Risks bring uncertainty that may impact a project’s objectives, and this uncertainty may arise from events both inside and outside the organization.
An example here is the risk that an organisation can’t gain common agreement for the scope of the project, possibly risk in timescales or resources.
The purpose of the PRINCE2 Risk Theme is to identify, assess and control uncertainty and, as a result, improve the ability of the project to succeed.
PRINCE2 defines risk as an uncertain event or set of events that, should it occur, will influence the achievement of objectives. A risk is measured by a combination of the probability of a perceived threat or opportunity occurring, and the magnitude of its impact on objectives.
Risk management is defined as the systematic application of principles, approaches and process is to the tasks of identifying and assessing risks, planning and implementing risk responses and communicating risk management activities with stakeholders.
For risk management to be effective, the following aspects need to be considered:
Risk exposure is the extent of risk borne by the organization at the time.
Effective risk management provides confidence that the project can meet its objectives while keeping the business justification valid. Risk management supports decision-making by ensuring that the project team understand not only individual risks, but also the overall risk exposure that exists at a particular time.
This replaces the older “risk management strategy” document. However, the composition of the risk management approach remains the same as the risk management strategy document.
The risk management approach describes how risk will be managed on the project. This includes the specific process is, procedures, techniques, standards and responsibilities to be applied.
The risk management approach is derived from the project brief, business case, and where relevant, any corporate, programme management or customer risk management guides, strategies or policies
The risk management approach format may include a standalone document, a section of the PID, or an entry in a project management tool.
As an absolute minimum, a PRINCE2 project must:
PRINCE2 requires that two products are produced and maintained:
This describes how risk will be managed on the project and includes the specific process is, procedures, techniques, standards and responsibilities to be applied.
The risk management approach should be reviewed and possibly updated at the end of each management stage. It also defines how and when the risk register is reviewed and updated.
This provides a record of all identified risks relating to the project, including their status and history. The risk register is used to capture and maintain information on all the identified threats and opportunities relating to the project.
The risk management approach and the risk register are created during the initiating a project process.
PRINCE2 does not prescribe a specific or detailed approach to risk management. Any approach that meets the requirements described, can be seen to be following PRINCE2.
David spent 25 years as a senior project manager for USA multinationals, and has deep experience in project management. He now develops a wide range of project-related downloadable video training products under the Primer and Projex Academy brand names. In addition, David runs project management training seminars across the world, and is a prolific writer on the many topics of project management.