The goal of managing project risks is to identify and prepare for any potential threat to the project’s critical success factors before it actually occurs. As a result, risk management is the essence of managing projects. Nothing impacts the decisions we make regarding general project approach, level of planning rigor, staffing, project control procedures, and overall contingencies more than the risks facing the project.
Key Risk Management Principles
A proactive management philosophy underlies the key principles of project risk management. By effectively managing project risks using these principles, a project manager remains in control of the project at all times, enables better project decisions, and provides the project the best opportunity for success. The key principles to managing project risks include the following:
It’s all risk management—All project management is risk management. The current approaches and rules of modern project management—especially those surrounding portfolio management, project definition, and project planning—are all risk management focused. From past experiences, we now know how to structure a project for total success and how to greatly increase the likelihood the project will achieve its objectives.
“Healthy paranoia”—It’s all attitude, even if it is a little psycho. Effective project managers take responsibility for managing risks on their project—believe me, no one else wants the job. As a result, you must strike the balance between having a paranoid outlook about your project (constantly thinking about what could go wrong) and doing everything you can to make sure the project is executed as planned.
Appropriate—The level, type, and visibility of risk management should be consistent with the level of risk and the importance the project has to the organization. The cost of the risk response should not be greater than the impact loss the risk event might cause.
Systematic—Any factor or risk that could impact the project should be identified, quantified, and assessed for possible effects to the project. This includes all people, process, technology, organizational, and environmental influences.
Continuous—The identification of risks is an iterative process. Risk identification is repeatedly performed throughout the project, not just at the beginning.
Relentless—The project manager and the organization must be committed to risk management for the entire project life cycle.
Focused—Focus on the risks that you can control—starting with the high priority risks.
Process for Managing Project Risks
To be consistent with our principles, we need a systematic approach that allows us to focus time and resources on the highest priority risk elements. The power in the process is not in its complexity—it’s relatively simple and straightforward —the power is in the management approach it inspires.
These are some of the essential steps for managing project risks:
Identify—This is the critical step of identifying the risks to the project. The best way to start this process is also the best way to leverage the lessons from the past—use a risk profile. A risk profile, also referred to as a risk checklist or risk assessment form, lists the common sources of project risk that you need to consider. Although most risk profiles help you evaluate the majority of risk factors that are common to all projects, the best risk profiles are ones that are specific to your industry, organization, and project type. In addition, the less experience that you have in project management or in the project domain, the more you should facilitate this process with the key stakeholders and subject matter experts on your project team.
Determine probability—For each risk factor that has been identified, determine the likelihood that the risk event will occur. The goal is to quantify the uncertainty as much as possible, although in reality, this is still a judgment call. Common methods include numeric scales (1–5, 1–10) and subjective scales (High, Medium, Low).
Assess impact—For each risk factor, determine the potential impact the risk event would have on the project critical success factors if it occurred. Like the probability element, the goal is to quantify the potential impact as much as possible. Generally, the same type of scale is used here, too. It is a good idea to document the specific impact (which critical success factor) and the magnitude of the impact.
Prioritize—Now that we have a probability and an impact level, tabulate a final ranking for each risk factor by combining the two values. If you have used numeric scales, this is straightforward; just multiply the two values together to get a final score. If you have used qualitative scales (L, M, H), you should be able to easily translate these to numeric values (1, 2, 3) to figure your final score. This step shows you the highest priority, most important risks, and the ones that we need to focus your initial efforts.
Develop responses—Document a response plan for each risk using one of the five risk response options detailed later in this chapter. Planning efforts are iterative in nature because risk response strategies might entail the allocation of additional resources, tasks, time, and costs to the project plan.
Get buy-in—Review the risk response strategies with the key stakeholders to increase their awareness, get their feedback (if you have not already), and get their acceptance of the planned approaches.
Monitor—Don’t stop. Nothing stays the same. Continue to keep your eye on the risk factors—watch for triggers to activate other planned responses, be mindful of the appearance of new risk factors, and don’t totally forget about the low-level risks. Either via circumstances changing or initial miscalculations, you might find some of these have a higher probability of occurring (or higher impact) than originally perceived.
