Risk Management Roadmap - in 5 Steps to Risk Management.

If you want to get serious about risk management, you cannot avoid taking a structural approach. A good approach to risk management can already be done in 5 steps. It starts with the integral risk analysis, the establishment and implementation of the control measures, the evaluation and, as a final step, the implementation of the update of the risk analysis.

In a nutshell, risk management is a process of sequential steps. The process described below can be applied to risk management for projects. However, when it comes to strategic risk management or risk management for programs, the basic process can be further expanded is the basic process described further.

Risk management: explained in 5 steps

Step 1: the comprehensive risk analysis

The first step involves understanding the current state of affairs. To do this, you use an integral risk analysis. This analysis is performed based on the RISMAN method and is divided into a number of logical phases.

Determining the purpose of the analysis
The first step is to determine the purpose, that which the analysis is aimed at. In this way, it is possible to determine what is known in technical terms as the "top event. This refers to a situation that is classified as undesirable.

Mapping the risks
The risk analysis also involves mapping the risks based on different perspectives. In this way, an integrated picture emerges. With each new risk analysis, the relevance of the perspectives to be used is constantly reassessed.

  • political/governmental
  • financial/economic
  • legal/legal
  • technical
  • organizational
  • geographic/spatial
  • social

Identifying key risks
Several methods are available for identifying key risks. For this roadmap, we focus on the two most commonly used methods:

  • a list of risks, divided into points
  • Identifying the individual risks along with the probability of occurrence. The consequence of the occurrence of the risks is assessed separately using numbers

Mapping of possible management measures

Normally, the following measures are possible:
avoid. In this situation, measures are taken that reduce the risk of creating an undesirable situation. It is thus eliminated or avoided.

mitigation. Mitigation involves taking measures to reduce the cause of a risk's occurrence or consequences. In reducing, effective measures are taken before a particular risk can occur. A consequence-oriented measure means devising measures and possibly going through preparatory actions that are applied when there is the possibility that a particular risk may arise.

transfer. A transfer of a risk does not eliminate the cause, but transfers the handling of the risk to another party. In many cases, this is chosen when it is foreseeable that a third party can better handle the risk.

accept. Accepting the creation of a risk is another option. In many cases, this leads to an increase in costs or the adjustment of an existing schedule.

Step 2: determining the management measures to be taken

After performing the risk analysis, a good picture of the main risks emerges. Based on that outcome, it becomes clear which management measures can be taken. The final decision on which measures are applicable is made by the management team or project management. The starting point is the assessment of whether the intended effect of the intended measure or effort is acceptable. It is also decided who bears ultimate responsibility for implementing the management measure(s).
The result is a list of the following items:

  • the risk
  • the management measure proposed
  • the person in charge of implementing the management measure.

Step 3: implementing the proposed management measures

Implementation of the management measure(s) is the responsibility of the designated person(s).

Step 4: evaluate the chosen management measures

The measures implemented should be evaluated on a regular basis. In this way, it becomes clear whether the measures adopted have achieved the desired effect.

Step 5: performing the risk analysis update

The final step is to update the list of risks based on the results of the assessment from step four. The list of risks was previously compiled in step one based on the risk analysis. The update clarifies which risks are still current and potentially new risks are identified and added to the list.