Risk analysis methodology, the concept of risk management

Risk analysis method

Risk analysis methodology, risk management process

Among other things, we will review the process of risk analysis and risk management, the concept of risk factor and the structure of the risk matrix. 

The concept of risk

There are several definitions of risk. One is that risk is the chance or probability of a hazard or possibility associated with an action. Another definition considers the consequences of risk. According to this definition, risk is the combination of the probability of a hazard or possibility and its consequences. 

Any potential event, occurrence or factor that could affect the implementation, budget or outcome of the project is considered a risk. The higher the probability of such an event occurring or the higher the expected consequences, the higher the risk. 

So, although modern project management approaches do not only talk about "bad" risks, in practice they are most often referred to in a negative context.

What is a risk assessment?

Managing risks

The risk analysis includes the risk factors associated with the project 

  • identification of,
  • grouping,
  • evaluation,
  • and risk management
  • and the ex-post review of risk factors, documenting the risk management process.

The risk analysis therefore also takes into account the probability and consequences of the occurrence of the risks in question. Risk management is also part of risk analysis and risk management. Risk management is the process of devising a strategy to address all the risks that arise and to mitigate their effects. 

The risk analysis process

In the context of risk analysis, the American engineer Edward Murphy is often quoted as saying, which he formulated in the late 1940s and became known as Murphy's Law. The engineer was investigating the effects of acceleration on the human body at an airbase in a series of experiments. He concluded that what goes wrong, goes wrong. 
This is a saying that should also be taken into account in risk analysis. So, on the basis of better safe than sorry, we should over-estimate the risks we expect to take rather than underestimate them. 

Identifying risk factors

The golden rule when identifying risks is to consider as many risk factors as possible. At this stage, do not consider how serious or relevant each risk is, the key is to try to identify all risk factors. For this reason, it is advisable to conduct the identification in a team effort, even in a brainstorming session. 

Risk assessment: grouping risks - the risk matrix 

Once we have a list of potential risks, we categorise them in this step. They are categorised according to two criteria:

  • the probability of risk,
  • and the severity of the consequences of the risk.

So we create two scales, which make up the risk matrix. An example of a five-step impact scale:

  1. A huge - catastrophic - impact on the success of the project.
  2. Risky - serious consequences for business processes.
  3. Significant - has a significant impact on the effectiveness of the project.
  4. Small - the project is slightly affected if it occurs. 
  5. Minimal - negligible impact on the implementation of the project.

This is also a five-point probability scale:

A - common,
B - likely to happen,
C - medium probability that it will happen,
D - not likely to happen,
E - almost certainly not to be expected.

The two scales above create a similar risk matrix: 

Risk matrix

The colour scale is therefore used to classify all the risk factors in the matrix into a category:

  • green: factors here are considered low risk,
  • yellow: the elements here are medium risk,
  • red: these are the high-risk factors.

The more likely a risk factor is to occur and the more severe the expected consequences, the higher the risk potential of that factor.

Risk management: designing a risk management strategy

Risk management should include proposals to address the identified risk factors. The greater the risk potential of a risk factor, the more concrete measures need to be developed to address the risk on the basis of the proposals made. If it is not possible to eliminate the risk, a plan of measures should be drawn up to mitigate its expected effects. 

Risk management

Just as risk analysis and risk management as a whole has a cost, so does the implementation of the proposals and measures formulated in risk management. However, this should be treated in the same way as, for example, insurance premiums. Indeed, the damage caused by the materialisation of potential risks is often greater than the cost of preventing them. 

Review and follow-up of risk factors documentation

Documentation of the risk analysis process, risk management and risk factors is essential. This is necessary to ensure that the lessons learned from risk analysis and management can be used later. Similar risk factors may be encountered in a similar project and it is a great help if the risk analysis does not have to start from scratch. 

In addition, a risk factor that has been successfully eliminated during a project may be repeated during the same project. In this case, the existence of a scenario that has already been used successfully once is an important anchor. 

Results and benefits of risk analysis

  • Calculating the risks and the expected costs of managing them in advance significantly increases the financial stability and predictability of the project, and helps to plan a realistic budget.
  • The risk analysis allows for the prevention of incidents and accidents, even those with significant costs.
  • This also means avoiding risks and minimising their potential adverse consequences that could hinder, slow down or, in the worst case, even prevent the project from being implemented. 
  • Taking stock of identified and categorised risk factors and developing countermeasures will enable all stakeholders to prepare for them.
  • Mapping potential risks allows us to use risk management resources as efficiently as possible.   

Have a question? Contact us!

If you are interested in expanding your theoretical and practical knowledge in the field of risk analysis, risk management or risk governance, or have any other questions related to project management, please contact us.  Contact us for a free consultation!