Risk Managementby Peter Parkes
Step 5: Reviewing risks
Like a puppy, risks aren’t only for Christmas; they are still there afterwards. Once you have started a risk management process, then you need to take into account that the map of risks changes with time. If a big risk materialises – say, trains go on strike or a partner goes out of business – then this will force a particular course of action, which often changes the landscape of associated risks. Hence you must, at the very least, review your risk register each time there is a significant event or series of events.
Assuming that you have moved on to Step 4 and have decided what action to take about specific risks, you will need to review this as you would any other action list.
The simplest way of keeping risks and actions up to date is to keep a column in the risk register for updating progress.
If a risk register is not being used, then the simplest way of monitoring progress is to add risk actions to any more general action logs in use – for example, for a management team meeting or a project team meeting.
If you do not maintain a risk register, then you will have to go back to Step 1 and do a risk assessment each time you need to appreciate your map of risks. Starting from the beginning each time because you have failed to maintain a risk register is therefore more time consuming than maintaining an existing log and adding to it as the scenario develops.