conveyor robot manipulators work businessman in front of control panel analysis production development Risk management has a specific place in protocols and risk management models. In this article we will discuss the six steps to controlling risk for risk managers, as broken down in the PMBOK: planning, identification, qualitative analysis, quantitative analysis, response planning and monitoring.

In short, a risk manager should take the reins of the risk control process with a detailed plan; find out what the risks are that may affect team members and various units of the organization, assess risks from the perspective of the whole organization; create action plans to respond to each of the risks if they occur; and continuously monitor in order to improve the plan.

Risk management planning

Like any other aspect of project management, risk prevention and response in the case of risk occurrence should be subject to strict planning. Risk management is iterative, implying that the planning phase will be reviewed after each cycle.

More specifically, planning involves a series of essential decisions that will affect the following five steps. Choosing methodologies, assigning responsibilities, defining types and categories and risks, as well as allocating resources are some of the main areas of focus at this moment.

Risk identification

This step is to identify the risks that may affect the development of the project and understand their characteristics. It is essential to identify all risks that may potentially influence the project so that the necessary precautions can be taken and disaster can be avoided. Therefore, planning for all risks is essential. Do not ignore them but instead control them.

For the identification of risks, multiple systems can be used.

One of them is to use similar backgrounds, both in our company and in other companies that resemble by their activity or reach.

Another possibility is to use specific analyzing tools (Ishikawa diagram, flowchart or other types of specialized diagram systems) or other standardized analysis systems, such as SWOT analysis (Strengths, Weaknesses, Opportunities, Threats).

Finally, if the first two possibilities are not feasible, you can resort to expert judgment.

After identification, it is important to proceed to classify risks that have been detected (Technical, external, organizational, management, etc.). Their influence on the project (mild, moderate or severe impact on the project), or the probability of the risk arising (low, intermediate or high probability).

Qualitative analysis

This analysis is used initially to filter risks and prioritize them in order of importance and severity. Although this analysis may not be the best in terms of accuracy and speed.

This type of analysis is also used for risks which need immediate attention. The urgency leads to an analysis that, despite not being the best in absolute terms, is most appropriate for the time available.

The results of this analysis should reflect in a risk assessment matrix.

Quantitative analysis

This is a more comprehensive systems analysis, but also the most complex and time consuming.

To perform a quantitative analysis, specific quantitative risk analysis systems should be used, such as mathematical simulations e.g. Monte Carlo.

A simpler option is to use a decision tree with which you can numerically illustrate the parameters derived for each choice.

If it is not possible to quantify the risks, you can turn to experts in the field to conduct an assessment.

Ideally, experts should be external to the project in order to prevent conflicts of interest. In addition, to avoid bias, the evaluation should be conducted blindly without knowing the outcome of assessments made by the other experts.

There are differences between this point and the assessment of experts in qualitative analysis. While in the former case, experts estimate the relative importance between different types of risks in order to focus on the most important, in the quantitative case experts, despite not having actual data, provide estimates as accurate as possible based on their experience and the results of other projects that they have led previously.

Risk response planning

When a threat is verified, the response must be preplanned and follow the correct procedure. Action plans must be drawn up when risk in the project is present in order to prevent its occurrence. This may include transferring it to an external agent or mitigating their effects, in the event that the risk occurs. Where risks cannot be avoided, in the event of circumstances beyond our control or scope, contingency plans should be developed that allow for coordinated and appropriate action.

Risk monitoring

To predict whether or not risks may occur it is necessary to know warning signs so that it can be anticipated. If this is not possible, monitoring mechanisms should be in place so that a risk in a project can be detected the moment it presents itself.

The purpose of these systems is to instil the attitudes of anticipating risks and having contingency plans in place, before the risk has significantly influenced the project.

In addition, self-monitoring the reaction to the risks and the occurrence of them can improve prevention measures, and thus reduce time and increase the efficiency of the reaction.

 

Here are some recommended articles:

Our new Risk Assessment Matrix is online

Keys to becoming a good risk manager

Risk management… The what, the why and the what to do

 

Juan Delgado

Blogger ITM Platform

Receive the latest blogs directly into your inbox

 

A guy looking in a binocular, standing on a pile of books, clouds, stars, apple, TrophyIf you want to become a risk manager, you will have to combine two types of training.

On the one hand, you must be a specialist in a particular field. For example, if you want to be a risk manager in the field of medicine or pharmaceuticals, you’ll need medical training, or hospital management training.

On the other hand, you need to acquire specialist training in risk management. Several institutions offer specific degrees in these areas.

