Risk Management
In the world of successful project management, it is inevitable that Risks will be presented to the Project management team and what sets Cheshire Solutions (CS) apart is how we manage the outcome of identified risks to mitigate the impact on project objectives. We have the experience to perceive these risks in advance and devise a strategy to deal with them to ensure our clients ultimate project’s success. During the relevant project phases of the project, our Risk Manager will:
· Ensure a consistent RAM (Risk Assessment Matrix) is used within across all Project functions.
· Establish and maintain the Risk Register
· Provide guidance to contractor specific Risk Coordinators and assist in the setup of the contractor specific registers.
· Convene risk workshops at key milestones in the project development.
· Ensure access of all project team members to the risk register
· Monitor and progress the completion of treatment measures.
· Provide input on progress of risk management to project’s Monthly Report and Dashboard
Expert advice for informed decisions
Prior to discussing risks themselves, it is important to layout the boundaries and context of the conversation. The business case, technical scope, cost, schedule, contracting strategy, organisation, etc. should be clearly documented and presented to the project team
The identify risks process seeks to identify the risks to be managed using a well-structured, systematic process. This process specifies what can happen, where and when, and why and how.
The Analyse Risks process involves consideration of the source of the risk, the magnitude of their positive and negative consequences and the likelihood that those consequences may occur.
The Integrate Risks process involves aggregating all risk rankings, reflecting correlations across the project, and expressing the results in terms of the impact on the project . The objective of this process is to produce a list of prioritised risks for treatment.
The Evaluate Risks process uses the understanding of risk obtained by risk analysis to rank and prioritise risks in order to make decisions about risk treatment. It is too expensive to conduct detailed analysis and treat all risks.
To Mitigate Risks, the process involves identifying the range of options to mitigating risks, assessing those options, and preparing and implementing treatment plans.
The Monitor and Review process involves learning lessons from the risk management process, by reviewing events, the treatment plans, and their outcomes.
With vast experience of delivering talent and project consultancy solutions globally to the world’s largest energy organisations, Steve has an exceptional depth of understanding of doing business in the most challenging of locations. Having been accountable to deliver global recruitment and business development strategies, he has implemented innovative ideas to improve group performance and profitability. He has experience of leading tenders for some of the largest contracts in the recruitment industry and his commercial awareness and negotiation skills are excellent.
Steve is a very outgoing person with excellent communication skills, has always enjoyed being part of a successful team, and founded Cheshire Solutions in 2022.
Areas of Expertise:
Recruitment
Business Development
Project Delivery
Leadership and People Management
Commercial negotiations
Compliance and Operations
1. Establish the Context
Prior to discussing risks themselves, it is important to layout the boundaries of the conversation. The business case, technical scope, cost, schedule, contracting strategy, organisation, etc. will be clearly documented and presented to the project team. It is within these constraints that the following steps of Risk Management can be taken.
2. Identify
CS identify risks process seeks to identify the risks to be managed using a well-structured, systematic process. This process specifies what can happen, where and when, and why and how. At this stage in the overall framework, the primary concern is to identify as many risks to achieving the business objectives as possible, the source of the risks, and the impacts. This list is preliminary and subject to further qualification and refinement as part of the Analyse Risks process. The idea is to cast a wide net at the start in Identify Risks, and then to progressively narrow the list to the most critical, using qualitative techniques in Analyse Risks.
The primary activity in this stage is to hold a brainstorming session as a part of a Risk Review. After the initial Risk Review, it would be typical to only update the Risk Register and not to hold new brainstorming sessions unless a significant new development occurs (addition of a new piece of scope, new contractors, etc.).
The Risks will be categorised into Technical / Environmental / Commercial / Organisational and Political Risks (TECOP)
3. Analyse
CS Analyse Risks process involves consideration of the source of the risk, the magnitude of their positive and negative consequences and the likelihood that those consequences may occur. Existing controls and treatment activities are taken into consideration.
Each risk identified during the Identify Risks process is subjected to a qualitative evaluation of its likelihood and impact using predefined scales (Risk Assessment Matrix or RAM). The list of risks is then narrowed and refined based on the criticality of the risk. Those risks falling below a defined threshold may continue to be monitored and managed.
After the initial screening process using qualitative techniques, a determination will be made regarding how accurate the estimates of likelihood and impact must be in order to be useful for prioritising, measuring and reporting the risk and for choosing between risk treatment options.
The result of this process is that each risk receives a risk rating (a function of the assigned Likelihood and Impact values). All the risks will then be reported, possibly in tabular and/or visual format, which visually displays the risks in areas of higher and lower priority.
4. Integrate/Evaluate
CS Integrate Risks process involves aggregating all risk rankings, reflecting correlations across the project, and expressing the results in terms of the impact on the project as a whole. The objective of this process is to produce a list of prioritised risks for treatment.
The Evaluate Risks process uses the understanding of risk obtained by risk analysis to rank and prioritise risks in order to make decisions about risk treatment. It is too expensive to conduct detailed analysis and treat all risks. Decision-makers need to know which of their risks are most critical and prioritise accordingly. Usually, risk managers find that the treatment of a few critical risks results in dramatic reductions in residual risk, whereas the treatment of each following risk results in nominal reductions in residual risk. Ranking the risks to facilitate this analysis in Treat Risks is important.
