What is Project Risk Management?
Project risk management is the art and science of identifying, analyzing, and responding to risk throughout the life of a project and in the best interests of meeting project objectives.
The goal of project risk management is to minimise potential risks while maximising potential opportunities or payoffs.
The major processes involved in risk management include:
Risk management planning – this involves deciding how to approach and plan the risk management activities for the project by reviewing the project charter, WBS, roles and responsibilities and the stakeholders risk tolerances.
Risk identification – this involves determining which risks are likely to affect a project and documenting the characteristics of each.
Qualitative risk analysis – this involves characterising and analysing risks and prioritising their effects on project objectives.
Quantitative risk analysis – this involves measuring the probability and consequences of risks and estimating their effects on project objectives. These can then be ranked based on the probability.
Risk response planning – this involves taking steps to enhance opportunities and reduce threats to meeting project objectives.
Risk monitoring and control – this involves monitoring known risks, identifying new risks, reducing risks, and evaluating the effectiveness of risk reduction throughout the life of the project.
Risk Management Planning
A risk management plan documents the procedures for managing risk throughout the project.A risk management plan summarises the results of the risk identification, qualitative analysis, quantitative analysis, response planning, and monitoring and control processes.
The risk management plan can include a methodology for risk management, roles and responsibilities for activities involved in risk management, budgets and schedules for the risk management activities, descriptions of scoring and interpretation methods used for the qualitative and quantitative analyses of risk, threshold criteria for risks, reporting formats for risk management activities, and a description of how the team will track and document risk activities. It can also include contingency plans, fallback plans, and contingency reserves.
Contingency plans are predefined actions that the project team will take if an identified risk event occurs.
Fallback plans are developed for risks that have a high impact on meeting project objectives, and are put into effect if attempts to reduce the risk are not effective.
Risk Identification
Identifying risks is the process of gaining an understanding of what potential unsatisfactory outcomes are associated with a particular project.In addition to identifying risk based on the nature of the project or products produced, you can identify potential risk according to project management knowledge areas:
Integration – Inadequate planning; poor integration management; lack of post-project review; poorly defined life cycle; Inadequate methodology
Scope – Poor definition of scope, work packages or expectations; incomplete definition of quality requirements; inadequate scope control; lack of documentation; Incomplete requirements identified; Lack of scope control measures for later changes
Time – Errors in estimating start and finish time or resource availability; errors in determining the critical path; poor allocation and management of float; Tight timeframes on critical tasks.
Cost – Estimating errors, inadequate productivity, cost, change or contingency control; poor maintenance; security, or purchasing.
Quality – Poor attitude toward quality; substandard design/materials/workmanship; inadequate quality assurance program; Incomplete specification; Poorly skilled resources; Lack of reviews and monitoring.
Human Resources – Poor conflict management; poor project organisation and definition of responsibilities; Poor management and leadership styles; Poor skills and training; Team performance issues; No ownership; Allocation and over-allocation issues
Communications – Carelessness in planning or communicating; lack of consultation with key stakeholders; little accountability; Poor reporting of progress, deviation and correction; Them and Us mentality; Inappropriate reporting procedures.
Risk – Ignoring risk; unclear analysis of risk; poor insurance management
Procurement – Unenforceable conditions or contract clauses; adversarial relations; Solvency of supplier; Supply and logistic problems; Compliance with specification; Delivery delays.
You can also categorise risks by outside forces:
Competitor
Merger activity
Market acquisitions
Plant closures
Price fluctuations
Introduction of new product or service offerings
Reduction in operating costs
Economy
The economic cycle
Changes in exchange rates
Government fiscal and monetary policy
Unemployment rates
Interest rates
Technology
Rapid advancement in hardware and software capability
Production efficiencies
Mass production
E-commerce opportunities
Marketing
Release of competing products or services
Market share
Consumer response rates to advertising
Accuracy of market research
Finance
Availability of funding
Funding contingencies
Penalties/costs associated with funding
Unanticipated changes to scope
Organisation
Restructuring
A move towards outsourcing
Fluctuating morale and motivation issues
Availability of staff
People
Skill deficiencies
Training requirements
Lack of control
Outcomes
Deliverables that are poorly defined
Lack of user involvement
Outcome not accepted by client
Stakeholders
Unknown and/or changing needs
Lack of participation
Qualitative Risk Analysis
Qualitative risk analysis involves assessing the likelihood and impact of identified risks to determine their magnitude and priority.
A risk probability can be described as being high, moderate, or low. You can also show the probability using a numeric scale. There are a number of techniques that can be used to rank the probability of risks occurring and the effect on the project outcome. They include:
- Probability/Impact Matrixes
- Top 10 Risk Item Tracking
- Expert Judgement
Once you have identified the probability, you can determine what the consequences of the risk will be. Consequences can also be ranked as high, moderate or low or by using some descriptive words such as insignificant, minor, moderate, major, or catastrophic.
The best way to show the risk analysis is with a table that shows the
RISK,
PROBABILITY,
CONSEQUENCE, and
PERSON RESPONSIBLE.
You can then add a column for your action plan - See Risk Response Planning
Quantitative Risk Analysis
The main techniques for quantitative risk analysis include decision tree analysis and simulation.A decision tree is a diagramming method used to help you select the best course of action in situations in which future outcomes are uncertain.
Simulation uses a representation or model of a system to analyse the expected behaviour or performance of the system.
Risk Response Planning
After risks are identified and quantified, an organisation must develop a response to them. Developing a response to risks involves defining steps for enhancing opportunities and developing plans for handling risks or threats to project success.The four basic response strategies are:
Risk Avoidance – involves eliminating a specific threat or risk, usually by eliminating its causes.
Risk Acceptance – means accepting the consequences should a risk occur and monitoring both the risk and the consequences.
Risk Transference – is shifting the consequence of a risk and responsibility for its management to a third party.
Risk Mitigation – involves reducing the impact of a risk event by reducing the probability of its occurrence.
Risk Exploitation - not all risks have a negative outcome. A risk may be able to be exploited to create a positive outcome
Risk Monitoring and Control
Risk management and control involves executing the risk management processes and the risk management plan to respond to risk events. Executing the risk management processes means ensuring that risk awareness is an ongoing activity performed by the entire project team throughout the entire project.The easiest way to get started is to create a table with the following headings:
Risk - What are the risks to the success of this project
Probability - What is the probability of the occurrence of the risk: Low, Medium, High
Consequence - If this happens, what is the consequence to the project - Low, Medium, High, Critical
Strategy - What is the response strategy category - Avoidance, acceptance, transference, mitigation.
Person Responsible - Who is responsible for the strategy
No comments:
Post a Comment