Just imagine that you've found a stunning piece of crystal that you want to ship to your mother. You don't just plop the thing into a box, slap a stamp on it and send it off, do you? Of course not! If you're smart about it, you wrap it in cotton wool, then wrap THAT in bubble wrap, then fill the box with crumpled paper and carefully nestle the bubble-wrapped, cushioned delicate piece inside. Why would you treat the project that you're building with any less care?
When Ken Salchow Jr., who designs network security for a F5 Networks, defines risk management with the following simple equation:
RISK MANAGEMENT = RISK ASSESSMENT + RISK MITIGATION
he hits the nail squarely on the head. Risk management really is as simple as identifying possible things that could go wrong on your project, planning how to avoid them and how to deal with them – and then acting on your plan. Simple, right?
Okay, easier said than done. While every project is different and requires customization, there are a set of standard practices that you can follow to help you design and implement a risk management plan for your project.
Step 1: Do a risk analysis at the start of your project.
Before you can set about planning how to deal with risks, you have to know what they are and how they will affect your project. Your risk analysis needs three parts to be effective:
Identify all possible threats to your project, from a security leak to illness on your management team to a lightning strike that burns the building down.
Assess the vulnerabilities – where are the holes that will let those threats affect you?
Analyze the effects of each threat on your project or company. What’s the worst that could happen if the worst happens?
Step 2: Design a mitigation plan.
Once you know what dangers you face, you can start to plan how to mitigate the risks.
Mitigation consists of two parts:
- Avoiding the Risk by plugging up those holes you found in your risk analysis
- Lessening the Impact by planning how to deal with the effects.
Suppose your risk analysis identified the loss of a senior member of the project team as a threat that could derail your project. Your risk management plan might include:
- Regular updates and collaboration notes to ensure that a new person could step in and pick up the work
- An insurance policy to provide funds for a quick replacement
- Tagging a backup team member to work closely with each senior project member so that they can carry on in his absence
That’s the essence of risk management in a nutshell. Everyone wants to be positive when they’re starting off on a new project – but by imagining the worst case scenario and planning how to deal with it in advance, you can bubble wrap your work and protect it from the bumps and bangs along the way.