February 20, 2007

Risk Response Planning

Risk response planning is the process of developing options to minimize threats and maximize opportunities. The risk response should be inline with the significance of the risk, cost-effective, and realistic. Normally a collaborative discussion needs to occur to assure the best option is the response. In order to begin risk response planning, you need the following inputs to the process:


  • Risk Management Plan – The risk management plan contains key components which will help to yield response options. Roles and Responsibilities from the Risk Management Plan define who as the authority to act and who can be an owner of a risk. Risk Analysis Definitions clearly relate the definition of risk ratings for probability, impact, and urgency. Risk Thresholds relate the stakeholders’ tolerance of high, moderate, and low risks. Normally clearly defined thresholds specific to time, cost, and resource amounts are given. Timing and schedules which detail the frequency and activities are also related as a part of the risk management plan.

  • Risk Register – The risk register contains the resulting risks from the identification, qualitative analysis, and quantitative analysis. The components used are the priority list of Project Risks, list of near and long-term risks, trends in qualitative risk analysis, categorized risks, and a watch list of low priority risks.


The strategies for handling risk comprise of two main types: negative risks, and positive risks. The goal of the plan is to minimize threats and maximize opportunities.

  • Response Strategies for Threats (Negative Risks) – When dealing with threats, there are three main response strategies – Avoid, Transfer, Mitigate (ATM)

    • Avoid – Risk avoidance involves changing the project plan to remove the threat to the project plan. This can be done by changing or reducing the scope of the project.

    • Transfer – Risk transference involves shifting the impact of a risk event and the ownership of the risk response to a third party. This strategy is common with a financial risk exposure and involves payment of a risk premium to the party assuming the risk.

    • Mitigate – Risk Mitigation reduces the probability or impact of a potential risk even to a more acceptable level. This included reducing the consequences of the risk. Mitigation could involve adopting a less complicated process, conducting additional test on the product, designing redundancy into a system, and designing a quality control or reconciliation.

  • Response Strategies for Opportunities (Positive Risks) – When dealing with opportunities, there are three main response strategies – Share, Enhance, Exploit (SEE)

    • Share – Risk sharing involves sharing responsibility and accountability with another to enable the team the best chance of seizing the opportunity.

    • Enhance – Risk enhancement increases the probability an opportunity will occur by focusing on the trigger conditions of the opportunity and optimizing the chances.

    • Exploit – Risk exploitation is used on opportunities when the organization wishes to assure the opportunity is realized. Commonly used by hiring the best experts or assuring the most technologically advanced resources are available to the project team.

  • Response Strategies for Both Threats and Opportunities – Risk acceptance is any decision not to change to deal with a risk. Risk acceptance is either passively accepted by doing nothing or actively by establishing a contingency reserve.

  • Contingent Response Strategy – A risk contingency is used only when a risk is realized or impacting. A response plan is commonly executed when a condition or trigger event occurs. For example missing an intermediate milestone.


Risk Response Planning is the most important risk management process. It places a plan in play of how to deal with risk. The outputs of Risk Response Planning are:

  • Risk Register (updates) – Risk Register updates of the appropriate risk response.

  • Project Management Plan (updates) – Project Management Plan updates occur as response actions are added after being processed though integrated change control.

  • Risk-Related Contractual Agreements – Risk related contractual agreements for insurance, partnerships and services will generate language specifying each party’s responsibilities.


Posted by Elyse at 6:36 AM | Comments (0)

February 11, 2007

Quantitative Risk Management

Quantitative Risk Analysis is completed on the prioritized risks from Qualitative Analysis studying the affect of risk event deriving a numerical value. Quantitative Risk Analysis is performed to access the probability of achieving specific project objectives, to quantify the affect of the risk on the overall project objective, and to prioritize the risk based on significance to overall project risk.
The inputs for Quantitative Risk Analysis are:

  • Organizational process assets - Organizational process assets uitilized are any information from the project archives on project of a similar nature, any study by risk specialist on a similar project, and any available proprietary risk database.
  • Project Scope Statement - The Project Scope Statement provides information on whether the project is a new and exciting endeavor with a significant change in process. These types of project have high levels of risk.
  • Risk Management Plan - The Risk Management Plan contains the budget, the definitions of probability and impact, the probability and impact matrix, risk categories, and risk timing and schedule. All of these components are needed to perform Quantitative risk analysis.
  • Risk Register - The Risk Register lists the threats and opportunities the project team has identified and has the categories and priority from qualitative risk analysis.
  • Project Management Plan – The project management plan has the schedule management plan and cost management plan. The schedule management plan details how to control the project schedule and the cost management plan describes how to budget and control project costs.

