Risk response monitoring and control is concerned with executing and monitoring the risk response plan to ensure that risk is effectively managed over the course of the project life cycle. As changes occur the basic cycle of identify, analyse and respond is repeated. It is important to understand that even the most thorough and comprehensive analysis cannot identify all risks and probabilities correctly; control and iteration are required. Some of the identified risk events will occur and others will not. The ones that do are actual risk events and the project management team must recognise that one has occurred so that the response developed can be implemented. As project performance is measured and reported, potential risk events not previously identified may surface.
If the risk event was not anticipated, or the effect is greater than expected, the planned response may not be adequate and it will be necessary to repeat the response development process and perhaps the risk analysis processes as well. As anticipated risk events occur or fail to occur, and as risk event effects are evaluated, estimates of probabilities and value, as well as other aspects of the risk management plan, should be updated.
For risk management and the monitoring and control to be successful, the following items must be in place:
- an in-depth study of risk and uncertainty on all projects
- estimates of cost and time that include specific contingency allowances
- proposals for at least reducing the effects of risk and uncertainty
- the adoption of methods for allocating the remaining risks to the various parties in a way that will optimize project performance
- recognition that risk and reward go hand in hand and that the allocation of a risk to a party should be accompanied by motivation for good management
- an open-minded approach to innovative solutions to problems and a special awareness of the problems of overseas owners
- regular and preferably independent review of project proposals and conceptual design to reduce misunderstandings and ensure that the full spectrum of uncertainties is exposed.
During the execution phase of the project, the project manager is constantly been asked to monitor the environment for new problems that may arise. Some of the risk events identified and planned for may never be realised. Others may occur and still others may occur in a hybrid or different manner. A risk review should be included at regular intervals through the project implementation phase.
The main goals to risk monitoring and control:
- To confirm risk responses are implemented as planned
- To determine if risk responses are effective or if new responses are needed
- To determine the validity of the project assumptions and to identify if they are impacting on future project occurrences
- To determine if the project risk exposure has changed, evolved, or declined due to trends in the project progression
- To monitor the project for new risks
- To monitor the risk triggers and / or the risks that are on the project watch-list.
Risk monitoring and control are considered to be continuous activities that occur right throughout the project life cycle.
Once the risk is assessed and a response owner is assigned, it is the role of the project manager to monitor the risk and ensure the response plan is doing what it is supposed to do. Some of the appropriate methods to achieve this is a good workaround plan. Workarounds are unplanned responses to emerging risks that were previously unidentified or accepted. Workarounds must be properly documented and incorporated into the project plan and risk response plan.
These risks can be anticipated, such as the risks on the Risk Register. They can be unanticipated, such as events that “come out of left field.” Contingency reserves are depleted over time, as risks trigger and reserves are spent to handle them. With constraints as above monitoring the level of reserves to assure the level remains adequate to cover remaining project risk, is a necessary task.