How to perform a Simple Project Risk Management?
Risk management! Why should you impose this on yourself in your projects as well?
In my eyes, risk management is the most underestimated component of project management. Or as DeMarco/ Lister say:
"Risk Management is Project Management for Adults"
Maybe the reason is that many managers enjoy crisis management more and because it generates more project heroes than wrestling with "risk accounting": Risk Management vs. Crisis Management.
The Five-Minute Risk Management
Yet risk management is pretty simple, at least the "accounting part", and can be explained in five minutes. It is better, in my opinion, to actually use this simple model rather than not to use a much "better" model.
For this model, you generate a list of risks. In it, you describe the risks and, most importantly, the respective effects that arise when the risk occurs. Then you rate these risks with their probability of occurrence and the damage that their occurrence generates. The probability of occurrence multiplied by the damage then gives the size of the risk. For a quick start with this method, you can download and use our template. All fields are explained in the template with "notes". It already goes a bit further in that the damage is divided into "additional work", "third party costs" and "additional delay".
The total risk of the project then is the sum of all risks. Why does it work this way? Imagine that a project has exactly 20 risks, all with 10% probability of occurrence and all with 50 hours of additional effort ("damage"). On average, 2 of the 20 risks will occur, each with 50 hours of damage, i.e. 100 hours total. This is exactly the sum of all 20 risks (5 hours each = 10% probability of occurrence * 50 hours).
What to do now? Do something!
The five minutes was just a sales trick, because now follows the harder part. Once you have a risk list, the next step is to move forward with risk mitigation, which means deciding and doing something. You find that your hands are tied as a project manager? Then you can at least do one thing: communicate the risks, especially the overall risk sum. This often triggers decisions...
Risk management also includes regular updating of the risk assessment, since risks may not occur or new ones may be added. Probabilities and effects may change with more experience in the course of the project (see also the more complex template in the appendix).
Much success with your risk management.
Appendix: A More Complex Template
It makes sense to divide risks into classes according to their size for the purpose of allocating decision responsibility. For this purpose, this template divides them into three classes: "Program" (decision by company), "Project" (decision by project) and "Task" (decision by developer).
In addition, the template allows to document a history of the risk sums by saving a copy of the risk sheet for each period. The graph on the first page is then automatically updated. As a simple rule, it would be good if the trend of the graph over time showed a decreasing amount at risk....