Risk Management Basics

Cultivating an understanding of risk management fundamentals is valuable at any level of an organization: whether you’re an executive considering the broader risks your company is exposed to in a globally competitive environment, or a front line supervisor responsible for workplace safety.

Wikimedia Commons, Public Domain

Pro-Active Risk Management

Ideally, risk assessment and mitigation is part of every planning process. One of the most common areas where pro-active risk management can improve outcomes is at the project level. When planning a project, risks can be categorized into two groups.

  1. Internal Project Risks: These are risks to the project which are controllable to some extent by the project manager. Internal risks might include the possibility of a key staff member leaving the project or the project falling behind schedule.
  2. External Risks: These are risks emanating from outside the project. The project manager has no control over external risks. External risks could include unanticipated legislative change that puts a project offside; exceptionally bad weather that prevents public turnout; or a transportation breakdown that delays equipment delivery.

Once risks have been identified, each must be evaluated or quantified on a priority matrix to determine: 

  • How likely it is that the risk event will happen.
  • How damaging it would be to the project and the organization if it did happen.

For example, late delivery of new equipment may be a common occurrence but the actual impact on the project may not be significant. A worker being electrocuted changing faulty wiring may be far less likely to occur, but have a devastating impact on the project. In addition to understanding how likely and how damaging each risk would be, effective risk planning requires that you also understand the risk tolerances of the project stakeholders.

Risks that are both highly likely to occur and highly damaging if they were to occur (or for which the stakeholders have little or no tolerance) would be prioritized in the risk management plan. Based on these combined factors, project managers would then plan to address identified risks in one of four ways (or with some combination of them).

Addressing Identified Risks

For illustration purposes, let’s use the risk example of electrocution during the replacement of faulty wiring when installing new equipment. The project manager determines that this risk has low likelihood of occurrence, but would be very damaging and stakeholders would have very low tolerance for such an event. The following four approaches to addressing this risk might be considered.

  1. Avoidance: This involves the outright eliminating of the risk and is accomplished by changing project scope to avoid the risk. In this case, the risk of electrocution injury could be eliminated from the project by choosing not to replace the equipment or wiring at this time. (Of course one would have to assess the potential risk of non-replacement as well!) 
  2. Mitigation: Mitigation involves lessening the likelihood of occurrence or reducing the impact of the risk event if it were to occur. This often involves the use of new processes, standards, or equipment. To reduce the risk of an electrocution injury, the project manager might insist that the designated technician receive additional safety training and be issued new safety equipment before doing the work.
  3. Transfer: This approach involves transferring the impact of the risk to someone else. Project risks are usually transferred through contracts or insurance. For example, the project manager could use a third party licensed and insured electrician to upgrade the wiring. The contracting company would assume responsibility for the safe completion of the job. Alternatively, the project team could opt to purchase increased liability insurance so that the financial risk associated with any unavoidable workplace injuries would be borne by someone else. (Of course, this doesn’t address the actual injury, but it does transfer financial risk.)
  4. Acceptance: The final approach to an identified risk is to determine that you are prepared to live with it. In this case, the project manager may determine that the equipment replacement and wiring upgrade is required and that the potential of someone being electrocuted or otherwise injured is so remote that it is a risk the organization is prepared to accept.

Contingency Planning

Another element of risk planning is the contingency plan. Most of us would agree that things don’t always roll out as expected. When we take the time to imagine the unexpected and create action plans for those events it’s called contingency planning (also known as “having a plan B.”)  Contingency planning is about preparing fall-back actions and it is vital for any project where results and outcomes can’t be left to chance. It’s also important to remember that contingency plans typically result in extra costs and extend the project schedule.

Bring on the Naysayers

For people who are naturally optimistic, pro-active risk management can be challenging, especially when it comes to imagining everything that could go wrong with a project. On the other hand, we all have at least one colleague who excels at pointing out why an idea won’t work or how a plan will go wrong. These people are great at identifying potential risks associated with a project. Let them do what they do best by assigning them the task of identifying all possible risks and ranking them by how likely and how damaging they might be. Then bring your optimists back in to generate solutions and help develop contingency plans for high priority risks.


TribeHR can help you support a culture of continuous improvement, where all contributions are valued and the learning is ongoing. Start your free trial today.

Link to original post

Leave a Reply