The lifecycle of a project risk
Dr. David Hillson, The Risk Doctor Partnership
As we manage individual project risks, they pass through a lifecycle which can be described using a set of status values. These can help us to understand where each risk is in its lifecycle, so that we can determine what we should do next. The following set of standard status values might be useful:
- Unknown: A risk that has not yet been identified.
- Draft: A proposed risk that has not yet been validated.
- Rejected: A Draft risk that is not valid.
- Escalated: A Draft risk that is outside the scope of the project and that should be managed at program level or elsewhere in the organisation.
- Active: A valid risk with a probability of occurrence greater than zero and that will impact one or more project objective if it occurs. An Active threat can affect the project negatively, while an Active opportunity has a potential positive effect.
- Deleted: A risk that is no longer valid, perhaps resulting from a change in the project's strategy, environment, objectives, or scope.
- Expired: The time window in which the risk could have occurred has passed, so the risk no longer needs to be considered.
- Closed: A risk (threat) for which the response has been fully effective and the risk can no longer affect the project.
- Occurred: The risk has happened and the impact is being experienced.
Using these status values, we can describe the lifecycle of a typical individual project risk, as detailed below, and illustrated in the figure:
- All risks start as Unknown. When they are identified, they become Draft risks which need to be reviewed and validated. A Draft risk can be Rejected if it is not considered valid, or it can be Escalated if it is outside the scope of the project. If the project manager decides to Escalate a risk, he or she determines who should be notified about the risk, and then communicates the details to that person or party. Draft risks that are considered valid and in scope for the project become Active.
- Active risks need to be assessed, and appropriate responses should be developed and implemented. The status of Active risks should be monitored regularly, and they may remain Active for some time. Alternatively, Active risks might be marked as Deleted or Expired if they can no longer affect the project due to changes in the project context (Deleted) or if the time of their potential impact has passed (Expired). We might be pleased that a threat has Expired since it can no longer have a negative effect, but we might regret an Expired opportunity where the positive impact is no longer possible.
- When an Active threat is successfully managed so that it can no longer affect the project, it is marked as Closed. Opportunities cannot be Closed, as they remain Active until they have either Occurred, Expired, or been Deleted.
- If and when a risk actually happens, it is marked as Occurred. It is good for an opportunity to occur, and bad for a threat to occur. A risk might occur if the response to a threat proved ineffective or the response to an opportunity was successful (or perhaps it was due to chance or luck!). When a threat has Occurred, it is converted to an issue or problem and managed accordingly. When an opportunity has Occurred, the additional benefits must be recognised and managed.
Status values should be recorded in the risk register and used to monitor the effectiveness of the risk process. For example, as the project progresses, we can measure how many Draft risks become Active (indicating how well we identify real risks), and how many Active risks actually Occur or are Closed (showing how good our risk responses are). This should help us improve performance in future projects, and allow us to take the right risks safely in our projects.
About Dr. David Hillson
In addition to growing his "retirement beard", David is still working with a small number of key clients, as well as speaking at events around the world.
Following a three-week vacation in South Africa with his wife to celebrate their 40th wedding anniversary, David will be travelling to some interesting places in the coming months. These include Denmark, Colombia, USA, Cyprus and Oman.
In addition, he's speaking at various conferences in the UK, including an after-dinner speech on "The joys and perils of lifelong risk-taking", and an event held in the Arsenal soccer stadium in London (Arsenal are the great rivals of David's team, Tottenham Hotspur, and he's not sure how he feels about entering their lair!).
David's activities and events are detailed on the Risk Doctor website. If you want to invite David to speak at your event, just get in touch. Some of the most popular topics are listed in the Speaking section of the website.
© Copyright August 2018, Dr. David Hillson/The Risk Doctor Partnership
Breaking News »
The Imminent Reality of Cyberattacks for Business
No longer an if, but when a business will experience a cyber attack
Participants in Aon's 2019 Global Risk Management Survey ranked cyberattacks and data breaches as #6 in the top 10 risks facing organisations ...
Read More »
| || |
NEW APPOINTMENT: CGF’s GOVERNANCE SERVICES STRENGTHENED WITH APPOINTMENT OF TRAVERS CAPE (CA(SA), MBA)
CGF is delighted to welcome Travers Cape as a Lead Independent Consultant to our company. Travers has acquired a wealth of experience in senior financial management positions and fulfilled various strategic ...
Read More »
| || |
Solving the retirement savings challenge
Lessons from around the world
Around the world, workers are being compelled to take more responsibility for their retirement savings as many employers move from traditional Defined Benefit (DB) ...
Read More »
| || |
Asia Corporate Payment Survey 2019: Deteriorating payment trends amid trade war woes
Coface’s 2019 Asia Corporate Payment Survey covered over 3,000 companies in nine economies (Australia, China, Hong Kong, India, Japan, Malaysia, Singapore, Thailand and Taiwan). 63% of companies surveyed ...
Read More »
Have Your Say »
From The Glossary »
| A type of short-term insurance or reinsurance policy that covers risks relating to the use, ownership, loss of or damage to movable or immovable property.|
|More Definitions »|