

Approach to Project Risk Management (PRM)
How do you go about project risk management, and when?
Reactive vs. Proactive - 1
·
First recognize that you can be either
reactive or proactive to project risks. For example, consider this
unlikely but quite possible situation - you are at risk of being shot
at. Conceptually, at least, you have four options. You can:
·
Reactive response:
· Move to avoid the bullet
· Deflect the bullet
· Repair the damage done by the bullet
Reactive vs. Proactive - 2
·
Proactive response:
· You can take steps to avoid being confronted by the person with the gun in the first place
·
Selecting one of the choices from the
"Reactive" list is typically viewed as being
· In Crisis Management mode
· Being proactive is generally the better choice!
·
The point of this example is that
· At no time are you in charge of the bullet (the risk event)
PRM Methodology
·
Like all the other project management
functions
· Project risk management involves a series of logical management steps
· And these steps should be reviewed or repeated at appropriate intervals in the project life span
· First you must recognize potential risk events
· Then you "mitigate" (or offset) them
· At the same time, watching out for opportunities
·
The methodology is best depicted by the
diagram on the following page
Logical Steps

Notes on Logical Steps
PRM Planning
· You can include PRM in your project management but it helps if your organization recognizes PRM with established policies
· Such as appropriate guidelines covering roles and responsibilities, analysis, tolerances and reporting
Risk Identification
· As noted in our previous Issacon, formal PRM should be concerned with possible risk events
· Which may stem from either the management of the project, or the project's technology
Risk Events
Risk events may be either
· Recurring type i.e.
· Relatively predictable
· More easily identified
· Responsive to objective analysis
· Non-recurring, I.e.
· Random
· More difficult to identify with credibility
· Requiring subjective analysis
It's a good idea to separate the two
Risk Analysis
·
The problem frequently is how to deal
with all the potential risks identified
·
Therefore it is beneficial to take the
analysis also in two steps
· Qualitative Analysis
· Identifying which risks we should worry about
· And spend time on
· Quantitative Analysis
· Assessing the impacts should any of those things occur
Responding
·
Having determined which risks require
serious consideration
· Establish an appropriate response for each
·
Make sure the response is activated. That
means:
· Documenting the response plan in each case
· Making sure that the plan is communicated
· Someone is held responsible for maintaining watch
· In the event, the appropriate plan is implemented
· The consequences are documented for future reference
When is the best time to do PRM?
Depending on the type, scale and circumstances of your project:
· A simple impact analysis can reveal valuable information in the conceptual phase of the project
· PRM should certainly be introduced in the definition/ planning phase
· The extent of the exercise depending on the complexity and criticality of the project
· Project risk monitoring and response should be an on-going part of the project's implementation phases
Risk Analysis Summary