Where to find risk management training

These are some of the major international institutions offering specific training in risk management.

Institute of Risk Management. Founded in 1986 in the UK with the aim of facilitating training and certification in risk management, it has international prestige and is one of the first institutions to grant degrees in this area. The diplomas offered are: the International Certificate in Enterprise Risk Management, the International Diploma in Enterprise Risk Management and Certificate in Risk Management in Financial Services. The price is around £1,000 for non-members.

Project Management Institute. The international reference for project management also has a specific course on risk management: the PMI Risk Management Professional (PMI-RMP). The certificate costs $670 (or $520 if a member of a PMI institute), and is obtained after a multiple choice test based on the PMI-RMP manual, which is available for free in this pdf.

The Chartered Insurance Institute. Also based in the UK, it is a comprised of approximately 120,000 members in societies in over 150 countries. It is the world's largest professional association in the field of financial planning and insurance. Although not dedicated solely to risk management, it provides accreditation in this and other areas.

If you’re hot for the more academic part of the issue, a host of Higher Education Institutions in the US offer Risk Management courses, from Stanford’s strategic decision and risk management courses to the PhD programs offered by Columbia University’s (Decision, risk and operations) or the University of Pennsylvania’s insurance and risk management. As you can imagine, this is the kind of PhD program that can be at least as rewarding careerwise as the most expensive MBA.

Of course, big firms and multinational corporations also have their say. If you’re interested in in-company training tailored to the needs of your organization and in implementing international standards like ISO 31000:2009, you can look up BSI’s risk management training courses or ASQs’ risk management essentials and implementation strategies.

Risk Doctor. Under the slogan "Exploiting Uncertainty Future", this website is the initiative of David Hillson, a celebrity in the field who calls himself the "Risk Doctor". It specializes in training for risk managers. Their slogan makes reference to precisely one of the functions of risk and project management: to turn adversity into strengths. On the page you can find plenty of resources, from books and scholarly articles to specialized webinars and videos of Hillsons’ conferences.

Constant Change

Even with good training and certification, risk management, like any other discipline, is subject to constant change and evolution. A professional who wants to stay up to date must constantly be looking for new sources of training and information. To do this, the internet is your best ally.

We recommend periodically visiting our blog where you can find up to date risk management and project items.

 

Here are some recommended articles:

Our new Risk Assessment Matrix is online

Keys to becoming a good risk manager

Risk management... The what, the why and the what to do

 

Receive the latest blogs directly into your inbox

 

two businessmen playing, try not to make the tower fall on the floorThe risk manager is perhaps a position that is not as well recognized as others, however it is essential for the successful development of a company.

The job of a risk manager is to identify potential risks that may affect the organization on multiple fronts: reputation, safety and economic feasibility, even investment security. Although it is common for a risk manager to specialize in a particular area, so as to detect and address potential risks in their corresponding field. For example, risk departments are essential in the banking sector, and insurance companies have risk assessment as one of their core activities. In these areas it is common to find risk directors and risk analysts.

The importance of proper risk management for the development of any economic activity has led to a specialized discipline often known by its acronym: Enterprise Risk Management, or ERM. COSO defines the discipline as follows: 

ERM is a process effected by an entity’s board of directors, management team and other personnel. It applies to the entire company in a strategic context, is designed to identify potential situations that may affect the entity, manage risks that are within the scope of its risk appetite and provide reasonable assurance to achieve the objectives of the entity.

 Enterprise Risk Management - Integrated Framework
Committee of Sponsoring Organizations of the Treadway Commission

If you are interested in this value proposition, you should know that the culmination of your professional development could come with the title of Chief Risk Officer (CRO). Although this managerial position is more common in the financial sector, large engineering firms also include them in their structure. A very interesting profile in the US, for example, is that of James Durree, Vice President of Risk, Ethics and Compliance at JACOBS. Durree’s career showcases the strong sectorial mobility of risk expertise: having started as a Risk Analyst at Abbot Laboratories, he then moved out of the healthcare industry and spent 21 years managing risk at Avery Dennison, a global packaging manufacturer. Durree’s last move to JACOBS placed him in front of the kinds of risks that are faced by primary process industries across a series of services.

In short, the risk profile of the specialist is so specific to the role that it can’t be confined to finance or insurance companies. Additionally, risk managers often require a strategic integration with project management. Depending on the size of the company and its organization, PMOs are likely to have access to a risk expert, although smaller or more horizontal companies may distribute that responsibility among regular project managers.

