I am a strong believer in integration. Therefore, risk management must be an integral part of any organization's project management methodology.
Risks are generally identified, assessed and quantified. Risk is then monitored until it is no longer a risk or to ensure that any events identified as a risk do not actually go unanswered. That's where risk response comes into the picture.
Response to risks comes in the form of:
Organizations must ensure they:
- Identify key risk-management processes to map them out to the organization's processes for project delivery
- Identify risk factors (i.e., elements that cause probability of risk occurrence to increase)
- Standardize risk identification, assessment and quantification, and documentation across the organization
Think of it this way: Risk equals money. It's the amount of money we are going to spend (or not spend) on either activity A or B. If we identify a risk of executing activity A for a price of X, but have a moderate to high level of confidence in success of this activity, we may choose to forgo doing anything else or delay the activity to remove or reduce the risks.
If risks end up being realized and we end up facing the results of it, the cost of it would be linked to loss of revenue and added support to resolve the issue that was created by unresolved (but accepted) risk.
And if it is less expensive for an organization to actually accept the risk and deal with its impacts rather than continuously applying resources to making things perfect, then the justification of taking risk from financial standpoint can be very convincing.
How do you work with risk?