Risk Assessment Matrix
Given the size of the project, and our professional backgrounds, we adopted many techniques to support good governance and effective project management. Part of this was undertaking a risk review. Arguably a risk assessment is more important for a personal project than a large corporate one for two reasons. Firstly, we are personally tied to any risks so we wish to minimise them as much as possible. Secondly, our time is limited. A risk assessment helps us to prioritise our attention on only those issues which need it.
For those who aren’t familiar with risk assessments, the table in the diagram might help you. This is a cut-down version of what professional project managers and consultants may use, but that is deliberate so that the time taken is as low as possible.
For each identified risk (issue or problem if you prefer), you should assess whether the likelihood of the issue arising is low, medium or high. How you define “low”, “medium” and “high” is up to you, of course, but going with your instincts is a good first option. Similarly the impact of the risk if it happens should be assessed, again as low medium or high. Plotting them on the diagram then gives you guidance concerning the priority of addressing the issue. Remember though, this is only guidance. The process is intended to take you through a structured thought process but not to give you set answers. If you rate a risk as “green” but still feel that something should be done to reduce it, then it’s label as “green” shouldn’t inhibit you from doing things you believe to be sensible. It also depends crucially both on your ability to identify all applicable risks and to assess them accurately.
Andie and I will be doing this for all the risks we identify both during the project itself and periodically thereafter, making sure any new risks are added to the list and removing any which no longer apply. An example might help.
Example Risk Assessment - Resources
This example shows how we might assess this risk that either Andie or I (the founders) is lost to the project through illness, because we fall out, or because something comes along which takes priority. We won’t be sharing our risk assessment for Egyptological, so this is just an example. In this example, though, we rate the chance that one of us becomes unavailable as low and the impact as medium. On the face of it, the impact should be high – it could end the project. However, we are working with residual risks. We are already adopting strong governance and maintaining documentation (this section of the site is a major part of that) which in the example reduces the impact. Had that discipline not already been in place, we would almost certainly have rated the impact as “high”. This approach therefore also helps to stress the importance of disciplines which are already in place. In this case the action includes continuing that discipline but adds the intention to consider whether incorporation would further reduce risk.
Forming a company is a non-trivial action. There are associated costs. Managing risk often involves a trade off between cost/effort and accepting some remaining risk.
In a future article, I hope to look further at how risks can be identified.
By Kate Phizackerley