The position of risk manager has its own characteristics and expertise, combining technical knowledge with management experience and an important transversal competence: the ability to communicate and persuade. Therefore, to perform effectively as a risk manager you have to be comfortable taking up a central position, interacting with members of other teams within the company and with customers.

Once risks have been identified and assessed, risk managers work to implement procedures to overcome, transfer, or at least minimize them.

They must understand the objectives of the company, to always direct their efforts and make changes in the initial planning towards producing a product that provides the greatest customer satisfaction.

The result is a soaring new professional profile.

Tasks to be performed by the risk manager

  • Identify risks. Often, risk managers don’t have all the information they need, resorting to team workshops in which they share progress information and collect data from project units. In this case, the risk manager is the facilitator of conversations and a catalyzer of contingency plans.

  • Develop contingency plans. Once risks are identified, the risk manager is the person with the technical knowledge necessary to develop a contingency plan. It is possible that many details are beyond his competence and direct influence, so his work can sometimes be seen as internal consulting for the units that demand technical assessment.

  • Provide methodologies to identify and analyze the economic impact of the loss of any of the components of the organization, workforce changes, or any other damaging impacts.

  • Seek opportunities. The risk manager should select those enterprise opportunities that are more efficient for the company from a risk perspective.

  • Anticipate additional costs resulting from newly emerging risks through specific budget items. However, this should not prevail over realistic budget forecasts.

  • Work collaboratively with the board to maintain control over the objectives of each process, ensuring the end result meets customers’ needs.

Training and skills that a risk manager should have

The development of a risk manager will be different depending on the type of project or the type of risk that they will work with.

In addition to specific project management and risk training, a risk manager should be a subject matter expert of the project in which they will work. For example, if it comes to identifying risks in a project related to construction, it is appropriate for the risk manager to have experience in architecture or engineering. Only then will he be able to truly understand the market, challenges and opportunities that may arise during the execution of this specific project.

The professional profile of a risk manager also allows more varied training in other areas. In addition to project management, other measurable training studies include:

• Math

• Physics

• Statistics

• Business Management

• Financial and Actuarial Studies

• Economics

• Industrial engineering

For example, an engineer may have never worked specifically as a Risk Manager but have experience in construction or related engineering projects, and therefore in tracking tasks and managing projects. In this case, the lack of specific training in risks can be bridged by means of the transferable knowledge and skills developed in previous positions.

Besides the specific training in risk, a Risk Manager must have a series of non-specific, transferable competences, including but not limited to:

• Ability in problem-solving and decision-making

• Analytical skills and attention to detail

• Organizational skills

• Negotiation and persuasion skills

• Strong mathematical and quick calculation skills

• Business intelligence, to integrate risk calculations on the dynamics of development of the company.

If you wish to acquire the training and skills needed in the field of risk management, there are a number of institutions of reference in the US. One of the most renowned internationally is the Institute of Risk Management. Other prominent organizations are the International Risk Management Institute, or the Global Association of Risk Professionals. These organizations provide continuously updated courses and training qualifications.

Allies of a risk manager

In addition to the training and skills possessed by a risk manager, one of the keys to succeeding in the risk management field and transferring these assets to a company is the support of specific and advanced software.

In ITM Platform we work to provide a solution that allows you to maximize your productivity and complete projects effectively. You can start by testing the new online version of our risk assessment matrix tool, which you will also find in our integrated solution.

If you request a 14-day free trial on ITM Platform you can see just how easy it is to get custom reports, track tasks and perform the basic functions all risk managers need, including communication and coordination with all departments of the company.

Top 5 most read blogs on ITM Platform:

The Monte Carlo Method in Project Management

Extra Extra Extra!

Three disastrous project management failures

The project in the face of adversity: what should a project manager do?

What is the Virtual Sock Management or Periodical Online Management?

 

Receive the latest blogs directly into your inbox

 

Business man in balance on a rope

The existence of risk is inherent in absolutely everything we do in life. All activities are subject to some degree of uncertainty.

Risk in project management can be defined as a change in the market environment or the product, that may influence its development.

When implementing a project, no matter how well planned and well organized, there is always a certain margin for error, we can call this the level of risk within the project.

 

The impact a risk has on a project should not necessarily be detrimental to the project. If preparation is done correctly then managing  these changes will be straightforward and thus the consequences on the outcome of the project will be minimal.

If we are able to react adequately to this risk, we can benefit from it and improve our product, our sales or customer satisfaction.

