of all the details of the project environment.
Analyze and Prioritize Risks
Ideally, risk identification, quantification, and analysis should become routine activities, similar to other project activities. As such, a project risk management plan should include team reviews, task planning, tracking, monitoring, and control. These risk management plans will allow consensus on actions, which in turn will establish a shared understanding of the project risks. The basis for this collective approach is the presumption that all team members have a shared vision for success, as stated in a team charter. Thus, the risk management process would include a communication plan that encourages free flow of information. Having regular and timely risk data, the team would view risk management as an integral part of project management, with routine risk identification and monitoring activities throughout all phases of the project life cycle. Thus, managing risks becomes part of the overall project management methodology, and not a stand-alone activity.
While the project manager has the overall responsibility and authority for all aspects of project performance, team members are delegated to play key roles in the process. The team, as a unit, must continually work to identify the emerging risks, classify them, estimate their probability of occurrence, calculate their impact, and highlight the time frame of occurrence. Further, the team must update the response plans and monitor the mitigation efforts. Team meetings, held on a regular basis, are useful in reviewing the status of identified risks and the efficiencies of corresponding risk response plans. The advantage of using the team approach in the risk management process is that there is less likelihood that some risk information might be overlooked. The subtle objective is for the entire team to learn to think "risk" in order to prevent small task- related problems from growing into major project crisis situations. Again, the virtual team would follow the same principles, but the communication schema probably would not include face-to-face media, maybe not even voice-to-voice media.
During project status reviews with the client, risks should be an agenda item. Resolving project risks is a joint responsibility, because the client and the project management team can draw on each other's resources to mitigate risks so as to enable more rapid responses. Formal communication dealing with risk events should not be just the sharing of issues on a case-by-case basis and not only at times when the project management team is certain that a problem is soon to develop. Rather, risk management should be integrated into technical interchange meetings, design reviews, and user requirement reviews. During these meetings, all team members should jointly identify those risks that are considered to have the highest probability of occurring and the greatest impact on the project deliverable. Through this joint effort, risks are identified, categorized, and prioritized before they evolve into major problems. Higuera et al. (1994) suggest that risk management should be even more in-depth by way of involving the full complement of the team members, the stakeholders, and the client representatives. This approach broadens the knowledge base, thus making the experience extremely effective in identifying the risks. Equally important, the collaborative nature of risk identification sets the stage for actions in dealing with those risks, because often remedial plans will include joint action by the client, the stakeholders, and the project team.