The Art of Project Management: Expert advice from experienced project managers in Silicon Valley, and around the world
TOPICS:

Risk Register – Short & Sweet or Extensive & Complete?

By on October 6th, 2009

Another highlight (IMHO) of the Risk Symposium was Eldon F. Jones’ presentation on “Risk Register – What is it and How is it used?”

prisonersdilemmaWhat is a Risk Register?

A Risk Register is a document that lists “all identified risks, including description, cause, probability of occurring, impact(s) on objectives, proposed responses, owners, and current status” per Mr. Jones.  It is an output of the Risk Management Plan.

I have used a variety of Risk Registers and it can be as simple or detailed as you need it to be, depending on your project.  If you want to start doing some Risk Management, I suggest that these are minimum features of the register:

  1. Description of Risk
  2. Level of Impact on the objectives (rated Low, Medium, High)
  3. Probability of Occurring (rated Low, Medium, High)
  4. Mitigation (What we’re doing now to prevent / what we will do if occurs)

It’s just enough to identify what to look out for and not so much to overwhelm anyone you show the register to, especially upper management!

Elden Jones’ approach would be good for a very large project / program, since he recommends Risk categories such as:

  • Technical, Quality, Performance (Hardware, software, integration) risks
  • Project management risks
  • Organization risks
  • External risks

He also includes scales for qualitative risk analysis, where the values are “placeholders – the scale levels are only rank ordered”.  Probability scales are only “indicators… or guesses, not true probability values.”

Risk Impact, he suggests, should also be scaled, with the ranges of probability linked to quantitative ranges of cost, scope, time and quality.  For example, if the impact on cost is 5 – 10% change, then the probability may be greater 15 up to 45% (equivalent to Medium Risk Impact).

Mr. Jones’ Risk Register includes WBS IDs, Risk Category (such as Client, Human Resource, Mother Nature, Technology), Risk Status, Impact (Scope, Cost, Time, Quality) and Response.

One interesting approach to Response is to distinguish the risk as a Threat or an Opportunity, since different responses would be used.  For a Threat, the strategies would be to either Accept, Avoid, Transfer or Mitigate.  For an Opportunity, the choice would be to Accept. Exploit, Share, or Enhance.  As the Register is regularly reviewed, the risks events are evaluated for probability estimates and the Responses.

Risks should be retired once the threat has passed – would that be great to cross it off the list?

Next: More on Project Opportunities and Risk from Tom Kendrick

Share

Categories: Goals, Miscellaneous, Priorities, Risk
Tags: , ,

About the Author

Terrie Mui is an innovative project and program manager with over 20 years of experience developing and launching high tech products for the aerospace, scientific and internet industries. With the ability to build teams in the best and worst of situation, she uses common sense leadership principles useful for start-ups and established businesses. Having managed mulit-million programs from proposal to delivery, she has built cross-functional teams that actually work together and have fun at the same time. Terrie holds a M.S. from University of Southern California in Industrial & Systems Engineer and a BSME from Loyola Marymount University. A certified PMP since 1999, she is also a Stanford Certified Project Manager (SCPM) with a focus on implementing Portfolio and Program Management best practices. She is an active member in PMI since 1999 and initiated two successful networking events. Her current challenge of being principal of Project-Catalysts Consulting has her focusing on helping companies build successful teams in a changing environment.
Creative Commons License
Note: This work and all associated comments are licensed under a Creative Commons Attribution-Noncommercial 3.0 United States License.

One Response to “Risk Register – Short & Sweet or Extensive & Complete?”

  1. Laura Bamberg
    October 14, 2009 at 7:38 am | | Reply

    Hi Terrie,

    I would recommend project managers try our Steelray Project Analyzer; this could be extremely helpful with risk management. http://www.steelray.com/spa.php – this was a great post. Thanks!

    Laura
    Steelray Software

Leave a Reply

CAPTCHA Image
*

« »