risk planning & risk management (rm) acknowledgements to euan wilson (staffordshire university)
TRANSCRIPT
Project risk
• all projects involve risk
• risks stem from work nature
• not practical to eliminate risk
• not desirable to eliminate risk
• acknowledge risk existence
• methods to handle risk
Risk management
• increasingly important– greater complexity levels– vastly varying skill & technology– interdependency
higher level of project uncertainty
Risks to projects
• strategic– abandonment– massive over-run/over-spend– loss of client confidence– loss of future business
Risks to projects
• operational– constant change/re-planning– inefficiency– over-run/over-spend– low morale– unacceptable work conditions
Risk management process
risk planningrisk planning
risk identification
risk identification
risk analysisrisk analysis
risk responserisk response
risk actionrisk action
riskplan
risk database
project plan
Risk management
• part of ‘project office’– wider than ‘project team’– standard procedure for all projects
• applied to all projects• maintain risk ‘database’
– ‘feed forward’ information (past tasks)
– compile actual vs. forecast information (new tasks)
Risk planning
• small projects – project manager responsibility
• large projects – full time risk manager
• adopt risk management approach/policy– contingency plan
• identify risk factor identification mechanisms
Risk identification
• easier said than done
• difficult to ensure full risk identification
• second/third opinions
• manager must be honest re: risks
• must highlight all risks regardless of repercussions
Identifying risks
• how to identify & specify risk– must be defined precisely – must be capable of measurement– must have measurable impact
Specifying risk example
poor contract staff performance
may not be as productive as estimated
may not conform to in-house standards
Identification of risk
• starting point for identification– contract & project plan– customer– users– acceptance criteria & mechanisms– functional requirement
Identification of risk
– technical requirement– performance, reliability, availability
& maintainability– developer skill– development environment– tools, methods, hardware & software– all tasks on critical or near-critical
paths
Risk assessment/analysis
• impact & likelihood assessment
• focus attention– higher occurrence probability– higher impact effect
• related to time/quality/cost criteria
Assessment scheme
• risk occurrence probability– high >30%– medium 10%-30%– low <10%
• project impact (overspend/over-run)– high >30% or abandon– medium 10%-30%– low <10%
Risk Assessment MapLikelihood of occurrence
High Medium Low
Small
Moderate
Large
Probablescale ofimpact
Assessment scheme
• risk urgency– how soon risk may occur– how soon avoidance measures need to
be in place
Risk ownership/response
• identify ‘owner’ of risk• balance required
– involvement & authority
• requires– sufficient task knowledge/expertise– necessary resources/time to monitor risk– sufficient authority to achieve risk action
Risk actions
• three types– avoidance actions
• prevention of risk occurrence
• no contract staff
• experienced project team members
• potentially expensive
Risk actions
– mitigation/reduction actions• reduce potential risk occurrence
• assess contract staff ability
• assess attitudes to standards
• reduce risk impact
– acceptance actions• possible for low probability risks
• accept small impact risks
Risk action problem
• creation of secondary risks– e.g. no contract staff = not enough
project team members
Risk register (risk database)
• various forms– paper based register– word processing file– database
• storage form dependant on– project scale– risk volatility
• central repository for risk information
Risk database
• reference– unique identifier– WBS by reference
• title/description– of task
• current status of risk– risk ‘live’
Risk database
• potential impact(s)– quantifiable terms (time/cost/quality)– multiple impacts– record description/likelihood/scale
• risk owner– tracks risk– responsible for implementing risk
actions
Risk database
• risk actions– avoidance/mitigation/acceptance plan
• action log– record of action taken