Risk Register analysis

Developed by Dorothea Georgiadou

In an age where the economic, social, and political environment is constantly shifting, there is an urgent need to study the risks that may threaten the success of a project. It is particularly important to study the risks that may adversely affect the project and lead to events that might have as a cause the exceeding of the agreed budget and time. For this reason, the risk management planning should identify and describe in detail the potential risks by providing the needed information for the actions that should be done for eliminating their negative impact. The high uncertainty that exists in projects necessitates the use of a management tool that will control the risks. ^[1] In this article the risk management framework ‘’Risk register’’ is explained. Risk register is a tool that covers and studies many aspects of risk management processes. More specifically, the aim of this article is to explain how this tool can be used for the identification, assessment, and treatment of potential risks. Moreover, the importance of the risk register in the risk analysis process is outlined, as not only the qualitative aspects of a project are taken into consideration but also it prioritizes the risks based on their impact and probability to happen during the implementation phase of a project. This constitutes one of the positive features of this framework as through the analysis of this article it can be concluded that risk register helps project managers to have a better understanding and ways of managing the potential risks. Finally, the article analyzes along with the benefits the limitations of this risk management tool.

Introduction

In an ever-changing environment, a projects’ success is associated with a high level of uncertainty. Projects are threatened by external and internal factors throughout their lifecycle and hence the presence of project risk management is more than necessary. In the ‘Practice Standard for Project Risk Management’, risk management is an approach that plays a vital role in the strategic and decision-making processes since adjustments in the project management planning can be done after the identification of the projects’ challenges. ^[1] The risk register framework is used to support the risk management process in order to eliminate the negative impact that the various threats might have on a project. Threats could come from the external and internal environment of the company. The external risks are associated with the economic, social, political, and technological environment, while the internal threats include risks that are related to human actions and estimations. For example, it is possible for people to make wrong estimations because of inexperience and underestimation of some threats. This high level of uncertainty makes it increasingly necessary to use a model that assists the risk management process in a more effective way.

The role of risk register

In ‘Practice Standard for Project Risk Management’, the risk register is defined as a tool that is used for the documentation of the identified risk. The risk register is a framework used for the risk management planning by providing the needed information that will be the steppingstone to overcome potential threats. ^[1] It is an essential model for the project management process as it incorporates vital information for the implementation of projects’ planning. ^[2] The importance of the risk register is hidden in the fact that it can assist project managers with tackling potential threats and to have a better and clearer overview of the internal and external risks that might menace the success of the project. ^[3] The aim of the risk register is the identification, assessment, evaluation of importance, and managing of the potential risks. More specifically, the uncertainty that exists in projects makes the use of a model that provides various information for the threats of the projects necessary. ^[1]

In the PMBOK guide it is outlined that the tool risk register can be used in different phases of a project. Firstly, it can be used at a very early stage of a project in order to provide information for the risks that might be a threat. Secondly, as the project continues, new threats are recorded and documented in the risk register. In other words, the risk register is used to update the new risks and inform the stakeholders how they should monitor the new threats. Finally, it documents all the risks that have been recorded after the completion of a project. ^[4]

As can be seen in the figure, the implementation of the risk register model follows four processes. Firstly, the risks have to be identified. Secondly, they have to be assessed based on their impact and probability. After risk assessment, it is important to define the actions that must be taken, in order to manage the risks. The final process of risk register model follows, deals with the ways the risks can be monitored. ^[1], ^[4]

The risk register is a framework that has the form of a table where each column represents different characteristics of the potential risks. ^[3] One of the risk components analysed in this study is a brief description of every risk the project managers have recognized. ^[1] This helps the project managers not only to clarify the risks but also to understand why they are threatening the project’s success. Secondly, for the assessment of the risks, their probability and impact on the project are examined. Furthermore, in ‘Practice Standard for Project Risk Management’ it is stated that the evaluation of the risk is depending on their impact and their frequency to happen. For instance, the risks that have high impact and probability to occur, are risks with higher importance than the risks with low frequency and impact. The identification of the risks’ importance is an essential element for project managers to know which risks are needed more attention and time for setting up a plan in order to overcome them. ^[1] Furthermore, based on the PMBOK guide the risk register also includes information about the person who must tackle every risk and the actions that he has to take to eliminate its negative consequences. ^[4] The above elements are demanding high attention as they are mainly focused on dominant areas of the risk management process which are the identification of the threats, the evaluation of their importance, and the course of action that should be taken.

How Risk register is used

In order to have an in-depth understanding of the risk register, it is of utmost importance to analyse the way that it can be used. The tool aims to eliminate the negative impacts of the various threats by identifying, assessing, evaluating, and monitoring them. The following sections provide a guidance on how the four processes of risk register can be implemented.

How to identify the risks.

As a first step, the risks have to be identified by using the right techniques. Once this is complete, a short description of the risks that have been identified through the risk management process is provided.

Risk identification

As it is quoted in ‘Practice Standard for Project Risk Management’, ‘’ A risk cannot be managed unless it is first identified.’’ ^[1] The identified risks are the first information that will be used in the risk register. ^[1], ^[4] It is worth noting that the risk identification process is continuous because as time passes, the number of information increases. In other words, new risks will become knowable by repeating the risk identification process in different phases of a project. ^[1]

In this article, three methods are used for the risk identification process and all of them are following the Practice Standard for Project Risk Management ^[1]:

Historical review: This technique is used as an analysis of events that happened in the past. When this method, is used it is vital to make sure that the events that are under observation are correlated with risks that happened before in this project or in different projects from the same or different company. This method demands attention as there is the risk to compare data and risks from projects that are not closely connected to the project.

Current Assessment: In this method the risk identification process is focused on analysing project’s uncertainty based on the information that is known in this specific period of time.

Creativity Techniques: This approach is based on the creativity of the people who participate in the project. To be more specific, stakeholders have the chance to work individually or with other people in order to identify risks by using creative methods and thinking outside of the box.

All of the techniques mentioned above have both strong points and limitations. This means that if they are used separately, they might lead to inadequate results. Thus, the combination of the three techniques can guarantee more accurate results. ^[1]

Risk description

The description of the identified risks is a very important component of the risk identification process. It is a way to make sure that the risks are well communicated and understood among all the stakeholders. (1) For instance, in a construction problem, it is identified that a potential risk could be a shock in the economy. A potential explanation is that a shock in the economy could increase the price of raw materials and as a result the project might exceed the agreed budget. As it could be observed, the description of this risk could give a better insight into what this change might impact.

Assess

Treat

Reflections

Advantages

Disadvantages

References

1. ↑ ^{1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 1.10 1.11} PMI Standard for Risk Management (2019)
2. ↑ https://www.brighthubpm.com/risk-management/3247-creating-a-risk-register-a-free-excel-template/#what-is-a-project-management-risk-register
3. ↑ ^{3.0 3.1} https://www.wrike.com/blog/what-is-a-risk-register-project-management/
4. ↑ ^{4.0 4.1 4.2 4.3} A guide to the project management body of knowledge (PMBOK guide) / Project Management Institute.