Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
19 Cards in this Set
- Front
- Back
|
13.1 Definitions of Risk |
APM definition: “Combination of the probability or frequency of occurrence of a defined threat or opportunity and the magnitude of the consequence of the occurrence.” The above is more a statement of how risk is measured. A better definition is:- A project risk is something that might occur, and if it does, will impact on the project’s objectives of time, cost and performance/quality. Risk is uncertainty in an outcome. Risks can be both threats (downside) and opportunities (upside). |
|
|
13.2 The Risk Management Plan (8) |
By their nature all projects are inherently risky; therefore the management of risk should be an integral part of the project and carried out over the entire life cycle. Traditionally risks have been thought of solely as negative events but current thinking treats risk as uncertainty which can have positive or negative effects. The term “risk event” covers both threats and opportunities and both can be managed through a single process. The way in which risk is to be managed in a project is detailed in the “Risk Management Plan.” The Risk Management Plan defines how all the risk processes will be carried out. It does not consider individual risks. Risk management plan content: • The methodology and data sources • Roles & Responsibilities • Budgeting for risk management • Timing, i.e. when risk assessment will be carried out • Qualitative and quantitative scoring methods • Risk thresholds • Reporting format • How risks will be tracked |
|
|
13.3 Risk Management Process (5) |
The purpose of risk management is to identify all significant risks to the project and manage those risks so as to eliminate or minimise threats, and maximise opportunities. Risk Management is a 5 step process:- 1. Initiate 2. Identify 3. Assess 4. Plan Responses 5. Implement Responses |
|
|
13.3 Risk Management Process 13.3.1 Initiate |
This is the activity of setting up the process such as deciding on such things as risk categories and tools and techniques to be used and basically organising the team to carry out risk management. |
|
|
13.3 Risk Management Process 13.3.2 Identify (10) |
There are a variety of techniques for identification of risks events. e.g. • Brainstorming. Using the project team and appropriate stakeholders • SWOT Analysis. Strengths and Opportunities generate upside risks Weaknesses and Threats identify downside risks • Assumptions Analysis. Looking at the assumptions made in planning to see if any of them constitute a risk • Constraints analysis. Similarly for project constraints • Using the WBS. Identifying risks that apply to individual work packets • Interviews. Interviewing people with knowledge or insight • Delphi. A facilitator solicits information regarding significant project risks. The contributors, who are remote from and external to the project team, independently arrive at their conclusions. The facilitator consolidates all the opinions and recirculates the information for further comment. The process repeats until consensus is reached or it becomes apparent that it will never be reached. The purpose of this process is to avoid individuals having undue influence. There may also be sources of information external to the project that can help the identification process e.g. • Prompt/Check Lists. Using existing prompt sheets and check lists • Post Project Reviews (Lessons learned). From previous projects with some commonality • Risk Registers of other projects. Again, using projects with some commonality |
|
|
13.3 Risk Management Process 13.3.3 Assess (card 1) |
The purpose of Risk Assessment is to prioritise the identified risks. In particular it needs to establish the key risks that require management focus. Assessment is based on determining Probability and Impact and this is most conveniently carried out with the aid of a Probability and Impact Grid a shown above. The Probability and Impact Grid is a simple but effective tool that is used to prioritise identified risks. An example is illustrated below. In this instance we are using a scale that involves using judgement to place probability and impact from very low to very high. |
|
|
13.3 Risk Management Process 13.3.3 Assess (card 2) |
The Probability and Impact Grid is a simple but effective tool that is used to prioritise identified risks. An example is illustrated above. In this instance we are using a scale that involves using judgement to place probability and impact from very low to very high. Qualitative and Quantitative Analysis The above assessment method is purely Qualitative in the sense that the scales are subjective assessments of the probability and impact. This is sufficient to prioritise the risks but for a full and proper assessment the analysis should be Quantitative. The probability grid can be converted to a quantitative method by stating probability and impact in numeric terms. There are also other quantitative techniques such as Monte Carlo methods and Decision Tree analysis but these are beyond the scope of this course. |
|
|
13.3.4 Plan Responses Responses to Downside risks (Threats) (5) |
There are 5 common strategies for addressing downside risks or threats. These mitigation plans are applied either individually or in combination. 1. Avoid Avoid the risk and eliminate uncertainty by not doing something or doing it in a different way 2. Transfer Transfer liability or ownership of a risk to someone else such as the client or sub-contractor or 3rd party. e.g. insurance or back to back contracts 3. Reduce/Mitigate If the risk cannot be avoided and is too large to accept then we must take steps to reduce probability and/or impact 4. Accept Take it on board and accept the consequences. The severity/probability of the risk does not justify great effort in managing it. 5. Contingency Plan Have an alternative plan at hand to implement if the risk occurs When the severity of a risk determines that it must be actively managed then the following process should be followed:- 1. Re-examine the risk to determine its current status and validate the previous evaluation 2. Demonstrate the viability of the mitigation plan by evaluating the cost of mitigation and comparing with the reduction in exposure. 3. Decide if the mitigation results in an acceptable level of risk. 4. If so decide on who will own and manage the risk and be empowered to do so. For any risk the person who manages that risk should be the person best placed to do |
|
|
13.3.4 Plan Responses Responses to Upside risks (Opportunities) (4) |
Similarly there are strategies for developing opportunities. 1. Exploit Try and exploit the opportunity by eliminating the uncertainties surrounding the opportunity 2. Share If you do not have the resources to exploit the opportunity yourself then try to find a partner to share it. 3. Enhance Work to increase the probability and impact of the opportunity 4. Accept Wait and see what happens The risk management process must be repeated throughout the project life cycle because:- • Some risks mature into problems (or issues) • Some risks are resolved or do not arise • Probability/impacts change; up or down • New risks arise that were not identified initially • Project scope changes give new risk opportunities |
