Grouping of Risks
After defining the entire range of events that may occur during project execution, affect the project objective or increase the project time or cost, the risks need to be grouped. Quantitative methods are employed to rank identified areas of risk, which also serves to establish the key stage of the project by relatively objective criteria. Project participants are then brought together in a brainstorming session aimed at forming a consensus as to what risks are likeliest in which time periods, and their possible effect on project cost and time targets.
Grouping risks will be more important for large projects than small ones. The general consensus in the business world is that if it takes more than ten people to meet and deal with a group of risks, the meeting is probably too large and will be inefficient. As projects become larger, it is necessary to have a series of risk management meetings, whereas in a small project, one meeting might do. To facilitate this, techniques similar to the techniques that were used in the development of the work breakdown structure can be used. Indeed, the WBS itself can be used to organize meetings for risk management.
Responsibility to look for risk should be assigned to the person most closely associated with where the risk will have its largest impact, or to the person who has the most familiarity with the technology of the risk. A risk that takes place during the completion of a particular task and directly affects only that task should be a concern to the person responsible for that task. However, since no task in a project is truly independent of all the others, the assignment of responsibility moves up the organizational ladder to the individual above the person directly or immediately responsible for the task.
Often in projects where risk is of great concern, the project manager creates the position of risk manager. This person is responsible for tracking all risks and maintaining the risk management plan. As projects become larger or tolerance for risk is low, this approach becomes more necessary.
The responsible person who will mitigate and follow up this task should be defined clearly, and his or her name can be place in Table (9.3), at the end of Section 9.5.1 below.