Tom is the program manager for a large, complex program comprised of eight projects. He thinks his project managers have identified most of their risks, but he’s not sure where to focus his attention. What areas have the highest risk exposure? Let’s look at how to actually define risk categories and how they can help Tom (and you).
What are Risk Categories?
Risk categories allow you to group individual project risks for evaluating and responding to risks.
Project managers often use a common set of project risk categories: schedule, cost, quality, and scope. But project managers may use other categories.
Imagine a project manager who is managing a software development project. She may use these categories: requirements, design, coding, testing, and implementation.
Another set of categories is called PESTLE: political, economic, social, technological, legal, and environmental, which is often used as a prompt list for identifying risks.
Why Use Risk Categories?
Putting risks in categories can help in several ways. First, you can better determine where your concentrations of risks are greatest.
Second, it allows you to identify common causes. Project managers often identify different risks that have the same causes.
Third, you can develop better risk responses. Because you can better see the common causes, you can zero in on the most powerful and common causes and manage them.
Risk categories are more meaningful when you perform a quantitative risk analysis resulting in quantified risk exposures (e.g., $20,000). While quantitative risk analysis takes more time than the qualitative risk analysis, it provides a deeper understanding of the individual risks as well as the overall project risk exposures.
If you have performed quantitative risk analysis, you can sum and compare the total exposures within each risk category. You could even create a pie chart to illustrate the concentrations of risks.
How to Define Risk Categories
Check your organizational process assets to determine if your organization has a standard set of risk categories that might be applicable to your project.
Your PMO may also have a standard risk breakdown structure (RBS) that provides categories and sub-categories of project risks. Click here to see an article by Dr. David Hillson on this topic.
Perhaps there are no organizational assets and you are managing a project, unlike anything you’ve managed before. One effective method for defining your risk categories is the Affinity Map method. You can use this technique to identify risks, place them into logical groups, and then name each group/category.
Join the 21 Day Challenge
Receive daily emails--learn to identify, evaluate, respond to, and control project risks.
Spend five minutes per day for 21 days--discover practical risk management techniques that can help you turn uncertainty into success!