Risk analysis is a technique and process that involves identifying and collecting relevant factors, assess factors, and synthesizing those factors to develop an understanding of relevant risks for the project or organizational activity. The risks can be both in positive and negative terms — so any threat (damaging) or any unidentified opportunity (positive) can be called risk.
Risk management is concerned about — what may go wrong or right. It also involves the relevant pathway to counteract the organization’s risks to ensure activity or venture success.
So, in simple terms, it involves identifying assets and threats, prioritizing risks, and identifying appropriate measures and processes to attain success.
The purpose is to identify all sorts of uncertainties that may have an impact on the initiative. As a part of Business Analysis Solution Knowledge, managers need to consider risk analysis as a tool to incorporate. [Business Analyst Learning]
There are two categories to deal with:
a) qualitative risk analysis: prioritize risks by assessing & combining the probability of occurrence and impact of the risks,
b) quantitative risk analysis: numerically analyzes the overall effect of identified risks on the venture or activity.
Risks analysis involves the following steps:
Risk response strategy
An essential part of the risk analysis is the risk response strategy.
For negative risks, Analysts and Project Managers determine any of the following four options:
- Transfer: the responsibility of bearing the risk is transferred to a separate authority,
- Avoidance: avoid specific activity or particular risk-related event to prevent that risk,
- Mitigation: organization takes specific actions to minimize the chance of risk occurrence and
- Acceptance: accepting the risk as there is no other way to avoid it.
For positive risk, the responses are any of the following:
- Acceptance: choose to accept the positive risk,
- Exploit: organization identifies and takes specific actions to maximize the impact from positive risk,
- Enhance: organization takes steps to strengthen the probability of the risk so that it can happen and
- Share: organization connects with other entities to increase the chance of positive risk occurrence and mutually benefit. [Business Analyst Learning]
There are various types of frameworks and templates to do the risk assessment, such as uniform numerical scale, objective evaluation criteria, calibrated assessment criteria, link risk assessment, etc. [Logic Manager]
Business Analysts and project managers are in the best position to determine which framework to adopt. Every manager should consider “Risk Analysis” as a part of their BA technique — which can increase the chance of success for the venture tremendously.
Let’s talk about some of the common questions by criticizing “Risk Analysis.”
What areas are not covered by risk analysis as part of solution knowledge but effectively covered by other available tools?
Risk analysis doesn’t cover the entire solution scope; rather, it gives the knowledge about approaching the solution and in what areas. Risk analysis is a lack in terms of the development of the solution itself.
Risk analysis identifies the overall risks for getting the project into its targeted mission, and it also suggests the approach to take in dealing with the risks.
As a stand-alone tool, risk analysis might not provide a solution to project managers and business analysts. But using it with other decision-making tools (based on the organization) can significantly assist in strategy making.
So, what sort of tools can be used in place of risk analysis?
Prototyping, KPI, decision matrix, and decision tree are standard tools to use in the decision-making process.
For example, using prototyping with risk analysis might help, as risk analysis will help determine the issues/risks. The approach to take & prototyping will allow us to encompass factors to build up the solution.
Using a decision tree helps us enlist all possible options with possible outcomes of a particular value, making the final strategy. However, it depends on the organization on what tools to use with risk analysis and how it will deal with the identified outcomes.
In which cases, Risk Analysis is essential and can perform better?
Risk analysis is essential for every business and every project. Without the risk analysis, the extent of uncertainty might not be identified, and it might cause issues for the project and increase the probability of failure.
Organizations have to perform Risk Analysis to properly outline the possible risks and deal with those identified risks efficiently.
Many projects or business ventures have been closed because they didn’t have their risk analysis or couldn’t do proper justification to risk analysis and failed.
What are the potential risks that are uncovered (not-listed / ignored) during the project?
Worth mentioning are less executive support for the project, staff turnover problem, schedule flaws, etc. There should be a possible risk response strategy with the lists, which will guide us to approach those risks.
However, those listed risks can vary from organization to organization, and the risk response strategy might change due to that factor.
Who are the responsible people to do the analysis effectively for the project (large/ small) in an organization?
Risk analysis must be performed by the project management team or Business Analyst with the stakeholders’ opinions or views for any project or business venture. The project manager and his/her team and relevant stakeholders mainly identify the risks for the venture and draw the solution approach for each of the listed threats. They have to look at the responsibility in terms of internal expert analysts and external expert analysts for risk analysis.
To evaluate and identify potential risks and related strategies inside the organization, the organization mostly depends on internal experts. However, for determining the external risks, organizations sometimes hire expert risk analysts/firms.
If an organization wants to view without bias, they might employ external experts to do the organization’s internal risk analysis. External experts/research firms have years of expertise, who might do it in advance for the company.
The negative sides are confidentiality issues and organization process issues, for which — organizations do not want to include outside experts for this analysis. The project management team or business analyst should coordinate with the outside expert to provide a dependable analysis guideline and evaluate, question, and finalize the risk assessment.
The project manager or Business Analyst will finally approve the risk register list based on the priority, probability, and impact of the project’s risks.
However, before finalizing the risk register and risk approach, the Project Manager or Business Analyst should consult with the relevant stakeholders (high priority managers, project sponsor, etc.) to onboard them with their strategy. Other than the project management team or business analyst or focus group people, no other people should analyze.
The responsibility of communication lies in the project manager or Business analyst, like onboarding and communicating to the appropriate persons at the right time is important. Failure to do so will result following: all the risks might not be listed, stakeholders might not have bought on the risks identified, communication gap, incomplete solution package, and approach, lastly, high probability of project failure.
So, conduct the analysis for a project or business process analysis so that all the related aspects can be analyzed and taken into consideration to formulate a strategy and proper execution plan for the project.
Risk Analysis is a great tool under solution knowledge, so it should be effectively used for the success of the project. And, formulating the right way of conducting is critical too.
References (Work cited lists)
- Business Analyst learning; Article — “Risk Analysis techniques”; Publication: April 20, 2014. Source: Website
- Workfront; Marcus Verner; Article — “Risky Business — five steps to Project Risk Management”; Publication: January 1, 2014. Source: Website
- Logic Manager; Article — “Risk Management Best Practices”; last updated on 2015; Source: Website
- Author’s WordPress account: https://suntonu1900.wordpress.com/