8. Risks. Risk management is a great proactive way to solve potential problems before they occur. Identify risks early in the project and continue to manage risks throughout the project.
Tim Lister is sort of famous for his statement that risk management is how grown-ups manage projects. What does this mean?
Let's consider a major project risk: the delivery team will not be capable of achieving the project outturn performance (performance of the completed project output). We manage this risk by bringing people with the appropriate skills and experience onto the team.
A major risk is that there will be cost and time over-runs. How do we manage those?
Using 'reference class forecasting' we assess the liklihood of failure along the dependency lines of particular work package items. We then time the related activities, with suitable coordination buffers, to allow for risk; so an activity might be timed all going well to take 2 weeks. But we know all does not go well, based on history, so, to achieve a 95% probability of performance, the activity is provided a period of 3 weeks to complete. The project accommodates the 15% at risk in a buffer.
We do not do risk management by sitting in a circle dreaming up risks and allotting them 'probability of occurance and magnitude of damage' to do a sum to produce a 'risk rating'. That's bumbledom. The great icon of risk bumbledom is a 'risk matrix. Cox has dealt with these. Others have also commented.