logo

Risk Management

Approach to Project Risk Management (PRM)

How do you go about project risk management, and when?

Reactive vs. Proactive - 1

·      First recognize that you can be either reactive or proactive to project risks. For example, consider this unlikely but quite possible situation - you are at risk of being shot at. Conceptually, at least, you have four options. You can:

·      Reactive response:

·         Move to avoid the bullet

·         Deflect the bullet

·         Repair the damage done by the bullet

Reactive vs. Proactive - 2

·      Proactive response:

·         You can take steps to avoid being confronted by the person with the gun in the first place

·      Selecting one of the choices from the "Reactive" list is typically viewed as being

·         In Crisis Management mode

·         Being proactive is generally the better choice!

·      The point of this example is that

·         At no time are you in charge of the bullet (the risk event)

PRM Methodology

·      Like all the other project management functions

·         Project risk management involves a series of logical management steps

·         And these steps should be reviewed or repeated at appropriate intervals in the project life span

·         First you must recognize potential risk events

·         Then you "mitigate" (or offset) them

·         At the same time, watching out for opportunities

·      The methodology is best depicted by the diagram on the following page

Logical Steps

Logical Steps

Notes on Logical Steps

PRM Planning

·         You can include PRM in your project management but it helps if your organization recognizes PRM with established policies

·         Such as appropriate guidelines covering roles and responsibilities, analysis, tolerances and reporting

Risk Identification

·         As noted in our previous Issacon, formal PRM should be concerned with possible risk events

·         Which may stem from either the management of the project, or the project's technology

Risk Events

Risk events may be either

·         Recurring type i.e.

·         Relatively predictable

·         More easily identified

·         Responsive to objective analysis

·         Non-recurring, I.e.

·         Random

·         More difficult to identify with credibility

·         Requiring subjective analysis

It's a good idea to separate the two

Risk Analysis

·      The problem frequently is how to deal with all the potential risks identified

·      Therefore it is beneficial to take the analysis also in two steps

·         Qualitative Analysis

·         Identifying which risks we should worry about

·         And spend time on

·         Quantitative Analysis

·         Assessing the impacts should any of those things occur

Responding

·      Having determined which risks require serious consideration

·         Establish an appropriate response for each

·      Make sure the response is activated. That means:

·         Documenting the response plan in each case

·         Making sure that the plan is communicated

·         Someone is held responsible for maintaining watch

·         In the event, the appropriate plan is implemented

·         The consequences are documented for future reference

When is the best time to do PRM?

Depending on the type, scale and circumstances of your project:

·         A simple impact analysis can reveal valuable information in the conceptual phase of the project

·         PRM should certainly be introduced in the definition/ planning phase

·         The extent of the exercise depending on the complexity and criticality of the project

·         Project risk monitoring and response should be an on-going part of the project's implementation phases

Risk Analysis Summary

Risk Analysis Summary