Project Management: PRINCE2 Risk

28.06.2021Project Management: PRINCE2 Risk

All Project's encounter uncertainty when trying to achieve their objectives. The purpose of the risk theme is to identify, assess and control uncertainty and as a result, improve the ability of the Project to succeed. As Projects are created to deliver something new, there is bound to be uncertainty that could provide a positive or negative impact on the Projects success.

However, is a risk always a bad thing? In an ever changing world, an uncertain event, or set of events, will have an effect on the achievement of objectives but that can be a threat or an opportunity.

Risk Management is a key requirement for a PRINCE2 project; its is one of the key responsibilities of a Project Manager who must continually revisit the Risk Management Approach throughout the lifetime of the Project.


What is Risk Management?

A Project's Risk Management Approach is the systematic way that risks will be identified, assessed and controlled during a Projects lifetime and is something that PRINCE2 recommends that each project have. This document defines the project procedures for Risk Management, in terms of how Risk will be identified, assessed, controlled and communicated in the project.

Establishing this might seem like a big task (after all, we don't all have a crystal ball to see into the future!), but PRINCE2 provides us with a helpful method, the Management of Risk (MoR). This process doesn't try an reinvent the wheel, but offers a generic approach;

  • First, understand the project context, which means understand the project environment.
  • Involve Stakeholders, Users, Suppliers, and Teams to help identify risks.
  • Establish an approach for the Project and document this approach.
  • Provide regular reports on Risk.
  • Define risk Roles & Responsibilities.

When considering Risk, the first task should be to see what centrally defined policies, standards and approaches the Organisation has. If these exist, the attitude towards risk (or risk appetite) will be defines, as well as tolerances, procedures for escalation and typical roles/responsibilities.

The Risk Management Approach is created (customised to suit the project) in the Initiation stage by the Project Manager, but is a cornerstone document throughout a Project's life.

Risk Management is not about eliminating risk; it's about understanding the situation better so you can make better well informed decisions.

Threats and Opportunities

Risks can have either a negative or positive impact on the objectives of a Project. As we have previously discussed, the Project objectives are

In a PRINCE 2 Project, we define risks as either;

  • Threat - for uncertain events that would have a negative impact on objectives e.g. an event occurs that could seriously delay the Project. Threats can be managed using the below risk responses;
    • Contingency Plan
    • Avoid
    • Reduce
    • Accept
    • Transfer
    • Share
  • Opportunity - for uncertain events that would have a positive impact on objectives e.g. an uncertain event that would result in a cost saving for the Project. Opportunities can be exploited using the below risk responses;
    • Transfer
    • Exploit
    • Accept
    • Share
    • Enhance

REMEMBER - not all Opportunities will be accepted. There could be circumstances such as timing, costs which could have a negative impact on Project goals,.

Managing Successful Projects with PRINCE2 - Axelos

Managing Risk

The Risk Management Procedure is a set of five steps recommended by PRINCE2. To help remember this, think of the following sentence when you think of Risk: I Ate Peaches In China - Identify, Assess, Plan, Implement and Communicate.

The first four steps are sequential, while Communicate will always be done to let stakeholders know what is going on and to get continual feedback during this process.

Risk management steps:

  1. Identify: First complete the Risk Management Approach document for the project, and then identify the risks (threats and opportunities) that could affect the project, this is done using a Risk Register.
  2. Assess: Assess the risks in terms of their probability, proximity (when) and impact on the project objectives. Estimating the probability of a risk and its impact can be done using a 3x3 or 5x5 probability impact grid - called a risk profile.
  3. Plan: Here, you Plan steps to prepare the specific response to the threats (e.g. to help reduce or avoid the threat), or this could also be to plan to maximise the opportunity if the risk happens.
  4. Implement: Carry out the planned responses mentioned in step 3 Plan if the risk occurs;
  5. Communicate: Keep communicating to the stakeholders. Use existing management reports that are created during the project (e.g., End Stage Report).

It is important that any response to managing risk is proportional to the risk itself - the threat of rising costs at SOME point in the future, doesn't mean that the scope of the Project has to be changed right now.

Risk Management is a skill that all successful Project Managers must learn; at AEON, Project Managers work hand in hand with Systems Engineers to deliver successful Projects for our Customers.

To learn more about how combining PRINCE2 Project Management and Systems Engineering can help your Project, get in touch with our expert team of Project Managers and Engineering Experts.