Risk Management Tools and Techniques

Risk is normal within any project, how it is mitigated needs to be the focus, when a risk is not controlled it can cause no end of project pain. Welcome to risk management, which is as important as planning to making sure a project comes in on time, within budget and of quality. The better a project manager identifies and responds to risk, the better the outcome. That’s why there are never enough risk management tools and techniques to have at your disposal when planning for a project.

The following are some of the best risk management tools and techniques that professional project managers use to manage their projects against the inevitable risks, issues and changes.

Brain storming is the first, to begin the brainstorming process, there must be an assessment of the risks that could impact the project. This starts with reviewing the project documentation, looking over historic data and lessons learned from similar projects, reading over articles and organizational process assets. Anything that can provide insight into issues that might occur during the execution of the project. Once research has completed, start brainstorming with anyone who might have insight.

A variant of this is the Delphi technique, which is when a request is sent to experts and they reply anonymously. Or the project manager can interview experts, team members, stakeholders and others with experience in similar projects.

Another tool is the root cause, or another way to say the essence of something. Therefore, root because analysis is a systematic process used to identify the fundamental risks that are embedded in the project. This is a tool that says good management is not only responsive but preventative.

Often root cause analysis is used after a problem has already come up. It seeks to address causes rather than symptoms. But it can be applied to assessing risk by going through the goals of any root cause analysis, which ask: What happened? How did it happen? Why did it happen? Once those questions are addressed, develop a plan of action to prevent it from happening again.

The SWOT process, or strengths, weaknesses, opportunities, threats, is another tool to help with identifying risks. To apply this tool, go through the acronym.

Begin with strengths and determine what those are as related to the project (though this can work on an organization-level, too). Next, list the weaknesses or things that could be improved or are missing from the project. This is where the likelihood of negative risk will raise its head, while positive risk come from the identification of strengths. Opportunities are another way of referring to positive risks and threats are negative risks.

When collecting SWOT, illustrate findings in a four-square grid. The top of the square has strengths to the left and weaknesses to the right. Below that is opportunities to the left and threats to the right. The left-hand side is helpful to achieving the objective of the project and those on the right-hand side are harmful to achieving the objective of the project. This allows for analysis and cross-reference.

The risk assessment template for IT although primarily developed for IT projects, it can be expanded to speak to any project. An IT risk assessment template offers a numbered listing of the risks, to keep them in order, and then an out that risk is and the control environment. It basically provides a space in which to collect the risks of a project, which is also helpful when executing the project and tracking any risks that become reality.

One of the aspects of the risk assessment template for IT is that the spreadsheet has a built-in calculator that figures out the likelihood of a risk in fact occurring and then multiples that against the impact it would have on the project or the organization. This way, a project manager knows the potential harm of the risk and so can prioritize their response to it if or when the risk happens.

The risk register, is similar to the risk assessment template for IT. It also is a list to track risk, a tool that can be as simple as a spreadsheet or as dynamic as project management software. Basically, what a risk register does is identify and describe the list. It then will provide space to explain the potential impact on the project and what the planned response is for dealing with the risk, if it occurs. Furthermore, the risk register allows a project manager to prioritize the risk, assign an owner responsible for resolving it and gives a place to add notes as needed.

The risk register is a strategic tool to control risk in a project. It works to gather the data on what risks the team expects and then a way to respond proactively if they do show up in the project. It has already mapped out a path forward to keep the project from falling behind schedule or going over budget.

Another tool for project managers is the probability and impact matrix. It helps prioritize risk, which is important, as time should not be wasted chasing a small risk and exhaust resources. This technique combines the probability and impact scores of individual risks and then ranks them in terms of their severity. This way each risk is understood in context to the larger project, so if one does occur, there’s a plan in place to respond or not.

The matrix is a box, broken up in probability on the left, ranging from rare on top to very likely on the bottom. The top is the impact, going from trivial on the left to extreme on the right. The individual boxes then are colored, so that the top left corner is green for low risk. The middle, rising from the bottom left corner to the top right corner is yellow for medium risk. The bottom right corner is red for high risk. This provides a road toward reaching a priority list that gives project managers the head’s up as to when to act and when they can keep a risk on the back burner of a project.

With a risk data quality assessment technique, project managers use data that has been collated for the risks they’ve identified. This is used to then find the level to which information about the risk is relevant to the project manager. It helps the project manager understand the accuracy, reliability, quality and integrity of the risk as related to the collected data about it.

For each risk listed, the risk data quality assessment requires that the project manager determine the extent of the understanding of the risk, collect what data is available, what the quality and reliability is for that data and its integrity. It is only by examining these parameters of the risk can an accurate assessment be reached.

Whichever of the above tools or technique are considered, they are exponentially helped when using one of the available tools found in Projectmanagemenetcompanion.com. Having the risk assessment and tracking tool in a larger project management software keeps everything under one roof and accessible to the whole project team.