Project Management Report - RisksAn important part of any Project Management Report are the Project Risks which will be covered in more detail later in Project Management Risks.
Project Management Risk ReportingEssentially in your Project Management Report you should only detail the new, updated or important Risks. Unfortunately whilst this might seem like quite an easy thing to do, the amount of detail required when a Risk is raised means this can quickly become an onerous task, as you will see below.
Now you may well be looking at the number of columns which need to be filled in and be thinking “Wow” or something a little less polite. But don’t worry, that was exactly my reaction when I saw it as well.
The good news is that this is probably the most onerous way of raising a Risk I have ever come across in all my years as a Project Manager, so there is a good chance that wherever you work, it will be an infinitely easier process.
However if it isn’t then the columns have the following meanings and should be filled in accordingly.
Risk NoThis is the Number which you have assigned to the Risk
StatusThis can have one of three status’s which are:
Please note that the Occurred Status does happen. A major Risk which simply could not be mitigated actually happened on a Project I was running and it had to be shut down as a result.
Date RaisedThe date the Risk was raised. Do not forget to put down the year as well as the month!
Description of RiskHere you would include a brief description of the Risk. For example:
"There is a risk that sufficiently experience resources will not be ring fenced to work on the project with the result that the project will be unable to deliver to the deadlines required."
IThis stands for Impact and the numbers 1-8 relate to how big a financial impact in terms of potential profit before tax the Risk would have on the project if it occurred. Obviously how these bandings are defined depends on the Company you work at. However as an example Rating 1 could equate to between $0 to $50k and Rating 8, the most serious could equate to $40m+.
LThis stands for Likelihood and the numbers 1-5 relate to the probability that the Risk will happen. So Rating 1 would normally equate to Rare and Rating 5 to Almost Certain.
Risk LevelThis is normally automatically generated by multiplying the Rating you have given to Impact by the Likelihood. So for example if the Risk above had been given an Impact Rating of 3 and a Likelihood Rating of 2 then the overall Risk Level would be 6 ie Low. ,p> The Risk Levels Ratings usually equate to the following:
Please note that any Risk which is usually Over 9 would have to be escalated upwards immediately to either the PMO, or Programme / Project Board. Of course this depends on where you work at as some Companies will have a higher or lower level at which Risks need to be escalated. It really depends on how much of an overhead the PMO want to bear in keeping track of numerous Risks which may or may not impact the Programme going forward.
Existing ControlsThis is where you state what is currently being done to reduce the Risk from occurring.
Controlled Impact AnalysisThis operates in exactly the same way as Absolute Impact Analysis above. The only difference is that you would score the Impact and Likelihood Rating based upon the Existing Control you have in place. So for example based on the Risk above if your Existing Control is to:
Ensure at least some of the key resources are ring fenced to solely work on the project
Then you would re-rate the Risk based upon these. It should be noted that if there is an Existing Control in place the Impact, Likelihood and Risk Level should be less than it had been for the Absolute Impact Analysis.
Planned TreatmentsThis is basically where you detail what you’re planning to do to reduce the risk. So any contingency planning or controls should go into Description. It basically assumes that the Existing Control is not going to be enough to reduce the Risk, so basically you need to have a back up plan.
The Planned Treatments section operates in exactly the same way as the previous Absolute Impact Analysis Section with the exception of the Category Section next to Description. The Rating for this is:
Treated Impact AnalysisThe Ratings in this section are exactly the same as for the Absolute Impact Analysis Section. However please note that the as with the Controlled Analysis Section, the ratings should be lower as a result of the treatment devised.
Action PlanIn this section you should detail how you are planning on implementing the Planned Treatment already stated. Essentially this is where you state your Action Plan for mitigating the Risk.
Risk OwnerThis is where you detail who the Risk Owner is. It should basically be the person who is most affected by the Risk. So with the Risk example already stated earlier the best person to be the Risk Owner would be the Project Manager. If it were a Commercial or Budgetary Risk then the best person to nominate, depending on the seriousness of the Risk should be the Project Sponsor
Proximity DateThis is the date at which you anticipate the Risk may materialise. It therefore also becomes the date at which the Risk should be re-assessed by the Project Manager.
Stress IndicatorAs the project continues this Indicator becomes more important. This is because this Indicator will specify in more detail exactly what the impact the Risk is having on the project. For example:
Date Occurred or ClosedThis is the date the Risk either happened or it could be closed.
Date Last UpdatedThis is the date the Risk was last updated ie with progress or further mitigation.
Project Management Risk Report TipsHow you rate a Risk depends on how high you want the Risk to be escalated. If you raise a Risk with an Impact rating of 8 then it will undoubtedly be discussed at potentially main board level, so be aware of this when putting down an Impact Rating.
The Risk Owner should be a specific named person rather than a generic resource such as Project Sponsor. This ensures that a specific person is responsible for the Risk and therefore will be held accountable for it’s progression.
Don’t set too many Proximity Dates too close by as it will mean you are reviewing them constantly. Some may need constant reviewing but the more minor one’s will only need monthly reviews at the maximum.
Lastly don’t go mad and raise every possible variations of Risks possible. You may think that this will cover you in all eventualities but this is rarely the case. All it will mean is a huge overhead for you in terms of ongoing work.
In fact I once managed a programme where one project manager felt the need to raise over 300 Risks on his project. The ridiculous thing was that the project failed because of just one Risk which materialised. The Project Manager had been so busy trying to manage all 300, he’d failed to realise the importance of this one Risk and so had taken his eye off the ball.
Sign Up for Our Free
Sign Up for Our Free
Return to top | Home |
Project Management Basics | Project Management Life Cycle | Project Management Documents |
Writing a Project Initiation Document (PID) | Project Management Report | Project Management Plans | Project Risk Management
| Project Management Scope | Project Costs and Budget | Project Resource Management |
Project Communications | Project Software Development | Sitemap | Contact Us |
Original Content Copyright © 2009 My-Project-Management-Expert.com
All other content is in the public domain or is copyright by the credited author.