September 28 & 29, 2020 | Virtual
Please login or join to subscribe to this thread
Any reply in this regard is highly appreciated. Thank you.
The status has to be defined by you according your risk management process.
You raise an interesting question. I'm not sure there's a complete answer. It would depend upon your project environment, industry and of course EEF and OPA.
I can recall a few from past projects -- I don't have the templates here in front of me, but here are some words we used. I'm certain over the next few days more will come back to me. But when "human health or safety" shows up, it is immediately the highest priority.
Work in Progress
Closed / Resolved
Combined (two or more)
Interdependencies with others
Human health or safety
To be honest, Ganesh, I probably would not think of a risk as being open or resolved. These make sense for issues or action items.
Let's work through the life cycle of a risk
1. The risk is identified
2. The risk is assessed. You may want to have different statuses for qualitative and quantitative assessments.
3. The risk is controlled. You may want to identify all the control actions taken: avoidance, mitigation, transfer, acceptance
4. The risk is triggered. From that point, you are in contingency mode. Once resolved, the risk goes back to controlled.
6. The risk is closed. Some risks are never closed, for example, hazards.
I have sometimes seen one additional status to add to Stephane's list, that being "imminent". This would be a warning that a certain risk has a high probability of being triggered, and that the strategy(ies) for that risk should be re-examined and implemented as appropriate.
To add to the above, they can change from project to project. I use the following statuses on my risk registers these days:
New risk/ Not assessed
No change to rank since last visit
Decreased rank since last visit
Increased rank since last visit
I included "open" and "closed" because remember -- risks may have a positive effect as well as a negative one. For example, once in our company we were working on a firmware upgrade for a customer's device. While in the depth of the code, we realized we could make dramatic performance improvements in the system that were not in our scope of work. We saw this a positive risk. It would help our cash flow and ROI for this customer. So, we put together a bid and explained it them. They funded us to proceed with the additional work. Once that work was completed, the risk was closed.
Project risk = Uncertainty. Windows of uncertainty open and close.
Well, of course in your very own risk mgmt process, you could define whatever you want.
But if you follow standards/best practices (not to say PMBoK Guide; ...) than i would be more on Stephane's side of view.
In our irsk mgmt process, we use actually the following status descritpions for risks:
Identified - a risk that has been identified, but has not yet been analyzed / assessed yet
Assessed - an identified risk which currently has no risk response plan
Planned - An identified risk with a risk response plan.
In-Process - A risk where the risk response is being executed
Closed - A risk that occurred and is transfered to an issue or the risk was solved/avioded
Not occurred - A risk that was identified but that did not occur
Rejected - Created and kept for tracking pruposes but considered not to be used yet
Dear Markus, Dave, Ayat , John, Stephane, Sergio, Thanks a lot for your kind reply.Very useful.
I have two Risk status here called "Controlled" and "Closed", still to explore whats the exact difference, if any got idea about the same pls share.
like we defined "Closed" in our process, i have already mention above.
I have no glue what i sment by "controlled" in this context, may be it is ment the same like "in-process" within our process.
What does the process documentation says about?
Please login or join to reply