RISK MANAGEMENT PLAN Part 1.
Risk is defined as an event that has a probability of occurring, and could have
either a positive or negative impact to a project should that risk occur. A risk may
have one or more causes and, if it occurs, one or more impacts. For example, a
cause may be requiring an environmental permit to do work, or having limited
personnel assigned to design the project. The risk event is that the permitting
agency may take longer than planned to issue a permit, or the assigned personnel
available and assigned may not be adequate for the activity. If either of these
uncertain events occurs, there may be an impact on the project cost, schedule or
performance. All projects assume some element of risk, and it’s through risk
management where tools and techniques are applied to monitor and track those
events that have the potential to impact the outcome of a project.
Risk management is an ongoing process that continues through the life of a
project. It includes processes for risk management planning, identification,
analysis, monitoring and control. Many of these processes are updated
throughout the project lifecycle as new risks can be identified at any time. It’s the
objective of risk management to decrease the probability and impact of events
adverse to the project. On the other hand, any event that could have a positive
impact should be exploited.
The identification of risk normally starts before the project is initiated, and the
number of risks increase as the project matures through the lifecycle. When a risk
is identified, it’s first assessed to ascertain the probability of occurring, the degree
of impact to the schedule, scope, cost, and quality, and then prioritized. Risk
events may impact only one or while others may impact the project in multiple
impact categories. The probability of occurrence, number of categories impacted
and the degree (high, medium, low) to which they impact the project will be the
basis for assigning the risk priority. All identifiable risks should be entered into a
risk register, and documented as a risk statement.
As part of documenting a risk, two other important items need to be addressed.
The first is mitigation steps that can be taken to lessen the probability of the event
occurring. The second is a contingency plan, or a series of activities that should
take place either prior to, or when the event occurs. Mitigation actions frequently
have a cost. Sometimes the cost of mitigating the risk can exceed the cost of
assuming the risk and incurring the consequences. It is important to evaluate the
probability and impact of each risk against the mitigation strategy cost before
deciding to implement a contingency plan. Contingency plans implemented prior
to the risk occurring are pre-emptive actions intended to reduce the impact or
remove the risk in its entirety. Contingency plans implemented after a risk occurs
can usually only lessen the impact.