In order to accurately perform Quanitiative Risk Analysis, one needs to keep in mind the purpose or outcome is to have a well thought through and realistic number is the probabilistic analysis. The first methodology is to endeavor on a data gathering mission, gathering SMART data, validating the data, and illustrating in a graphical format. The other methodology is to perform a statistical anlysis on the data. Given the two methodologies, the tools and techniques used to perform Quantitative Risk Analysis are:
  • Interviewing – Interviewing is employed to assess the probabilities of achieving specific project objectives based on input from relevant stakeholders and subject matter experts. In the interview it is a good mix to obtain the optimistic, pessimistic, and most likely scenario for a given objective. The end result is to have a bought into, agreed to, realistic and formal gage of probability. There are three methods commonly employed:
    • Direct – Direct interviewing is when a subject matter expert is accountable for providing the optimistic, pessimistic, and most likely values.
    • Diagrammatic – Diagrammatic method utilizes diagrams for subject matter experts to determine subjective possibilities.
    • Delphi – The Delphi technique lets a group of experts anonymously contribute their assessment.
  • Probability Distribution – A probability distributions describes how probabilities are distributed upon events. It is used to graphically illustrate risk probability representing the probability density function. The vertical axis indicates the probability of the risk even, and the horizontal axis depicts the impact of the risk event.
  • Sensitivity Analysis – Sensitivity analysis measures the impact of one risk with all other variables at a level plane. The risk currently being analyzed is given variable values based upon the possible outcomes. This is a great method to ascertain the impact of a single risk, however the method does not yield a combine effect for risk analysis.
  • Expected Monetary Value – Expected monetary value analysis calculates the average outcome when the future is not set in stone. In order to calculate EMV multiply the monetary value of a possible outcome by the probability it will occur. EMV analysis is commonly used in conjunction with decision tree analysis.
  • Decision Tree Analysis – Decision tree analysis is a detailed review of the information available to evaluate different outcomes. Decision trees enable the considertionof probability and impact for every branch of the decision under analysis. Solutions are based on alternatives which provide the greatest expected value when every implication, costs, rewards, and subsequent decisions are considered.
    Download Sample file
  • Modeling and Simulation – A model is mock-uup of a system or problem. A simulation imitates functionality. A common model and simulation is the Monte Carlo Analysis. It illustrates how processes can occur under different conditions, without risk to the production systems and data. The steps to perform a Monte Carlo Analysis are:
    1. Establish a Range of Values for Each Task
    2. Determine the Probability Distribution for Each Task
    3. Choose Random Values for the Simulation
    4. Perform the Simulation
    5. Analyze the Data

The sole output of the Quantitative Risk Analysis process is an updated Risk Register. Components of the output of Quantitative Risk Analysis (updates to the Risk Register) are:
  • Probabilistic analysis of the project - The probabilistic analysis of the project is comprised of possible schedule and cost outcomes including estimated completion dates and costs, along with associated confidence levels. This information provides a foundation for prioritizing risks and managing trends in risks and risk results.
  • Probability of achieving cost and time objectives - The probability of achieving the cost and time project objectives is pretty self explanatory. Mainly this is a way to quantify the contingency reserves to an acceptable level for the organization. Contingency reserves are the funds, budget, or time needed above the estimate to reduce the risk of overruns of project objectives to a level acceptable to the organization. A probabilistic analysis of your project can be used to calculate and set aside sufficient contingency reserves to cover potential shortfalls.
  • Prioritized list of quantified risks – The prioritized list of quantified risks clearly identifies which risks pose the greatest threat or opportunity to the project by requiring a large risk contingency or by influencing the critical path.
  • Trends in quantitative risk analysis - When project managers examine quantitative analysis results over time, they often spot trends. Observing and responding to trends can help you identify and eliminate root causes of risk, reduce risk probability, or control risk impact. Managing trends contributes to making you a successful risk manager.

