Every project carries risk. To be able to demonstrate to management that the risks are understood and being managed, a Risk Register is essential. The Risk Register must identify the key risks, classify them by type and severity, and state the risk mitigation required.
Risks should be classified by TECOP (Technical, Economic, Commercial, Operational, or Political), and assessed for probability and consequence, leading to an overall risk level assessment.
The company risk tolerance criteria must be established in a Risk Assessment Matrix to deter-mine necessary risk mitigation actions.
The Register must be supported by a risk management system to keep the risk assessment up to date as the project evolves.
An initial list of ‘Threats and Opportunities’ is usually created during the initial framing of a project. This can form the basis of the Risk Register, which should be created at the very start of the project. The Risk Register should be reviewed and updated regularly, and certainly before each project decision milestone. The company risk tolerance criteria to be used should be fixed from the start.
To ensure that all risks are evaluated consistently, the following methodology is used:
A 2 day workshop with the client development team to perform an initial risk assessment, and set up the Risk Register and risk management system. Subsequent visits to the client can support a revision or update to the register if required.