Content Hub

How to respond to risk? Grade Risk Mitigations

It is easy to understand why some people think that the risk response development phase is
the most important part of the risk process. This is where we get the chance to make a
difference to the risk exposure of our project. If we design and implement good risk responses
to address the risks we have identified and assessed, we will be able to minimise threats and
maximise opportunities, and so optimise the likelihood of achieving our objectives. But if our
risk responses are ineffective (or not implemented), the level of risk exposure remains
unchanged – or may even get worse!

Read More

Everybody Loves Brainstorming, but…


If you ask people which technique they use to identify risks, most will include brainstorming in the list,
usually conducted as part of a facilitated workshop. Indeed for many, brainstorming is not just one
technique among several; it’s the only one they use. Brainstorming is popular for a range of reasons:

  • Everybody feels involved, with an opportunity to share their opinion openly
  • It produces visible results quickly as the flipcharts fill up around the room

Read More

Risk is More Than Uncertain Future Events

We all know that risk management is supposed to manage risks. But people often understand very different things when they use the word “risk”. One way to solve this problem would be to insist that everyone uses the definitions found in risk standards and guidelines. These definitions have usually been produced by groups of experts who work hard to be clear, to say what they mean and to mean what they say. Unfortunately most people ignore official definitions when they manage risk in practice. Instead they rely on their own ideas about risk which are often limited or misleading. This in turn can reduce the effectiveness of the risk process and stop it delivering the full range of potential value.

Read More

Risk Matters – It’s all about objectives

The most simple definition of risk as “uncertainty that matters” provides two simple tests for whether something is really a risk or not. The first and most obvious characteristic of a true risk is that it is uncertain. If something is a fact, constraint, requirement, problem or issue, then it is not a risk. However not all uncertainties are risks, which brings us to the second test of a real risk: Does it matter? The majority of uncertainties in the universe are not risks because they are irrelevant. The only reason we need to identify, understand and manage risks is if they matter.

Read More

Risk Management – One size does not fit all

Different projects are exposed to different levels of risk, so the project risk management process must be scaleable to meet the varying degrees of risk challenge. While we can apply a common risk process to any project, that process can be implemented at different levels, from a few simple informal steps to a fully rigorous and integrated process.


Read More

Risk Leadership

Risk management is an important contributor to project and business success. The past few decades have seen growing consensus on the elements required to manage risk effectively, including an efficient and scaleable risk process that can be tailored to the particular risky situation, an appropriate level of infrastructure to support the risk process, and skilled and competent people who know what to do and how to do it.

Read More

What Causes Emerging Risks?

One of the biggest challenges for the world is how to prepare for emerging risks. These are new and previously unknown risks, or familiar risks that appear in new ways. Very often our existing risk responses are inadequate to deal with this type of risk. After all, how can you predict or prepare for something that you have not seen before or that you did not expect?
The International Risk Governance Council (IRGC) published an important report in 2010 (“The Emergence of Risks: Contributing Factors” 1) which identifies twelve factors that can give rise to novel and previously unforeseen risks. IRGC suggest that by addressing these causal factors, we can prepare better for emerging risks and reduce their effect if they arise. The twelve factors are:

1. Scientific unknowns. Unanticipated risks can result from lack of knowledge or understanding about how the natural world or human systems work.

2. Reduced margins. The desire for increased speed and efficiency reduces the margin for error and leaves us more vulnerable if things go wrong.

Read More

Risky Business

In these fast paced times risk is a constant factor in business technology. Computing and software systems have become so complex and interconnected that errors are more likely to occur and harder to solve. This can cause downtime to the business resulting in heavy financial loses not only from lost business but also a loss of reputation

And the source of IT risk is not necessary what you’d assume. According to a 2016 Ponemon study on data centre outages, failing IT equipment accounted for only 4 per cent of outages. The biggest outage sources were power related with 25% unplanned outages stemmed from a dodgy power supply, followed closely by denial-of-service attacks (22%) and accidental or human error (22%).

So what can we do to protect ourselves from these risks? First you need to identify and quantify them. How likely is that particular risk? What would the damage be to the company if it happened? Can we make the risk less likely to occur? Are there actions we can take now to reduce the impact of the risk if it does occur?

Time and money spent on a quantitative, analytical approach to risk can help us to absorb risk and carry on.

The Register is a British online tech publication with more than nine million monthly unique browsers worldwide. Read their full article on Risk and IT here: Risky business: You’d better have a plan for tech to go wrong

Risk Management in Developing Countries

Based on experience, it seems that the majority of companies in developing countries who are implementing risk management do not get the added value that they expect. This is often because they are attempting to import risk management from a different cultural setting, from developed to developing parts of the world.

In many cases, it makes sense to begin by bringing in a system from a developed country, rather than starting from the beginning to build something new. But how can organisations in developing countries avoid the threats that come with importing a risk management approach from elsewhere? These steps will help:

Read More

The Three Most Common Risks in Project Management

Projects hit the same risks over and over again:

  • The requirements may not be adequately defined, causing re-work;
  • The team members may not collaborate adequately, causing delays and cost overruns; and/or
  • The client may prove mercurial, causing delays, cost overruns and re-work.

As you look at those three risks, you probably have a reasonably high confidence level that they’ve happened on your own projects. They’re common. They’re pedestrian. They happen on virtually every project. People are human and change their minds. Requirements are generally difficult to define. And yet, we still act surprised when these three things evolve on our own projects.

Assuming you are immune to common risks is like assuming you are immune to the common cold. It’s a lovely thought, but…
Read More