Managing risk on project is a very tricky and skillful task. PRINCE2 defines risk as an uncertain event or set of events that, should it occur, will have an effect on the achievement of project objectives. In the context of a project, it is the project’s objectives that are at risk. These project objective will include completing the project to a number of targets, typically covering time, cost, quality, scope, benefits and risk
In a PRINCE2 – Project risk consists of a combination of the probability of a perceived threat or opportunity occurring, and the magnitude of its impact on the project objectives.
In the definition it covers 2 terms Threat and opportunities.
- Threat is used to describe an uncertain event that could have a negative impact on objectives
- Opportunity is used to describe an uncertain event that could have a favourable impact on objectives.
What is risk management?
A starting point for all projects will be to identify whether there are any corporate or programme policies and processes that need to be applied. Where the project forms part of the programme, the project’s approach to risk management will be determined by the programme’s Risk Management Approach.
The term risk management as per PRINCE2 refers to the systematic application of procedures to the tasks of identifying and assessing risks, and then planning and implementing risk responses.
For risk management to be effective, risks need to be: Identified, Assessed and Controlled.
PRINCE2 recommends a risk management procedure comprising the following five steps:
- Identify (context and risks)
- Assess (i.e. Estimate and Evaluate)
- Plan
- Implement
- Communicate.
The first four steps are sequential, with the ’Communicate’ step running in parallel because the findings of any of the other steps may need to be Communicated prior to the completion of the overall process.
Ensure that the risk management approach is appropriate not only to the project size, scale and complexity but also to the project like risk impact. It is important that the risk management approach for a project supports effective decision-making on the project and does not create an undue burden or bureaucracy.
Let’s look at the steps in detail now:
Identify (context and risks)
- The primary goal of the ’Identify’ step is to recognize the threats and opportunities that may affect the project’s objectives.
Assess (i.e. Estimate and Evaluate)
- The primary goal of the “Estimate” step is to assess the threats and the opportunities to the project in terms of their probability and impact.
- The primary goal of the ’Evaluate’ step is to assess the net effect of all the identified threats and opportunities on a project when aggregated together.
Plan
- The primary goal of the ’Plan’ step is to prepare specific management responses to the threats and opportunities identified.
- When Planning responses, the objective is to remove or reduce the threats and to maximize the opportunities.
- Below table list different types of risk responses suggested in PRINCE2.
| Response | Definition |
| Avoid (threat) | Typically involves changing some aspect of the project, i.e. the scope, procurement route, supplier or sequence of activities, so that the threat either can no longer have an impact or can no longer happen. |
| Reduce (threat) | Proactive actions taken to:· Reduce the probability of the event occurring, by performing some form of control· Reduce the impact of the event should it occur. |
| Fallback (threat) | Putting in place a fallback plan for the actions that will be taken to reduce the impact of the threat should the risk occur. This is a reactive form of the response which has no impact on likelihood. |
| Transfer (threat) | A third party takes on responsibility for some of the financial impact of the threat should it occur. This is a form of the ’reduce’ response which only reduces the financial impact of the threat. |
| Accept (threat) | A conscious and deliberate decision is taken to retain the threat, having understood that it is more economical to do so than to attempt a threat response action. |
| Share (threat or Opportunity) | A form of risk sharing through the application of a pain/gain formula: both parties share the gain and share the pain. |
| Exploit(Opportunity) | Seizing an opportunity to ensure that the opportunity will happen and that the impact will be realized. |
| Enhance (Opportunity) | Proactive actions taken to:· Enhance the probability of the event occurring· Enhance the impact of the event should it occur. |
| Reject (Opportunity) | A conscious and deliberate decision is taken not to exploit or enhance the opportunity, having Understood that it is more economical not to attempt an opportunity response action. |
Implement
- The primary goal of the ’Implement’ step is to ensure that the planned risk responses are actioned, their effectiveness monitored, and corrective action taken where responses do not match expectations.
Communicate
- Communication is a step that is carried out continually. The ‘Communicate’ step should ensure that information related to the threats and opportunities faced by the project is communicated both within the project and externally to stakeholders.