|
|
13.3.5 Managing the risks (8) |
A Risk Register is created which should contain the following information for each identified risk:- • Risk description • Risk owner • Its possible impact on scope, time, cost, quality and business case • The probability of occurrence • The mitigation strategy • The cost of mitigation • Residual impact after mitigation • Current status The Risk Register must be routinely reviewed on a regular basis and when risk events happen. The overall risk status of the project and the progress of “active” risks will be reported as part of the standard project reporting procedures as defined in the Risk Management Plan and the Communications Plan. |
|
|
13.3.6 Benefits and features of the method (7) |
The probability and impact grid is widely used because it is a simple and effective tool that has many benefits. • It captures all identified risks • It is a good visual representation which aids communication • It facilitates a brainstorming approach that can provide a whole team view • It provides a simple way for risk prioritisation • Shows individual probability and impact not just exposure • The levels of risk identified steer us towards the most appropriate contract type • The method gives a basis of measuring overall magnitude of risk to the project |
|
|
13.4 The Benefits of Managing Risk (10) |
On many projects, risks are not actively managed for the reasons stated later on. However, as well as being a requirement of good Governance, the proper management of risk confers significant benefits. • Increased understanding by the project leads to more realistic plans and greater probability of delivering to them. • Increased understanding of the risks leads to their minimisation and allocation to the person best placed to manage them. • The understanding of risk helps determine the most appropriate contract type. • A team view of the risks can lead to more objective decision making • Financially and/or technically unsound/risky projects will be discouraged • There will be a better understanding of the project by Stakeholders leading to increased confidence in the Project Management. • It focuses management attention on the most significant threats to the project • Allows a more meaningful assessment of contingencies • Enables a more objective comparison of alternatives • Demonstrates a responsible approach to customers |
|
|
13.5 Drawbacks of Managing Risk (2) |
1 The Cost Risk Management is an overhead requiring a significant input of effort and cost. Although this is no different from the input of effort and cost into all Planning processes, such as Scope Management and Change Control, there is one key difference - Risk Management is about things that may never happen and even if they might, "it won't happen to me". 2 The Visibility Once we have put lots of effort and money into Risk Management the likely result is that it tells us what we didn’t want to know. We will either have to invest in reducing the risks or accept that the project might take a lot longer or cost a lot more than we had hoped or even that we should not do the project at all. Many people may have a vested interest in the project and do not wish to hear anything that might endanger it. |
|
|
13.6 Issue Management Process (7) |
APM define Issue Management as the process by which concerns that threaten the project objectives and cannot be resolved by the project manager are identified and addressed to remove the threats they pose. In other words an issue is a problem that cannot be solved by the project manager and thus must be escalated upwards. An issue arises when a project manager is presented with a problem that he is unable to solve. He will then escalate this problem upwards to the Project Sponsor at which point the problem becomes an issue. Some Issues may result in formal changes that require the Change Control Process to be invoked. For example a Client suddenly announces a major budget cut which necessitates reduction to project scope. Some Issues will not cause a formal change but must nevertheless be managed. For example a key resource resigns from the project or a vital piece of equipment breaks down. It is important to have a formal process to manage issues. If they are caught earlier they should be easier to resolve before causing damage. • Identification. A problem arises that the project manager cannot resolve and hence it becomes an issue • Issue logged. Details of the issue are entered into the Issue Log. This log will be maintained with the latest status as the issue passes through the process. • Evaluation. The project manager evaluates the issue to understand the possible impact • Escalation. The issue is presented to the Sponsor who will either take on the issue or delegate to a steering committee member. This is the issue Owner • Response. The Owner identifies and implements an appropriate response to mitigate the issue • Monitoring. The Owner monitors the issue and reports on progress. • Resolution. The issue is closed when fully resolved to the satisfaction of all parties. Issues can be thought of as Risks that were not previously identified or were Accepted. Many organisations group risks and issues together and maintain a single Risks & Issues Log. |
|
|
13.6.1 Issue Log |
Once an Issue has been formally escalated it is entered onto the Issue Log which is very similar to the Risk register. In fact Issues can be thought of as Risks that were not previously identified or were accepted but have turned out more severe than expected or had a very low probability of occurrence. Many organisations group risks and issues together and maintain a single Risks & Issues Register |
|
|
13.7.1 Benefits of Issue Management (5) |
• There is an established process for upward escalation so issues are addressed in a timely manner • Issues are escalated to the person best able to solve them • All open issues are tracked so status is always visible and issues do not go unaddressed and critical tasks left uncompleted. • Stakeholders are kept aware of the status of all open issues • The requirement of good Governance is satisfied by having robust issue management |
|
|
13.7.2 Drawbacks of Issue Management (2) |
• The main drawback of managing issues the APM way is that it tends to erode the authority of the project manager. The PM is dependent upon someone he has no authority over to resolve the issue. • The process can also be clumsy and bureaucratic and cause resolution to take longer than need be. |
|
|
Revision Questions Q1. Draw a diagram to illustrate the Risk Management process and use it to explain a process for managing threats |
A |
|
Revision Questions Q2a. From the grid above identify the top 4 risks. Q2b. State 4 appropriate responses to these risks. Q2c. State and use it to explain 4 generic actions that a project manager would take in planning a response. |
A |
