Risk monitoring and control

Having identified and understood the risks, the central task of managing them is the monitoring and control process. Many project managers and project team members think that once a risk is in the risk register it is managed. Not so: it is merely identified and partly understood. It then has to be watched, like a sleeping leopard, so that at the first signs of stirring the project can take action to manage the risk. The key thing is to do something, and the right thing. Risk monitoring and control is the process by which you can watch the leopard of risk and act in the right way when it stirs. Figure 11.7 shows the inputs, tools and techniques and outputs of the process.

A surprising number of projects fall foul of risks in the register which are not properly managed. The outputs listed in Figure 11.7 are all aimed at the single end of ensuring that risks in the register do not derail the project. The outputs are reasonably straightforward and self-explanatory. The processes by which they are obtained need more explanation, which is given below.

Risk assessment (also known as risk review)

All projects should have regular risk reviews, to check the current validity and usefulness of the risk register and risk management plan overall. Things change, and no matter how good the initial risk identification and analysis work, new factors or changed circumstances may require them to be updated. This is what the risk assessment does. It can be a standing agenda item in regular project management meetings. It may be useful on some occasions to have a project risk review meeting as a stand-alone event.

Risk audit

There are two uses of a risk audit. One is to audit the risk, to have a third party or a friendly outsider come and review the risks and especially the responses and management plans for them, and give an opinion. In a large project or one with major health, safety or financial risks, a risk audit may be a regulatory or contractual requirement. The other use of a risk audit is as a wake-up call to shake people in the project out of their comfortable habits by frightening them. This can be a reasonable control function of the risk audit.

Variance and trend analysis

What was planned progress? What are the actuals? And what is the trend? Is it getting worse or better? Often a graph to show trends is a powerful tool for seeing and understanding what is going on in the project, and also for communicating it to others. Earned value is one metric which can be used for variance and trend analysis; others are schedule performance index and cost performance index. These are described in the boxed text.

Some Measures of Progress and Variance: EV, SPI, CPI Earned value Each task in the project should add value in some way. Earned value analysis assumes that the value created is in proportion to the planned effort, and so small tasks add proportionally less value than large ones. It is easy to think of examples where this is clearly not the case, but any other method would be fraught with difficulties over assessing the relative value-add of different sorts of task. At any one time through the life of the project the notional value that has been created is proportional to the percentage of the project that is complete: Earned value = budget x % complete The original project budget is used in order to obtain a value in dollars, pounds or euros. If the project is complete then 100% of the budget value has been created, whereas if the project is less than 100% complete a proportionally smaller fraction of the budget can be claimed. Project budgets are usually made up of a number of external purchases plus a charge for the time that internal staff are expected to spend on the project. If there are no large external purchases then the budget is dominated by the cost of staff time, so the assumption implicit in the earned value approach that value creation is proportional to effort will hold true. But if the project budget contains large items of capital expenditure then costs are not proportional to effort. Earned value can still be used under these circumstances, but the schedule and cost performance indices will need to be interpreted with care. Some organizations therefore prefer to exclude external purchases when calculating earned value. Schedule performance index A key question for a project is where it stands relative to the schedule. This question could be rephrased as 'How much of the progress we should have made to date have we actually made?'. The schedule performance index is defined as Strictly, this calculation gives the answer to the question 'How much of the value that we should have created to date have we actually created?' but the earlier assumption that progress, value and spending are proportional makes these questions equivalent. Note that schedule performance is measured in proportion to spending, but planned progress is related to planned spending provided that the project is charged for the time people spend working on it. A schedule performance index below 1 indicates that the project has made less progress than planned. An SPI figure above 1 means that the project has made more progress than planned. Cost performance index Project managers and sponsors are also usually interested in project costs. With good recording of the cost of staff time and committed spending, it should be possible to get a good picture of actual costs at any time through the life of the project. But this shows only what has been spent, whereas what people usually want to know is whether spending is higher or lower than what had been planned. Rather than relate actual cost to that planned to date, the cost performance index relates actual cost to earned value. This means that the index is not skewed if a project runs late but still spends what was originally planned. The CPI is the answer to the question 'How much of our spending to date is justified by our progress?'. It is defined as Just as with SPI, figures below 1 are bad, and those above 1 are good. A CPI of less than 1 means that the project has so far cost more than can be justified by progress, and vice versa.

Technical performance analysis

This means analyzing how the technical performance of the project to date compares to the plan. For example, perhaps a project to upgrade an engine planned to enable it to run at a higher temperature than before, say 800 C, so has this been reached or is performance peaking at only 720 C?

Reserve analysis

If you have a ten-week project with a contingency, or buffer, of $10,000, then there is a great difference between the situation in which you have spent $9,000 of the buffer by the end of the second week and a situation in which you have spent $9,000 of the buffer by the ninth week. The first situation suggests that the project is in trouble, the latter that there are no real problems. This example shows how buffer monitoring can be used to monitor risks.

Status meetings

To ensure you get maximum value from risk monitoring and control meetings, participate in them in two ways. Make sure that the meetings are properly administered, so that there is an agenda, you have an aim, and so on. That should be normal. Secondly, listen to your emotions and feel the emotions of others. Does it feel like there are problems? Follow up your gut feelings by looking for evidence, but of course be sensitive to how you do this.