Once you’ve completed your risk assessment, you’re ready to create your risk management response plan (using appropriate risk management tools). Note that risk management isn't something you check off your project to-do list; it's an ongoing process.
Here are the suggested steps:
Step 1: Determine Your "Risk Tolerance"
How much risk can you take on before you consider abandoning the project? This is an essential conversation to have with your stakeholders. Their success is on the line, too. There are a lot of issues to discuss: do they want to be informed when risks happen? Or will it depend on the level of impact? If certain risks occur that could derail the project, do they want to be consulted first or do you have the authority to act right away? Make sure everyone knows the plan of attack and agrees on the strategy. Stakeholder conflict is one risk you can counteract with open communication.
Step 2: Decide Which Risks to Manage
Once you've determined the project's risk tolerance level, you can start to identify which risks are worth your time and attention. Even if a risk has a high probability of occurring, if its impact is small — say it would add $200 to your project costs and your budget is $50 million — you may choose to ignore it if counteracting the risk is an inefficient use of your time and resources.
Use a risk matrix as a key tool for your risk register to identify which risks fall below your level of tolerance, and which you need to plan for. Use your completed assessment to plot each risk on a quadrant: high probability and high impact risks to the upper right; low probability, low impact risks to the lower left.
Risk Matrix template from The Program Manager's Blog
Pay special attention to that upper-right quadrant. These are risks that are both high probability and high impact. They’re more likely to happen, and if they do, it could be game over for your project. In these instances, you’ll want to be proactive in lowering the probability that the risk will occur (if possible), or have a definite plan in place to counter its effects.
Step 3: Identify Project Risk Triggers
What cues might indicate a particular risk is imminent? If someone in the office starts sneezing and coughing, that could be a "trigger" your team is about to get hit with the flu bug. Establish roles and responsibilities for monitoring triggers among your team, and determine what steps should be taken if one pops up.
Step 4: Create an Action Plan
What can be done to reduce the probability of a risk occurring, or minimize its negative impact? (Can you provide Purell during flu season? Or spread important tasks among the team so progress can be made even if someone’s out for a few days?) If a risk occurs, what's the most effective response? What will your team do, and who's responsible for what? Make sure you've thought each piece through and everyone on your team knows the plan.
Step 5: Evaluate
After your project wraps up, step back and consider which parts of your strategy were successful. How effective were your triggers in forewarning risks? How effectively did you react to those triggers, and were you able to successfully prevent any risks from affecting the project outcomes? What could be done to improve for the next project?
Start Your Projects Risk-aware, Not "Risk-free"
Discovery, ingenuity, ambition — all businesses and projects involve risk. You'll never be able to eliminate uncertainties, but having a plan in place can keep small problems from growing into full-blown catastrophes. And by acknowledging risk and keeping an eye out for it, you can recognize and jump on fortunate opportunities to deliver value beyond what’s expected.
What are your best risk management tips? Share your wisdom in the comments section!
Image credit: Viktor Hanacek.