Skip to content
contact us | home | accessibility


Google Custom Search
good practice and innovation
about us infoKits Tools & Techniques Publications Events
You are here: Home » infoKits » Risk Management » Risk Monitoring and Control

Related Workshops >>

Risk Monitoring and Control


JISC infoNet's Risk Management model - step 5

Of course the best risk planning in the world isn't any use unless you have a clear picture of how the situation in your project is developing in reality. You need to keep track of the identified risks, monitor the effectiveness of your risk responses and identify new or changed risks. This means having effective reporting mechanisms in place and ensuring that risk is covered in all key reports and reviews. Most of the key issues are covered in the section on Managing Project Phases in the Project Management infoKit.

You need to be on the look out for the early warning signs or 'triggers' you identified. The classic project risk trigger scenario is of course your most casual employee coming to work in a suit and asking for the afternoon off...

Effective monitoring and control also involves creating the right conditions for openness and transparency in the project. If you have a tendency to 'shoot the messenger' then people will try to hide problems until the last possible minute by which time your range of response options may have narrowed.

A key role of the project managers is also to communicate risk to the stakeholders. Senior managers hate surprises so you need to keep reminding them 'These are the top 5 risks we are facing at the moment...' so that when one of the risks occurs they are prepared for it.

When a risk does occur - as it will - then, in the words of the Hitchhikers' Guide to the Galaxy, 'Don't Panic!' Implement your planned response and communicate the fact that the risk was anticipated and plans were in place. Those of us who dislike documentation be warned - the details in your Risk Log may be of critical importance if you are called to account for your assessment of, or response to, the risk. This should have been reviewed by your Steering Group or equivalent so you are able to say 'This is what we agreed.'

On the upside your review may reveal risks whose time has been and gone without them ever occurring. In these cases you may be able to hand back contingency funds to the institution.

Business Case

At various points in this infoKit we have returned to the business case behind the project. Risk analysis and management is an important part of assessing whether the business case for a project really stacks up. Your risk identification may show more serious risks than had been anticipated - this means the business case must be reviewed. The emotional or subjective element in decision-making comes to the fore here. As a project manager you may be pushing your institution to undertake a risky project because otherwise you won't have a job. Conversely the institution may be so risk averse that it is missing opportunities.

Your analysis of acceptable and unacceptable risks may reveal one or more potential 'show stoppers' in the unacceptable risks. In this situation the project shouldn't go ahead until the risk has been addressed.

You may also need to review the business case in the event of a lot of risks being realised. Say you have assumed that 1 in 5 of the identified risks will occur but in practice most of them are happening - maybe external factors have changed and the business case doesn't stack up any more. You mustn't lose sight of the bigger picture.
Bookmark and Share
Link to the JISC Website

© 2012 Northumbria University, on behalf of JISC Advance
JISC infoNet is a JISC Advance service
This website is powered by Plone

Creative Commons

 JISC Advance logo
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)