These days, nearly every smartphone comes with a weather app as a standard feature. And if you search an app store, you'll find hundreds of weather apps, apps that tell you about the weather in a variety of ways. These weather apps are a great example of risk monitoring because weather is a source of risk. The weather can affect what we do, how we do it, what we wear, and even our health and safety. In fact, emergency services monitor weather conditions and use the information to evacuate communities at risk from floods and fires.
So let's think about this for a minute. The business conditions and environment that an organization operates in are very much like the weather, subject to regular and unpredictable changes. After an organization has identified and assessed its risks, it needs to continually monitor them and assess the impact of change on the level of risk. Risk monitoring is about keeping risks at the forefront of our minds and periodically asking ourselves the following questions:
- Is the risk still relevant?
- Has the level of risk increased or decreased?
- Are there new and emerging risks that we need to assess?
- Has our control environment changed?
- Has there been a significant change to people or processes who manage the risks?
- Have there been any new incidents or issues identified that can give rise to risks?
- Is our risk management framework and reporting still adequate?
And most importantly, ask yourself, where have we successfully managed risk, realized opportunities, and want to take more risk? So next time you check the weather, take a minute to think about the risks in your organization.
Firstly, when we monitor risks, we evaluate previously identified risks. We assess whether the risk triggers have occurred, if the reserves are adequate, and if the risk owners are performing as expected. We also consider replacing risk owners if necessary. Furthermore, we scrutinize if we are achieving the expected outcomes.
We must also keep an eye on new risks that may emerge, such as emerging, secondary, or residual risks. These risks may surface later in the project and require our attention during risk responses implementation.
Another vital aspect is evaluating the effectiveness of our risk management processes. We assess if the appropriate stakeholders are engaged, if the processes align with enterprise risk management policies, and if they are both economical and effective in mitigating risks.
Moreover, we monitor the enterprise impact of our projects, including risk exposure and its potential impact on the organization. This entails observing trends and overall risk exposure to communicate effectively with management.
During monitoring, we conduct risk reassessments or risk audits. Risk reviews are typically done in weekly team meetings, where we assess threats and opportunities, potentially closing irrelevant risks. On the other hand, risk audits involve an audit team evaluating the project's risk management strengths, weaknesses, barriers, and lessons learned.
Additionally, we monitor individual risks and overall project risk status, comparing actual progress with baselines for schedule, scope, and budget. Any significant variances or negative trends require clear communication.
In wrapping up the monitoring of risks, effective communication remains crucial. We must communicate risks to appropriate stakeholders through various means such as risk reports or presentations to boards or steering committees periodically.
Overall, monitoring risks involves a comprehensive evaluation of identified risks, new risks, process effectiveness, enterprise impact, and effective communication to ensure successful risk management.
Comments:
1- student: It's always best to be on the alert if it's about risk. The project manager usually assigns these responsibilities to the risk owner, but the primary responsibility for the risk is always the project manager. So how can you master the risks in this detail? Of course, by running the monitor risks process well.