According to PMI
Risk is an uncertain event or condition that if occurs, has a positive or negative effect on meeting the project objectives related to components such as schedule (time), cost, scope or Quality.
For example, one of the obvious schedule objectives for a project is to complete the project by the scheduled deadline. If a risk related to the schedule occurs, it can delay the completion of the project, or it can make it possible to finish the project earlier. So, the two characteristics of a risk in project management are the following:
• It stems from elements of uncertainty.
• It might have negative or positive effects on meeting the project objectives.
Risk management includes planning risk management, identifying and analyzing the risks, preparing the response plan, monitoring the risk, and implementing the risk response if the risk occurs.
Look at the picture below that explains the big picture of Risk Management
The picture above shows the corresponding processes used to accomplish these tasks, which are also explained below:
• Plan Risk Management - A process to determine the how of risk management: how to conduct risk management for the project at hand.
• Identify Risks - A process to identify and document the risks that might occur for a given project.
• Perform Qualitative Risk Analysis - A process used to estimate the overall probability for risks to occur and their impact and to prioritize them accordingly for further analysis.
• Perform Quantitative Risk Analysis - A process used to analyze numerically the effect of identified risks on meeting the project objectives.
• Plan Risk Responses - A process used to prepare a risk response plan in order to increase the positive impact and decrease the negative impact of risks on the project.
• Monitor and Control Risks - A process used for tracking identified risks, identifying new risks, executing risk response plans, and evaluating the effectiveness of executing responses throughout the lifecycle of the project.
The risk monitoring and control process is part of the control process group; therefore, we will discuss them later while discussing Monitoring and Controlling Quality and Risk. The other five processes will be discussed in the next few chapters.
The data flow between the different processes as shown in the picture above is true in general. However, a point to note is that, depending upon the project and the experience of the risk management team, shortcuts can be taken. For example, you can go directly from risk identification to quantitative risk analysis, or even to risk response planning depending on how comfortable you are with respect to these tasks.
Prev: Planning Quality
Next: Planning Risk Management