- Risk is defined as “An uncertain event or condition that, if it occurs, has a positive or negative effect on the project objectives.”
- Project risk management includes the processes of conducting risk management planning, identification, analysis, response planning, and monitoring and control on a project. The objectives of Project Risk Management are to increase the probability and impact of positive events, and decrease the probability and impact of events adverse to the project. There are seven steps to be followed in Risk management they are shown in following Diagram:-
- Risk Planning: Risk planning is the first step and begins a firm commitment to the entire risk management approach from all project stakeholders. The resource may include time, people, and technology for plan properly and for mange the various risk of the IT projects. Stakeholder also must be committed to the process of identifying, analysing and responding to threats and opportunities. Risk planning also focus on preparation.
- Risk Identification: the next step in Risk Management Planning is to identifying the various risks in project. Both threats and opportunities must be identified. When identifying threats to a project, they must be identified clearly so that the true problem,
not just a symptom, is addressed. The causes and effects of each risk must be understood so that effective strategies and response can be made. It is important to keep in mind that project risks are rarely isolated. Risks tend to be interrelated and affect the project and its stakeholders differently.
- Risks Assessment: once the project risk has been identified and their causes and effects understood, the next step is requires that is analyze risks. To basic question to be ask, what is the likelihood of a particular risk occurring? And what is the impact on the project if it does occur? Risk assessment provides a basic understanding hoe t deal with project risks. To answer these, qualitative and quantitative approaches can be used. Assessing this risk helps the project manger and other stakeholders prioritize and formulate response to those risks that provides the greatest threat or opportunity to the project.
- Risk Strategies: the next step in risk planning processes is to determine how to deal with various project risks. In addition to resources constraints, an appropriate strategy will be determined by the project stakeholders. A project risk strategy will focus on one of the following negative risks
- Accept or ignore the risk.
- Avoid the risk completely.
- Reduce the likelihood or impact of the risk.
Transfer the risk to someone else.
Approaches for positive:
- Sharing ownership
- Enhancement of the probability of the impact
- Accept and take advantage.
- Risk Monitoring and control: once the salient project have been identified and appropriate responses formulated, the next step entails scanning the project environment so that both identified and unidentified threats and opportunities can be followed, much like a radar screen follows ships.
- Risk Response: Risk monitoring and control provide a mechanism for scanning the project environment for risks, but the risk owner must commit resources and take action once a risk threat is made known.
Risk Evaluation: Responses to risks and the experience gained provide keys to learning. A formal and documented evaluation of a risk provides the basis for lessons learned and lays the foundation for identifying best practices. It should focus on following question
How did we do?
- What can we do better next time?
- What lessons did we learn?
What best practices can be incorporated in the risk management processes?
The risk planning is cyclical because the evaluation of the risk responses and the risk planning process can influence how an organization will plan, prepare, and commit to IT risk management.