Risk management and the development of a risk management plan is about reducing the exposure of companies, projects, individuals or clients to unfavorable or uncertain conditions over the course of a project.
This preventative exercise focuses on increasing awareness of factors that might affect the overall work plan and defines how risks will be cost-effectively managed.
Risks can include financial exposure, physical damage to persons or property, changes in market demand, changes in interest rates, poor employee or subcontractor performance, competition from others and so on.
The risk management plan should include goals, strategies and methods for performing risk management and describe all aspects of risk identification, estimation, evaluation and risk control processes. It will also assign the person responsible for managing each category of risk.
Some key ways that a Technology Professional can minimize risk include:
- Evaluating the project for potential issues related to protecting public health and welfare.
- Defining the work to be done for the client with a written contract that clearly defines the limits of the services and deliverables to be provided.
- Working within an individual’s technical competence.
- Communicating regularly with the client, particularly when changes are anticipated.
- Purchasing Errors and Omission (E&O) and Comprehensive General Liability (CGL) insurance.
In larger projects, sharing the risk with others is a common and reasonable approach to reducing exposure, although a judge could later review whether the risk should have been apportioned as agreed.
The basic test of how risk is to be allocated is that the party best able to bear the loss is the one that should bear the risk. Ideally, parties involved in a project enter into allocation and responsibility clauses so that potential disputes are resolved at the beginning of a project, rather than at the end, and so that the customer's costs are reduced.