Risk management

It is becoming increasingly recognised that the effect of uncertainty should be considered in everything we do and that people and organisations should be aware of the risks they face.

Failure to do so is viewed, at best, as inadequacy and at worst bad practice. Risk management is a collection of techniques and methodologies to help identify the uncertainties (whether threats or opportunities) that could impact on business, programme or project objectives. The intended outcome of risk management is to increase benefits from opportunities or to mitigate or eliminate negative impacts from threats.

Risk is an inherent part of progress and that we are not always seeking to eliminate risk but to control and manage it. Furthermore, risk can have multiple impacts. People commonly think of an increase in cost or perhaps time but quality, security and reputation are all relevant and can all be measured, and, importantly, managed.

Risks should be identified, analysed, managed and reviewed through all phases of a programme or project and in all areas. Projects, particularly mega-projects have become more common and more complicated over the last 20 years and have increased the need to understand that complexity and the uncertainty that sits around it. 

The standard approach today is to quantify risk and to try to understand the impact that uncertainty plays in complex projects on cost and time. This has driven the industry to focus on quantification that, while useful, is not the only output from a well-run, robust risk management approach. The trend is to combine analysis and management, but large risk registers do not make for good risk models, or useful forecasting tools.

Risk management has developed into a global industry and has reached into every area of enterprise and has developed techniques and methodologies to fit most situations. There is a lot of research and expertise in the market that can be tapped into to inform most scenarios but the basic problem, and solution remains essentially the same. The law of diminishing returns definitely applies to risk management so always be mindful that more is not necessarily best. Consider the following tips:

  1. Apply the basics well, the most benefit will be from identifying, assessing and attempting to mitigate the risk, even in the simplest terms.
  2. Always apply clarity, consistency and simplicity.
  3. Bear in mind the task is to make a complex concept like ‘risk’ easy to understand so don’t over complicate – turn any complicated analysis into simple conclusions.
  4. Take the time to communicate – any efforts will be wasted if the target audience do not understand the threats and, more importantly, how to act on them.
  5. Measure success by the activity that is set in motion.
  6. Finally, be resilient, risk management is not always considered as helpful.

This section is maintained by Russell Newman of Mace Ltd.

Related content

RICS standards and guidance: Management of risk

Document template: Risk management process

Document template: Risk management reponsibilities