THE CONTRACT RISK MANAGEMENT PROCESS: RECOGNITION—REVIEW—RESPONSE
While the language of different standards and corporate processes vary, general agreement seems to exist about the focus of the risk management process: the recognition (identification) and treatment of risks, the latter being based on decisions following analysis. A well-developed risk management process helps those involved in contracting understand what is risky, assess the degree or level of risk, understand the consequences of particular events occurring, and develop actions to control the event or minimize its consequences.
Thus, the contract risk management process covers the following principal steps: (1) Risk recognition: identifying the potential sources of contract risk (threats), their causes and consequences; (2) risk review: estimating and prioritizing the risks based on their potential likelihood and impact; and (3) risk response: responding to risks that are considered most important. The contract risk management process and its principal steps are shown in Figure 6.1.
Like risk management in general, contract risk management is not a one-time event. While front-end risk mitigation is important, risk management is needed throughout the lifecycle of the contract. Here, the transition between the pre-contract, contract, and post-contract teams and possible gaps when accountability is transferred from one team to another require special attention. As illustrated in Figure 6.1, communication is crucial throughout the process, and contract risks require continuous monitoring.
Many tools and methodologies that help businesses recognize, review, and respond to risks are useful in the contracting process. These include checklists, guidance documents,
Figure 6.1 The contract risk management process
handbooks, questionnaires, and interactive software tools. In the field of health and safety, many tools can be downloaded for free. For example, the European Agency for Safety and Health at Work (EU-OSHA) has developed a risk assessment tools database. Some tools are generic and others are industry, branch, or risk-specific.
opportunities, like risks, are about uncertainties that may have an impact on the achievement of objectives. While the language varies, the same process and many of the same tools can also be applied to "upside risks”—opportunities. These, too, have sources (or drivers), likelihood, and impact (consequences, benefits) that need to be addressed.
-  http://osha.europa.eu/en/practical-solutions/risk-assessment-tools.