Message to Som Gollakota

Please Enter All Requested Information Below
Your Name
Email Address
Leave this Blank:
Woodinville, WA
Risk Management - Introduction
August 13, 2009
This section is still under construction. Not all topics have been fully detailed. Check back frequently for updates.
A Risk is (a future and) an uncertain event or condition that,
if occurs, has an affect on at least one project objective.
- Risk Definition, PMBOK 4
risk, by definition, is a future event that, when occurred, would affect one or more project objectives including scope, schedule, cost, resources, or quality. Therefore Risk Management plans for, identifies, analyzes the probability of occurrence, impact of, formulates an appropriate response strategy, responds to, and monitors and controls, such risks.
Risks, against the popular thinking, are not always a bad news for projects. Risks are just uncertain (may-or-may-not occur kind of) future events that could influence the outcome of a project. For an event to qualify as a risk, there are two basic criteria that must be met. The qualifiers for a risk, therefore, are
  • It certainly has to be a future event. It should not have already occurred, nor should it be currently occurring. If it has already occurred or is currently in progress, then it is an issue and not a risk.
  • It has to have a certain degree of uncertainty (probability factor) attached to its occurrence. If the occurrence of an event is an absolute certainty no matter what, then (even if it is a future event) it is not a risk. It is a future issue waiting to happen.
Risks could be either positive (opportunities) or negative (threats). Therefore, the focus of Risk Management is to increase the probability and benefits of positive risks (or opportunities), and decrease the probability and affects of the negative risks (or threats).
In theory, risk to successful delivery of the project is at its highest at the beginning of the project and reduces as the project progresses (as decisions are made and deliverables are accepted -PMBOK). However, practically, how well this theory holds good depends on how well Risk Management is performed throughout the lifecycle of the project. This section is aimed at picking apart each of the Risk Management processes, namely,
  1. Risk Planning - *How to conduct risk management activities
  2. Risk Identification - *Determine which risks may affect the project and documenting their characteristics
  3. Risk Analysis (Qualitative and Quantitative) - Prioritization based on probability/impact analysis (Qualitative), and numerical analysis of effects (Quantitative)
  4. Risk Response - *Develop options and actions to enhance opportunities, and reduce threats
  5. Risk Monitoring and Control - *Implementing risk response plans, tracking risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness.
The section analyzes each of the above processes and explores their Why, What, When, How and Who aspects. Wherever possible, I intend adding some samples and templates that served me well in my career.
Key Note: Effective Risk Management, like any other Project Management discipline, is not a one man (PM) show. It is most effective as a team effort. Each member of the team owns the responsibility of (at least some of) the aspects of the Risk Management. However, the overall "accountability" still rests with the Project Manager - for, the project manager is the biggest stakeholder in a project (her or his entire career/professional life may very well depend on the success of this one project).
A general and overall "How to" practice effective risk management is articulated in the Risk Management page under Project Management section of this website.