Even the best planned and managed projects have risks, so the PRINCE2® method ensures that risk management is planned and integrated into the project management.
PRINCE2 defines risk as "an uncertain event or set of event that, should it occur, will have an effect on the achievement of objectives".
(PRINCE2 text - ©Crown Copyright 2009 Reproduced under licence from OGC)
The PRINCE2 method of risk management includes:
- Identifying the project's context and risks
- Assessing each individual and aggregate risk exposure
- Planning risk response actions
- Implementing the risk response actions
- Communicating about risks
Risk Assessment includes:
- ESTIMATION - What is the probability and impact of each risk?
- EVALUATION - What is the overall level of risk exposure and is it within our appetite for risk?
Risk Management Actions include:
- For threats:
- AVOID - Can we do something else?
- REDUCE - Can we limit the impact or likelihood?
- FALLBACK - Can we do something after the risk event to reduce its impact?
- TRANSFER - Can we pass it to a third party?
- ACCEPT - Proceed anyway
- SHARE - Both parties share the pain (e.g. if exceed the cost plan)
- For opportunities:
- SHARE - Both parties share the gain (e.g. if less than the cost plan)
- EXPLOIT - Ensuring an opportunity will happen and its impact is definitely realized.
- ENHANCE - Doing something before the risk occurs to enhance its likelihood or its impact should it occur.
- REJECT - Deliberate decision to not seize the opportunity.
All risks, and information about them, are recorded in a Risk Register, and each risk is allocated an owner.