Please login or join to subscribe to this thread
You can close the risk of loosing in gambling if you never go to casino.
Once you chose the strategy for a risk, it still has to be monitored, as probability or impact might change and you might want to change the strategy.
This is causing the management/sponsor to worry seeing too many open risks.
The risk register is a living document where you keep monitoring risks, recalculating their probability vs impact, adding new risks and so on. During your assessment, if the probability of a risk occurring becomes zero, then you close off this risk but if the probability becomes lower but still there, you put it on a watch list, and so on.
Hope this helps.
An identified risk should only be closed if there is certainty that its probability of occurrence is 0. Even if a risk is realized, unless there is no likelihood of it being realized again, we should keep it open.
Once identified risk are categorized/classified or prioritized based on the consideration of probability and impact - usually referred to as 'exposure'. High exposure, high priority, etc. I don't like to think in terms of zero exposue as there are no absolutes in the risk world.
Many risk exposures change as the project evolves, some get greater - some less. When there is significant change one should revisit the analysis and consider adjusting the mitigation measures and even risk allowance to reflect the true exposure. Someimes the probanility changes, sometimes the impact - only re-analysis will provide the correct response.
Even when risk exposure is in the tolerable range it should not be eliminated from the risk register - it may change again.
I am in line with @Kiron. When you record a risk you have to stated dates. The date will give you the opportunity to decide if a risk has to be closed or not. Because of that, to have all risk closed is a must to close a project/program.
agree with the closing when probability is 0 and cannot change.
Regarding closing all risks at project end, I do not think so. Have seen risks being carried over to operations. They are no longer project risks literally, but may have the same impact on the product and probability.
What is your risk response and when is it executed? Take the four risk response strategies into consideration. If your response is to accept the risk and wait until the risk becomes an issue and then address it, you close it when the issue is resolved.
I'm not going to go through all four strategies, but I generally close a risk when there is zero probability of it happening, whether due to direct action being taken or other circumstances, or the impact is so low that we wouldn't even need to blink if the risk was realized. The latter may also be due to direct action - sometimes you can only reduce, not eliminate, probability and impact.
When the possibility of the risk is 0.
Please login or join to reply