Key principles of risk management
Risk categories
The number of risks that may occur during any project is large so the initial analysis should be to categorise risk into appropriate categories. The categories can be based on many criteria including, location, function, ownership or funding but the most common are cause and schedule.
There are several generic risk categories which are suitable for a variety of projects. All of these lists are designed to reflect the most common reasons for project failure or a logical grouping of risks.
As a starting point the project risk manager should modify the most appropriate list so that it is applicable to the particular features of the project. The list then forms a useful aide memoir for both the risk manager and the delegates and may help in generating risks prior or during the workshops and reviews.
Risk categories in RICS – New Rules of Measurement are:
- design development risks;
- construction risks;
- employer change risks; and
- employer other risks.
The categories above can be broken down further, see Group Element 14.
Risk register
The purpose of the risk register is to capture and maintain key information on all the identified risks and opportunities relating to a specific project or programme.
The following items are typically included in the register:
- date the register was last modified;
- risk number;
- risk category;
- risk title;
- description;
- consequence;
- likelihood/ probability;
- impact;
- risk status;
- response category;
- response actions;
- risk owner;
- action owner; and
- action completion dates.
This is not an exhaustive list but represents the minimum content of a typical risk register.