Lack of effective risk management is often cited as the main cause of project failure, so let's look at some common failings, and how to prevent them.
Identification - All risks should be assigned a clear identifier that will be unique across all projects. The identifier may contain the project ID, but there should be no ambiguity when documenting or referring to the risk.
Ownership - All risks should have a single owner, responsible for their review and management. Of course this owner may also be the project manager, in any event it is the responsibilty of the project manager to ensure that an appropriate mitigation plan has been devised, and is being reviewed.
Assessment - Risks should be assessed in terms of their likelyhood and impact. This may be in the form of percentages, or a range of values. This assessment should then be converted into a risk priority by means of a calculation, or lookup table. An example table for this might be :-
The risk priority is a means to sort risks into those that may require the most attention. It is also possible to associate financial value to the risk, for example by multiplying the risk priority by a nominated risk value.
Mitigation - The owner of the risk should devise a mitigation plan, that may reduce it's impact to an acceptable level, or avoid the risk entirely. It is also possible that the risk impact is considered to be sufficiently low, that it may just be accepted.
The risk priority should be recalculated based on the effect of the mitigation plan, and presented along with the unmitigated value. This should be done every time the mitgation plan is altered or reviewed.
Review - Risks should be regularly reviewed throughout the lifetime of a project. If the project management system allows, set up recurring tasks to prompt such reviews. Remember to document the review, even if no changes have been made.
Of course the biggest problem with risk management is where there isn't any!