Managing the risks

The management of risk must always begin with the identification of risks – but it must not end there! Risks change as projects develop – threats heighten and diminish, risks appear and disappear. Risk management is not, therefore, a 'one shot' exercise to be forgotten when the risk register has been compiled. It requires not only a structured register of risk, but also a process for its maintenance and a process for managing the risks. The information required to describe, classify and effectively manage risk is substantial and potentially complex, but if risks are to be managed effectively, there are no known short cuts. Effective risk management depends upon a combination of effective controls, an appropriate allocation of resources, and sufficient allocation of planned time and effort in the project plan. Effective controls begin with the risk register, which will be at the heart of any risk management system.