1. Find a Template
There are many free Risk Management Matrix templates online and it really is a matter of personal preference as to which you prefer. All templates will have an Impact/Consequences axis and a Probability/Likelihood axis.
2. IDENTIFY THE RISKS
The risk identification process on a project is typically one that involves brainstorming; this is where you or your team come together and brain dump any possible risks that could pop up throughout the proposed project. For a large project, you may also wish to discuss the possible risks with colleagues and stakeholders to identify risks you may have over looked. Another option is to look at past projects of a similar nature and evaluate the reports for any possible risks that were identified.
When identifying risks, don’t leave any out because you don’t want the assessor to consider that risk; they have already considered it and if you don’t show that you have put activities in place to manage that risk as much as possible then you may not get the funding.
Consider all possible risks related to weather and natural events, criminal activity and incompetence by staff and contractors, stakeholder risks, demand/supply risks, and don’t forget those risks that will impact the success of the project long-term; its sustainability.
3. ANALYSE THE RISKS
Analysing risk is a difficult process, you need to determine how likely it is that each of the identified risks will happen and, if they do, what the impact will be. Use the template to help you assign a score to the likelihood and impact of each risk. By analysing the impact and likelihood of each risk, they would be assigned a category; often this is high, medium or low or it could be a number score.
4. MITIGATE THE RISKS
Identifying how to mitigate (a word often used in relation to risk, meaning to lessen the chance/impact of the risk happening) each risk is similar to identifying the risk itself. Thought and brainstorming is required. You need to consider what actions you could take to lessen the chance of a risk happening or to lessen the impact on the project/organisation if it does happen. A good example of this is having building insurance to lessen the impact of a severe weather event. You can’t stop the weather, but you can lessen the impact by obtaining insurance for the cost of the building. Other common mitigation actions include policies, procedures, training, good governance and oversight activities and communication plans.
Once your risk management plan is prepared, you should then look at assigning responsibility for the mitigation activities and monitoring of that risk to a person within the project team. The Risk Management Plan should be reviewed regularly as part of your project management practices. However, that is all part of delivering the project once you have secured the funding, and project delivery is a whole other blog!