PRINCE2 approach to risk is based on the OTC. It is a publication management of risk guidance for practitioners 2007. First of all understand the context in which the project operates.
Involve stakeholders in risk management
Establish clear project objectives so that we can have a clear idea of how risk may affect those objectives
Develop the risk management approach for the project
Report on risks regularly
Clearly define the roles and responsibilities so for example make it clear who is the owner of each risk who is responsible for dealing with it
Establish a support structure and a supportive culture for risk management
Monitor for early warning indicators for potential risks
Establish a review cycle and look for continual improvement on a few things to deal with, but they should all be built into your risk management approach
Practical Aspects of Risk Management in projects
First identify whether there are any corporate or program policy process which are need to be applied. This might include things such as the corporate attitude towards risk taking, risk tolerances, procedures for escalation and defined roles and responsibilities when dealing with risk. That may also be a risk management process guide which would describe the steps and associated activities needed to implement risk management. One very important aspect of all of this is the significance of an organization risk appetite which will give a good idea of an organization attitude towards risk taking and it may in turn dictate how much risk is acceptable. The project approach to risk management will be determined by the programs risk management strategy and the project may be able to inherit that as its own risk management strategy that's just adapting it for anything that is specific to the project.
So PRINCE2 recommends that every project should have:
Its own risk management strategy which may have been inherited.
A means of controlling risk and this is done to fire the projects risk register
In any Organization, before we actually do any risk management in a project we develop the risk management strategy. The purpose of the risk management strategy is to describe how risk management will be embedded in the project management activities. The risk management strategy should include a statement of the project boards attitude to risk, this dictates the amount of risk that is considered acceptable and this is specified in the form of a set of risk tolerances exceeding one of the risk tolerances will trigger an exception report. Projects are not permitted to introduce any change to the support systems during this period. Therefore, any risks in the risk register that mean the support system would change in this peak trading window would need to be escalated to the project board. The product description outlined for risk management strategy a breed of that purpose, composition, derivation, format and presentation and quality criteria. The purpose of the risk register is to capture and maintain information on all of the identified three acts and opportunities relating to the project. Each risk on the risk register allocates a unique identifier as well as details that include:
Who raise the risk
When it was raised
The category of risk
The description of the risks
Projects support will typically maintain the risk register on behalf of the project manager. The risk management strategy will describe the procedure for registering risks and it generally maintains the risk register.