Risk can be defined as “the probability of an unwanted outcome happening”. Risk assessment should be viewed in the overall context of risk management and seen as one of the three key activities – risk analysis, risk assessment and risk mitigation – which facilitate the taking of decisions and actions to control risk appropriately.
The risk analysis process
Risk analysis is the process of identifying all the potential issues that can go wrong with an activity and then estimating the probability of each happening. It should form part of any significant contract management process and is a fundamental part of determining your contract strategy. The process can range from a simple listing of risks on an informal, intuitive basis to a formal process involving set procedures and working with other professional disciplines in brainstorming and technically and financially evaluating potential risks.
A more formal process may involve the establishment of a risk register for each tenderer and, following contract award, the transfer of the register of the successful tenderer to the contract management team for use in risk assessment.
Constantly ask: “What if”
In addressing the fundamentally important issue of risk in contract management, Enc constantly asks “what if” throughout the assessment and review process. Risk management requires a professional who possesses knowledge of techniques, an analytical mind set, objectivity and a knowledge and thorough understanding of their organisation’s business and the market. It is advisable to seek to mitigate and remove risk whenever possible before contract award.
Risk assessment considerations
Risk assessment is the process of assessing the likely impact of a risk on the organisation. Highly predictable risks may have low impact and it is possibly not worth taking action to control or avoid such risks. Conversely, low probability risks may have a significant impact demanding action to be taken to avoid or mitigate the risk. Other issues for consideration in risk assessment:
- Costs of identifying, controlling or avoiding the risk
- Your need for insurance for risk not readily managed or avoided
- Your need for “sensitivity analysis” on risks of an unknown level or magnitude
- Having assessed the risks and identified those requiring action, responsibility for managing and mitigating them should be allocated. This allocation should be dependent on the assessment of the likelihood and consequence of the risk.