Risk management is a discipline of identifying, assessing, mitigating and monitoring risks. Issues management is concerned with identifying, assessing, resolving and monitoring issues. Note the difference – risk mitigation and issue resolution. An issue is a potential problem that needs to be resolved now or as soon as possible in order to prevent negative impact on the project. A risk is a form of issue, which can be avoided or mitigated (by direct action, or indirect action – e.g. insurance). Risk can be expressed qualitatively (descriptive – e.g. emotional stress leading to lower moral and low performance) and quantitatively (measured in numeric term – e.g. loss of profit due to anticipated competitors’ strategic action).
Risk is measured as: (probability or likelihood of an event occurring)*(impact of the event occurring). Risks can be categorized into financial, political, technology, project management, organization, environment and business risks.
- Issues and risks can, and should, be identified at any point in the project life cycle. The project team members should work together to identify risks and act responsibly to mitigate, eliminate or minimize their impact.
- Issues and risks profile and tracking should include: identity (short description), likelihood, impact, date identified, action parties, target resolution date, status monitoring and outcome.
- Issues and risks should be logged for tracking, monitoring and future references, as part of the knowledge base or historical information. They should be part of the project team meeting agenda, not only as and when they occur or an ad-hoc event – being proactive is the key here.