RISK CONTROL
6.3 RISK CONTROL
Once a project manager has identified and prioritized the risks, the question becomes what to do about them. Knowing the risks is of value only if you can prepare a plan so that their consequences are minimal that is the basic goal of risk management. You minimize the effects of risk in the second step of risk management: risk control. Essentially, this step involves planning the risk mitigation followed by executing the plan and monitoring the risks.
6.3.1 Risk Management Planning
Once risks are identified and prioritized, it becomes clear which risks a project manager should handle. To manage the risks, proper planning is essential. The main task is to identify the actions needed to minimize the risk consequences, generally called risk mitigation steps. As with risk identification, you refer to a list of commonly used risk mitigation steps for various risks and select a suitable risk mitigation step. The list used at Infosys appears in Table 6.3. This table is a starting point not only for identifying risks but also for selecting risk mitigation steps after the risks have been prioritized. As with identification, you are not restricted to the steps mentioned in Table 6.3. You can use the process database to identify the risks and the risk mitigation steps.
Most of the risks and mitigation steps in Table 6.3 are self-explanatory. As you can see, the top few risks are concerned with manpower and requirements. Many of the items here are similar to those in the top risk lists given in Boehm3 and Hall.5 Selecting a risk mitigation step is not just an intellectual exercise. The risk mitigation step must be executed (and monitored). To ensure that the needed actions are executed properly, you must incorporate them into the project schedule. In other words, you must update the project schedule which lists the various activities and specifies when they will occur to include the actions related to the chosen risk mitigation steps.
6.3.2 Risk Monitoring and Tracking
Risk prioritization and consequent planning are based on the risk perception at the time the risk analysis is performed. The first risk analysis takes place during project planning, and the initial risk management plan reflects the view of the situation at that time. Because risks are probabilistic events, frequently depending on external factors, the threat due to risks may change with time as factors change. Clearly, then, the risk perception may also change with time. Furthermore, the risk mitigation steps undertaken may affect the risk perception.
This dynamism implies that risks in a project should not be treated as static and must be reevaluated periodically. Hence, in addition to monitoring the progress of the planned risk mitigation steps, you must periodically revisit the risk perception for the entire project. The results of this review are reported in each milestone analysis report (see Chapter 11); you report the status of the risk mitigation steps along with the current risk perception and strategy. To prepare this report, you make a fresh risk analysis to determine whether the priorities have changed.
Table 6.3. Top Ten Risks and Their Risk Mitigation Steps | ||
| Sequence Number | Risk Category | Risk Mitigation Steps |
| 1 | Shortage of technically trained manpower | Make estimates with a little allowance for initial learning time. Maintain buffers of extra resources. Define a project-specific training program. Conduct cross-training sessions. |
| 2 | Too many requirement changes | Obtain sign-off for the initial requirements specification from the client. Convince the client that changes in requirements will affect the schedule. Define a procedure to handle requirement changes. Negotiate payment on actual effort. |
| 3 | Unclear requirements | Use experience and logic to make some assumptions and keep the client informed; obtain sign-off. Develop a prototype and have the requirements reviewed by the client. |
| 4 | Manpower attrition | Ensure that multiple resources are assigned on key project areas. Have team-building sessions. Rotate jobs among team members. Keep extra resources in the project as backup. Maintain proper documentation of each individual's work. Follow the configuration management process and guidelines strictly. |
| 5 | Externally driven decisions forced on the project | Outline disadvantages with supporting facts and data and negotiate with the personnel responsible for forcing the decisions. If inevitable, identify the actual risk and follow its mitigation plan. |
| 6 | Not meeting performance requirements | Define the performance criteria clearly and have them reviewed by the client. Define standards to be followed to meet the performance criteria. Prepare the design to meet performance criteria and review it. Simulate or prototype performance of critical transactions. Test with a representative volume of data where possible. Conduct stress tests where possible. |
| 7 | Unrealistic schedules | Negotiate for a better schedule. Identify parallel tasks. Have resources ready early. Identify areas that can be automated. If the critical path is not within the schedule, negotiate with the client. Negotiate payment on actual effort. |
| 8 | Working on new technology (hardware and software) | Consider a phased delivery. Begin with the delivery of critical modules. Include time in the schedule for a learning curve. Provide training in the new technology. Develop a proof-of-concept application. |
| 9 | Insufficient business knowledge | Increase interaction with the client and ensure adequate knowledge transfer. Organize domain knowledge training. Simulate or prototype the business transaction for the client and get it approved. |
| 10 | Link failure or slow performance | Set proper expectations with the client. Plan ahead for the link load. Plan for optimal link usage. |
EAN: 2147483647
Pages: 83