the likelihood that your project will be successful. Risk in the Context of a Project Review Conducting a risk review during a project is an opportunity to revisit the issues and risks the project faces throughout its life cycle. Interviews with project staff and key users should yield an assessment of overall risk that needs to be managed. Bringing issues forward also helps the project team take action while there is time for proactive adjustments. Identifying Potential Risks Begin with a risk assessment to determine the following: What risks exist The potential sources of risk The probability of those risks occurring The impact such risks would have on the project. Risk assessment is used to develop: The risk avoidance plan that determines the actions that will be taken to avoid risk The risk contingency plan that determines the alternative actions that will be taken if the risk impacts occur. Risk assessment also defines an owner for each risk. Risk Analysis-1 Risk analysis is: Evaluating possible risks for the probability of occurrence Describing the potential impact Estimating the severity of that impact. For each risk, the project manager assigns a probability ranking (avoidable, manageable, unavoidable, unknown) along with identification of the first possible impact date. Risk Analysis-2 Risk analysis should describe: The risk impact What will happen if the risk occurs. Both tangible (i.e., financial) and intangible (i.e., client satisfaction, morale) results should be considered when describing the impact of a risk. Risk Analysis-3 Define impact severity: Low means you can work around the problem. Medium indicates that you cannot work around the problem. However, the risk item does not impact milestones or project targets. High means that risk do not have workarounds and will definitely impact the projects milestones, targets, or even its success. Risk Analysis-4 Risks should be prioritized for further analysis and development, based on: Probability Impact date Severity Risk Avoidance Techniques Create the worst case scenario by holding a project review meeting with your project team. Interview people and hold individual meetings to discuss the findings. Prepare a risk questionnaire, distribute it, and study the findings. Perform a decision tree analysis, using software to help you. Prepare a risk log in which you list and itemize all known risks. Risk Identification-1 Technical risks: These risks are technical in nature Are the result of complexity, integration issues or technology Project managers need to be certain they have the skills needed to deal with or mitigate any problems that can arise here. Risk Identification-2 Financial risks: Include threats to the project budget. Unforeseen things that cause cost overruns. Schedule risks: Factors that delay the project, potentially delaying the planned finish date. Often related to financial and schedule risks in that delays often incur financial penalties and risks of delay can usually be removed, but at a financial cost. Risk Identification-3 Internal risks (sometimes called project risks): These risks come from the project itself. They include factors such as delays in carrying out scheduled work, errors by project team members, technical failures, etc. These are risks that a project manager can control and is in the position to manage. Risk Identification-4 External risks (sometimes referred to as business risks): These are threats to the project that come from the external environment (i.e., act of God, war, terrorism, changes in the law, recession, etc.) These risks are totally outside the control of the project manager. Risk Reporting Risks should be reported throughout the project. A process should be established to report risks to the necessary persons within the company (also to the clients company). Periodic risk meetings should be set up as early in the project as possible and should be held on a regular basis. Top priority risks should be reported in weekly status reports along with current status of project completion. Risk Mitigation-1 Risk mitigation is the process of creating strategies to minimize the impact of risks on a project. Mitigation strategies should determine the highest risk and its associated priorities first. For lower types of risk, the strategy might be to take no action or prepare a contingency plan just in case. Risk Mitigation-2 Develop mitigation strategies: Define the approach or steps to take. Identify contingency plans for a worst-case scenario. Assign responsible parties to each risk. Define the closure date and necessary criteria.