The need to manage risk

It is maybe not surprising that when people think about spending their money, on a house, or a car, they often think of the upsides and best-case scenario first. But if they are wise, they also take a pretty good look at the downsides, or worst case. Some people even insure their homes and cars in case something does go wrong.

The experience from past Daphne projects shows that very few projects had planned for any down sides, or worst cases at all, and even fewer successfully worked to insure their project against failure. What projects need to do is to take necessary steps (after they prepare their application in which it is necessary to at least mention some risk but even there almost never any mention of steps to manage those risks) towards developing a risk management plan entailing the identification of risks to the project and its outcomes, the detailing of risk mitigation measures AND actions to be taken in the event of a risk being realised.

A risk management plan should be critical for all projects and this again should be something realised by projects during their inception phase. It is not science, but it takes some discipline, and some mental activity. It is not a difficult process: it simply takes one or two brainstorming sessions for each project team to realise the core of a risk management plan. We recommend that no project should go forward without a risk management plan that clearly elaborates the risks to the success of the project. Far from being only something you do to satisfy EC demands, it is both for the good of the project that you better prepare for various possible failures.

One of the most important reasons for each new project to understand about risk management is that it is truly in its interests to be prepared to manage problems because when they arise, which they surely will, the EC is not in a position to simply allow wholesale revisions of budget or plans to accommodate the failure of a project coordinator to plan adequately and manage risk adequately. Every project carries risks, some more than others, and as it is the role of project managers to manage those risks.

Many people do not actually understand the very basic concept of risks: these are quite simply all of the possible ways in which your project could fail somehow – from simple delays, to changes of staff, to the loss of a partner, to embezzlement by a partner. Let us briefly look at some of the main risk areas that might befall projects, all of which have materialised in projects we have visited, and for which no risks were planned:

• Management (changes in personnel, excessive workload);
• Partnerships (non-performing partners, loss of partner, communication problems, competency levels). As an example, it is quite incredible when you see a two-party project (one in each of two countries) that they do not see that there is a risk in the withdrawal of one partner reducing the project to a single-party, single-country activity.;
• Funding (shortfall in necessary funding, non-availability of anticipated co-financing, poorly planned budget leading to squeezes/excesses);
• Methodological (no access to informants, data gaps);
• Timetable (delays leading to, for example, school holiday issues).

But how we recommend that you manage risk? Every project should develop a Risk Register (PDF File 66 KB) which records details of all the risks identified at the beginning and during the life of the project, their grading in terms of likelihood of occurring and seriousness of impact on the project, initial plans for mitigating each high level risk and subsequent results.

It usually includes:

• a unique identifier for each risk;
• a description of each risk and how it will affect the project;
• an assessment of the likelihood it will occur and the possible seriousness/impact if it does occur (low, medium, high);
• a grading of each risk according to a risk assessment table (refer to Table 1);
• who is responsible for managing the risk;
• an outline of proposed mitigation actions (preventative and contingency); and
• in larger projects, costings for each mitigation strategy.

This document should be maintained throughout the project and will change regularly as existing risks are re-graded in the light of the effectiveness of the mitigation strategy, and new risks are identified. In smaller projects, the Risk Register is often used as the Risk Management Plan.