Risk Management in Project Planning: Identifying, Assessing and Mitigating Risks

“With the great project comes Greater Risks.” This quote can be cherry-picked as the substitute in terms of Project Planning rather than expressing the “With great power comes great responsibility” quote of the Spider-Man series. In the previous blog, we discussed the Agile and Waterfall Project Management Methodology. A project is set up with the stipulated time involving human resources matching the criteria of the project to effectuate the desired outcomes. For example, the main motive of the Melamchi Drinking Water Project is to supply daily drinking water to the people of Kathmandu for the remedy of shortage of water in the valley. The project included many people from researchers to laborers and along with the ongoing project or before the project, the risks were identified. The project may also have encountered several risks or challenges such as legal risks, regulatory risks, challenges in the mixing of sewage into drinking water pipes, and many more. Just like the Melamchi Drinking Water Project, many other projects also constitute several kinds of risks, and Risk Management in Project Planning specifies how the members of the project analyze and work for the mitigation of the potential project risks. 


Risk Management is not just about preventing the risks but risk management is the practice of preparing for the risks that can come at any time of the project. It is the process of generating a great plan and preparing the team members and all the stakeholders associated with the project to tackle the risks. Triple Constraint refers to the scope, cost/budget of the project, time or schedule of the project including the components or quality, and throughout the project, different events or changes in the schedule may occur that may invite risks and the project management plan includes various sub-plans such as: 

- Time management plan 

- Scope management plan 

- Budget, Quality, and Change management plan 

- Issues management plan 

- Risk management plan 

There are many kinds of risks in many forms. Some of the common risks that may occur in the project are enumerated below: 

1. Risk of Cost/Budget: There may occur certain events that may impact the budget or cost estimation. 


2. Risk of the Schedule: There may arise certain unplanned scheduling events or conflicts that become the major reason for the project to be delayed and one of the reasons for delay is Scope Creep meaning the unauthorized addition of features or requirements in the project. 


3. Risk of Performance: There may encompass certain events that produce results unmatchable with the project specifications that impact the overall performance in conspectus. 


As we have mentioned above, a risk management plan is the sub-plan of project management, risk management deals with managing potential project risks. A project risk may not constitute the same risk as other projects but as risk management is a proactive process rather than a reactive one, the risks require assessment and mitigation strategies. In a nutshell, it defines how one's project management process will be administered including budget, tools, performance, and several approaches to perform risk management in project planning. Even well-developed and strategic projects will have risks. Hence, the best way to prepare for the risks is to face them head-on and execute proactive planning with the help of risk management processes. 


The risk management plan in the project planning subsumes certain components that are required in the risk management plan that are explained in summarized form below: 

1. Risk Register: It is a chart of documentation about all the risk identification information of the project. 

2. Risk Breakdown Structure: As the name suggests, it is a chart that identifies risk categories and their hierarchies. 

3. Risk Assessment Matrix: It helps in the analysis of the likelihood and the impact of risks in the project for prioritizing basis. 

4. Risk Response Plan: It is a document that elucidates the risk mitigation strategies. 

5. Budget and Timing schedules: Budget is the fund required to perform risk management activities whereas timing schedules refer to the section of schedule for risk management activities. 
 

A risk Management Plan is a proactive plan that delineates how the project team members identify, assess, and mitigate the potential project risks that haven't even occurred yet. There is a series of processes that involve risk management. Some major steps of the risk management plan are explained below:

 

Identification of Risks means enlisting all the potential project risks or events that may directly or indirectly impact the projects’ cost, schedule, or performance. This process is undertaken at the beginning of the project planning as well as throughout the whole project life cycle as well. Depth research is implemented to discover the potential risks. The risk breakdown structure is used for the identification of all the project risks and classification of those risks into various categories such as technical, organizational, legal, or regulatory and again dividing those categories into subcategories such as logistics, budget, technology, artificial challenges, etc. Again, the Risk Register is created for the wholesome information of the project risks. There is a lot of online project management software that abets risk identification and project planning purposes and some of them are the following: 

