The purpose of Risk Management (RSKM) is to identify potential problems before they occur so that risk-handling activities can be planned and invoked as needed across the life of the product or project to mitigate adverse
impacts on achieving objectives.
Risk management is a continuous, forward-looking process that is an important part of management. Risk management should address issues that could endanger achievement of critical objectives. A continuous risk management
approach is applied to effectively anticipate and mitigate the risks that may have a critical impact on the project.
Effective risk management includes early and aggressive risk identification through the collaboration and involvement of relevant stakeholders, as described in the stakeholder involvement plan addressed in the Project Planning
process area. Strong leadership across all relevant stakeholders is needed to establish an environment for the free and open disclosure and discussion of risk.
Risk management must consider both internal and external sources for cost, schedule, and performance risk as well as other risks. Early and aggressive detection of risk is important because it is typically easier, less costly,
and less disruptive to make changes and correct work efforts during the earlier, rather than the later, phases of the project.
Risk management can be divided into three parts: defining a risk management strategy; identifying and analyzing risks; and handling identified risks, including the implementation of risk mitigation plans when needed.
As represented in the Project Planning and Project Monitoring and Control process areas, organizations may initially focus simply on risk identification for awareness, and react to the realization of these risks as they occur.
The Risk Management process area describes an evolution of these specific practices to systematically plan, anticipate, and mitigate risks to proactively minimize their impact on the project.
Although the primary emphasis of the Risk Management process area is on the project, the concepts can also be applied to manage organizational risks.
Refer to the Project Planning process area for more information about identification of project risks and planning for involvement of relevant stakeholders.
Refer to the Project Monitoring and Control process area for more information about monitoring project risks.
Refer to the Decision Analysis and Resolution process area for more information about using a formal evaluation process to evaluate alternatives for selection and mitigation of identified
risks.
Specific Goal and Practice Summary
SG 1 Prepare for Risk Management
SP 1.1 Determine Risk Sources and Categories
SP 1.2 Define Risk Parameters
SP 1.3 Establish a Risk Management Strategy
SG 2 Identify and Analyze Risks
SP 2.1 Identify Risks
SP 2.2 Evaluate, Categorize, and Prioritize Risks
SG 3 Mitigate Risks
SP 3.1 Develop Risk Mitigation Plans
SP 3.2 Implement Risk Mitigation Plans