5. Risks reviewing: Controlling, Monitoring and Reporting project risks

4.1 Monitoring and controlling risks

Continuous monitoring and controlling of project risks ensure that the risk response strategy and the risk treatment action plan are implemented and progressed effectively. Usually risk reviews are included in the regular agenda of project management meetings and used at most project phases and milestones. Risk reviews facilitate better change management and continuous improvement.

The process of controlling and monitoring risks includes the following tools and techniques: risk reassessment, risk audits, technical performance measurement, reserve analysis, status meetings. The main input to the risk controlling and monitoring process is the watch list of the prioritized risks that have been identified for risk responding and treatment actions. The risk watch list is used as criteria to review work performance data, including deliverables status, costs incurred, and project schedule progress.

The process of controlling and monitoring risks provides assurance that appropriate controls and procedures for managing risks are clearly understood and strictly followed. The process allows determining whether:

  • The treatment actions adopted resulted in what was actually planned.
  • All information on risk management procedures was appropriate.
  • Improved knowledge has been reached and used to identify what lessons could be learnt for risk measurements and management for future projects.

The risk controlling and monitoring process results in generating revisions to the risk register and supplementing with new action items for the risk treatment process.

4.2 Reporting and Communicating risks

Communicating with project stakeholders by means of project risk reports can be a critical driving force that lets undertake adequate risk management and achieve project outcomes according to expectations. Risk communicating and reporting helps the project manager, project owner, and client to understand existing risks, opportunities and trade-offs. The purpose of risk communicating and reporting is to ensure all parties are fully informed of existing risks avoiding unpleasant surprises and unauthorized actions. The project manager together with the project team and the risk owner creates reports and communicates with the stakeholders in order to maintain the consistency of risk management actions and underlying assumptions.

A risk report is a summary of project risks and opportunities, the latest status of treatment actions, and an indication of trends in the incidence of risks. The following items serve as the basis for generating project risk status reports:

  • The risk register and the supporting risk treatment action plan
  • Work performance data reviews
  • Project schedule progress
  • Status of project deliverables produced

Risks reports are usually submitted to senior management on a regular basis or as required. Project risk reporting is a part of standard project management reporting.