The output of Quantitative Risk Management provides information for handling a project's most threatening risks and promising opportunities. A probabilistic analysis assists you with estimating contingency reserves to ensure stakeholder comfort.

Quantitative Risk Management helps to assess the probability of meeting time and cost objectives. Prioritizing high-threat risks allows one to respond proactively before the iceberg has hit. Monitoring trends enables you to adjust risk management activities over time. Taken together, all of these outputs help you to be a successful risk manager.

Posted by Elyse at 11:02 AM | Comments (0)

February 7, 2007

Communicating Expectations

On the job, there is a level of performance that is expected. That level can change with new leadership. The older well valued employees may need expectations restated. Or perhaps there is a new team member joining the team. So what actually needs to be conveyed to assure understanding?


  1. Why the task must be completed
  2. When the work is to be completed.
  3. How rigid the deadline is
  4. How the finished work will be measured or evaluated
  5. How important the task is in relation to other work being done
  6. How the task fits into the big picture

As a leader, it is important to take that breath and take the time. Clearly conveying expectations is absolutely necessary when it comes to managing and leading a team. After you have conveyed the expectation, be sure to ask questions. It is the only way to know for sure that understanding has occurred.

Posted by Elyse at 9:32 PM | Comments (0)

Qualitative Risk Analysis

Qualitative Risk Analysis assesses the impact and likelihood of the identified risks in a rapid and cost-effective manner. By evaluating the priority of risks with consideration to impact on the project’s cost, schedule, scope and quality objectives, Qualitative Risk Analysis provides a foundation for a focused quantitative analysis or Risk Response Plan.
The inputs to the Qualitative Risk Analysis process are:


  • Organizational process assets - Organizational process assets are any of your company's policies or procedures which assist in understanding the current project's risks. Another component of organizational process assets is information regarding risks from previous projects. This information yields understanding of how a risk was either successfully or unsuccessfully managed in the past, provides insights into the departments or organization’s risk tolerance, and may provide a standard operating policy of how risks are to be managed.

  • Project Scope Statement – The Project Scope Statement details the project objectives, deliverables, assumptions, constraints, schedule, budget, and configuration management requirements. Typically a component of the project scope statement is whether the technology or process is a new endeavor for your organization. As we all know the bleeding razor edge is wrought with high levels of risk.

  • Risk Management Plan – The Risk Management Plan details the roles and responsibilities, risk management budgets, risk management scheduled activities, risk categories, probability and impact definitions, probability and impact matrix, and stockholder’s risk tolerances. These components are useful in risk analysis.

  • Risk Register – The Risk Register is a listing of the risk the project team identified.


Once you have garnered all of the inputs it is time to perform qualitative risk analysis. Thankfully there are best practices which are usefully to rate and prioritize the project risks in a rapid and cost-effective manner. These tools and techniques are:

  • Risk probability and impact assessment – Risk probability and impact is the team rating of the project’s risks and opportunities. It is best to use a team of project members, subject matter experts, individuals listed on the roles and responsibilities section of the risk management plan, and any other usefule knowledgeable participants. There are to tactical methods for deriving a risk rating. First have a meeting with the team. Secondly conduct risk interviews. Generally, the first approach is to tackle the probability question of all identified risks, then review and determine the impact of all identified risks. Finally the risk score is calculated by multiplying probability by impact. The successful outcome of a risk probability and impact assessment is a Risk Register that has been updated with risk ratings for probability, impact, and score.

  • Probability and impact matrix – The probability and impact matrix illustrates a risk rating assignment for identified risks. Each risk is rated on its probability of occurrence and impact upon objective. From a spotlight analysis reds are in the high risk zone, yellows are medium risk, and greens are low rated risks which should just be added to the watch list.

