Purpose

Risk assessment forms are used to capture outputs from the risk management process so that key stakeholders are aware of both risks identified and the evaluations thereof. Some risk assessment forms are built with risk mitigation information as well, so as to track the responses and the outcomes of those responses. The risk assessment form is a component of a comprehensive risk archive. They may stand alone or be a component of a project status report.

Application

Risk assessment forms are evolutionary documents, created at the beginning of the project, as individual risks are identified and then tracked through qualification and quantification. Risk assessment forms are used primarily to address the three steps of the risk process as outlined in the Guide to the Project Management Body of Knowledge: risk identification, risk qualification, and risk quantification [1]. The forms ensure that all identified risks are visible and that there is a consistent understanding as to the level of exposure that those risks create.

Content

A risk assessment form will include the name and nature of the risk and any associated historical information. It should describe the risk event in depth and in sufficient detail that the exposure created by the risk can be readily understood by anyone who understands the nature of the project. The risk event should be stated as a complete sentence and should be expressed in terms of the causal factors, the event that may occur, and the impact of that event should it actually come to pass. In addition to the risk description, relative levels of probability and impact should also be included. Probability may be expressed either as a quantitative (percentage) value or as a value relative to other risks on the project (high, medium, low). Impact should be addressed based on the nature of the impact, because some risks are financial, while others may affect the schedule or the project’s political standing. The content can be embodied in any software package with table or spreadsheet capability.

Approaches

The risk assessment form may be directly linked to the work breakdown structure, identifying a specific risk associated with each activity in the WBS. In such cases, the WBS code number for the deliverable or task may become the risk event number, as well. This becomes challenging in environments where some of the tasks have significant numbers of risks and others are relatively risk free.

Considerations

Proper completion of a risk assessment form is predicated on the notion that there is a common understanding of the terms associated with risk management as it is practiced within the organization. If terms such as high probability or medium impact are arbitrarily assigned, it will be difficult for stakeholders to determine if a risk is truly worth responding to.

Assigning a single owner to each risk is also a key consideration, in that risks with multiple owners may not be addressed (because each owner believes the other to be truly responsible), and risks with no owners will generally fall back on the project manager, who is by nature fully engaged in other project activity.