The first step in properly managing our risk is to come up with a risk management plan. This will all, allow us to identify the key drivers and the impact and come up with a mitigation or solution to dealing with those risks throughout the execution of our project. Four steps are included in coming up with a risk management plan. We're going to start with identification, identifying the risks, assessing them, planning our response, and then monitoring and controlling during the actual execution of the project. Let me tell you a little bit more about each one of these steps. During identification, we want to bring together all the different stakeholders or representatives of those groups, individuals with a lot of expertise that have done similar projects or have been in different or inspiring industries before. They will help us come together and come up with a very detailed and thorough list. And identifying all the different risks that could occur throughout the life of our project. We can look at historical data, and we can look at historical datas, databases to come up with actual statistics associated with those risks. Or we can consult with experts and learn from their experience. Read post mortem reports, and come up with a risk register, or a list of possible risks that could occur to our project. These could be risks associated with the scope, associated with the duration, or associated with the cost of our project. Next step is to assess these risks. Well, how likely are they to occur, and what is the impact if they do occur? Is it going to end up being minor and not affect our project? Or will it be catastrophic, not only for our project, but perhaps to our entire company? The combination of the impact and the likelihood of a risk to occur gives us some sense of priority. And we will talk about that in a moment. Once we've identified the set of risks that we need to think about, how likely they are to occur, what is the impact if they do occur, and we've prioritized them, then we can start planning a response. We can identify how we would like to deal with each one of those risks in our Risk Register. And perhaps most importantly, we can identify and assign a responsible individual in our firm that will monitor that source of risk. And that will raise the red flag and allow us to get plenty of alert and plenty of warning in advance of a risk occurring. That responsibility, that owner of a risk, will insure that our project execution is impacted to the minimal degree, from the reality, as it unfolds. Once we move into the execution of the project and we monitor and control our different tasks, then we think carefully about updating our risk plan. The Risk Register is a living document. As we progress through the project, we learn more about the nature of the work. We learn more about the world around us. We can update the probabilities and the impact that different risks impose on our project plan or our project itself. And therefore, as the project progresses, we might change the priorities in our Risk Register. And we might focus on the different set of risks later on in the project than we thought up front. Hopefully, if everything is in place, we have the set of tools and we have the strategies and we have the capability to deal with the risk as it unfolds or as it occurs in reality. Let's focus a little bit on the assessment component. How do we think about the impact and the likelihood? And how do those come together to form a priority and to establish our strategy, in case of dealing with each one of our risks? One accessible way that many folks like to think about the assessment component, is to think about a matrix. To think about a matrix that views likelihood or the probability that a risk will occur on my y axis, and my columns represent the impact. How significant will it be if the risk were to transpire? The impact might be considered insignificant if it occurs. Or it could be that if the event occurs, there will be catastrophic implications, not only to our project and to the success of the project, but to our business overall. And so, we take the list that we, the list of risks that we've identified, and we map them on to this metric. How likely are they to occur, and what is the impact if they do? We can identify, for instance, in this example three events that might occur. One is almost certain to occur with a moderate impact. One is likely to occur, let's say 50 to 70% chance of occurring with a minor impact. And finally, an event that is unlikely to occur, less than 25% chance of occurring with a moderate impact. As we map our different risks and our different events onto this matrix, it will give us an indication on how we might want to plan the strategy to deal with those risks. Let me give you a few examples. If we're producing a, a movie, and we're filming in the months of the winter, December, January, February. We anticipate that there's going to be some harsh weather. Perhaps weather that might mean that we can't film for that day. The likelihood of that occurring is moderate, and the impact to our project might be minor. Meaning, that while there could be delays, they won't be extreme in nature. They might be a couple of weeks, and we can adjust our plan accordingly. We can plan a contingency and add a buffer to our project and plan to film over a few extra weeks to ensure we get all the footage that we need. And to cope with the variable weather that we might face. Another example might be opening and, constructing and opening an international airport, Denver International Airport, or even more recently London Heathrow Terminal 5. As part of constructing and developing a new brand new airport, we put in place a new baggage handling system. One of the risks that we might identify is that the baggage handling system might not operate properly. There might be functionality issues with it, and we can't afford for that to happen. The chance of that to happen, perhaps it's not certain, but it's highly likely given the complexity of the technology. And the impact that it will have on the success of our project might be major, a huge upset on behalf of the passengers and behalf of the airlines. And therefore, if we're faced with that kind of risk which is extreme in nature, we may want a mitigation plan. We may want to find a way to avoid it completely and remove that event or that risk on the horizon from even occurring. And so, we might develop a backup system in case things go awry. We might consult with other firms to develop parallel attempts at coming up with a new baggage system, all in order to make sure that we've mitigated away that risk from occurring. Contingency plans might be helpful in some cases. Mitigation plans could be helpful in other instances. We might also want to think about redundancy, meaning having two parallel paths to ensure that if one goes wrong, we have a backup in place. We could also think about hedging. If the risks are financial in nature and have cost implication, we can look at the financial markets and come up with a, a hedge plan. You know, to ensure that we don't find ourselves vulnerable on the cost frontier. Many consulting firms, like McKinsey, like to think about it, like to take these two dimensions of likelihood and impact and push it a step further in order to come up with the priority score. In order to come up with a score of the risk that allows us to prioritize our risks in our risk register. And so, in order to do that, we need to take our impact factor, which we've previously talked about from insignificant to catastrophic, quantify it, assign a certain number. And then we can multiply together the probability of occurrence with the impact that it will entail. These numbers naturally give us come kind of ordering among the different risks. And therefore, we use the risk score to come up with the priority, prioritize our risks. Which are the most extreme, that require attention immediately? And which can we have at the bottom of our list with the proper contingency in place, but they're not requiring ongoing attentions right now. And so, we've gained a lot of information. We've identified our risks, we've conceptualized the likelihood that they will occur, the impact that they will have if they do occur. We've come up with a risk score, and we put it all together in the Risk Register. This is a living document. This is a document that allows us to monitor the progress and to make sure that we're all aware of the sources of risk that we might face. And what is the strategy that we have put in place in case they occur? Most importantly, we identify an owner, an individual that is responsible for tracking how things are going, that will alert us if things have gone wrong. And that will raise the red flag or call for the additional resources when the time comes in order to deal with one of these risks that emerge. In reality, these risk registers might be very big and have many different tasks associated with them. They might require a lot of attention, but they are a vital part of our planning process. And they are crucial for the success of our project because they allow us to walk into the project. And start executing the tasks immediately, knowing that we have a plan to follow in case things go bad.
