Two million dollars were at stake.

Campton College wanted to replace their call accounting system from the 1990s. The new system would manage every department of their medical school’s accounting information (including billing, tuition, and dorm expenses). But switching over to a new product wasn’t easy. They hired a risk-assessment team to figure out potential threats and risks that could come with switching over vulnerable banking information. They estimated the liability could cost the college $2 million.

According to Jean Scheid of Bright Hub Project Management, “The risk assessment team was able to identity 14 various risks with solutions to those risks that lowered a forecasted 249% risk they had previously determined to a mere 54.3% risk. By lowering the percentage of risk through secure processes, the college was able to introduce a newly updated system.”

At the end of the day, the college was able to slowly switch their assets over and was able to safeguard their information from loss or malicious attacks.

If only all project managers could execute their risk management processes so smoothly.

But lo! They can!

According to Info-Tech Research Group, organizations that use a formalized risk management strategy are 53% more likely to have “management success” than those who use an “ad-hoc approach.” And the risk management strategy doesn’t need to be complex.

Below, I’ve outlined the three steps every business needs to take when trying to deter project risk.

1. Identify pain points

There has never been any project devoid of risk—obvious examples include going over budget, leaking sensitive information, and improperly assigning tasks, leading to project delays or failures. Identifying potential risk problems is the most important part of risk management.

Project Management Times has an excellent resource for identifying common risk areas. They include:

Unrealistic schedules

Incomplete requirements when a project starts

Changing priorities

Tech synchronization taking longer than assumed

Learning unfamiliar project tools

Before starting the project, take the time to identify which risks have the highest probability of happening and have the highest potential for having a negative effect on the project.

2. Evaluate the severity of each risk

The next step in risk management is characterizing the risk’s potential effects on the project. For example, many governmental IT programs use the following chart (this particular example came from an Old Dominion University document):

Make sure the following variables are considered when labeling your potential risk:Naturally, each project management office will have its own classification set, but breaking out risk levels helps determine how much time one should give each project. Organize your risks by its probability versus its potential impact. Try to balance qualitative measures of risk with quantitative, using hard numbers related to cost, resources, time, and labor. Reach out to your stakeholders to see where they see potential risks to the project, and use project management software to help identify hidden problems.

Quality: Will the quality of the final product be affected if this risk takes place?

Timetable: Will the final product meet deadline if this risk takes place?

Resources: Will there be additional costs if this risk takes place?

3. Create contingency and mitigation plans

After all of the potential risks have been identified, put contingency plans in place—this will eliminate the stress of trying to come up with a plan as a negative event is taking place. Create a response for each possible risk. Upon evaluating the probability and severity of each risk, project managers should also formulate a plan to deter the most severe risks from happening. According to a document from the Office of the Assistant Secretary for Preparedness and Response, possible mitigation strategies include:

Avoidance: Change the objectives and scope to avoid the risk altogether

Transference: Push the risk onto a third party (like a subcontractor)

Moderation: Take steps to lower the probability of the negative event occurring

Acceptance: Accept that the risk may take place, along with any associated consequences

Abeyance: Determine how to address this risk at a later time.

More?

While this is a brief overview of how project managers can plan for and moderate risk, I’m sure there’s a lot more that they can do. What do you do? What did I miss? Leave your thoughts below!