Risk is an event that if it occurs, adversely affects the ability of a project to achieve its outcome objects. Risk managements are the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level.
Step 1: Risk Identification
Risk identification is the critical first step of the risk management process. Its
objective is the early and continuous identification of risks, including those within and external to the engineering system project.
Step 2: Risk Impact or Consequence Assessment
In this step, an assessment is made of the impact each risk event could have on the engineering system project. Typically, this includes how the event could impact cost, schedule, or technical performance objectives. Impacts are not limited to only these criteria. Additional criteria such as political or economic consequences may also require consideration. In addition, an assessment is made of the probability (chance) each risk event will occur.
Step 3: Risk Prioritization
At this step, the overall set of identified risk events, their impact assessments, and their occurrence probabilities are “processed” to derive a most critical to least critical rank-order of identified risks. A major purpose for prioritizing risks is to form a basis for allocating critical resources.
Step 4: Risk Mitigation Planning
This step involves the development of mitigation plans designed to manage,
eliminate, or reduce risk to an acceptable level. Once a plan is implemented, it is continually monitored to assess its efficacy with the intent to revise the course of action, if needed.
Step 5: Evaluate/rank Potential Impact
Businesses then need to evaluate and rank the risk according to its potential impact, which should be determined by combining the possibility of likelihood and the consequence or effect it will have on the business. A decision then needs to be made about whether the risk is acceptable, or whether it is serious enough to warrant treatment.