In this post, our second installment of Managing Your CRM Implementation, we’re going to take a look at the project management activity of Risk Management.
Risk Management – What is it?
Risk Management involves identifying, measuring, and assessing risk impacts, and developing strategies to manage those impacts.
Why Bother?
Similar to issue management, there are many good reasons for rigorous risk management. At its most basic level, risk management is about minimizing threats to the successful delivery of the project. Risk Management provides a systematic approach for identifying and assessing risks, determining and implementing risk mitigation actions, determining contingency plans, monitoring and reporting progress in reducing risk, and enacting contingency plans in the event a risk is realized.
Risks vs. Issues: What’s the Difference?
As we discussed in Part 1 of this series, risks and Issues are often confused. As project management practitioners, we should do our best to avoid this since each requires a fundamentally different approach to effectively manage them. One way to think about the difference is that a risk is something that could happen, whereas issues have happened. This is frequently where the confusion lies. Please see our blog Managing Your CRM Implementation: Part 1 – Issue Management for more discussion on this topic.
Is there a Process?
Like most project management disciplines, risk management also has its own process. This process varies from organization to organization but a typical risk management process has the following high-level steps:
Capture Risk – Identify and document riskss
Validate Risk – Triage risks and create risk mitigation and contingency strategies. Assign risk owners.
Implement Mitigation – Implement a risk mitigation plan. Monitor or escalate risks, as applicable.
Implement Contingency Plan – In cases where risks occur, implement contingency plans. Close risks.
Key Fields?
A lot of information can be collected and used to define and manage risks. Let’s talk about a few of the more important fields here. These fields typically place a role in risk reporting.
Name – Name of the risks.
Description – Brief description of the risk.
Date Identified – Date the risk was identified.
Assigned To – Person to whom the risk is assigned.
Risk Status – Status of the risk (e.g., open, rejected, closed).
Mitigation Plan – Proposed solution to mitigate the probability and/or impact of the risk.
Contingency Plan – Plan to enact if the risk occurs.
Severity of Impact – An estimate of the overall impact for the occurrence of the risk (e.g., 4-critical, 3-high, 2-medium, 1-low) (It’s a good practice to have a standard definition for each priority to ensure a consistent and meaningful classification of each impact).
Probability of Occurrence – Probability of the risk occurring (e.g., 100%, 75%, 50%, 25%).
What’s The Big Picture?
Each project has a unique risk profile. And there’s more than one way to graphically display a summary of those risks. Here is simple view we like and have good success with over the years.
These basics provide a solid foundation to define the process in support of your implementation. If you would like more information about risk management or other project management best practices, please contact us! We’re here to help.