Risk assessment involves measuring the probability that a risk will become a reality. Impact analysis involves measuring the sensitivity of the project to each identified risk.
The key questions to consider here are:
- What is the risk – how will I recognise it if it becomes a reality?
- What is the probability of it happening – high, medium or low?
- How serious a threat does it pose to the project – high, medium or low?
- What are the signals or triggers that we should be looking out for?
A risk assessed as ‘highly likely’ to happen and as having a ‘high impact’ on the project will obviously need closer attention than a risk that is low in terms of both probability and impact.
Strategies for dealing with risks in project management include:
- risk avoidance – for example, where costs outweigh benefits, you may decide to refuse a contract;
- risk reduction – for example, regular reviews can reduce the likelihood of an end-product being unacceptable;
- risk protection – for example, taking out insurance against particular eventualities;
- risk management – for example, making use of written agreements in areas of potential disagreement;
- risk transfer – passing the responsibility for a difficult task within a project to another organisation with more experience in that field.
A risk log should be started for the project at an early stage. This is a list of all the identified risks, together with an assessment of their probability and impact, and contingency plans for dealing with them should they become a reality.