3.9 Risk Reporting
The risk report will inform key stakeholders of the consequence of the risks, the likelihood of occurrence, and the mitigation strategy to be adopted in the event the risks occur. A well-developed and maintained risk register can serve as the risk report, if it includes not only negative risks but also opportunities, a supporting risk treatment plan, a work performance data review, project progress, and the status of all deliverables. The following should be considered when developing a risk report:
Number of serious risks: A project can be declared a high-risk project once it has a high number of risks (e.g., it has nine or more serious risks). Conversely, a project with a small number of risks can be considered a low risk.
Cumulative schedule risks: Cumulative risks can be calculated by adding the individual schedule risks during the project life cycle. It is imperative to understand that, in reality, much of the schedule risk acts concurrently, which makes the value of this risk a qualitative sign only. The cumulative schedule risk is considered high risk if it is above 25%, and low if it is below 15%.
Cost risks: This kind of risk is the total cost risk for an entire project. Again, cost risk has its own indicator where it can be considered low risk if it is below 5% of the total cost of the project, and high if it is more than 10%.
Threat factor: This is a qualitative calculation of the level of risk within the project itself. Basically, it calculates the average risk ruthlessness for the highest 20 threats. Therefore, any figure that is below 15 will be considered low risk, while any figure above 25 is considered high risk. The impact of the threat factor depends on the number of occurrences. For example, 100 occurrences may mean all risks would have a major impact on the project, but occurrences of less than 100 may mean the impact is insignificant.
Expected risks: Expected risks is the position that all risk should be ended. This is based on the project manager’s response plans and expectations.
In addition to the above, each risk must be assigned a tracking number and identify the risk owners. Each risk should be prioritized based on the likelihood of occurrence or severity of impact and its potential impact on the project’s outcome (cost, quality, and schedule). It should also include documentation of indicators that will trigger the risk, risk mitigation strategies, and any other information that the project team deems helpful. If all goes as planned, the risk report will assist the project management team in making key decisions without delay.