Therefore, the best way to reduce risk exposure is proper planning. When planning, the risks should be addressed from a realistic perspective which allows you to understand them and put into place action plans if they do arise. You should never ignore the existence of the risks, they could be detrimental to your project, and hence they must be controlled.

In order to properly assess the risk exposure within your project, you may find it helpful to use a specialized software. At ITM Platform we offer you a new free risk assessment matrix tool online that allows you to create risk sets in a simple, graphical and intuitive way.  You can quickly and easily plan your risks, allowing you to reduce uncertainty in your projects while focusing more of your attention on other tasks.

Good planning is essential, so that the project manager and the company as a whole know how to respond to the emergence of risks. Proper risk management can convert potential weak areas into strengths. In Japanese, the word crisis is formed from the words: "danger" and "opportunity".

The Project manager should be able to turn risks from potential dangers into opportunities.

What are the main sources of risk?

Scope risk

Throughout the development of a project, its scope may change. A project will grow in complexity as customers add new requirements and this may extend or modify the scope. Such changes are common since the product must meet the needs of the market which is constantly changing.

Planning risk

The reasons why a project may not develop as initially planned may not necessarily be the mistakes of the development team, but may be due to external circumstance.

Delays in the supply by an external provider, an accident or any other unforeseen, uncontrollable circumstances, can alter the initial plan. Therefore, proper planning should cover all possible scenarios and the probability that a scenario will arise, such that the resulting impact will be minimal. In this case it can be very useful to develop a risk assessment matrix.

Resource risk

The resources that are available during the course of a project can also fluctuate. Although initially budgetary resources are a defined amount, it is possible that during the project development the economic situation of the company may change due to external factors such as the market or macro economy.

In these circumstances, the project manager will have to do what they can with whatever budget is assigned, eliminating those tasks that contribute less to the project whilst trying to ensure an outcome that meets the minimum requirements necessary for the project to be successful.

On the other hand, human resources may also experience changes. The staff starting a project may not necessarily be the same as the staff who finish the project. In addition, new members could potentially join the team during the project, and therefore will take some time to adjust. This will, at least temporarily, lower the efficiency and productivity.

Technological risk

Using software and other utilities inadequately, could lead to a decrease in your productivity. If there are technological problems, this will delay or hinder the delivery of your projects.

To avoid such problems, we put at your disposal a leader in project management software. So, at least for this part, you can breathe easy.

Once you know the source of risks that may occur during the execution of your project, it will be easier to identify them and include them in your planning. Which will allow  you to develop contingency plans to remove, transfer, mitigate or, if no other choice, accept them.

With these techniques, you can rest assured that the risk management of your projects will be successful, and the impact to your company will be minimal.

At ITM platform we understand the business world perfectly, because leaders of various sectors use our project management software.

Try it out and discover what it can do for you:

https://www.itmplatform.com/en/projects-programs-portfolio-subscription/ 

 

Top 5 most read blogs on ITM Platform:

The Monte Carlo Method in Project Management

Extra Extra Extra!

Three disastrous project management failures

The project in the face of adversity: what should a project manager do?

What is the Virtual Sock Management or Periodical Online Management?

 

 

Receive the latest blogs directly into your inbox

 

business man, parachute, crocodile, seaLet’s face it, even if you have the utmost confidence that your project will be a success, there is always the possibility something can go wrong. Wise project managers will identify the project risks in the early stages of the project to give themselves more time to develop a plan on how they can avoid them if they arise. However, risk management is an ongoing activity and can’t be done just once.

Here are a few key components of risk management:

A Contingency Plan

Essentially, this is a plan developed to help the company respond to a possible future situation that could occur but isn’t outlined in the original or “expected” plan. The project team will find solutions ahead of time in the case that the problem appears. A contingency plan is also often referred to as being “plan B”, one which can be put in place in only a moments notice.

For instance, suppose the completion of a product significantly depends on purchasing a component from a supplier. Although for whatever reason, the deal is unable to be made which can set the end date of the project way behind schedule. To prevent crisis from occurring, project managers will use contingency plans that will be implemented immediately to resolve the issue.

The Risk Assessment Matrix

This is a well known project management tool increasingly used in risk management. In a single page, it will organize all of your possible risks based on their likelihood of occurring and the severity of their consequences. You will need this in order to develop an effective risk mitigation plan and project strategies.

The risk management matrix can only be completed after you have filled out a risk assessment form. In this form you will have to uncover and list out all potential risks that may be a threat to your project or company. You will need to gather data about these possible risks, understand their consequences, determine the probability of them occurring and brainstorm possible prevention strategies.

