Explorer

Content

Manage (Implement)

What is the Manage Stage of the Risk Management Process ?

Schematic Representation of the four stage Iterative Risk Management Process. A textual description of the diagram is shown on the Introduction to the Project Risk Management Process page within this site.

This stage of the iterative process manages risk in accordance with the Risk and Opportunity Management Plan so as to contain risk within reasonable and acceptable limits.

The term ‘Manage’ or ‘Management’ to describe this stage should not be confused with ‘Risk Management’ which refers to the overall Process. Arguably, a better term for this stage is ‘Implement’. The Office of Government Commerce uses ‘Implement’.

Both Threats and Opportunities should be addressed during the Manage stage. Opportunity Management provides further guidance.

What are the Key Activities ?

Document the agreed Risk Management strategy and plan, allocate responsibility for all aspects including the Risk Manager, Risk Owners and Mitigation (Enhancement) Action Owners.
Define the roles and ensure adequate understanding and training for all involved.
Tailor the risk management process to suit project requirements and match the strategy. Implement changes to procedures as lessons learned identify improvements are required.
Implement regular reviews of all risks to maintain the Risk Register and provide information for Risk Reports.
Review the Risk Management process periodically (at least annually).

What are the Key Outputs ?

A clear strategy and process plan for risk management.
Risk reports and briefs tailored to suit the target audience.
Risk archive and up to date Risk Register.
A facility to record and review lessons learned.
Continuous review and improvement of the process.

The activities to be undertaken during this stage include implementation of plans and monitoring, reporting and reviewing progress.

Records of the decisions taken and the reasons for these should be maintained in a complete and logical manner compatible with other project management records. As well as the need to monitor the contractor’s progress through progress reports and review meetings, consideration should be given to changing the Risk Management Plan in light of experience.

Similarly, experimental data gathered or experience gained during this stage might enable further quantitative analysis to be conducted, replacing or enhancing earlier qualitative analysis. This might lead to a revision of some aspect of the planning work. It is possible for some new risks to be identified during this stage and for these to be introduced into the next iteration of Identify and subsequent stages.

Who is responsible for the Manage Stage ?

During the Management stage, the IPTL and the team manage risk in accordance with the plan, monitoring progress, taking decisions at the appropriate time and reviewing or amending the plan when necessary. They manage contractor's progress, reports, review meetings and continuously consider the need for changes to the risk management plan in the light of experience.

The responsibility for the management of risk should be placed as far as practicable on the contractor. He should be required to demonstrate technical achievement to the IPT, for example by meeting contractual milestones which should concentrate on those identified key technical risk areas which should be tested as early as possible in the life of the contract. As an incentive interim payments should be conditional on meeting such milestones.

Best practice shows that real benefits can be gained by undertaking the management of risk as a co-operative process with the contractor and MOD. This should mean using the same database, same reporting systems and discussing at joint meetings.

The role of Risk Manager – strictly Risk Process Manager

This needs to be defined, because the role Risk Manager means different things to different people. Perhaps a better term is Risk (Process) Manager or risk facilitator or risk co-ordinator i.e. the individual who orchestrates the whole risk management process and who may also manage the project's Risk Register and operate the risk management tool.

In some projects this may be part of the role of the team leader but it is more likely to be assigned to a member of the team. The use of an independent Risk Facilitator is another option, however, this is most appropriate in joint risk management systems (i.e. MOD and Industry) where there is a greater need for impartiality. The Risk Facilitator needs to have a broad knowledge encompassing a range of business and technical issues.

The Risk (Process) Manager’s responsibilities may include:

Developing the Risk and Opportunity Management Plan
Facilitating the identification and reduction of project risk
Collecting and collating risk information from project staff and contractors
Processing that information to generate a risk register and populate the risk management data base
Presenting risk management report at risk review meetings
Summarising the outcome of the project risk management activities and recording lessons learned.

The key fact to be borne in mind is that the Risk (Process) Manager is usually totally reliant on others for the management of individual risks.

The Risk (Process) Manager is different from the Risk Owner

The Risk (Process) Manager whose function is described above must not be confused with the Risk Owner. Ownership of a risk is assigned to the person best able to manage the risk. This is an output of the Analysis stage.

Change History

1 October 2009: Updated to include the term ‘Implement’.