Monitoring and controlling risks is the process of tracking identified risks, identifying new risks, implementing risk response plans, monitoring residual risks, and evaluating risk management effectiveness throughout the project.
Risk register
The risk register records all the information about every individual risk.
It also assigns ownership and accountability for each risk to relevant project team members.
Monitoring risk
Monitoring risk is done through regular status reviews (which we will consider in the next Module) as well as the less formal processes of observation and analysis that go into the delivery of every task.
Each risk owner must report periodically to the project manager on the plan’s effectiveness, any unanticipated effects, and any corrections needed to handle the risk appropriately.
Changes to risk
All stakeholders, especially project team members, should be alert to changing conditions, triggers, symptoms, and warning signs that risks are likely to be realized, as well as new or emerging risks.
It is for that reason that project risk management should be regularly canvassed, whether at formal gatherings of the Steering Committee, informal corridor catch-ups, or in general stakeholder conversations.
As any practicing project manager will tell you, the last thing any decision-maker needs is surprises!
Controlling risk
Identifying a risk that has either a changed probability or impact or has escalated into an issue will require activating controls.
Control can involve choosing alternative strategies, executing a contingency or fall-back plan, taking corrective action, or making appropriate, authorized changes to the project plan.
It can also involve more passively accepting a risk or retiring it from the risk register (if, for example, the probability or impact reduces to zero).
Lessons learned
Lessons learned should also be documented for easy retrieval when the project is formally closed and reviewed.
Lessons might include discovering new risks not identified in the planning process that may be relevant to future projects, as well as risk management process improvements (such as when and how to engage stakeholders).
Risk management becomes easier the more often it is practiced.
The amount of time required for risk management will vary, depending on the risks that have been identified, their priority, and the complexity of response.
Nonetheless, frequent discussions about risk make it more likely that people will identify and manage risks and opportunities for you!
And, although some of the project planning processes are linear (for example, the WBS needs to be prepared before the schedule), others are much more dynamic.
Risk is often the confounding element.
Every time you identify a new risk (or change to an existing risk) that is above your threshold of comfort in the planning stage, the chances are that your plan – that you might have believed was complete – will need to be reworked.
This is, unfortunately, true of every stage of the project, but remember what we showed earlier in this program?
The cost of change is lowest at the start of the project; therefore, you would much rather discover and plan for these risks now than have them materialize as costly issues once you are in project execution mode.
Therefore, even though proper risk management will save you money at every point in the project lifecycle, the sooner you start, the more you save.