Throughout the life cycle of a project, it is important to monitor your project for risks regularly and implement necessary controls. In this topic, we will explore ways in which risks can be monitored and regularly reviewed.
By the end of this topic, you will understand:
- How to establish risk review processes
- How to monitor the risk environment and identify changes changed circumstances impacting project risks
- How to evaluate risk responses to a changing environment
- How to implement agreed risk responses and modify plans.
On a continuous basis, the project manager must review the risk log with the project team. The risk log must be kept up-to-date—at minimum, every week. The objectives are to:
- determine if any of the risk item severity scores have changed, and
- capture any new risk events.
As such, you should review the high severity risk items first, then quickly check if any low severity risk items need adjustment.
If there are new risk items, they need to undergo an equivalent process and be added to the risk log.
The following techniques can be implemented to assist with monitoring risks:
- Implement Risk Ownership - Ensure all risks have an owner; the owner will be responsible for tracking the likelihood of the risk occurring throughout the project.
- Schedule Risk Meetings - Ensure formal risk review meetings are scheduled. During these meetings, stakeholders formally address risks. Allocating time to schedule risk meetings may cost money, but resolving risk issues early can often save time and money.
- Identify Triggers - Ensure risk triggers are reviewed together with risks. Risk triggers are events that cause a risk to appear.
As you travel through the project lifecycle, you must monitor the project for changes. These changes may introduce new risks or change the likelihood or impact of current risks.
Early in a project, the likelihood of risks occurring is greater as risks change over time.
The environment and context for risk continually change, and other factors may impact the business's operations. Therefore, monitoring and evaluation are integral to the action plan's success and the overall risk management approach.
Monitoring can be performed using project management software or documentation to track progress and record issues or problems in a timely manner.
Key objectives of risk monitoring and review include:
- detecting changes in the internal and external environment, including evolving organisational objectives and strategies
- identifying new or emerging risks
- ensuring the continued effectiveness and relevance of controls and the implementation of treatment programs
- obtaining further information to improve the understanding and management of already identified risks
- analysing and learning lessons from events, including near-misses, successes and failures
You will be responsible for conducting the necessary monitoring and evaluation activities to meet these objectives. Such activities may include:
- reviewing and analysing actual risk data (before vs after comparison)
- seeking feedback from key stakeholders
- conducting workplace audits to check performance and/or identify new risks
- review relevant legislation and regulations to confirm adherence
Risk controls must be monitored and reviewed regularly to ensure they remain effective. Each risk assessment should have a regular review date to ensure that the risk controls and mitigation strategies are working.
Review periods provide the opportunity to identify and assess critical risks using a risk management matrix with the purpose of changing them.
Monitoring and review may also be subject to changing circumstances, such as new legislation, market factors, or periods of increased risk due to the nature of business activities.
As someone managing project risk, you will need to meet with the project team and stakeholders at each review period (e.g. weekly, monthly, quarterly) and go over all aspects of the risk management process, including records – performance data, action plan, mitigation strategies.
As always, it is important to maintain an accurate record of any key results and observations from monitoring and review/evaluation activities. This ensures that key outcomes and lessons learned can be easily shared and passed on to help inform future plans. It can also provide useful input for reviews of the organisational risk management framework.
Outcomes can be included as part of a formal report and published internally and externally as appropriate.
Techniques to be implemented to assist with monitoring risks include:
- Implement risk ownership - Ensure all risks have an owner; the owner will be responsible for tracking the likelihood of the risk occurring throughout the project.
- Schedule Risk Meetings – Ensure formal risk review meetings are scheduled. During these meetings, stakeholders formally address risks. Allocating time to schedule risk meetings may cost money, but resolving risk issues early can often save time and money.
- Identify Triggers – Ensure risk triggers are reviewed together with risks. Risk triggers are events that cause a risk to appear.
Resource: Read The importance of identifying triggers for risks assessment by Compliance Bridge
A risk response generally includes:
- Avoidance - eliminating the cause by removing a specific threat.
- Mitigation - reducing the probability of the risk occurring
- Acceptance - accepting the consequences of the risk.
Risk management plans typically outline several actions to be taken. It is advisable to create a master list of action items that need to be done to implement your risk management plan. Depending upon how many risk factors you have discovered and the types of options you have selected for dealing with these risks, you may have a rather extensive list of items on your to-do list.
While there are parts of the risk management plan that require your direct involvement to implement, especially if the appropriate manager does not have the time or resources to implement them, there are other parts that will be implemented by others.
