Risk management is the process of identifying, analysing and managing risks that could arise during an activity.
There are 3 main components of risk management
- Risk identification – simple review of an activity to highlight risks.
- Risk assessment – An evaluation of the risks to determine how likely they are to be an issue and also how big an impact they could have if you don’t take steps to manage it.
- Risk mitigation – putting steps in place to manage the identified risk.
People manage risks every day but most of the time are unaware that they are doing it.
A very simple example of risk management in everyday life is crossing a road. Following the 3 steps above:
Activity – crossing a road
- Risk identification – being hit by car resulting in injury or death
- Risk assessment (if no steps are taken to manage the risk) – very high likelihood of being struck by a vehicle with a very high impact in terms of injury or death.
- Risk mitigation – stop, assess traffic flow, identify suitable opportunity for safely crossing the road.
In most cases the mitigation steps in this example will significantly reduce the chances of being hit by a car and will therefore have effectively managed the risk of crossing a road.
The same principles apply on a bigger scale to risk management of projects & activities. The purpose of risk management in these cases is to optimise success by minimising threats and maximising opportunities.
A risk is anything that could potentially impact a project’s timeline, performance or budget.
A risk can be –
- A threat (negative) or,
- An opportunity (positive)
Threats & opportunities both need managed to enable the best outcome.
All projects have risk as they are unique, constrained, based on assumptions, performed by people and subject to external influences.