ISO 21502:2020 Clause 7.8.5 Controlling risk

Project Management 7 Minutes

Controlling risks should involve ensuring that responses to negative risks minimize disruption to the project while responses to positive risks maximize beneficial impact, by determining if the risk responses are undertaken and whether they have the desired effect. In controlling risk, management information can be reviewed, including the relative priority of risks, progress data, project plans, change requests and corrective actions. Tracking the development of risk, as well as tracking the effectiveness of the risk treatment, should be part of controlling risks.

In risk management, controlling risk involves implementing measures to monitor, track, and respond to risks throughout the project lifecycle. The goal is to ensure that risks are effectively managed and that their potential impacts on project objectives are minimized. Here are key steps in controlling risk:

  1. Risk Monitoring: Continuously monitor identified risks and their associated parameters such as probability, impact, status, and trends. This involves tracking changes in risk conditions, assessing their potential impact on project objectives, and identifying emerging risks or new risk events.
  2. Risk Tracking: Maintain a comprehensive record of all identified risks, including their descriptions, assessments, ownership, status, and planned responses. This allows project teams to systematically track the progress of risk treatment measures, monitor changes in risk status, and evaluate the effectiveness of risk management efforts over time.
  3. Risk Reporting: Regularly communicate risk information to stakeholders, project teams, and relevant decision-makers. This includes providing updates on the status of identified risks, highlighting significant changes or developments, and reporting on the effectiveness of risk treatment measures. Clear and timely risk reporting helps ensure transparency, accountability, and informed decision-making.
  4. Risk Response Execution: Implement planned risk response strategies and actions to address identified risks. This involves executing preventive, mitigative, or contingency measures as appropriate, in accordance with the project risk management plan. Effective risk response execution requires coordination, collaboration, and timely action to minimize the likelihood and impact of adverse risk events.
  5. Risk Reviews and Audits: Conduct periodic reviews and audits of the project’s risk management processes and practices. This involves evaluating the effectiveness of risk identification, assessment, treatment, and control activities, as well as assessing compliance with relevant policies, standards, and regulations. Risk reviews and audits help identify areas for improvement and ensure that risk management remains aligned with project objectives and organizational goals.
  6. Lessons Learned: Capture and document lessons learned from risk management activities throughout the project lifecycle. This includes identifying successes, challenges, best practices, and opportunities for improvement in managing risks. Lessons learned can inform future projects, enhance organizational knowledge and capabilities, and contribute to continuous improvement in risk management practices.
  7. Adaptation and Response Planning: Continuously adapt risk management strategies and plans in response to changing project conditions, emerging risks, or lessons learned. This involves revising risk assessments, updating risk registers, and refining risk treatment measures as needed to address evolving circumstances. Proactive adaptation ensures that risk management remains effective and relevant throughout the project lifecycle.

By implementing these control measures, project organizations can effectively manage risks, minimize their potential impacts, and increase the likelihood of project success. Control of risks is an ongoing process that requires vigilance, proactive management, and a commitment to continuous improvement in risk management practices.

Controlling risks should involve ensuring that responses to negative risks minimize disruption to the project while responses to positive risks maximize beneficial impact, by determining if the risk responses are undertaken and whether they have the desired effect.

Controlling risks involves ensuring that responses to both negative (threats) and positive (opportunities) risks are executed effectively to minimize disruption and maximize beneficial impact on the project. Here’s how these principles are applied in risk control:

  1. Minimizing Disruption to the Project (Negative Risks):
    • Responses to negative risks should aim to mitigate or eliminate the potential adverse impacts on the project objectives while minimizing disruption to project activities.
    • Risk response strategies should be carefully designed and implemented to address threats in a timely and efficient manner, without causing unnecessary delays or resource constraints.
    • Project teams should assess the potential consequences of risk responses and prioritize actions that minimize negative impacts on project scope, schedule, budget, and quality.
  2. Maximizing Beneficial Impact (Positive Risks):
    • Responses to positive risks should aim to exploit opportunities and maximize their beneficial impact on project objectives, outcomes, and performance.
    • Project teams should proactively identify and capitalize on opportunities to enhance project value, achieve additional benefits, or gain competitive advantages.
    • Risk response strategies for positive risks may involve allocating resources, adjusting project plans, or implementing innovative solutions to fully exploit the potential benefits of identified opportunities.
  3. Determining Effectiveness of Risk Responses:
    • Controlling risks involves evaluating the effectiveness of risk responses to determine whether they have the desired effect on mitigating threats or exploiting opportunities.
    • Project teams should monitor the implementation and outcomes of risk responses, assess their impact on risk likelihood and impact, and adjust strategies as necessary to achieve the desired results.
    • Regular review and analysis of risk response performance help project teams identify areas for improvement, refine response plans, and optimize risk management practices to enhance project resilience and success.

