Risk Management when managing Projects

Definition of RISK: ‘the threat or possibility that an action or event will adversely or beneficially affect an organization’s ability to achieve its objectives’.
Risk has always existed ever since the beginning of time. But the concept of risk is relatively modern to humans compared to other skills such as hunting or gathering. In ancient literature religious or otherwise there are references to acts of God, luck or fate.
Risk relates to future events and thus would only be applicable to societies working to control the future.
Areas that require documentation of risk & creating a risk mitigation plan in projects (especially technology) as defined by JISC are:
•    Tasks that rely on the completion of other work before they can begin
•    Tasks that none of the project team has ever done before
•    Use of unfamiliar technologies
•    Tasks that involve third parties
•    Migration of data from one system to another
•    Reliance on suppliers to deliver software upgrades at a specific time
•    Availability of key decision makers at critical points
•    Decisions that involved more than one department/team
•    Resources/staff that are outside your direct control
•    Any component of the plan based on assumption rather than fact
The possibility of gaining increases a person's appetite for risk taking. Anxiety about suffering a loss, on the other hand, increases risk aversion. A model known as "Prospect theory" is a behavioral economic theory that describes decisions between alternatives that involve risk, where the probabilities of outcomes are known. The theory says that people make decisions based on the potential value of losses and gains rather than the final outcome, and that people evaluate these losses and gains using interesting heuristics. The model is descriptive: it tries to model real-life choices, rather than optimal decisions.
Create a Risk Log with the following contents (obtained from various sources):
1. Unique ID (when dealing with large number of risks)
2. Description
3. Probability
4. Impact
5. Timescale
6. Cost
7. Owner
8. Management Approach - Risk Mitigation
9. Residual Risk
10. Early Warning Signs
11. Assign NUMERICAL values, thus converting you qualitative analysis to quantitative
Types of Risks as defined by Paul Hopkins:
1. Hazard Risks (source of potential harm. e.g. Theft)
2. Control Risks (Often associated with Program Management. e.g. Events may occur but their consequences are unknown)
3. Opportunity Risks (Risks associated with taking an opportunity. e.g. A small business moving to a new location)
Various Management attitudes to Risk Management defined by JISC are:
a. Extreme Risk Aversion - Procrastination
b. Pass the Buck - Not making decisions
c. No news is good news - PM doesn't report risk and thus it doesn't exist
d. Knee-jerk reaction - Deal with symptoms
e. My mind is made up - Not adapting with changes
f. Shoot the messenger - 'Don't bring me problems'
g. Make it so - 'Don't be so negative'
Potential benefits from an effective risk management process defined by HEFCE:
a. Enhances communication between faculties
b. Supports effective use of resources
c. Promotes continual improvement
d. Helps focus internal audit
e. Fewer shocks & surprises
f. Reassures stakeholders
g. Quick grasp of new opportunities
h. Supports strategic & business planning
Conclusion:
Create a Risk Log including Risk Mitigation plan, keep it numerical, communicate to all stakeholders
Refernces:
JISC, HEFCE, Fundamentals of Risk Management by Paul Hopkin


LinkedIn : http://www.linkedin.com/in/ramanathanram
Twitter : http://twitter.com/inceptionizer
Facebook : http://www.facebook.com/inceptionizer
Blog : http://inceptionizer.wordpress.com