|
home | strategy development | strategy
skills | site
index | access
keys
Managing risks
>
in practice
The project plan should contain an analysis of risks to
the project itself. There are a number of potential risks which can hamper
a project including necessary changes to the project time scale, budget
cuts, staff problems or shortages or, more fundamentally, that the sponsor
changes his/her mind as to the objective or scope of the project.
The aim of the risk assessment is to identify and
assess these threats to successful project delivery. This will enable the
team to identify actions to help avoid or reduce the potential damage.
The risk assessment should identify and describe
possible risks to each task identified in the project management plan.
This can be done by brainstorming (perhaps at the initial project
away-day) and by speaking with others who have worked on similar projects
or issues.
The analysis should identify the probability of the risk occurring
(High/Low) and the potential impact of the risk on project objectives
(High/Low), as shown on the diagram below.
A risk log can be maintained to capture and actively
manage risks to the project, and could contain:
- A unique reference for each risk identified
- A description of the risk to the project
- A description of the impact on the project should the risk
materialise
- The proximity of the risk, which is an estimation of time-scale for
when the risk might materialise
- The likelihood of the risk occurring. This could be a mathematical
calculation, or a simpler High, Medium, Low classification
- The severity of the risk - categories for severity might be Critical
(that is, adverse effect such that continuation of the project is
unacceptable), Major, Significant, and Minor
- The risk owner - each risk should be assigned to an individual who
is best placed to monitor it and manage any necessary actions
- The response to the risk which either reduces the probability of the
risk happening or reduces the damaging effects of the risk should it
happen
- The current status of the risk itself and progress of any actions
relating to the management of the risk.
A risk log should be reviewed and updated regularly. References
The Risk Support Team
at HM Treasury are responsible for implementing the Strategy Unit
report on handling risk in government and provides guidance on all
aspects of risk management, including the Principles of Managing
Risks to the Public.
Managing risks
In Practice: SU GM Crops Project
The SU GM Crops project formed one strand of a
highly-charged and controversial dialogue around the role of GM technology
in the UK. This had the two-fold impact of (1) increasing the number of
risks faced by the project, and (2) raising the stakes in the event of
things going wrong. In this context, active management of risks was
essential.
The team worked together to identify risks and to
assign to them both impacts and probabilities. The possible consequences
of each risk were identified, and responsibility for preventative actions
assigned to specific team members. Risks varied from the relatively
prosaic - e.g. team members leaving part-way through the project (which
happened twice in this instance) - to the much more dramatic - e.g.
the US bringing a case against the EU under the WTO, in respect of policy
on GM (which happened towards the end of the project).
Many of the risks identified in the risk register came
to pass during the project. The fact that the team had already thought
about these risks undoubtedly made them easier to deal with, although the
use of a risk register in itself was not a panacea. For example:
- In several cases the team's assessment of impact or probability
proved inaccurate. For example, the early departure of team members
was classed as medium / high impact but only medium probability - in
the event, two team members left early, but the impact if anything was
positive, because it enabled different skills to be brought into the
project at different stages.
- Even where risks were identified, it was not always possible to
mitigate against them or to deal effectively with the consequences.
For example, the availability of good data from the parallel Science
Review was identified early on as a key risk. But despite best efforts
from the SU and the Science Review team, the timing of the two strands
restricted the opportunities for data-sharing.
- Some risks were missed completely - partly because the team did
not keep the risk register fully up to date. For example, the team
failed to identify and prepare for the impact of a reshuffle of
Ministers on the governance of the project.
Overall, however, the use of active risk management
techniques enabled the team to steer a successful course through a
potential minefield, relatively unscathed.
|
^ top
|
