Risk Planning
Risk is something that we deal with in our everyday lives. Some people seek out jobs or leisure activities that are considered high risk. They may get a thrill or a feeling of great accomplishment derived from taking on the challenge of skydiving or mountain climbing or working as a lineman on high-voltage electrical lines.
However, if you mention the word risk in association with a project, the majority of people will immediately think of something negative. Risks are not always negative. A project risk is simply an element of uncertainty that can have either negative or positive consequences. Remember when we discussed fast tracking as a means to reduce the schedule duration by doing tasks in parallel that would normally be done in sequence? There are definitely risks involved in overlapping tasks , but in this case it is a self-imposed risk that may have a positive outcome of completing the project sooner and meeting the client's needs.
That said, a lot of project risks probably have negative consequences. The best way to handle risk is to acknowledge it and deal with it. In order to more clearly illustrate this, think back a moment about the definition of a project. One of the key factors in defining a project is that it produces a unique result. If you remember that you are not dealing with an operations procedure that has been in place for months or years with fairly predictable results, you'll immediately see the implications of risk. Even if your project is similar to previous projects, it will still produce its own unique result; you do not have a crystal ball to tell you exactly what will happen during the course of the project. You need to plan up front for events that may take your project off course. Risk planning deals with how you manage the areas of uncertainty in your project.
Risk planning has three major components : identifying the potential risks to your project, analyzing the potential impact of each risk, and developing an appropriate response for each risk.
Risk Identification
All projects have risks. Project team members can identify a component of their current project that they are not comfortable with. It could be an aggressive schedule with complex task dependencies, team member experience, or lack of confidence in a vendor. Unfortunately, many project managers do not take the time to work with the project team and other stakeholders to formally document where the project is at risk. Risk identification is the process of determining and documenting the areas in your project with the potential to take the project off track.
Risks can be viewed from both the global level, looking at the project as a whole, and by analyzing the tasks in the project schedule. Global risks can include such items as the level of funding committed to the project, the overall experience level of the core project team, the use of project management practices, or the strategic significance of the project. Typically, the project manager, the project sponsor, and the client deal with identifying the global risks.
Risks are also identified by the project team from the perspective of the schedule and the tasks required to achieve the project objectives within the committed time and budget. There may be risks associated with particular phases of the project or with certain key tasks. The assessment of risks in the project schedule includes participation from all core project team members and any appropriate subject matter experts.
A series of questions can be developed to pose to the project team for each phase or task. Examples of risk identification questions include:
-
Is the task on the critical path ?
-
Is this a complex task?
-
Does the task involve a new or unfamiliar technology?
-
Does the task have multiple dependencies?
-
Have we had problems with similar tasks in previous projects?
-
Is this task controlled by outside influences ( permits , county hearings, etc.)?
-
Are there inexperienced resources assigned to this task?
-
Are there adequate resources assigned to the task?
-
Does this task involve an integrated system?
-
Are we unfamiliar with the hardware or software we're going to use for the tasks?
For those tasks with yes answers to any of the above questions, move on to questions regarding the potential problems that may be associated with this phase:
-
What issues or problems might occur?
-
What problems occurred with similar tasks in the past?
-
What could cause this problem?
Once you have walked through the process of identifying all the possible risks to your project, you need to use risk analysis to take a closer look at each identified risk to see what the impact really is.
 |
It's also good to have a pre-project brainstorming session with the finalized project team in which you simply use sticky notes and answer this question: What could go wrong?
By letting people free think and blurt out all the possibilities that occur to them, you might get some input that proves to be really valuable in the risk identification step.
| |
Risk Analysis
Risk analysis is the process used to identify and focus on those risks that are the most critical to the success of your project
There is a lot of information out there about risk analysis and the various techniques that can be used. Risk analysis can be approached from a qualitative or quantitative perspective. Qualitative risk analysis looks at the likelihood that a risk will actually occur and the impact to the project if it does occur. Quantitative risk analysis uses a more complex mathematical approach to numerically analyze the probability that a risk will occur, the effect on the project goals, and the consequences to the overall project. A detailed discussion of quantitative risk analysis methodologies is beyond the scope of this book, but you should be aware of some of the terms you may see. The more advanced techniques for computing quantitative risk analysis include sensitivity analysis, decision tree analysis, simulation using the Monte Carlo technique, and interviewing. Organizations that use these techniques as part of risk management typically have in house experts to complete the assessment or assist project teams . More information on quantitative risk analysis can be found in the Guide to the PMBOK .
