Risk is an unplanned event that may, or may not, occur. This event is commonly considered negative but can, in fact, be positive. Frequently the success of a project hinges on the ability of the team to predict a particular outcome but as risks are inherently unpredictable, it is important to try to control them and make them as predictable as possible. Basic risk management is a process that follows 4 main steps:
1. Risk Identification
2. Risk Quantification
3. Risk Response
4. Risk Control
Risks are usually labelled as, (1) pure risk, (2) business risk, or (3) opportunity, and they all fall into 2 over-arching categories which are the “known unknowns” and the “unknown unknowns”. Pure risks have only bad or negative outcomes, business risks can be good or bad, and opportunities have only positive outcomes. The known unknowns are those we identify and the unknown unknowns are those that can’t be anticipated at all.
The main characteristic of risk is uncertainty. An easy way to think about risk in a project is to consider them as tasks that may or may not have to be included in the project work. The amount of uncertainty tied to any one risk usually comes down to knowledge about it – the more we know, the less uncertainty, and certainty is always the goal for project success.
Risk management must be a consideration throughout the life of a project. It’s important to identify risks early and not to forget them in the excitement of launching a new project. They may seem like issues to deal with far into the future but they need to be documented in the risk register early so as much knowledge as possible can be obtained before they may have to be dealt with.
A common method of quantifying risks is considering impact and probability, meaning how likely is it to happen and how much will it hurt. Very high probability and very low impact risks, as well as those with very low probability and very high impact should be of much less concern than those that fall in between. The combination of impact and probability determine how important the risk is and determines its severity. The goal here is to establish a way of arranging the risks in a hierarchical order. When the probability and impact have been accurately estimated, the product of combining them is the expected value of the risk. Ie., Risk A has a dollar value (if it occurs) of $100,000. The probability of it occurring is 20% (or 0.20). The value of the risk is $20,000. This value should then be included in the budget reserve. It’s important to note that risk values are never included in the operating budget.
Risk tolerance plays a role in determining the response and the amount of control imposed during the risk management process. This can vary wildly by individual and company and the important to point to note here is that tolerance should be monitored throughout the project as stakeholders risk tolerance or appetite can, and usually does, change throughout the life of the project.
Flexibility, adaptability, and agility are key to responding to risks… planning, predicting and forecasting are more important to managing risk. In an ever changing world, where volatility and unpredictability are now the name of the game, successful risk management will continue to be a key driver to project success.
Adam Clarke
Project Manager
Tate Engineering Inc.