Risk Response
Risk response is the process of developing strategic options, and determining actions, to enhance opportunities and reduce threats to the project’s objectives. A project team member is assigned to take responsibility for each risk response. This process ensures that each risk requiring a response has an owner monitoring the responses, although the owner may delegate implementation of a response to someone else.
Risk Response Strategies
Examples of Risk Responses
Key Risk Management Principles
A proactive management philosophy underlies the key principles of project risk management. By effectively managing project risks using these principles, a project manager remains in control of the project at all times, enables better project decisions, and provides the project the best opportunity for success. The key principles to managing project risks include the following:
It’s all risk management—All project management is risk management. The current approaches and rules of modern project management—especially those surrounding portfolio management, project definition, and project planning—are all risk management focused. From past experiences, we now know how to structure a project for total success and how to greatly increase the likelihood the project will achieve its objectives.
“Healthy paranoia”—It’s all attitude, even if it is a little psycho. Effective project managers take responsibility for managing risks on their project—believe me, no one else wants the job. As a result, you must strike the balance between having a paranoid outlook about your project (constantly thinking about what could go wrong) and doing everything you can to make sure the project is executed as planned.
Appropriate—The level, type, and visibility of risk management should be consistent with the level of risk and the importance the project has to the organization. The cost of the risk response should not be greater than the impact loss the risk event might cause.
Systematic—Any factor or risk that could impact the project should be identified, quantified, and assessed for possible effects to the project. This includes all people, process, technology, organizational, and environmental influences.
Continuous—The identification of risks is an iterative process. Risk identification is repeatedly performed throughout the project, not just at the beginning.
Relentless—The project manager and the organization must be committed to risk management for the entire project life cycle.
Focused—Focus on the risks that you can control—starting with the high priority risks.
Process for Managing Project Risks
To be consistent with our principles, we need a systematic approach that allows us to focus time and resources on the highest priority risk elements. The power in the process is not in its complexity—it’s relatively simple and straightforward —the power is in the management approach it inspires.
These are some of the essential steps for managing project risks:
Identify—This is the critical step of identifying the risks to the project. The best way to start this process is also the best way to leverage the lessons from the past—use a risk profile. A risk profile, also referred to as a risk checklist or risk assessment form, lists the common sources of project risk that you need to consider. Although most risk profiles help you evaluate the majority of risk factors that are common to all projects, the best risk profiles are ones that are specific to your industry, organization, and project type. In addition, the less experience that you have in project management or in the project domain, the more you should facilitate this process with the key stakeholders and subject matter experts on your project team.
Determine probability—For each risk factor that has been identified, determine the likelihood that the risk event will occur. The goal is to quantify the uncertainty as much as possible, although in reality, this is still a judgment call. Common methods include numeric scales (1–5, 1–10) and subjective scales (High, Medium, Low).
Assess impact—For each risk factor, determine the potential impact the risk event would have on the project critical success factors if it occurred. Like the probability element, the goal is to quantify the potential impact as much as possible. Generally, the same type of scale is used here, too. It is a good idea to document the specific impact (which critical success factor) and the magnitude of the impact.
Prioritize—Now that we have a probability and an impact level, tabulate a final ranking for each risk factor by combining the two values. If you have used numeric scales, this is straightforward; just multiply the two values together to get a final score. If you have used qualitative scales (L, M, H), you should be able to easily translate these to numeric values (1, 2, 3) to figure your final score. This step shows you the highest priority, most important risks, and the ones that we need to focus your initial efforts.
Develop responses—Document a response plan for each risk using one of the five risk response options detailed later in this chapter. Planning efforts are iterative in nature because risk response strategies might entail the allocation of additional resources, tasks, time, and costs to the project plan.
Get buy-in—Review the risk response strategies with the key stakeholders to increase their awareness, get their feedback (if you have not already), and get their acceptance of the planned approaches.
Monitor—Don’t stop. Nothing stays the same. Continue to keep your eye on the risk factors—watch for triggers to activate other planned responses, be mindful of the appearance of new risk factors, and don’t totally forget about the low-level risks. Either via circumstances changing or initial miscalculations, you might find some of these have a higher probability of occurring (or higher impact) than originally perceived.
Risk Response
Risk response is the process of developing strategic options, and determining actions, to enhance opportunities and reduce threats to the project’s objectives. A project team member is assigned to take responsibility for each risk response. This process ensures that each risk requiring a response has an owner monitoring the responses, although the owner may delegate implementation of a response to someone else.
