Whether you are new to risk management or reviewing what you currently have in your business, it’s a good idea to start with risk management planning. This is the first step in creating a risk management approach that is tailored to your organization and that supports your project management community and your business goals.
Let’s look at the 5 steps involved in risk management planning. These are laid out in sequence, but in practice you’ll be looking at and implementing these steps in parallel. Some steps will take longer to work through than others, but they are all equally useful in putting together your risk management approach.
Step 1. Understand Business Drivers
The first step in risk management planning is to fully understand the business drivers. These help you establish what the best risk approach would be for your organization. For example, in the case of a risk averse organization, your risk management plan may have lower levels of tolerance, more proactive management of risks and great senior management oversight.
In organizations with a higher tolerance for risk that balance would be different.
Equally, if the business drivers and corporate strategy set out aggressive targets in one area but a more measured approach in others, you may have certain risk preferences for one category of project and a different approach in use for other projects.
Getting clarity on this and making the link between your risk management plans and company strategy will help you create an approach that fits your business.
Step 2. Define Risk Processes
As part of your planning you’ll need to work out what risk processes are going to be appropriate for your organization. This step ensures that everyone has clarity on the process to be followed and the tools that are going to be used.
Your Project Management Office can help implement the processes and procedures required across the project management community. They can also tailor the processes so they are a perfect fit for the kind of work you do and the level of governance that’s appropriate for your initiatives.
Whether you go for an enterprise-grade risk management tool with Monte Carlo simulation capability or something more straightforward like a simple risk log, the tools you use should be fit for purpose, fit for your level of business risk maturity and able to give you the information you need to make the right decisions.
In this step you will also define the standards for the types of information about risk that you expect teams to gather and what quality parameters are acceptable. It’s helpful to have some sample risks or completed documentation so that project teams can see how it works in real life through a case study or completed templates, for example. Then it’s easier to see what’s expected and you set the expectation for that standard throughout the project management team.
Step 3. Understand Project Objectives
A further input to risk planning is understanding the project objectives, goals and constraints. In this step you are looking at the project context so that your project team members gain clarity about how best to implement the risk management approach on this particular project.
Your project objectives should be documented in the business case or Project Charter. This is the first place to look for constraints about how risks should be managed at the project or program level.
Ideally if you are planning risk management across the business, you’ll want to review objectives for all current projects within the portfolio with a view to learning more about the types of process that would best support those existing initiatives.
Step 4. Understand Project Approach
With the objectives clear, it’s time to look at the approach for delivering this project. The risk plan that you’ll want to put in place will heavily depend upon the project schedule and cost estimates for the individual project.
Your project approach – the methodology you deploy for delivery – will also influence the risk management that you undertake. A project within an agile framework needs a risk management plan that supports the way the team will work, just as a traditionally delivered waterfall development project would need the equivalent planned approach for that environment.
Step 5. Involve the Leadership Team
The leadership team: the project manager, risk manager and other key business stakeholders, should be involved in risk planning. They have a crucial role to play in the success of the project and risk management is a fundamental part of that.
In this step you’ll define the roles and responsibilities for risk management activities including what part the senior leadership team have to play. Their involvement is important to ensure that decisions are made at the correct level and that there is a clear escalation route.
Involving them also sets the expectation that risk management is an important activity in the project life cycle and that it has business benefits that reach further than the simple delivery of the project outcome. That’s a good mindset to have and it reinforces the culture of tackling risk proactively.
It also commits your key stakeholders to the risk process. When the roles and responsibilities are clear, it’s easier to hold people accountable for their part in the process.
Risk management planning, both at a project level and at an enterprise level, doesn’t have to be complicated. When you break it down into manageable steps and you are supported by tools that help your teams do the job, with processes that encourage success instead of creating unnecessary bureaucracy, then you start to see the benefits quickly.
How are you going to set up your risk management processes for success?