July 25, 2022
Information on how to manage risks.
This section contains information on how to add risks to your initiative and manage them on an ongoing basis.
Risks are uncertain events or conditions which, if they occur, could lead to undesirable consequences. These risks may threaten successful completion of the initiative or they could threaten the health of your organisation in some way. Examples of risks are: key people being unavailable, work taking longer than aniticipated, benefits not being realised, reputations being damaged, customers or suppliers being lost.
Risk management in our application conforms to the International Organisation of Standardisation’s risk management standard (ISO 31000:2009) which uses the following risk assessment steps:
- Identify
- Analyse
- Evaluate
- Treat
Identify a risk
This first step involves describing the risk and recording key information such as the owner and type of the risk. See the screenshots below for information on how to add a risk to our application and record this risk identification information.
Analyse a risk
Analysing the risk involves assessing the likelihood and consequences of the risk and noting relevant controls. See the screenshots below for information on how to analyse a risk in our application. To do this you either open an existing risk which hasn’t been analysed yet or scroll down to continue to add information to a risk you’re in the process of creating. Don’t forget to change the risk status to the relevant status before you save your risk.
Evaluate a risk
Evaluating a risk involves reviewing the information you’ve entered so far and considering an effective way to manage it. You might for example decide you want to mitigate the risk through the controls you’ve identified and/or through specific actions you will take (treatments). Or you might decide to accept the risk and simply monitor it.
See the screenshots below for information on how to evaluate a risk in our application. To do this you either open an existing risk which hasn’t been evaluated yet or scroll down to continue to add information to a risk you are in the process of creating. Don’t forget to change the risk status to the relevant status before you save your risk.
Treat a risk
A risk treatment refers to a specific action or plan put in place to address the risk. For projects there are two methods for recording risk treatments. You can:
- Add a treatment task
- Add your treatment into a text field.
Add a treatment task (projects only)
When you add a treatment task, you have access to the full task functionality. This means that you can add an owner, track status and manage it in the same way you manage other project tasks. The treatment task will appear in all the views project tasks appear. See the screenshots below for information on how to add a treatment task to a project risk. You can also convert a standard treatment to a treatment task. Don’t forget to change the risk status to the relevant status before you save your risk.
Add a treatment into a text field (projects and programmes)
This involves adding details of the treatment into a simple text field.
View your risks
Use the left hand vertical navigation bar to navigate to your risks tab. This tab has three views: Summary, Table and List. You can also view your risk heat map on the Governance tab. See the screenshots below for examples of how your risk information is displayed.
Summary view (risks tab)
Table view (risks tab)
Update your risks
Most project managers monitor and update their risks on a regular basis. Use the Current Status field to record where things are at in terms of managing the risk. Information from this field is recorded in the log on the side panel, so you can overwrite previous comments you’ve added to this box. Don’t forget to update other information such as changes in the likelihood and consequence levels and status.
Escalate risks
You can escalate a risk to it’s parent Initiative. This means the risk will show as an escalated risk on the table view of the parent initiative’s risks tab. There is an opportunity to adjust the risk level to take account of the change in context. For example the risk level may be considered very high in the context of the project, but medium in the context of the wider programme.