Risk Management

by Peter Parkes

Tools for risk management

There are several management tools and models in use in general management and engineering which can feed into the risk management process, including the five listed below.

  • Stakeholder analysis – most of your risks may come from the people around you
  • Porter’s five forces model – what are your competitors doing?
  • SWOT – a common management model including your Weaknesses and Threats
  • Force field analysis – includes negative forces
  • FMEA – Failure Mode and Effects Analysis.

There are several pieces of software designed specifically for management of risk across an organisation. These are labour intensive and come within the realm of full time risk managers.

There are also ‘add-ins’ to standard Microsoft desktop products to help to understand the effects of uncertainty on time and cost. These include @Risk for Excel spreadsheets and Pertmaster for Microsoft Project (see Want to know more? for details).

Stakeholder analysis

For important change projects, it is advantageous to formally tabulate or map who key stakeholders are – in other words, those who can influence the project or situation. We can add in fields which inform us and help us to manage the different stakeholder groups, including:

  • Stakeholder/group
  • Level of power or influence (from Low – make life difficult, to High – kill it)
  • Level of involvement/interest in the project (from Low – aware, to High – active on a regular basis)
  • Anticipated view of the changes (For – sponsor, Against – barrier, persuadable – Neutral)
  • Stakeholder expectations – what will keep them happy?
  • Actions to meet expectations
  • Relationship owner – the person who is going to manage the specific relationship and communications to them.

Those who are against the change pose a significant risk to the project, especially those with significant influence.

Ideally, we should assign a ‘relationship owner’ to each of these groups to manage the risks. A simple 3 x 3 matrix gives us an effective overview and tells us which groups are the real risks (the names of the stakeholder groups go into the boxes so that we can see which ones we need to actively manage).

Basic stakeholder management strategies.

These risks from stakeholders should be visible in the central risk register.

Porter’s five forces model

This tool is particularly useful when looking at risks from the competitive environment. It is ever more relevant in today’s fast moving markets, where household names can be overthrown quickly by new entrants operating on new business models enabled by technology. Here, the five different forces are brainstormed and considered in turn. Ideally, any significant risk discovered should be transferred to the central risk register and put through the risk management process to identify the best way of dealing with it.

SWOT analysis

SWOT (strengths, weaknesses, opportunities, and threats) analysis is a standard business tool, often used as part of the business planning cycle. As usual, the matrix is used to brainstorm. The negative quadrants for threats (external) and weaknesses (internal) obviously provide fertile ground for identifying high level risks that should be transferred to the (corporate) risk register. The tool can be used at lower levels within the organisation, down to individual service.

Force field analysis

Force field analysis is sometimes used within a business case to determine and demonstrate whether a proposal is practically viable. The ‘negative forces’ are risks to the project. Sometimes the forces are shown along a horizontal axis to indicate ‘weighting’, while the size of the arrow indicates size of the impact. The actual forces – here, arrows – are cross referenced from a supporting table.

Failure Mode and Effects Analysis (FMEA)

FMEA is used in the rigorous design of systems to anticipate potential failure modes in components and the overall system and help to design them out. This analysis is then used, in effect, to help manage the design risks, and contains most of the same headers as a risk register, so items can be transferred between the two.