Risks and Issues 

Why have Risks and Issues? 

The cornerstone to successfully managing your project is maintaining on a daily basis your risk and issue log, a good comprehensive list should take away the need for to do lists and then supplement all your reporting requirements both on an internal and external basis. 

It may sound excessive to review daily, but 5 minutes a day is far better than a tortuous 2 hour session every fortnight. It can then drive your to do list for the day.

What do you show your key stakeholders? 

Nobody likes to see a long list of risks with mitigation action points, for an executive summary you should concentrate on highlighting the top 5 risks, and where possible in a graphical format, I like to use the matrix shown below, with clear indication showing where your top risks sit on the matrix. A clear statement stating how many other risks you are managing is useful to give comfort that you are actively managing the risk log.

 

How to rate your risks?

I use the above matrix  but replace the words for numbers which translates into medium = 3 so a medium probability and a medium impact would gain a risk rating of 9, this is particularly useful when you are tracking movement in the risks, it is far easier to track a risk moving from a rating of 15 to 9 rather than moving from medium/very high to medium. 

What is the difference between a risk and an issue?

To be honest it doesn't really matter as long as you have it logged and you are actively managing the item. The general rule of thumb is that a risk is something which might happen whilst an issue is something that has happened. 

You can also have duplicate entries on both your risk and issue log, something may be live and you are dealing with it today, but particularly in a large complex project, an example is around communication, there is a high likelihood that you have an issue following a communication, but with many more communications planned for you need to have them clearly marked on your risk log.