What are the 5 steps in a Risk Management process?
Risk management in projects involves identifying, assessing, and controlling risks.
Here is a traditional risk management process:
Step 1: Identify
Identify risks that could impact your project. There are various ways to identify risks, for instance by using the following methods:
Root Cause Analysis
Nominal group technique
Cause and effect diagrams
Failure modes and analysis
- Do a visual inspection of the area
- Inspect accident / incident reports
- Inspect engineering change proposals, technical publications, manuals, or safety data sheets.
Step 2: Analyze
Rate risks based on impact and likelihood.
Step 3: Prioritize
Based on the rating, find out which risks are unacceptable and urgent to be mitigated.
Step 4: Action plan
Identify solutions against those risks which are seen as a priority. What are you already doing? What further action is necessary? Action by whom? Action by when? Assign an owner to the risk.
Step 5: Monitor and review
Communicate results from the risk assessment with your team and relevant stakeholders. Continue to monitor risks.
Keep in mind
In addition, it is important to think about residual risks, meaning the risk that remains after mitigating the original risk. And secondary risks, which are new risks that come as a result of mitigating a risk. When avoiding, reducing or transferring a risk, often new risks are triggered.
Some risks might be considered insignificant, however as they interact with other events, or conditions, they might cause great damage, or create a significant opportunity.
Interested in learning more?
References and resources
- ISO 31000:2018, (2018) Risk management – Guidelines, provides principles, framework and a process for managing risk. Source
- Deloitte & Touche LLP. (2012). Risk assessment in practice. Deloitte. Source
- Shore, D. A. (2016). What Could Go Wrong? How to Manage Risk for Successful Change Initiatives. Harvard Professional Development. Source
- American College of Healthcare Executives. (2017). Leading a Culture of Safety: A Blueprint for Success. Source
- PwC Risk in Review. (2017). Managing risk from the front line. PwC. Source
- Canadian Centre for Occupational Health & Safety, 2019 Source
- Park, K. (2015). Risk angles. Deloitte.
- Perez, J. C. (2016). Assessing risk from vendors and other third parties is key to business success. Qualys Blog. Source
- The Institute of Internal Auditors. (2014). Managing third-party risks.