Beginners Guide to Risk Management

Beginners Guide to Risk Management

Daniel Wright

Daniel Wright

Managing Director, Kerv Consult|Kerv Consult

As an experienced IT programme manager, Dan has first-hand experience of taking strategic objectives, turning them into clear, well-defined programmes and delivering them in a controlled way.

Published 14/07/23 under:

Have a question?

Get in touch

Risk Management is fundamental to both project management and programme management, however it does not need to be complicated. This is an introductory guide to risk management for people who want to start to manage risk effectively. This guide is targeted at people who are new to project management, PMO offices or risk management.

What is a Risk?

To put it simply, a risk is something which may or may not happen and which could cause an impact.

Simple example: There is a risk that I could be late to work if the bus is late.

This may seem counter-intuitive but risks can also be positive. When a risk is positive, it is considered an opportunity.

Simple example: There is a risk that I could be early to work if the bus comes more quickly than expected.

 

Fundamentals of a Risk

At its most basic, a risk has 2 key elements:

  1. Probability – the chance that it happens
  2. Impact – what occurs if it happens

If you can express these two things then you have identified a risk.

Probability

The probability of something happening is often expressed as a percentage. When you look at the weather, the chance of rain is often shown as a percentage. This is an example of a risk with a defined probability.

Simple example: There is a 40% risk that it will rain at 10pm.

Impact

The impact is what will occur if the risk happens. In project management we often work to identify the financial impact of the risk (to provide a costed risk).

Simple Example: I have a job where I am paid hourly (we will use £10 per hour to keep things simple) and do not get paid if off work ill. There is a risk that I cannot work as I am ill.

Impact (as a cost) if I am ill for 1 day would be £80 (one 8-hour shift * £10 per hour).

Risk Exposure (Probability * Impact)

It is worth thinking of probability and impact as axis on the same graph:

This is because the true exposure of the risk cannot be calculated using just one of these two factors. You need both to identify the exposure of any given risk.

Note in terminology… Risk Exposure here is referring to the calculated value of each individual risk (as this is a beginners guide). Risk Exposure is also known as factored risk or calculated risk in some organisations. Additionally, businesses often look at their total Risk Exposure which is the sum of Exposure across all open risks.

Some examples of risks with different probabilities (%) and impacts (using 8 hour days at £10 per hour):

  • Risk A – There is a 50% chance that it rains and I catch a cold. If I catch a cold I will be off work for one day (£80). Risk Exposure is £40 (50% chance of £80 impact).
  • Risk B – There is a 10% chance that it rains and I catch pneumonia. If I catch pneumonia I will be off work for 5 days (£400). Risk Exposure is £40 (10% chance of £400 impact).
  • Risk C – There is a 10% chance that it rains and I catch a cold. If I catch a cold I will be off work for one day (£80). Risk Exposure is £8 (10% chance of £80 impact).
  • Risk D – There is a 40% chance that it rains and I catch pneumonia. If I catch pneumonia I will be off work for 5 days (£400). Risk Exposure is £160 (40% chance of £400 impact).

These risks can be plot onto the graph to show which risks have a higher exposure and which should be higher priority.

Probability vs Impact with examples

Risks in the top right part of the graph are the highest priority risks. Using our examples above, Risk D falls into the high exposure category (£160), Risks A and B had Moderate Exposure (£80 each) and Risk C had low exposure (£8).

How do we capture risks?

Generally risks on projects are captured on a Risk Register or within a RAID log (which contains a Risk Register). This is a list of all known risks with some information, including the probability and impact.

An example of a very simple risk register is shown below. There are many more pieces of information which would be captured which we will cover in another more advanced guide.

You may have spot 2 additional fields that we have not discussed so far:

  • Owner – This is the person who is accountable for monitoring the risk and trying to make sure it doesn’t happen (or if it is an opportunity, a positive risk, making sure it does)
  • Status – This is the status showing if the risk is still valid. Some risks are either able to be closed, such as our in bus example, you may buy a car to travel to work and so that risk would be closed or are time bound, such as the famous millennium bug where there was a risk that all computers would break on the year 2000.

Summary

When you think of a risk, always think of 2 things, what is the chance of it happening (probability) and what will happen if it occurs (impact). These two things will help you to clearly express your risks. If you have any questions, please don’t hesitate to contact us.

Related

You might also be interested in

From our world to yours

How Much Assurance Does A Project Need?

From our world to yours

Is your Business Delivering Enough Value from its Projects?

From our world to yours

Projects, Programmes and Portfolios… Know the Difference

From our world to yours

CX Strategy Event: Automating and Transforming your Customer Experience with AI, Digital...

From our world to yours

Qualitas: How Small Businesses Coming Together Can Aid GP Practices

From our world to yours

Capacity vs Capability

From our world to yours

CV Library: How Strong Leadership Focused on IT can be a Vital...

From our world to yours

Delivering a Platform to Underpin Fotech’s Rapid Growth Plans

From our world to yours

How Buckinghamshire NHS Trust Sped Up Their Service

From our world to yours

Capitalise on the Cloud Opportunity

From our world to yours

Lightspeed Broadband – From Funding to First Customer in 7 Months!

From our world to yours

How Marshall Canada Set Firm Foundations for Growth

From our world to yours

Handover Should be a Handshake, Not a Checklist

From our world to yours

How Nuclear Transport Solutions was Created

From our world to yours

How to Approach Digital Transformation

From our world to yours

How Groupe Atlantic’s Digital Services Embraced Agility

From our world to yours

Projects vs Programmes: What is the Difference?

From our world to yours

How London Borough of Harrow Council Transformed their IT Service

From our world to yours

Kerv Consult Supports Down Syndrome Liverpool Charity

From our world to yours

335% Increase in Delivery for Cyber Security Team in Oil and Gas

From our world to yours

Drove the Fastest ServiceNow Deployment in NHS History

From our world to yours

Digital Transformation: Go It Alone or With a Pro?

From our world to yours

ServiceNow Success for Unifii and London Stock Exchange Group

From our world to yours

Top Priorities for CIOs in 2023

Have a question?

Leave your details and a member of the team will be in touch to help.

"*" indicates required fields

By pressing send, you agree to our Terms and Conditions and Privacy Policy.
This field is for validation purposes and should be left unchanged.