Premium Resources

PRINCE2 Risk Management Procedure

The PRINCE2 recommended risk management procedure comprises the following five steps:

  1. Identify

  2. Assess

  3. Plan

  4. Implement

  5. Communicate

The first four of these steps are sequential and the 'Communicate' step runs in parallel with those four. All of the steps are rooted in it’s nature.

1. Identify Context

The primary goal of the identify context step is to obtain information about the project in order to understand the specific objectives that are at risk and to formulate the risk management strategy for the project. The risk management strategy as if awarded same describes how risk will be managed, the project is created during the initiation stage and then reviewed and possibly updated at the end of each project stage. The project risk management strategy should be based on the corporate risk management policy or on the program's risk management strategy if such documents exist.

Customer Quality Expectations

We will need to look at the needs of the stakeholders involved with the project and the importance complexity and scale of the project would need to review any assumptions that have been made and to look at the organizations own environment.

The tools and techniques for Risk Management Procedure

  • You need to decide what records you are going to keep

  • How you are going to report the risk

  • The timing of risk management activities

  • The roles and responsibilities for the risk management procedure

  • The risks scales that you are going to use for likelihood, impact and proximity

  • Any categorization of risks that you're going to use and possibly the risk breakdown structure to use

  • The risk response categories to use

  • Risk tolerances on whether a risk budget will be established and if so how it will be controlled

Early warning in the case is relevant to the project which will provide advance warning that one or more of the projects objectives could be at risk. These metrics a typical examples of the progress performance data that could be used.

  • You can look at the percentage what packages that are companies to schedule

  • You can look at a percentage of approvals accomplished to schedule

  • The number of issues being raised (per week/ month)

  • The percentage of issues that remain unresolved

  • The average number of days the issues remain unresolved

  • The average number of defects captured in quality inspections

  • The adherence to budget for example the rate of spend behind or a head of planned spend

General risk identification techniques

'Identify risks' recognizes threats and opportunities that may affect the project objectives and risks can be identified using number of techniques PRINCE2 recommends the following actions:

  • Capture the opportunities in the risk register

  • Prepare only warning indicators to monitor critical aspects of the project

  • Provide information on the potential sources of risk

  • Understand the stakeholders view of the specific risks captured

One effective way to identify risks is to use a risk workshop An important aspect of identifying risks is being able to provide a clear and unambiguous expression of each one. A useful way of expressing risk is to consider the following aspects of each risk.

  • The Risk cause: This describes the source of the risk

  • The Risk events: This describes the area of uncertainty in terms of the threat or the opportunity

  • The Risk effect: which basically impacts the risk that would have on the project objectives should the risk materialize

2. Assess Step

Risk assessment is a two step process in the PRINCE2 risk management procedure

  • First we estimate

  • Then we evaluate

The primary goal of the estimate step is to assess threats and opportunities to the project in terms of their probability and their impact. The risk proximity will also be of interest to gauge how quickly the risk is likely to materialize if no action was taken.

Probability Impact

One advantage of using this technique is that the project board can set their risk tolerances. The impact of each threat and opportunity in terms of the project objectives. For example the objectives are measured in time and cost, the impact should also be measured in units of time and cost.

Let's move on from estimate to Evaluate

This enables an assessment to be made of overall severity of the risks facing the project to determine whether the level of risk is within the risk tolerance, set by the project.

Planned Step and Risk Planning

Plan step is to prepare specific management responses to the threats and opportunities identified ideally to remove or reduce the threats and to maximize the opportunities. Attention to the planned step insurers as far as possible of the project is not taken by surprise if the risk materializes. The opportunity responses are exploit in haunts share and reject know that only one response is shared by threats and opportunities. The first thing to be aware of is, exam questions quite often involve knowing which responses are appropriate to threats, which are appropriate to opportunities, and the details of what each of them involves. The threat response can reduce either the probability of the risk happening or impact if it does happen. When we use the fallback response is only intended to reduce the impact not the probability of a happening. The transfer response also reduces the impact and it often only reduces the financial impact. In particular, you need to know that which responses are appropriate for threats opportunities or both.

Let's look first at reduce which is a response to a threat proactive actions taken to either reduce the probability of the event occurring by performing some form of control or reduce the impact of the event which should occur so this is the one which can either reduce the probability or the impact. To reduce the likelihood of users not using a product that is the probability of the risk happening the number of training events is increased.


A transfer is very often associated with some form of insurance. So would transfer a third party takes on responsibility to some of the financial impact of the threats.

3. Risk Planning

Risk responses do not necessarily remove the inherent risk in its entirety, leaving what's called residual risk. In some cases implementing a risk response will reduce or remove other related risks. This in turn may need to second the risks i.e. the risks that may occur up as a result of invoking a risk response. It is advisable to review lessons from previous similar projects when planning risk responses. Consideration should also be given to the affects the possible responses.

4. The implement step

Implement step ensures the planned risk responses are in action and their effectiveness is monitored and correct action is taken where responses do not match expectations. An important part of the implement step is to ensure that there are clear roles and responsibilities allocated to support the project manager in the management of project risks.

5. Communication

Communication is a step that is carried out continually. The communicate step should ensure that information related to the threats and opportunities phrase by the project is communicated both within the project and externally to other stakeholders. Risks are communicated as part of the following management products so each of these involves the communication of information about risk.

  • Checkpoint reports

  • Highlight reports

  • End stage reports

  • End project reports

  • Lessons reports

Care should be taken in using these reports to communicate risks with external stakeholders and reference should be made to the communication management strategy for the most appropriate method. It may well be that some of your external stakeholders that shouldn't be made aware of that particular race because there might be unduly alarmed by it and if you're confident that you can deal effectively with that risk it would be better if you make sure that those people are not made aware of it at an inappropriate time or in an inappropriate way These need to be used in an appropriate way bearing in mind the nature of the information that they can include the use of

  • Bulletins

  • Notice boards

  • Dashboards

  • Discussion threads

  • Briefings

These aspects of communication in particular should be recognized and addressed project risk management to be effective. A project's exposure to risk is never static effective communication is key to identify new risks or changes in existing risks. Effective risk Management depends on participation and in turn participation is dependent on effective communication.

Risk Budgets

A risk budget, is a sum of money included within the project budget and set aside to fund specific management responses to projects threats and opportunities. In order to arrive and a risk budget for the project, a financial approach to risk management is needed.

Who are Risk Managers?

For any organization it’s very necessary to ensure a smooth flow in production process that will help them in achieving their desired results. For this to happen, organizations across the globe use the services of a Risk Manager. Risk Managers carry the responsibility of identifying the threats and potential risks that will or might hinder the production work flow process. One of the primary aim of these managers is to forecast the threats and chart a plan and implement it before the foreseen threats cast their spell on the organization. Though, the roles and responsibilities of a Risk Manager might differ from organization to organization, but some of their primary roles and responsibilities remain constant.

Roles And Responsibilities Involved With Risk Management

  • Assessing potential risks and devising plans and methodologies to root-out risks that will affect the smooth functioning of business.

  • They have to prepare reports pertaining to risks in generalized format, so that it can be understood easily by various audiences, such as business heads, board of directors and other individuals

  • They have the responsibility for purchasing insurance for the organizations, so that the organization is covered against any unforeseen risks. They also have to care of the health and safety concerns of the employees working in the organization

  • Risk managers work along with audits team and also ensure that the organization is in compliance to standards

  • Risk managers also need to train the staff and educate them about the risks that might arise and bring awareness among the staff

Related Topics