- What is your approach to risk analysis?
- What risks do you anticipate? For example: human resources, legal, financial, economic, technological, facilities, safety, strategic, organizational, process, and completion risks.
- How do you identify, categorize, and prioritize sources of risk?
- How you will mitigate the risks?
- Do you have any relevant historical data regarding risks?
- Will any risks be shared between you and the customer?
- How you will monitor your risk management performance?
- What are your contingency plans for risk-related problems?
Risk mitigation can be incorporated into every section, be a separate section, or be a combination of the two. When risk is addressed in each section of the proposal, the focus is on risks related to that particular topic. When risk is addressed in a separate section, the focus is more on the nature of risk itself, and how you approach risks in general.
Within each proposal section, you can provide a table identifying potential risks. If risk mitigation is a separate section, you can provide a table that identifies the risks for the elements described in each section of the proposal or each phase of project activity. Every time you identify a risk, you should provide an approach to mitigate that risk.
When describing your risk mitigation approach, you should describe how you will identify risks. While you may already know some of the risks, there may be others that you won’t know about until you start. If overall or unknown risks are a concern, then you should describe how you will identify these risks over the life of the project. Once risks are identified, then you can describe what you will do to mitigate them.
Since risk mitigation often requires trade-offs, you should describe how you will balance the trade-offs and what your priorities will be in managing the risks. You may also wish to present a table showing response escalations based on various contingencies. You should pay particular attention to risks affecting the schedule, risks that can lead to cost escalation, and risks that might result in failing to meet the specifications or requirements.
Sometimes the client can be a source of risk, such as if they fail to decide on requirements in time or change the specifications after development has started. In these cases, it may be appropriate to share risks with the client.
Risk mitigation can be extremely important to clients. They know that things go wrong. They may even expect this, and be more concerned with your plans to address that, than they are with your ability to perform simply according to plan.
Often the incumbent knows more about the risks on a project than other bidders. One strategy incumbents follow is to make sure the customer is aware of all the risks and imply that if their competitors don’t they may not be able to deliver on their promises.