Why You Should Use Risk Registers or a Risk Breakdown Structure on Your Project
Risk management is constantly evolving. Newer technology may have the ability to eliminate some risks, but they present us with new ones. Essentially, we will never be able to fully rid ourselves of risk on any given project. There will always be a risk of spending too much, poor decision making or poor outcomes. Every project carries its own set of risk – sometimes to the tune of millions of dollars.
The Importance of a Risk Breakdown Structure
The entire point of risk management is to mitigate risks. Since we cannot eliminate risks, we must learn to manage them. The purpose of risk management team is to protect an organization’s assets without hindering the business objectives. An asset is anything that the company owns. This includes property, income and reputation. Although it may be incorrect to say that an organization owns employees, they certainly do purchase the time and talents of their employees, expend significant efforts towards developing them, clearly making them an asset.
Depending on your organization hierarchy, it can be said that the risk management strategy of most organizations starts at the top. Which is somewhat strange because it’s often the people in the trenches who have the most realistic and accurate insights into the risks, their impacts, and mitigation strategies that make up the bulk of the risk registers.
The Risk Registers
A risk log (or register) is not a risk management plan. They are two separate documents. A risk management plan outlines the plan the organization will use to manage risk. It may reference that the risk register as a tool to be used to manage risk. That’s exactly what it is – a live document that is constantly being updated by various risk owners to reduce risk.
The Key Functions of a Risk Breakdown Structure
The risk breakdown structure serves as high-level management document for organizing the organization’s risk information. It is a chart that sorts the information from the risk management process into a standardized document that is relevant at all levels of management. Used as communication tools, the key function of risk registers is to translate risk information so that it can be provided to members of management, the board and key stakeholders. An updated and maintained risk register, along with a risk breakdown structure, provides a clear understanding of the current status of the risks the organization faces at any given time.
The very nature of a risk breakdown structure is visual – giving rise to the ability to portray information relatively quickly.
How a Risk Breakdown Structure Helps Project Management
The risk breakdown structure will assist the project management team in understanding the nature of the risks associated with the project. Many of these risks don’t just exist at the project level – they also exist at the organization level. This document enables management to become aware of the extent of the risks. The project manager has the job of identifying the amount of risk that an organization is willing to accept and that the amount of risk that the management is willing to accept – separately from the organization.
Using this document, project managers are able to recognize their ability to control the risks involved. Risk registers provide the ability of being able to report the status of any risk at any given time. This enables them to set thresholds so they can recognize early warning signs of a possible risk of occurrence.
How an Organization Uses a Risk Breakdown Structure Tool
At the organization level, a risk breakdown structure is a communication tool that provides information such as the type of risk and how it can affect the organization. You can let your team members know about the likelihood that the risk will occur and its impact on the operation of the organization. The risks are given a Risk Priority Rating based on the level of the impact the organization can expect should the risk occur. Using a risk breakdown structure tool, employees are made aware of what actions they can take to prevent risks from occurring. Furthermore, if a risk occurs, there is a contingency plan in place to mitigate its impact.
Development and Presentation
Several different tools have traditionally been available for you to create risk registers or a risk breakdown structure – no template is set in stone, and the most common ways are using database software such as Microsoft Access or spreadsheet software such as Microsoft Excel.
PlanHammer’s Risk Management Tool comprising a Risk Register Creator that is tightly integrated with day to day project and task management keeps project risk front and center in all team’s mindshare, ensuring that all players keep an eye for risk triggers and keep risk documented so that it can be rolled up for stakeholder and organizational risk management planning.
Risk Registers Creation Basics and Tactics
Most risk registers include these common, typical components.
- The Date
Any modification to this document must include the date that it was modified. This crucial component helps to maintain the integrity and accuracy of the document.
- The Risk ID Number
As a risk register can span several pages long, a unique risk ID identifier is essential to identify the risk for communication purposes.
- The Risk Description
This is an open field where the risk gets briefly described along with its causes and impact on the organization.
- Risk Control
This is where you can identify the existing controls that are in place to reduce the risk.
- The Consequence or Severity Rating
Typically using a scale from 1 to 10 (with 10 being the most severe), imagine that the risk has occurred and give it a rating based on the severity of the impact the organization may face.
- The Likelihood or Probability Rating
Typically using a scale from 1 to 10 (with 10 being the most likely to occur), rate the risk based on the probability of the risk occurring.
- The Overall Risk Score
This value is calculated by multiplying the likelihood or probability rating by the consequence or severity rating. By using the 1 to 10 scale, each risk will be ranked anywhere from 1 to 100.
- The Risk Ranking Score
This is a way of ranking the risk from highest to lowest based on the Overall Risk Score.
- The Risk Response
As part of the risk management plan, this is an open field that will provide instructions on how the organization will respond to a risk and to take action should the risk occur.
- The Risk Trigger
Risk triggers are thresholds that are in place that will identify the likelihood or probability of a risk that is about to occur or has already occurred.