Risk can be defined as the possibility of loss. Risk arises due to the inability to achieve objectives within defined cost, schedule and technical constraints. Risk has two components, one the possibility of not achieving a particular outcome, and the second is the result of failure to achieve the outcome. The former is the probability of risk and the later is the loss.
Risk management is a set of action that help the managers plan to deal with uncertain occurrences. It is through risk management managers assess risk and manage to reduce it to an acceptable level. The key idea in risk management is not to wait passively for a risk to materialize and become a problem. The objective of risk management is to ensure that for each perceived risk we know well in advance how to tackle it.
The process of risk management begins during the analysis phase and the actual process of managing risks continues throughout. Risk management is a dynamic process because it deals with the activities that are yet to happen. Risk management has two fold agenda. First deciding actions for preventing risk from happening and second deciding actions for tackling risk that materialize. Therefore risk management is all about preempting a risk, coming up with a plan for resolving the risk and finally executing the plan.
Risk identification: In this step manager gathers information about the potential risks in the project. The project manager plans the strategies for avoiding risks or controlling them. They discuss availability of technology, manpower, prevailing environment and the project related factors. The manager picks up the thread from these and creates a risk log. After risk log is prepared, the project manager calls a meeting within the team and technical experts to discuss the risk log and the mitigation plans. One of the effective ways of identifying risks is using a questionnaire to list out risks.
Risk analysis: It consists of three steps i.e. Risk probability, Risk impact and Risk factor. After identifying the risks the manager needs to analyze the risks. Uncertainty and loss are the two characteristics of risk. The uncertainty factor in risk means that the unknown event may or may not happen. While analyzing risk manager needs to quantify the level of uncertainty and the degree of loss. Based on this, manger plans schedules and costs. During analysis, information on risk is converted into information on decision-making. There are various tasks involved in risk analysis; initially the task in risk analysis phase is to describe the risk. The risk can be product related, process related, organization related, client related or infrastructure related, secondly the manager quantifies the probability of occurrence of risk and thirdly the risks are rated depending on their probability of occurrence.
Based on the probability of risk the manager identifies the impact of risk on cost, schedule, and quantity, which needs to be calculated and graded. Each risk is prioritized relative to other risks. The manager can prioritize risks based on the probability and impact of risks. High impact risks with moderate to high probability will catch the attention first.
Risk Mitigation: Risk mitigation is the best possible approach adopted by the manager to avoid risks from occurring. The probability of