Risk management seeks to identify, prevent, contain and mitigate risks in the interests of a project. Risk management is ongoing throughout the life of a project and occurs in five stages
(i) risk identification. The process of identifying all the risks relevant to the project
(ii) risk assessment. Determining the likelihood of identified risks materialising and the magnitude of their consequences should they arise
(iii) risk allocation. Allocating responsibility for dealing with the consequences of each risk to one of the contracted parties, or agreeing to deal with the risk through a specified mechanism which may involve sharing the risk
(iv) risk mitigation. Attempting to reduce the likelihood of the risk occurring and the degree of its consequences for the risk-taker; and
(v) monitoring and review. Monitoring and reviewing identified risks and new risks as the project develops and its environment changes. This process continues during the life of the contract
In practice, many of these stages do not occur in isolation. For example, risk allocation does not simply take place on a 'risk by risk' basis detached from the output specifications, payment structure, government policies and the contract itself.
The risk management cycle can act as a useful framework for determining which risks government should assume.