Leaderboard

All "known risks" before manifesting themselves as issues/problems would've been unknown once. Such known risks after obtaining valuable insights from key stakeholders, domain experts and SMEs become part of a document known as Risk Register. In project management, this Risk Register is an output of a process called as "Identify Risk". The Risk Register is generated to document all the identified risks both positive (opportunities) and negative (threats) along with other details which more or less fall under the following heads: Criteria to Enter a Risk Item: It is important to identify as many risks, as early as possible at the beginning of a process or a project lifecycle so that you are better prepared to handle any unforeseen circumstances that might announce themselves as critical issues in the later stages. Any uncertain event that if occurs results in a negative or positive impact on one or more parts of the project or a process can be a part of the risk register. Criteria to Remove a Risk Item: Irrespective of the number of risks identified at the beginning of the process or a project, the old risks might lose their sheen and are not relevant enough, probability and impact wise to be a part of the risk register. Such risks that do not show any signs of manifesting themselves as issues or problems after having reached their corresponding risk triggers can be removed from the risk register. Application of Risk Register in Process Management: In a process management, the Risk Register can be a source of all the identified risks so far. These are then evaluated and rated with domain experts and SMEs on the following parameters: >> Urgency - The speed with the risk response is to be applied. >> Proximity - How imminent the risk is? >> Dormancy - How soon do we feel/discover the impact of the risk once it would occur? >> Manageability - How easily the risk response can be implemented? >> Controllability - The degree to which the outcome of risk can be controlled? >> Detectability - Ease with which it would be known that the risk is about to happen. >> Connectivity - The degree to which a risk is connected to other risks. More the connectivity, higher the criticality. >>Strategic Impact - If the risk has an impact that would affect the overall strategy of the organization. >> Propinquity - Perception of the end user - Criticality of the risks perceived by a key stakeholder/end user. After all the risks are passed through these parameters, a list of prioritize risks is generated. Of these prioritized risks, negative risks can be addressed by using popular Risk Management tools such as FMEAs and Probability and Impact Matrix with a view towards reducing the probability and impact of those risks. The more detailed and up to date your risk register is, the more value your can derive from these tools. For positive risks, all efforts should be made to increase the probability and impact of these risks. Once these risks manifest, then they should be exploited to derive maximum value out of them. For Example: 1). Risk register containing a list of identified risks before rolling out a completely new process. 2). During process re-engineering all possible areas where things could go wrong can be listed as risks in a risk register. 3). In an established process, a risk register should be constanly refined by constantly re-visiting the risk items. New risks should be included, if any and old risks should be removed. 4) During the pilot process in the improve phase of a DMAIC project, all risks can be included in the risk register. 5) The assumptions and constraints that are listed before rolling out a new process should be constantly revisited to check if any of them are leaning towards becoming a risk can be thus included in the risk register. Conclusion: From a process management perspective, it is also important to note that risk identification in and of itself is an iterative process where new risks might get added to the risk register if the process steps are modified due to updates from the client or as a result of a process improvement. Similarly, old and irrelevant risks might be removed from the risk register as the process matures.