Level of Impact: This is an estimate of the overall scale of the impact following an occurrence of risk. This is rated on the following scale: Very high impact, High impact, Medium impact, etc.
Probability: Likelihood of occurrence of an event.
Mitigation: This is an action to avoid the occurrence of the risk or to mitigate/lessen the chances/impact of the risk. On failure of mitigation, contingency plan is used. Mitigation is preventive. You apply mitigation plan even before the risk has occurred (to avoid occurrence of risk).
Early warning: This is an assessment of known parameters which are indications of risk, and are those which if not controlled can lead to occurrence of the risk. This is useful for taking the mitigation actions.
Contingency: Alternative actions to be taken in case, despite applying mitigation strategy, the risk occurs. Generally, risk realization leads to a change in schedule, effort, cost, project control, customer satisfaction, defects, etc. Hence, contingency is applied to identify which parameters would be affected by the risk and how they would be handled. Contingency is corrective. You apply contingency after the risk has occurred.
- When a project starts, prepare its risk profile (which is the threat the project poses for the business.)
- Pick up (from the PPDB) the most commonly occurring risks the project might be exposed. Record them in the risk tracker.
- Identify other probable sources of risk
- Classify the risks, identify their Impact on the business
- Identify their probability of realization
- Identify Mitigation and Contingency plans
- Define the threshold for mitigation and Contingency
- Revisit the risks at regular intervals (during weekly team meets / client calls).
- Note: At any point in time, PM and team should be aware of the three top risks plaguing the project.