The risk assessment matrix will then be able to provide the project management team with a quick and useful overview of the risks to help them prioritize which should be dealt with first.

The team will need to work together to decide which level of risk can be tolerated and which ones should just be “accepted” and left to be watched. Our new free tool for risk analysis allows you to register, quantify and share risks.  You can also save different sets of risks, such as those for a project, business, process or any other context in which you are working. You can share them collaboratively as well.

Risk assessment matrix

Each circle represents the estimation of a risk. Colors and sizes of circles depend on the exposure level of the risk. They are fully configurable, simply click on the “customize values and thresholds” tab.  

If you click on the “see matrix” button in each of the risks, you’ll be able to see all of the possible combinations for impact, probability and place of the product; i.e the numerical value of the level of risk exposure.

Risk matrix

Risk Mitigation Planning

This process involves creating possible options to help strengthen future opportunities and reduce threats to your project objectives. It will require project management team members to continuously track the current identified risks while searching for new ones. They will also need to evaluate how successful the risk management process is throughout the development of the project.

It is best if you refer back to the chart below when applying risk mitigation. The Risk Mitigation Handling Option you choose to use will once again depend on the probability of a risk occurring and the severity of its costs. There are several handling options that can be used:

Probality, Comsequence, risk matrix

Avoid: You can change your current project requirements to reduce the risk from occurring. However, don’t be surprised if this also impacts your schedule, funding, etc.

Control: Implement new actions to diminish the impact the risk will have.

Transfer: Reassign the projects responsibility or authority to another stakeholder willing to take on the risk

Watch: Constantly monitor the project and its environment for any changes that may impact or increase the risk.

Assume: You may choose to acknowledge that a particular risk exists and then willingly make the decision to accept it without trying to control it in any way.

In a nutshell, risk mitigation planning requires you to think about the probability of the risk occurring and materializing as well as the impact it will have on your objectives if it does.

Steps to Risk Management

Simply put, risk management is a 2 step process that starts with determining what risks exist and then handling those risks. Although, you should develop an action plan which includes all of the 5 steps mentioned in the PMBok:

Step 1: Initiating

This step is all about brainstorming. You will need to determine the project manager, the company culture and understand the business case. You must review and uncover possible risk sources by determining initial constraints, requirements, assumptions and agreements. If you have an strong project management tool, like  ITM Platform, you will be able to categorize and prioritize risks depending on if they have a high impact or high probability of occurrence.

Step 2: Planning

This stage involves developing a plan for each knowledge area. To do so, you must perform risk identification, qualitative and quantitative risk analysis and risk response planning. Once this is done you will need to finalize your management plans by developing a performance measurement baseline. By doing so, you will now have successfully developed responses to the risks you previously uncovered.

Step 3: Executing

From here on you will want to execute all of the work being done according to the PM plan you have created in the previous stage. Look to continuously improve by following the processes but also implementing approved changes. You must determine whether the processes are effective by evaluating individual or team performances and performing quality audits. Make sure you give strong feedback as well as recognition to employees when a job is well done. Following your management plans will reduce risk likelihood but will also prepare you in case something does arise.

Step 4: Monitoring & Controlling

With change can come brand new risks, but you will need change to occur if you want your business to grow. In this case, you must bring on change in a controlled way. Start off by measuring the performance of your team members as well as the project as a whole by comparing it to other metrics you have in your PM plan. Determine whether or not variances require corrective actions or change requests. You should request changes regardless and then update the PM plan accordingly.

Step 5: Closing

You must start off by assessing whether the work completed is done based on the requirements listed previously. Gain acceptance over the final product and then hand it off to be able to receive customer feedback. After this is all done you should record the lessons you have learned, all of the risks you may have encountered and the knowledge gained. All of this will help you out in the future.

Risk management isn’t an easy task and it’s natural to feel unsure on how to go about it. The best thing you can do is implement a PM tool that will help you with the process. ITM Platform provides their users with a new and innovative tool to help with calculating and managing project risks. Furthermore, their friendly and supportive staff has your back every step of the way so you’ll have no need to worry.

Visit http://www.itmplatform.com/en/ to find more information.

Top 5 most read blogs on ITM Platform:

The Monte Carlo Method in Project Management

Extra Extra Extra!

Three disastrous project management failures

The project in the face of adversity: what should a project manager do?

What is Virtual Stock Management or Periodical Online Management?

 

Receive the latest blogs directly into your inbox