Risk is inherent in any business and a certain amount of risk taking is valuable and inevitable in order for businesses to compete and reach their objectives. The objective of managing risk then is to limit adverse outcomes and achieve desired outcomes. However, like anything we do successfully, risk factors must be analyzed, measured, and weighted relative to gains and losses, priorities, regulations, and market conditions. Within the project environment, project managers must ensure that during the project planning and implementation stages team members and key stakeholders perform a thorough and continuous risk management function. A risk management function includes risk policy, risk abatement, and contingency planning and execution.

Effective risk management helps to improve project performance and achievement relative to the triple constraints of time, cost, and quality. In addition, project managers and team members can anticipate experiencing the following benefits:

1. Fewer surprises.
2. Improved completion of deliverables.
3. More effective change management.
4. Improved decision making throughout the stakeholder community. Ability and time to be innovative instead of reactive.

Critical Success Factors For Managing Risk

Managing risk is more than a procedure and method within the project environment. When viewed in the broader context, risk management is a business strategy within a company's set of programs and objectives. It is therefore critical to the success of both the project and the company's business objectives that a risk management policy be created and implemented. Listed below are some essential success factors that are shared among risk management programs.

1. Set a risk management policy that governs the major types of corporate projects such as, operations, R&D, regulatory, IS, and HR. Establish repeatable process, procedures, and benefits of the policy and link the policy to company objectives.

2. Establish a senior risk owner, often referred to as SRO-for exceptional and escalated risks that have far reaching consequences. The SRO owns implementation and completion of the risk management process.

3. Establish risk owners for the day to day risks typically encountered within a project. This is often referred to as ERO-everyday risk owner.

4. Analyze and weight the company's ability to realistically achieve or mitigate the anticipated risk.

5. Create a reporting structure and referral structure for major "show stopping" problems.

6. Communicate a clear, shared understanding of risk across the organization, at all impacted levels, and with key partners within the stakeholder community. This is beyond the day to day communication need fulfillment. This is a crucial communication that must be understood and shared.

7. Analyze and weight risk within the larger context of the company's current projects and business.

8. Train project managers, team members, RSO, ERO, and key stakeholders in risk policy and execution.

9. Identify risks associated with working with other organizations and third parties.

10. Regularly monitor and review risks.

11. Factor in "risk allowances" based on risk assessments in project plans relative to time, costs, and quality.

12. Establish a continuity plan in the event the greatest risk is realized. How will the company/ department continue forward?

Nuts and Bolts Of Risk Management

Anticipating and planning for risk requires project managers analyze the impact and probability of the risk events occurring and how that sequence of events may or may not affect key elements of the project. Risk has varying degrees of threshold; in other words, risk comes with both good and bad outcomes. Based on the key objectives of the company and the project, about 10-15 of risks should be analyzed against those objectives. When risks have been short listed to the critical list, then those risks should be monitored and assessed relative to the risk management policy and procedures. It is critical that team members have access to current information that may or may not affect the identified risks, or create new risks that had not been anticipated earlier. In addition to a clear risk management policy, it is important that the project manager ensure that assignment of responsibility is clear for managing and reporting risk to the SRO and ERO. Clear audit trails and reporting of decisions and actions must be document by the project manager to ensure the embodiment of the risk management policy. There are essentially four responses to a risk event. It is up to the project manager and project's key stakeholders to respond to the risk event thoughtfully and carefully without unnecessary protracting or expediting the event. The four responses to risk are:

1. Transfer it
2. Tolerate it
3. Terminate it
4. Treat it