What Are the 5 Risk Management Steps in a Sound Risk Management Process?

By | March 15, 2017

As a project manager or team member, you manage risk on a daily basis; it’s one of the most important things you do. If you learn how to apply a systematic risk management process, and put into action the core 5 risk management steps, then your projects will run more smoothly and be a positive experience for everyone involved.

A common definition of risk is an uncertain event that, if it occurs, can have a positive or negative effect on a project’s goals. The potential for a risk to have a positive or negative effect is an important concept. Why? Because it is natural to fall into the trap of thinking that risks have inherently negative effects. If you are also open to those risks that create positive opportunities, you can make your project streamlined, smarter and more profitable. Think of the adage – “Accept the inevitable and turn it to your advantage.” That is what you do when you mine project risks to create opportunities.

Uncertainty is at the heart of risk. You may be unsure if an event is likely to occur or not. Also, you may be uncertain what its consequences would be if it did occur. Likelihood – the probability of an event occurring, and consequence – the impact or outcome of an event, are the two components that characterize the magnitude of the risk.

All risk management processes follow the same 5 basic steps, although sometimes different jargon is used to describe these steps. Together these risk management steps combine to deliver a simple and effective risk management process.

Step 1: Identify. You and your team uncover, recognise and describe risks that might affect your project or its outcomes. There are a number of techniques you can use to find project risks. During this step you start to prepare your Project Risk Register.

Step 2: Analyze. Once risks are identified you determine the likelihood and consequence of each risk. You develop an understanding of the nature of the risk and its potential to affect project goals. This information is also input to your Project Risk Register.

Step 3: Evaluate or Rank. You evaluate or rank the risk by determining the risk magnitude, which is the combination of likelihood and consequence. You make decisions about whether the risk is acceptable or whether it is serious enough to warrant treatment. These risk rankings are also added to your Project Risk Register.

Step 4: Treat. This is also called Risk Response Planning. During this step you assess your highest ranked risks and set out a plan to treat or change them to achieve acceptable risk levels. How can you minimize the probability of the negative risks as well as enhancing the opportunities? You create mitigation strategies, preventive plans and contingency plans in this step. And you add the treatment measures for the highest ranking or most serious risks to the Project Risk Register.

Step 5: Monitor and Review. This is the step where you take your Project Risk Register and use it to check, track and review risks.

Risk is about uncertainty. If you put a framework around that uncertainty, then you effectively de-risk your project. And that means you can move much more confidently to achieve your project goals. By identifying and managing a comprehensive list of project risks, unpleasant surprises and barriers can be reduced and golden opportunities discovered. The risk management process also helps to resolve problems when they occur, because those problems have been envisaged and plans to treat them have already been developed and agreed. You avoid impulsive reactions and going into “fire-fighting” mode to rectify problems that could have been anticipated. This makes for happier, less stressed project teams and stakeholders. The end result is that you minimize the impacts of project threats and capture the opportunities that occur.

Vivian Kloosterman is the founder of Continuing Professional Development with over 30 years of professional experience in the fields of professional engineering, business leadership, governance, risk management and project management.