The following diagram illustrates the six steps of the risk management process: identify, analyze and prioritize, plan and schedule, track and report, control, and learn. It is important to understand that the process of managing each risk goes through all of these steps at least once and often cycles through numerous times. Also, each risk has its own timeline, so multiple risks might be in each step at any point in time.
Risk Management Process Steps
The following is a brief introduction to the six steps of the risk management process.
- Identify - Risk identification allows individuals to
identify risks so that the operations staff becomes aware of
potential problems. Not only should risk identification be
undertaken as early as possible, but it also should be repeated
- Analyze and prioritize - Risk analysis transforms the
estimates or data about specific risks that developed during risk
identification into a consistent form that can be used to make
decisions around prioritization. Risk prioritization enables
operations to commit resources to manage the most important
- Plan and schedule - Risk planning takes the information
obtained from risk analysis and uses it to formulate strategies,
plans, change requests, and actions. Risk scheduling ensures that
these plans are approved and then incorporated into the standard
day-to-day processes and infrastructure.
- Track and report - Risk tracking monitors the status of
specific risks and the progress in their respective action plans.
Risk tracking also includes monitoring the probability, impact,
exposure, and other measures of risk for changes that could alter
priority or risk plans and ultimately the availability of the
service. Risk reporting ensures that the operations staff, service
manager, and other stakeholders are aware of the status of top
risks and the plans to manage them.
- Control - Risk control is the process of executing risk
action plans and their associated status reporting. Risk control
also includes initiating change control requests when changes in
risk status or risk plans could affect the availability of the
service or service level agreement (SLA).
- Learn - Risk learning formalizes the lessons learned and
uses tools to capture, categorize, and index that knowledge in a
reusable form that can be shared with others.