- MeisterTask 

- Basecamp 

- Nifty 

- ProofHub

- Hive 

- Zoho Projects 

- Trello 

- JIRA 

- Asana 

- Monday.com 

- Wike 

- Adobe workfront 

- Hubstaff 

- LiquidPlanner 

- ClickUp 

- Team Gantt 

- Backlog 

- Celoxis 

- Plutio 

- Projectmanager.com 

- Redmine 

- Smartsheet 


The risk identification process further includes the following steps such as: 

- Interviewing various stakeholders, leaders, experts, and proficient and experienced project managers for the risk topic

- Brainstorming about the potential risks with the team members and seeking the suggestive risks that may hinder the project planning procedure

- Documentation of the assumptions and homologating them based on the verified facts and hypotheses 

- Fabricating the checklists and preparing a risk assessment matrix delegating into various baskets such as high risky, critical, marginal, and less risky.


After the identification process is done, a Risk Register should be maintained that should be ready to reply to the following questions: 

- What is the likelihood of occurrence of the risk event? 

- What will be the impact on the project if the risk appears? 

- Who will be the owner of the risk? 

- What is the priority level for the risk? 

- What will be the risk response plan after the risk occurs? 
 

There should be an assessment of risks i.e. reviewing the qualitative and quantitative impact and severity of the risk that may occur in the project. The analysis should be done on the likelihood of the risk occurrence and its impact on the project if the risk occurs. Scoring the risk likelihood from low to high and mapping out the risk impact from low, medium to high along with assigning the risks a score falls under this process. To understand the risk assessment matrix, the overall risk should be assigned with the multiplication of the impact level score and risk occurrence probability score so that all the project's stakeholders may thoroughly understand the risk assessment matrix. 

In this process, the risk analysis is done depending on the complexity of the project risks enveloping likelihood, and severity of the plan. After the scoring and assessment, the following questions are to be addressed: 

- How does the risk impact the project planning objective? 

- Will the occurrence of the project delay the agenda of the project?

- Will the risk reduce the impact of project deliverables? 

- How can the risk undermine the allocated budget for the project? 

With the assessment and scoring methodology completed, for each risk, there should be a risk response plan to be undertaken by the team to instantly swivel and address the risk. The risk response plan includes the risk mitigation strategies and in this plan, the resources, time, and budget have to be allocated to meet the risk management needs. 


Based on the Risk register and analysis, the team should come to the conclusion of which risks are likely to happen that may negatively impact the projects overall. The project stakeholders must prioritize those risks that have a higher probability of occurrence and severity.


Assigning the Risk owners is optional but highly recommended. The risk response plan is created for the mitigation strategy but if each risk owner is assigned to each project risk, they become accountable for monitoring the risks and executing the plan for its mitigation. Immediate action can be taken due to assigning risk owners to each project risk. A risk register can be used to record the risk response and the risk response plan has to be approved by all stakeholders before executing it. The records of such responses can be maintained and reviewed after the project's completion. For example, if a legal risk appears amidst the project, the risk owner assigned who is proficient in handling legal issues can record or create a response plan and initiate the plan after approval for the mitigation of the risk. Each risk owner should be monitoring their risk events. They should keep an eagle eye on the risk register for updates, changes, or edits and those should be reflected in the risk register. 


# More backups 

Risk Register, risk assessment matrix, and other documents are like the living documents of the risk management plan. Sometimes, the project risks that had been classified as minor can turn into gigantic ones so contingency plans are also the process of risk management in project planning. Also, discovering new risks on ongoing projects with time and technology and coming up with immediate backup strategies is part of the risk mitigation strategy. 


# Scaling the Risk Thresholds 

Along with monitoring the risks, as mentioned earlier, there should be discovery of the impact or probability of risk and there should be frequent discussions with the project stakeholders if the project is worth the success or failure. The risks with high scores need to be consulted with the experts and professional leaders as sometimes the “High-risk high return” concept may not be applicable if risk mitigation strategy overlaps project outcomes in the course of time, budget, and resources. 

Risks are everywhere. In the context of project planning, to lead a project into a grand success, risks have to be discovered, assessed, monitored, and mitigated and the processes seem to be king sized than expected. Hence, continuous efforts and in-depth knowledge of the updates are a must in project planning in terms of Risk management. 
 

“If you don't invest in risk management, it doesn't matter what business you are in, it’s a risky business.”  - Gary Cohn