Common Risk Assessment Techniques – The Pros and Cons
A core component of risk management is being able to assess the impact a risk could have on your project or business. Once you’ve identified a risk, you need to gather more information about it and use your professional judgement, amongst other data-driven tools, to think strategically about how it might affect the project.
There are lots of different risk assessment techniques. In this article we’ll look at the advantages and disadvantages of:
- Questionnaires and checklists
- Workshops and brainstorming
- Inspection and audit.
All these techniques have a place in your risk assessment processes. Choosing the right type of assessment tool for the risk and project will give you a more robust approach to dealing with the risk.
Questionnaires and checklists
Many PMOs have a set of standard questions they use to help assess risk, whether that’s simply ‘how much of an impact will this risk have on project budget, resources, schedule and quality?’ or a more substantive checklist.
Advantages of questionnaires include:
- Each risk is assessed against the same criteria
- There is a standard and repeatable process
- Assessed risks can easily be compared between projects.
Disadvantages of questionnaires and checklists, especially those with ‘multiple choice’ style answers include:
- They limit the project team in response, which might end up with forcing a risk into a particular category even when there is a justifiable reason for including it elsewhere
- Strategic risk may not easily fit into the common categories of time, cost and quality
- The survey-style lends itself to being completed by an individual for speed, whereas complex risks could be better assessed by a team.
The main advantage of using a standard set of questions is that all risks are initially assessed against the same criteria. Let’s say financial impact is important to you. You’ll have a question about the financial impact of the risk, probably with a set of standard answers that categorizes the risk by potential cost.
However, the questions on a checklist are naturally limiting. You ask the questions and that’s it, risk assessment done. For some risks, that’s enough. For others that are more complex or that have interdependencies on other risks within or outside of the project, you’d want to be able to go further than a standard, simple set of risk assessment questions would allow.
Tip: The questions in your risk assessment checklist are based on what was important to the organization at the time it was put together. They cover what the risk team knew at the time and how they thought it was best to assess risk. That may well still be adequate, but it would be useful to have the assessment questions under review so you can adapt and improve them as risk maturity increases.
Workshops and brainstorming sessions
Another popular risk assessment technique is to use workshops and facilitated discussions to brainstorm both risks and what you might do about them. These are good ways to get the team in a room and use their subject matter expertise to develop a rounded risk management approach.
Advantages of risk workshops include:
- You have dedicated time to discuss each risk
- You can assess the impact over a number of functional areas as everyone is in the discussion together
- You can let the conversation develop naturally which might mean more risks are uncovered.
Disadvantages of workshops and brainstorming sessions include:
- You’ll still need a way to assess and categorize the risk once it has been discussed and everyone needs to agree on that
- Some voices will be louder than others so active facilitation is required to ensure all points of view are heard.
Inspection and audit
Finally, inspection and audit are common ways to assess risk. Products and processes are reviewed to see how they perform. You can use a flow chart to standardize the approach to doing an assessment, making sure each product is assessed in a comparable way.
Risk-based auditing means the team focuses on what is most important. Involving the team in the inspection could also lead to uncovering more risks and helping improve the solution.
The advantages of inspection and audit for risk are:
- You get physical evidence of performance so you don’t simply have to rely on professional judgement
- Often the dependencies between risks are clearer when there’s a physical product to look at because the ‘journey’ feels more tangible
- Iterating the solution after the inspection or audit may lead to improvements
- It’s a structured approach that is easy to replicate across projects.
The disadvantages of inspection and audit for risk are:
- It can be time-consuming which can add delays to the project schedule
- You need something to audit, so it isn’t as useful at the beginning of the project where the product hasn’t yet been created
- If the wrong people are involved you might not get a good result.
However, it’s difficult to inspect strategic and reputational risk. Anything that’s even slightly abstract won’t work well with an audit approach.
There’s no right or wrong technique for risk assessment – instead, it helps to have a range of approaches in your toolbox so you can select the most appropriate technique each time. As you undertake risk maturity assessments, you’ll develop action plans for moving forward and increasing the range of tools in use across the organization.