Working out a risk is a bit like trying to predict the future — you’ll never be spot on, but with careful thought, you can come pretty close.
Take driving to work. Some risks, like getting stuck in traffic, are high. To mitigate that risk, you might set out early. Other hiccups, like getting a flat tire, are less predictable. If it happens, you’ll probably still be late for work, but being prepared by keeping a spare tire in the trunk of your car will speed the process up and save you from having to call out a mechanic. The risk still affects your journey, but because you planned ahead, the snafu wasn’t as bad as it could have been.
We do unconsciously risk analysis every day. But for project managers, risk analysis is an important part of their job. Let’s take a closer look at risk assessment in project management.
What are risks, and what is risk assessment?
Risks are problems that could arise as the result of a decision. It’s important to identify them prior to project kick-off so you know what you’re up against. Once you know that, you can analyze the likelihood of said risks occurring and put measures in place to stop them in their tracks. And, if it’s too late, risk analysis can stop the issue from happening again.
Risk assessment is a process that provides project managers with an estimate of how severe a risk is.
For a project manager, this is especially useful because it shows them exactly where to focus their attention. This means they don’t end up giving too much time and energy to things that don’t necessarily need it while failing to pay attention to storm clouds gathering on the horizon.
The severity of a risk is defined according to two categories: the effect the risk could have on the project, and the likelihood of it happening. Then, there’s an optional third category: precision (we’ll go into what that means a little later on).
There are different types of risk analysis as well as different types of risk definition. Some of these have more detail than others.
Qualitative Risk Analysis vs Quantitative Risk Analysis
There are two types of risk analysis: qualitative and quantitative. When it comes to project management, they both sit in the planning stage, but the qualitative analysis comes after the quantitative if you’re doing both.
- A qualitative risk analysis is subjective. The goal is to work out risk severity by predicting the likelihood and impact of a risk. You’ll usually perform them on all identified risks within a project, as well as for all types of projects. Risks are usually presented in a risk assessment matrix, which is then used to explain risks to relevant stakeholders. This risk assessment method is the most effective but is typically difficult to fund or budget for, due to their lack of numerical estimates.
- A quantitative risk analysis is objective. It relies on data, which is used to analyze risk to budget, deadline overruns, scope creep, and resource overruns. A quantitative risk analysis deals with numbers and is therefore limited by the data available. While a full quantitative risk analysis is always best (more on what that is a little further down), it’s not always possible or practical to roll out the big guns for a small task.
Qualitative Risk Analysis explained
A qualitative risk analysis uses a rating scale to grade the risks in terms of likelihood and impact.
The project manager will organize the scale according to a predefined ratings system. For example, as you’ll see in the table above, 0.1 to 3.0 is low risk, 4.0-6.9 is medium, and so on. These should come with definitions for added clarity.
There’s no right or wrong way to organize your scale — options range from three-point systems to 10 — but five is the most common, with the stages spanning ‘very low’ and ‘low,’ to ‘moderate,’ ‘high,’ and ‘very high.’
Quantitative Risk Analysis
A quantitative risk analysis is evidence-based. It assigns numerical values to risks, based on quantifiable data, such as costs, logistics, completion time, staff sick days, and so on. You will usually perform one after a qualitative risk analysis, it’s a way to further assess the highest priority risks.
It’s a more scientific approach, which means any decisions are easier to explain to stakeholders. It’s also useful for managing triple constraint: The clarity of the numerical ranking makes it easier to schedule and work out costs.
Quantitative risk analysis checklist:
- A prioritized list of risks (which you’ll get by doing a qualitative risk analysis)
- Reliable data
- A developed project model
Three ways to categorize your risks
- Group them together according to their causes
It’s easier to categorize risks if you look at their common causes. You can deal with a smaller number of easier-to-manage clusters instead of dealing with lots of separate things.
- Look at their urgency
As part of a qualitative risk analysis, you’ll look at each risk’s threat level. Project managers can then go deeper and combine the risk ranking number with a risk urgency rating to find the ‘risk sensitivity rating.’ This can help managers prioritize their risks better.
- Add precision
If a project has lots of risks, it can be a challenge to decide which one to address first. A risk ranking system based on each risk’s position in a risk matrix can help managers prioritize.
Data powers all risk assessments, but some data sets are more reliable than others. Precision defines the confidence placed on the estimates. It doesn’t tell project managers anything about the severity of the risk, but it does tell them how much a judgment can be trusted. When it’s a close call, this third category could help nudge the PM towards the better route of action.
Risk assessments are an easy, surprisingly quick way to prepare for problems that could arise at any point during a project. To make the job even easier, invest in tools that help you plan ahead.
With Backlog’s task hierarchy system, you can organize your risks according to priority, share files, and receive notifications in real-time. You can also share work with the wider team and ask for their input and insight.
Project management software makes it easier to keep tabs on everything that’s going on, as well as collaborate and share your findings with the wider business. When it comes to spotting and stopping risks, the more you can do to collaborate and share ideas, the more prepared you’ll be for anything that comes your way.