The Project Risk Assessment Matrix is one of the required documents to complete the Define phase of the DMAIC methodology. The procedure has been designed in such a way to ensure that people implementing the project have given a thought to what can possibly go wrong and begin thinking of mitigation plans. Here is a step by step review of how to prepare the Project Risk Assessment Matrix:
Step 1: List down the Risks
The first step in the process begins with the listing down of all the risks that the participants can think of. This is usually done in a brainstorming session. Participants are typically given a list which contains common categories of risks. The participants are then advised to think of whatever risk they can foresee in the project category by category. This is done over and over again to ensure that the list is exhaustive.
Step 2: Rate for Probability and Impact
Once the list of the possible risks that a project may face is available, the next step is to rate the risks. The risks are rated on two parameters viz. probability of occurring and impact of occurring. In both cases the score is given out of 5, with 5 being certainty that the risk will occur or have a very high impact if they do occur. The scores are then multiplied and then arranged in a descending order.
Step 3: Classify the Risks
All risks are not equally important from the six sigma project point of view. Hence they need to be classified and efforts need to be focussed only on the ones that are priority. There is usually a standard matrix that classifies the risks into the following 4 categories based on the parameters:
High Probability & High Impact: These risks are considered show-stoppers and are the priority of any mitigation plan.
High Probability & Low Impact: These are standard risks, mitigation plans are advised because of high frequency but the impact is low and manageable
Low Probability & High Impact: These are called the black swans. The chances of these events occurring are almost zero. However if these events do occur, they have a huge impact on operations. Mitigation plans must be in place. Prevention must be the first option.
Low Probability & Low Impact: These risks are considered insignificant. This is because it is unlikely that they will occur. Even if they do occur, the damage done is minimal. Hence they are not the focus of mitigation plans.
Step 4: Decide on Mitigation Planning
There are three basic strategies which help mitigate risks successfully. They are:
Prevention: These plans try to ensure that the risk event cannot take place. This is advisable for the high impact risks.
Correction: These plans try to catch the risks early before too much damage has been done. Early signalling is the crux of these plans. However the characteristic difference is the attempt to minimize the impact.
Warning: Here too the emphasis is on detecting the risk as early as possible. However the element of correction is not present.