    Probability
    Threats
    Opportunities
    0.900
    0.045
    0.090
    0.180
    0.360
    0.720
    0.720
    0.360
    0.180
    0.090
    0.045
    0.700
    0.035
    0.070
    0.140
    0.280
    0.560
    0.560
    0.280
    0.140
    0.070
    0.035
    0.500
    0.025
    0.050
    0.100
    0.200
    0.400
    0.400
    0.200
    0.100
    0.050
    0.025
    0.300
    0.015
    0.030
    0.060
    0.120
    0.240
    0.240
    0.120
    0.060
    0.030
    0.015
    0.100
    0.005
    0.010
    0.020
    0.040
    0.080
    0.080
    0.040
    0.020
    0.010
    0.005
    0.050
    0.100
    0.200
    0.400
    0.800
    0.800
    0.400
    0.200
    0.100
    0.050

  • Risk data quality assessment – A qualitative risk analysis needs to have unbiased and accurate data for credibility. A risk data quality assessment is a means to evaluate the reliability and accuracy of the information from which the risk rating is derived.
    1. Extent to which the risk is understood – How well is the risk grokked? The data should be clear, concise and easily explained. Evaluate your data source? Did the wolf caller just tell you another wolf was after the sheep.
    2. Data availability - Is the data complete? A common whole is to base risk ratings on incomplete data.
    3. Data Quality – Is the data timely and relevant? Honestly evaluating a CPOE install by data that is 20 years old isn’t good practice. Most like the information isn’t timely and relevant.
    4. Data integrity and reliability - How objective is the data? Qualitative Risk Analysis is imprecise; ratings reflect subjective opinions and judgment. However, with this fact in mind, try to obtain the most accurate and unbiased information you can. For example if in a rampant war of office politics, is it objective what stones one side is throwing at the other?
  • Risk urgency assessment – Risk requiring near-term responses are have a higher level of urgency than risk way off in the future land.
  • Risk categorization - Risks can be grouped in different ways for example they can be categorized by source, area impacted, or project phase.
The output of the Qualitative Risk Analysis process is an updated Risk Register. The risk register updates include:
  1. Relative ranking or priority of project risks – The overall risk ranking is determined by summing the individual risk scores and then dividing by the number of risks.
  2. Risks grouped by categories – Placing risks in categories reveal areas of risk concentration and highlights common causes of risk. For example, if every risk is surrounding a lack of project resources, then maybe actually planning the project work to the resources available is necessary.
  3. Lists of risks requiring response in the near term – The most urgent risks commonly need responses in the short term. By sorting according to urgency, it is easy to identify the most severe risk event which need almost immediate action.
  4. List of risks for additional analysis and response – Risks which need additional analysis and management are classified as high sometimes even moderate.
  5. Watchlist of low priority risks – Risks which are not urgent and require action in the distant future are commonly detailed on a watchlist for monitoring.
  6. Trends in qualitative risk analysis results - With each iteration of Qualitative Risk Analysis, a trend may result which necessitates a response or further analysis.
Posted by Elyse at 1:41 PM | Comments (0)

February 6, 2007

Risk Identification

Risk Identification ascertains which risks have the potential of affecting the project and documenting the risks’ characteristics. Risk Identification begins after the Risk Management Plan is constructed and continues iteratively throughout the project execution. The Risk Identification process naturally progresses into the Qualitative Risk Analysis or the Quantitative Risk Analysis Process. Sometimes it is wise to include the identification of a risk and its response in order for it to be included in Risk Response Planning.

At the beginning of the Risk Identification process it is a good idea to have gathered all of the inputs you and your team will need. The inputs to the Risk Identification Process are:


  • The Project Management Plan - The Project Management Plan is used in gain an understanding of the project's mission, scope, schedule, cost, Work Breakdown Structure (WBS), quality criteria, and other elements.

  • Risk Management Plan - The Risk Management Plan provides the blueprint of overseeing risk management throughout the project describing who, what, when, where, why, and how. The Risk Management Plan provides the following four critical inputs to Risk Identification:

    • Assignment of roles and responsibilities - identifing the who of risk management by assigning the handling of specific tasks and roles to specific individuals.

    • Budget provisions for risk-management activities - The approved funds available for risk-management activities. You will need to track your actual costs against these approved budget numbers.

    • Schedule for risk management - The revised schedule including the time needed for risk-management activities over the duration of the project's life cycle.