Risk Response Strategies
For Threats For Opportunities
|
|
Avoid. Risk can be avoided by removing the cause
of the risk or executing the project in a different
way while still aiming to achieve project
objectives. Not all risks can
be avoided or eliminated, and for others, this approach may be too expensive or time‐consuming. However,
this should be the first
strategy considered.
|
Exploit. The aim is to ensure that the opportunity is realized. This strategy seeks
to eliminate the uncertainty associated with a particular upside risk by making the opportunity definitely happen. Exploit is an aggressive response strategy, best
reserved for those “golden opportunities” having high
probability and impacts.
|
Transfer. Transferring
risk involves finding
another party who
is willing to take responsibility for its management, and who will
bear the liability of the risk
should it occur. The aim
is to ensure that
the risk is owned
and managed by the party
best able to deal with it effectively. Risk transfer usually involves payment of a premium, and the
cost‐effectiveness of this
must be considered when deciding whether
to adopt a transfer
strategy.
|
Share. Allocate risk ownership of an opportunity to another party who is best able to maximize its
probability of occurrence and increase the potential benefits if it does occur.
Transferring threats and sharing opportunities are similar
in that a third
party is used. Those to whom threats
are transferred take on the liability and those to whom opportunities are
allocated should be allowed to share in the potential benefits.
|
Mitigate. Risk mitigation reduces the probability
and/or impact of an adverse risk
event to an acceptable threshold. Taking early
action to reduce the probability and/or
impact of a risk is often more effective than trying
to repair the
damage after the risk
has occurred. Risk mitigation may
require resources or time and thus presents a tradeoff between doing
nothing versus
the cost of mitigating the risk.
|
Enhance. This
response aims to modify the “size” of the positive risk.
The opportunity is enhanced
by increasing its probability and/or impact,
thereby maximizing benefits realized for the
project. If the probability
can be increased to 100 percent, this is effectively an exploit response.
|
Acceptance. This strategy is adopted when
it is not possible or practical to respond to the risk by the
other strategies, or a response
is not warranted by the importance of the risk. When the
project
manager and the project team
decide to accept a risk, they are agreeing to address the
risk if and when it
occurs. A contingency plan, workaround plan and/or contingency
reserve may
be developed for that
eventuality.
|
|
Examples of Risk Responses
Risk Statement Risk Response
|
||
Design
|
Inaccuracies or incomplete information in the
survey file could lead
to rework of the design.
|
Mitigate: Work with
Surveys to verify that the survey
file is accurate and complete. Perform additional surveys as needed.
|
A design change
that is outside
of the parameters
contemplated in the Environmental Document triggers a supplemental EIS[1] which causes a delay due to the public comment
period.
|
Avoid: Monitor design changes
against ED to avoid
reassessment of ED unless
the opportunity
outweighs the threat.
|
|
Environmental
|
Potential lawsuits may challenge
the environmental report, delaying the start of
construction or threatening loss of funding.
|
Mitigate: Address concerns of stakeholders and public during environmental process. Schedule
additional public outreach.
|
Nesting birds, protected from harassment under
the Migratory Bird
Treaty Act, may delay construction during
the nesting season.
|
Mitigate: Schedule
contract work to avoid
the nesting season or
remove nesting habitat before starting work.
|
|
R/W
|
Due to the complex
nature of the staging,
additional right of way or construction
easements may be required to complete
the work as contemplated, resulting in additional cost to the project.
|
Mitigate: Re‐sequence the work
to enable ROW Certification.
|
Due to the large number of parcels and
businesses, the condemnation process may have
to be used to acquire R/W, which could
delay start of construction by up to one year,
increasing construction costs
and extending the time for COS.
|
Mitigate: Work with Right‐of‐ Way and Project
Management to prioritize work
and secure additional right‐of‐way resources
to reduce impact.
|
|
Construction
|
Hazardous materials encountered during construction will
require an on‐site
storage area and potential additional costs to dispose.
|
Accept: Ensure storage space will be available.
|
Unanticipated
buried man‐made objects uncovered during construction require removal and disposal resulting in additional costs.
|
Accept: Include a Supplemental
Work item to cover this
risk.
|
|
No comments:
Post a Comment