The first step in mature risk management is identifying those risk events which may have an adverse effect on the project objectives – whether those are client success criteria, the scope and quality of the deliverables, impacts to project timelines and budgets, safety and regulatory compliance, etc. Understanding the risk appetite, tolerance and threshold of key stakeholders helps to identify the risk events which are important to them. The process of analyzing the identified risk events based on their likelihood or probability of occurrence and the severity of the impact or consequence to the project’s objectives if the risk event does occur. Those risk events warranting attention will require responses to be developed through a selection of risk response strategies. The Risk analysis and response development process does not eliminate risk events. Plans are still required to be created and communicated in case the risk event still occurs. These take the form of contingency plans, fallback plans, and workarounds and are contained in the project’s contingency and management reserves.
