By now you will probably have a list of potential risks as long as your arm and be wishing you’d never thought of the project in the first place. The next step is to consider the root causes of the risks you have identified. If at this stage your list includes risk such as ‘project may overspend against budget’ or ‘project overruns expected timescale’ you will have to go back to the drawing board. Neither of these is a risk in itself: they are consequences of something else having gone wrong.
Similarly if you were to write there is a risk that ‘The project team is inexperienced’ what you are actually describing is a pre-existing condition that may go on to cause a variety of effects.
A risk should be documented in the form:
- Condition
- Cause
- Consequence
- Context.
A disciplined approach to how you document risks makes the rest of the management process very much easier.
After each of the risks you have listed try adding the word ’caused by’ then complete the sentence eg, staff may leave before the end of the project caused by…
This is a very typical project risk and there could be a variety of different endings to that sentence but unless you know which of them is applicable in your case you are not likely to be able to do anything about it. The next step is to look at what are the consequences of the risk occurring. You need to add the words ‘resulting in’ then complete a new end to the sentence.
- Condition – ‘There is a risk that’
- Cause – ’caused by’
- Consequence – ‘resulting in’
Context is also important for instance in selecting and implementing a new IT system certain risks may be associated with one or more potential suppliers but not with others. If you state risks in a poor or sloppy way then risk management becomes a platitude. You will reveal nothing that is unique about your project and will not have the information you need to take effective action.
Good description also help you to filter out things that shouldn’t be in there ie, things that fall into the category of general management concerns rather than risks specific to your project.