Department of Energy project directors, program managers, and senior managers have the responsibility to assess and manage risks on their projects and project portfolios. Project risks can be managed to successful conclusions through the following basic actions:
Establish and maintain management commitment to performing risk management on all capital projects.
Start the risk management process early in the project life cycle—prior to approval of mission need (CD-0).
Include key stakeholders in the process, with the DOE project director as the lead and the integrated project team (IPT) intimately involved in the process.
Evaluate project risks and risk responses periodically during the project life cycle (CD-0 through approval of the start of operations [CD-4]).
Develop risk mitigation plans and update them as the project progresses.
Follow through with mitigation actions until risks are acceptable.
Tie a project’s level of risk to cost and schedule estimates and contingencies.
Effectively communicate to all key stakeholders the progress and changes to project risks and mitigation plans.
An example of a risk assessment tool that uses some of the risk assessment methods discussed in this report is the Construction Industry
Institute’s International Project Risk Assessment (IPRA) tool. It provides a systematic method to identify, qualitatively assess, and determine the relative importance of specific risks across a project’s life cycle. IPRA consists of 82 pre-identified risk elements that can be assessed according to the likelihood of occurrence and relative impact based on data from a large sample of projects.
Program managers and DOE senior management can contribute to effective risk management by ensuring that project directors and IPTs effectively carry out the actions listed above and by requiring projects to report on the status of all risks and risk management activities in every project status report and at every project review meeting.
Conventional project management is reactive: Senior owner management becomes involved when the project is already over budget, over schedule, and—possibly—underperforming, when it is too late to correct the situation by improving project management.
Active risk management, by contrast, is proactive, directing management attention to uncertainties and risks before the events have happened, when there are still opportunities to do something to avoid, mitigate, or manage them or to stop the project if they cannot be managed. Active risk management is an approach that allows managers to manage rather than just assign blame for failure. Active risk management is the synthesis of the theoretical approach for identifying, assessing, and quantifying risks with the managerial approach for mitigating, controlling, and managing them.