By focusing on minimizing disruption to the project from negative risks and maximizing beneficial impact from positive risks, project teams can optimize risk control efforts to achieve project objectives effectively. Continuous monitoring, evaluation, and adjustment of risk responses ensure that risks are managed proactively and that project outcomes are optimized within the constraints of the project environment.

In controlling risk, management information can be reviewed, including the relative priority of risks, progress data, project plans, change requests and corrective actions.

Reviewing management information is essential in controlling risk effectively. Here’s how various types of information can be reviewed to support risk control:

  1. Relative Priority of Risks: Regularly review the relative priority of identified risks to ensure that attention and resources are allocated appropriately. This involves reassessing risk likelihood, impact, and overall significance about project objectives and constraints. By prioritizing risks, project teams can focus their efforts on addressing the most critical threats and opportunities first.
  2. Progress Data: Review progress data related to risk management activities, such as the status of risk response implementation, changes in risk likelihood or impact, and trends in risk performance over time. Monitoring progress data helps project teams track the effectiveness of risk control measures, identify areas of improvement, and take corrective actions as needed to maintain project resilience.
  3. Project Plans: Assess project plans, including risk management plans, to ensure that risk responses are aligned with project objectives, timelines, and resource allocations. Reviewing project plans helps project teams identify any discrepancies or gaps in risk management activities and make adjustments to ensure that risks are effectively controlled throughout the project lifecycle.
  4. Change Requests: Evaluate change requests and their potential impact on project risks. Changes to project scope, schedule, resources, or other parameters can introduce new risks or modify existing ones. Reviewing change requests in the context of risk management allows project teams to assess the implications of proposed changes on project risk exposure and make informed decisions about their approval or rejection.
  5. Corrective Actions: Review corrective actions taken in response to identified risks or risk-related issues. This involves assessing the effectiveness of corrective measures in addressing root causes, preventing recurrence, and improving overall risk management practices. Reviewing corrective actions helps project teams identify systemic issues, reinforce best practices, and enhance the organization’s risk management capabilities.

By reviewing management information related to risk management, project teams can gain valuable insights into the current status of risks, assess the effectiveness of risk control measures, and make informed decisions to optimize risk management efforts. Regular monitoring and evaluation of management information support proactive risk control, improve project outcomes, and increase project success.

Tracking the development of risk, as well as tracking the effectiveness of the risk treatment, should be part of controlling risks.

Tracking the development of risks and monitoring the effectiveness of risk treatments are essential components of controlling risks effectively. Here’s why these aspects are crucial:

  1. Tracking Risk Development:
    • Risks are dynamic and can evolve throughout the project lifecycle due to changing circumstances, emerging issues, or unforeseen events. It’s essential to track the development of risks to ensure that their likelihood, impact, and overall significance remain up-to-date.
    • By tracking risk development, project teams can identify shifts in risk conditions, assess the effectiveness of existing risk treatments, and anticipate potential changes in project risk exposure. This proactive approach allows teams to take timely actions to address evolving risks and maintain project resilience.
  2. Monitoring Risk Treatment Effectiveness:
    • Effectively managing risks requires implementing appropriate risk treatment measures and monitoring their effectiveness over time. It’s essential to track the outcomes of risk treatments to determine whether they have successfully mitigated threats or exploited opportunities as intended.
    • Monitoring the effectiveness of risk treatments involves assessing whether implemented actions have resulted in the desired outcomes, such as reducing risk likelihood or impact, achieving project objectives, or maximizing project benefits. This helps project teams identify successful strategies, adjust ineffective measures, and continuously improve risk management practices.
  3. Data Collection and Analysis:
    • Controlling risks involves collecting relevant data on risk development and treatment effectiveness, such as progress updates, performance metrics, feedback from stakeholders, and lessons learned. This data provides valuable insights into the current state of risks and the outcomes of risk management efforts.
    • By analyzing collected data, project teams can identify trends, patterns, and correlations related to risk evolution and treatment effectiveness. This enables informed decision-making, proactive risk mitigation, and optimising risk management strategies to enhance project success.
  4. Communication and Reporting:
    • Tracking risk development and treatment effectiveness requires effective communication and reporting mechanisms to ensure that relevant stakeholders are informed and engaged. Regular updates on risk status, treatment progress, and outcomes facilitate transparency, collaboration, and alignment among project teams and stakeholders.
    • Clear and timely communication helps maintain awareness of evolving risks, promotes accountability for risk management responsibilities, and fosters a shared understanding of the project’s risk landscape. This enables proactive risk control and enhances the organization’s ability to respond effectively to changing risk conditions.

By integrating tracking mechanisms for risk development and treatment effectiveness into the risk management process, project teams can enhance their ability to identify, assess, and respond to risks in a timely and proactive manner. This proactive approach strengthens project resilience, minimizes disruptions, and increases the likelihood of project success.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a ReplyCancel reply