Risk managing is not something easy to assimilate or to work in. We are prone to improvise. However, in the tool I describe in this post I found a great ally to work in my project’s risk managing.
It is a simple excel template that will guide you to identify important risks, to evaluate its seriousness, to define precautionary actions to avoid risks from happening and contingency actions in case the risk ends up materializing.
Step 1: Identify the risks, impacts and causes
- Gather a multidisciplinary team to set in common all the risks each one sees. Join them in the column “Risk description + Impact”
- Describe the cause of the risk (if the risk is a flood, the cause is the rain or the overflowing of a river, for example)
- Assign a number to the risk so you can identify it: 1, 2, 3, 4, 5, etc. and the area/department/project team affected by that risk (engineering, quality, design, production, etc.)
Step 2: Evaluate the severity of the risk
- Once you have all the risks properly identified, evaluate (from 1 to 5) the EFFECT it would have on the project’s plan, the effort, cost and quality of the result if the risk materializes.
- Evaluate the PROBABILITY that it could happen, also from 1 to 5.
- Prioritize the risks according to their SEVERITY. The severity, in the template is auto-calculated as the multiplication of the “Effect” highest value you have by the “Probability”. The most serious risks will be the most important ones.
Whenever you think something can occur, before reacting and pulling your hair out, think about the Effect it would have if it happened and the Probability of it occurring. To get ready for a catastrophe that is practically impossible to happen is not very smart, right?
SEVERITY = EFFECT X PROBABILITY
If you handle a project’s portfolio, you’ll be able to compare them in order to their risk level using their project’s global risk value in cell L7.
Step 3: Prepare a plan for the critical risks
Once you have the risks prioritized, there is no need to say you will have to focus on the most serious ones. For this you’ll have to define with the multidisciplinary team two kinds of actions:
- Prevention action. What you can do to avoid the risk from materializing or to reduce its probability or impact.
- Contingency action: In case a risk situation happens, what would we do? Together with the containment action we will need to define what triggered this action.
Step 4: Have regular follow up meetings
Since this is not an isolated action in a project, these expert meetings should be done regularly to review the state of the initial operation, reevaluation of the impact and probability of occurrence (that will change because of the simple fact of taking precautionary actions), a few items should be defined and followed:
- A deadline to launch a certain action
- A person responsible for the action
- The state of defined actions
- Progress notes with the annotations of the advances set in common during the project’s risk managing follow up meetings.
During the precautionary actions the team makes, the seriousness of the risks, and therefore the project’s risks, will decrease. But don’t forget that in every follow up meeting you’ll have to evaluate if there are new risks. Some of them may appear because of the simple fact of taking precautionary actions for their existing risks…