What we are going to focus on in this section is a simplified approach to qualitative risk analysis that a project manager can lead without the need for special tools or training. If your organization relies on these more sophisticated tools, that is great, but do not think you cannot do risk analysis without them. By using a template and a simple set of criteria, the project can focus the team on the risks that really need attention.
When you are finished with risk identification, you may find that you have several pages of documentation. Numerous tasks on the project schedule are likely to have some degree of risk associated with them, and the thought of all this risk may seem overwhelming. You need to keep in mind that all risks are not equal. Risk identification is a brainstorming session to make sure as many potential risks as possible have been captured. But not all risks will become a reality. Therefore, it is important to quantify the potential risks, so that attention can be focused on those risks whose impacts on the project success are the greatest.
Risk Severity For each of the items that have been listed on the template, the team identifies the impact to the project if the potential problem does occur. A simple rating can be used:
-
High impact
-
Medium impact
-
Low impact
Some problems have impacts that are very narrow in scope and do not impact the overall success of the project, while others could delay the project completion or cause a significant budget overrun . By relying on the expert knowledge and judgment of the team members and any historical data, your team can rate the severity of the each risk.
Risk Probability The other key element of risk quantification is the probability of the potential problem actually occurring. Some risks are almost a certainty , while others are an extremely remote possibility. The knowledge of the project team and any historical data is used to rate the probability of risk occurrence. The same high, medium, or low scale can be used.
The risk analysis process can be completed using a simple template as shown in Table 6.1. The tasks with potential risks can then be prioritized, with those having both a critical severity rating and a high probability of occurrence listed first. For those tasks that have the greatest potential impact on the project, a plan should be developed for an appropriate course of action.
| Risk | Severity | Probability |
|---|---|---|
| Risk A | H | H |
| Risk B | M | M |
| Risk C | L | H |
| Risk D | H | L |
Risk analysis provides you with a prioritization for all the risks the team has identified. Risk response planning is the process of reviewing each item on the prioritized list of potential project risks to determine what, if any, action should be taken.
The Guide to the PMBOK lists four techniques for risk response planning:
-
Avoidance -changing the project plan to eliminate the activity that created the risk.
-
Transference-moving the liability for the risk to a third party.
-
Mitigation-reducing the impact and/or the probability of the risk.
-
Acceptance-choosing to accept the consequences of the risk or being unable to identify another response strategy.
Transference is a specific technique involving tools such as insurance premiums, performance bonds , or fixed price contracts to limit financial risk. The other techniques can be grouped together as two types of action can be taken when responding to risk: preventative action and contingency action.
Preventative Action
Preventative action involves the review of potential risks to determine if any steps can be taken to prevent the problem from occurring or reduce the probability that the problem will occur. Preventative action combines the techniques of avoidance and mitigation. The costs of these actions are weighed against the impact of the risk. You determine whether resources are available with the skill set to implement the preventative action. Tasks are added to the project schedule to track preventative actions. Questions to ask the project team as you work to identify preventative actions include:
-
What can be done to prevent the problem from occurring (address the causes)?
-
What can be done to decrease the likelihood of the problem occurring?
-
Are these actions cost-effective ?
-
Are there resources available to implement these actions?
Contingency Action
Acceptance includes not only those risks you choose to accept, but also those risks you cannot prevent. If the problem is something totally outside the control of the project team (such as pending legislation or a possible work stoppage), a contingency plan is developed to identify the most likely impacts to the project and a strategy to deal with the impacts. You want to be able to answer the following:
-
If the problem cannot be prevented, what are the most likely impacts to the project?
-
What can be done to minimize these impacts?
Your risk management plan can be documented using a simple template as shown in Figure 6.3.
FIGURE 6.3 Risk Management Template
This plan is used to communicate project risks and action plans to other stakeholders. It can be converted into a risk tracking log, which we will discuss further during project control in Chapter 9.
EAN: 2147483647
Pages: 156