5. Mitigate
To Mitigate Risks, CS process involves identifying the range of options to mitigating risks, assessing those options, and preparing and implementing treatment plans.
Mitigating risks is about seizing opportunities as it is about minimising the downside. Too much treatment is as undesirable as too little. The objective is to find the right balance to optimise returns to the business by maximising gains from the opportunities while minimising losses from the risks. Evaluation of the downside risk involves consideration of non-financial as well as financial impacts. For example, the risk of loss of life or damage to the environment or enterprise reputation may override purely financial considerations when selecting risk treatment options.
This process incorporates qualitative and quantitative information about residual risk and treatment activities into the budget planning. In this way, the project can make informed strategic decisions about how to allocate capital to various areas to ensure that risk management efforts are being tied with strategic objectives.
6. Monitor/Review
CS Monitor and Review process involves learning lessons from the risk management process, by reviewing events, the treatment plans and their outcomes. Monitoring provides routine surveillance of actual performance for comparison with expected or required performance. Review involves periodic investigation of the current situation, usually with a specific focus.
Monitoring and reviewing is an essential and integral part of managing risk and is one of the most important steps of the risk management process. It is necessary to monitor risks, the effectiveness and appropriateness of the strategies and management systems set up to implement risk treatments and the risk management plan and system as a whole.
Assurance and monitoring processes should be continuous and dynamic. It is not sufficient to rely on occasional, third-party reviews and audits.
Key Areas of Value Addition
CS Risk Management Tools
Risk Register: A catalogue of risks on a specific project.
With vast experience of delivering talent and project consultancy solutions globally to the world’s largest energy organisations, Steve has an exceptional depth of understanding of doing business in the most challenging of locations. Having been accountable to deliver global recruitment and business development strategies, he has implemented innovative ideas to improve group performance and profitability. He has experience of leading tenders for some of the largest contracts in the recruitment industry and his commercial awareness and negotiation skills are excellent.
Steve is a very outgoing person with excellent communication skills, has always enjoyed being part of a successful team, and founded Cheshire Solutions in 2022.
Areas of Expertise:
Recruitment
Business Development
Project Delivery
Leadership and People Management
Commercial negotiations
Compliance and Operations
CS key tool in risk management is the risk register. This document is the catalogue of risks on the project. Most companies use some version of a risk register. The exact design of the risk register generally includes the key items to have in the register: risk name/description, risk category (whether the risk affects cost, schedule, safety, quality, or the business case), probability, impact, severity (determined by probability and impact), action plan, risk owner, and probability, impact, and severity after treatment. Most risk registers have several other columns, some of which help for sorting and filtering risks (such as the source of the risk or stage where it was identified) and others that help to document the status of the action plan.
Risk Assessment Matrix: Calibrated for the size of the project to visualise the risks in terms of severity and impact.
With vast experience of delivering talent and project consultancy solutions globally to the world’s largest energy organisations, Steve has an exceptional depth of understanding of doing business in the most challenging of locations. Having been accountable to deliver global recruitment and business development strategies, he has implemented innovative ideas to improve group performance and profitability. He has experience of leading tenders for some of the largest contracts in the recruitment industry and his commercial awareness and negotiation skills are excellent.
Steve is a very outgoing person with excellent communication skills, has always enjoyed being part of a successful team, and founded Cheshire Solutions in 2022.
Areas of Expertise:
Recruitment
Business Development
Project Delivery
Leadership and People Management
Commercial negotiations
Compliance and Operations
In determining the probability and impact of each risk, it is important to have a risk assessment matrix. This will be calibrated by CS for the size of the project. For example, for an impact that is considered “very high” in regard to cost, that could mean £500k for a smaller project or £200 million for a very large project.
Typically, the RAM has a description for each of the 5 (typical ranges are 1–5) probabilities and impacts. For the impacts, there is usually more than one category of impact (cost, schedule, reputation, safety, environmental, shutdown time, etc.) and these each have a description for 1–5.
In addition, a RAM will usually have the so-called “heat index” or “Boston Squares” diagram, which plots each risk on probability vs. impact. This will visualise the risks in terms of severity, giving an indication about how much risk there is on a project. The RAM for BLNG is attached to this document in Appendix A.
Risk Management Reporting: The report outlines the top risks along with their respective action plans and designated owners
With vast experience of delivering talent and project consultancy solutions globally to the world’s largest energy organisations, Steve has an exceptional depth of understanding of doing business in the most challenging of locations. Having been accountable to deliver global recruitment and business development strategies, he has implemented innovative ideas to improve group performance and profitability. He has experience of leading tenders for some of the largest contracts in the recruitment industry and his commercial awareness and negotiation skills are excellent.
Steve is a very outgoing person with excellent communication skills, has always enjoyed being part of a successful team, and founded Cheshire Solutions in 2022.
Areas of Expertise:
Recruitment
Business Development
Project Delivery
Leadership and People Management
Commercial negotiations
Compliance and Operations
It provides an overview of both the total number of open risks and those that have been closed, whether mitigated, transferred, or avoided. Additionally, the report includes a summary of all risks, categorized by type and assessed by severity. Accompanying this information are graphs that visually represent these metrics, offering a clear depiction of the current risk landscape.
Get in touch...
Ready to tackle project risks head-on? Get in touch with Cheshire Solutions to ensure your project’s success.
- +44 208 156 5245
- info@cheshire-solutions.co.uk