Process
Areas
(staged)

Level 2
 
RM
 PP
 PMC
 SAM
 MA
 PPQA
 CM
Level 3
 
RD
 TS
 PI
 VE
 VA
 OPF
 OPD
 OT
 IPM
 RSKM
 DAR
Level 4
 
OPP
 QPM
Level 5
 
OID
 CAR

 4.19. RISK MANAGEMENT

Purpose

The purpose of Risk Management (RSKM) is to identify potential problems before they occur so that risk-handling activities can be planned and invoked as needed across the life of the product or project to mitigate adverse impacts on achieving objectives.

Introductory Notes

Risk management is a continuous, forward-looking process that is an important part of management. Risk management should address issues that could endanger achievement of critical objectives. A continuous risk management approach is applied to effectively anticipate and mitigate the risks that may have a critical impact on the project.

Effective risk management includes early and aggressive risk identification through the collaboration and involvement of relevant stakeholders, as described in the stakeholder involvement plan addressed in the Project Planning process area. Strong leadership across all relevant stakeholders is needed to establish an environment for the free and open disclosure and discussion of risk.

Risk management must consider both internal and external sources for cost, schedule, and performance risk as well as other risks. Early and aggressive detection of risk is important because it is typically easier, less costly, and less disruptive to make changes and correct work efforts during the earlier, rather than the later, phases of the project.

Risk management can be divided into three parts: defining a risk management strategy; identifying and analyzing risks; and handling identified risks, including the implementation of risk mitigation plans when needed.

As represented in the Project Planning and Project Monitoring and Control process areas, organizations may initially focus simply on risk identification for awareness, and react to the realization of these risks as they occur. The Risk Management process area describes an evolution of these specific practices to systematically plan, anticipate, and mitigate risks to proactively minimize their impact on the project.

Although the primary emphasis of the Risk Management process area is on the project, the concepts can also be applied to manage organizational risks.

Refer to the Project Planning process area for more information about identification of project risks and planning for involvement of relevant stakeholders.

Refer to the Project Monitoring and Control process area for more information about monitoring project risks.

Refer to the Decision Analysis and Resolution process area for more information about using a formal evaluation process to evaluate alternatives for selection and mitigation of identified risks.

Specific Goal and Practice Summary

SG 1 Prepare for Risk Management

SP 1.1       Determine Risk Sources and Categories

SP 1.2       Define Risk Parameters

SP 1.3       Establish a Risk Management Strategy

SG 2 Identify and Analyze Risks

SP 2.1       Identify Risks

SP 2.2       Evaluate, Categorize, and Prioritize Risks

SG 3 Mitigate Risks

SP 3.1       Develop Risk Mitigation Plans

SP 3.2       Implement Risk Mitigation Plans

  

Table  | Images  | Glossary  | Index  | Faceted index


Process
Areas
(continuous)


Process
management  
 
OPF
 OPD
 OT  
 
OPP 
 
OID
Project
management
 
PP
 PMC
 SAM 
 
IPM
 RSKM
 
QPM
Engineering
 
RD
 RM
 TS
 PI
 VE
 VA
Support
 
CM
 PPQA
 MA
 
DAR
 CAR