Risk Management is the process of determining the maximum acceptable level of overall risk to and from a proposed activity, then using risk assessment techniques to determine the initial level of risk and, if this is excessive, developing a strategy to ameliorate appropriate individual risks until the overall level of risk is reduced to an acceptable level. RISK-BASED MANAGEMENT APPROACH Most projects face a near-constant barrage of risks, many with the potential to seriously impact the outcome of a project. Without the ability to identify, prioritize, and manage these risks, a project manager’s performance can be seriously compromised. Therefore, an awareness of, and ability to identify, project risks is an essential activity at all stages of a project. One of the first things a project team must do is foster a risk management orientation that ensures that the attention of all project staff is directed at maximizing opportunities and minimizing hazards throughout the project. The risk management approach is central to all project management activities, including the following:

Planning the project

Organizing and structuring the work

Developing management systems

Creating project procedures

Allocating resources

Managing time

RISK ASSESSMENT PROCESS Formal risk assessments and risk management plans provide many benefits and are required on every good project. Completing the risk assessment at an early stage will help build cohesion among staff at the start of a project. In addition, team members who participate in the risk management process take ownership of risks throughout the life of the project. The process also provides an open forum in which the team has the opportunity to express concerns about various aspects of the project before problems arise. The risk assessment also focuses the project manager and project staff on those events or activities that have the greatest chance of impacting the success of the project. Upon award of a new contract, the project planner reviews the risk assessment that was conducted during the business development or proposal stage of the project. If the project team determines that the assessment requires further development to ensure the control of project risks, further risk assessment activities must be undertaken. RISK IDENTIFICATION The first step in the risk management process is to identify potential risks. This is best accomplished by combination of techniques, including the following:

Documentation reviews

Brainstorming sessions with project team

Lessons learned from prior projects

Checklist reviews

Consultation with internal or external subject matter experts

Peer or management reviews

Root cause analysis QUALITATIVE RISK ANALYSIS Projects use a simple qualitative approach to categorize risks on a project. The project team must assign each identified risk into one of the three standard risk levels: moderate, significant, or severe. These categories are based on a combination of the potential impact of the risk and its probability. The following defines these standard risk levels. Moderate - Not considered unusual by industry standards. Moderate risks do not typically require specific contingency and are usually mitigated by standard operating procedures and the project management plan. Significant - Considered unusual by industry standards, requires specific contingency, or requires a specific mitigation plan (any may apply). Severe - Could significantly and negatively impact the project or company AND cannot be effectively and reliably controlled.