Risk management made simple...that's probably the best way to go. Make it too difficult and it just doesn't happen. But it needs to happen. Without some attention, effort, and planning put into risk identification and management, the project will likely hit some issues that you are not at all prepared to handle or respond to – it may even cause failure on the project. The approach can be simple and short, or it can be long and complex...the key is to at least do it. Ignoring risks doesn’t mean they won’t happen.
If nothing else, keep it basic – even if you're performing it at a very high level - and follow these four basic steps...
Identify. Risk identification is the process of determining what threats exist. You and your team – along with the customer’s assistance, if possible - should identify all significant uncertainties (sources of risk), including specific threats (also called potential problems or risk events) that could occur throughout the life of the project.
Quantify. Risk quantification is the process of determining how big the threats are. During risk quantification, you and your team must obtain information on the range of possible outcomes for all uncertainties and their distribution and/or probabilities of occurrence. This way, you’ll be in a better position to understand the nature of the threats and their potential effects on the project.
Analyze. Risk analysis is the process of determining which threats are of greatest concern. During risk analysis, you’ll use the knowledge you and your team gained through risk assessment to determine which potential problems represent the greatest danger to achieving a successful and predictable project outcome. Usually, this is done by considering the probability that a specific problem will occur, and its anticipated impact on the project.
Respond. Finally, risk response is the process of actually dealing with the risks or threats to project success. You and your team must work to determine the best approaches for addressing each high-threat potential problem. This risk response plan may include evaluating and choosing among a number of alternatives, and create specific action plans to follow for each specific potential risk.
Summary / call for input
You don't have to do a perfect job at risk planning and management. Like anything else, you can suffer from the paralysis of analysis and never get it done. But, if the project isn't too complex, at least take a high-level approach to risk management...the 10,000 foot approach as I like to call it – and do it. So many project managers skip the risk management step and that is definitely a mistake. So do it – even if it's simple.