PRINCE2 Risk Theme Changes

Risks bring uncertainty that may impact a project’s objectives, and this uncertainty may arise from events both inside and outside the organization.

An example here is the risk that an organisation can’t gain common agreement for the scope of the project, possibly risk in timescales or resources.

The purpose of the PRINCE2 Risk Theme is to identify, assess and control uncertainty and, as a result, improve the ability of the project to succeed.

PRINCE2 defines risk as an uncertain event or set of events that, should it occur, will influence the achievement of objectives. A risk is measured by a combination of the probability of a perceived threat or opportunity occurring, and the magnitude of its impact on objectives.

Risk management is defined as the systematic application of principles, approaches and process is to the tasks of identifying and assessing risks, planning and implementing risk responses and communicating risk management activities with stakeholders.

For risk management to be effective, the following aspects need to be considered:

  • Risks that might affect the project achieving its objectives needs to be identified, captured and described
  • Each risk must be assessed so that its probability, impact and timing (proximity) so that it can be prioritized
  • The overall risk exposure needs to be kept under review, together with the impact of risk on the overall business justification for the project
  • Responses to each risk needs to be planned, and assigned to people to action and own
  • Risk responses must be implemented, monitors and controlled
  • Throughout the project, information about risks must be communicative both within the project and to key stakeholders

Risk exposure is the extent of risk borne by the organization at the time.

Effective risk management provides confidence that the project can meet its objectives while keeping the business justification valid. Risk management supports decision-making by ensuring that the project team understand not only individual risks, but also the overall risk exposure that exists at a particular time.

PRINCE2 Risk Management Approach

This replaces the older “risk management strategy” document. However, the composition of the risk management approach remains the same as the risk management strategy document.

The risk management approach describes how risk will be managed on the project. This includes the specific process is, procedures, techniques, standards and responsibilities to be applied.

The risk management approach is derived from the project brief, business case, and where relevant, any corporate, programme management or customer risk management guides, strategies or policies

The risk management approach format may include a standalone document, a section of the PID, or an entry in a project management tool.

PRINCE2 requirements for risk management

As an absolute minimum, a PRINCE2 project must:

  • Define and its risk management approach covering:
  • How risks are identified and assessed
  • How risk management responses are planned and implemented
  • How the management of risk is communicated throughout the project life cycle
  • Assess whether identified risks might have a material impact on the business justification of the project. This aligns with the PRINCE2 Principle of continued business justification
  • The roles and responsibilities for risk management must be defined. This aligns with the PRINCE2 Principle defined roles and responsibilities
  • Some form of risk register must be maintained identifying risks along with decisions related to their analysis, management and review
  • Project risks must be identified, assessed, managed and reviewed throughout the project lifecycle
  • Lessons must be used to inform risk identification and management. This aligns with the PRINCE2 Principle of learn from experience

PRINCE2 risk management products

PRINCE2 requires that two products are produced and maintained:

Risk management approach

This describes how risk will be managed on the project and includes the specific process is, procedures, techniques, standards and responsibilities to be applied.

The risk management approach should be reviewed and possibly updated at the end of each management stage. It also defines how and when the risk register is reviewed and updated.

Risk register

This provides a record of all identified risks relating to the project, including their status and history. The risk register is used to capture and maintain information on all the identified threats and opportunities relating to the project.

The risk management approach and the risk register are created during the initiating a project process.

PRINCE2 does not prescribe a specific or detailed approach to risk management. Any approach that meets the requirements described, can be seen to be following PRINCE2.

CLICK Below to become a PRINCE2 Practitioner NOW

About the Author Dave Litten

David spent 25 years as a senior project manager for USA multinationals, and has deep experience in project management. He now develops a wide range of project-related downloadable video training products under the Primer and Projex Academy brand names. In addition, David runs project management training seminars across the world, and is a prolific writer on the many topics of project management.

follow me on: