Risk monitoring and control
Having identified and understood the risks, the central task of managing them is the monitoring and control process. Many project managers and project team
think that once a risk is in the risk register it is managed. Not so: it is merely identified and partly
. It then has to be watched, like a sleeping leopard, so that at the first signs of stirring the project can take action to manage the risk. The key thing is to do something, and the right thing. Risk monitoring and control is the process by which you can watch the leopard of risk and act in the right way when it stirs. Figure 11.7 shows the inputs, tools and techniques and outputs of the process.
Figure 11.7. The risk monitoring and control process
The point of this process is to ensure that the risks in the risk register do not derail the project. (This process is not
with risks not in the register; that is the
of the risk identification process.) A surprising number of projects fall foul of risks in the register that are not properly managed. Adapted from
A surprising number of projects fall foul of risks in the register which are not properly managed. The outputs listed in Figure 11.7 are all aimed at the single end of ensuring that risks in the register do not derail the project. The outputs are reasonably straightforward and self-explanatory. The processes by which they are obtained need more explanation, which is given below.
Risk assessment (also known as risk review)
All projects should have regular risk reviews, to check the current validity and
of the risk register and risk management plan overall. Things change, and no matter how good the initial risk identification and analysis work, new factors or changed circumstances may require them to be updated. This is what the risk assessment does. It can be a standing agenda item in regular project management meetings. It may be useful on some occasions to have a project risk review meeting as a stand-alone event.
There are two uses of a risk audit. One is to audit the risk, to have a third party or a friendly outsider come and review the risks and
the responses and management plans for them, and give an opinion. In a large project or one with major health, safety or financial risks, a risk audit may be a regulatory or
requirement. The other use of a risk audit is as a wake-up call to shake people in the project out of their comfortable habits by frightening them. This can be a reasonable control function of the risk audit.
Variance and trend analysis
What was planned progress? What are the actuals? And what is the trend? Is it getting
or better? Often a graph to show trends is a powerful tool for seeing and understanding what is going on in the project, and also for communicating it to others. Earned value is one metric which can be used for variance and trend analysis; others are schedule performance index and cost performance index. These are described in the boxed text.
Each task in the project should add value in some way. Earned value analysis assumes that the value created is in proportion to the planned effort, and so small
add proportionally less value than large ones. It is easy to think of examples where this is clearly not the case, but any other method would be fraught with difficulties over assessing the relative value-add of different sorts of task. At any one time through the life of the project the notional value that has been created is proportional to the percentage of the project that is complete:
Earned value = budget
The original project budget is used in order to obtain a value in dollars,
or euros. If the project is complete then 100% of the budget value has been created, whereas if the project is less than 100% complete a proportionally smaller fraction of the budget can be claimed.
are usually made up of a number of external purchases plus a charge for the time that internal staff are expected to
on the project. If there are no large external purchases then the budget is dominated by the cost of staff time, so the assumption implicit in the earned value approach that value creation is proportional to effort will hold true. But if the project budget contains large items of capital expenditure then costs are not proportional to effort. Earned value can still be used under these circumstances, but the schedule and cost performance indices will need to be interpreted with care. Some organizations therefore prefer to exclude external purchases when calculating earned value.
A key question for a project is where it stands relative to the schedule. This question could be rephrased as 'How much of the progress we should have made to date have we actually made?'. The schedule performance index is defined as
Strictly, this calculation gives the answer to the question 'How much of the value that we should have created to date have we actually created?' but the earlier assumption that progress, value and spending are proportional makes these questions equivalent.
Note that schedule performance is measured in proportion to spending, but planned progress is
to planned spending provided that the project is charged for the time people spend working on it. A schedule performance index below 1 indicates that the project has made less progress than planned. An SPI figure above 1 means that the project has made more progress than planned.
Project managers and sponsors are also usually interested in project costs. With good recording of the cost of staff time and committed spending, it should be possible to get a good picture of actual costs at any time through the life of the project. But this shows only what has been spent, whereas what people usually want to know is whether spending is higher or lower than what had been planned. Rather than relate actual cost to that planned to date, the cost performance index
actual cost to earned value. This means that the index is not skewed if a project runs late but still spends what was originally planned. The CPI is the answer to the question 'How much of our spending to date is justified by our progress?'. It is defined as
Just as with SPI, figures below 1 are bad, and those above 1 are good. A CPI of less than 1 means that the project has so far cost more than can be justified by progress, and vice versa.
Technical performance analysis
This means analyzing how the technical performance of the project to date
to the plan. For example, perhaps a project to upgrade an engine planned to enable it to run at a higher temperature than before, say 800 °C, so has this been reached or is performance peaking at only 720 °C?
If you have a ten-week project with a contingency, or buffer, of $10,000, then there is a great difference between the situation in which you have spent $9,000 of the buffer by the end of the second week and a situation in which you have spent $9,000 of the buffer by the ninth week. The first situation suggests that the project is in trouble, the latter that there are no real problems. This example shows how buffer monitoring can be used to monitor risks.
To ensure you get maximum value from risk monitoring and control meetings, participate in them in two ways. Make sure that the meetings are properly administered, so that there is an agenda, you have an aim, and so on. That should be normal. Secondly, listen to your emotions and feel the emotions of others. Does it feel like there are problems? Follow up your gut feelings by looking for evidence, but of course be sensitive to how you do this.