    • Categories of risk - The risk categories are used during Risk Identification to organize and prioritize risks as they are identified. Alternatively, the Risk Breakdown Structure (RBS) may be the source of risk categories.

  • Project Scope Statement – The project scope statement defines the project boundaries and assumptions. During Risk Identification, risks to boundaries must be identified in order to mitigate scope creep, and assumptions must be reassessed to identify risks associated with them.

  • Organizational process assets – Organizational process assets provide information from prior projects including historical information and lessons learned.

  • Enterprise environmental factors - These factors include any and all external environmental factors and internal organizational environmental factors that surround or influence the project's success, such as organizational culture and structure, infrastructure, existing resources, commercial databases, market conditions, and project management software.


After gathering all necessary inputs, it is tie to employ the recommended tools and techniques of risk identification. The tools and techniques are:

  • Documentation reviews - Documentation reviews involve comprehensively reviewing the project documents and assumptions from the project overview and detailed scope perspective in order to identify areas of inconsistency or lack of clarity. Missing information and inconsistencies are indicators of a hidden risk.

  • Information gathering techniques - Information gathering techniques are used to develop lists of risks and risk characteristics. Each technique is helpful for collecting a particular kind of information. The five techniques are:

    • Brainstorming – Brainstorm is employed as a general data-gathering and creativity technique which identifies risks, ideas, or solutions to issues. Brainstorming uses a group of team members or subject-matter experts spring boarding off each others' ideas, to generate new ideas.

    • Delphi technique – The Delphi technique gains information from experts, anonymously, about the likelihood of future events (risks) occurring. The technique eliminates bias and prevents any one expert from having undue influence on the others.

    • Interviewing – Interviewing in a face-to-face meeting comprised of project participants, stakeholders, subject-matter experts, and individuals who may have participated in similar, past projects is a technique for gaining first-hand information about and benefit of others' experience and knowledge.

    • Root cause identification – Root cause identification is a technique for identifying essential causes of risk. Using data from an actual risk event, the technique enables you to find out what happened and how it happened, and understand why it happened, so that you can devise responses to prevent recurrences.

    • Strengths, weaknesses, opportunities, and threats (SWOT) analysis - A SWOT analysis examines the project from the perspective of each project's strengths, weaknesses, opportunities, and threats to increase the breadth of the risks considered by risk management.

  • Checklist analysis - Checklists list all identified or potential risks in one place. Checklists are commonly developed from historical information or lessons learned. The Risk Breakdown Structure (RBS) can also be used as a checklist. Just keep in mind that checklists are never comprehensive, so using another technique is still necessary.

  • Assumptions analysis - All projects are initially planned on a set of assumptions and what if scenarios. These assumptions are documented in the Project Scope Document. During Risk Identification, assumptions are analyzed to determine the amount of inaccuracy, inconsistency, or incompleteness associated with them.

  • Diagramming techniques - Diagramming techniques, such as system flow charts, cause-and-effect diagrams, and influence diagrams are used to uncover risks that aren't readily apparent in verbal descriptions.

    • Cause and effect diagrams – Cause and effect diagrams or fishbone diagrams are used for identifying causes of risk

    • System or process flow charts – Flow charts illustrate how elements and processes interrelate.

    • Influence diagrams – Influence diagrams depict causal influences, time ordering of events and other relationships between input variables and output variables.


The tools and techniques used for the Risk Identification process are designed to help the project manager gather information, analyze it, and identify risks to and opportunities for the project's objectives, scope, cost, and budget. The information gathered is entered on the Risk Register, which is the primary output of Risk Identification.

  • Risk Register - The Risk Register containing the results of the Qualitative Risk Analysis, Quantitative Risk Analysis, and Risk Response Planning. The Risk Register illustrates all identified risks, including description, category, cause, probability of occurring, impact(s) on objectives, proposed responses, owners, and current status. While the risk register will become the comprehensive output, Risk Identification process results in four entries in the Risk Register:

    1. Lists of identified risks – Identified Risks with their root causes and risk assumptions are listed.

    2. List of potential responses – Potential responses identified here will serve as inputs to the Risk Response Planning process.

    3. Root causes of risk - Root causes of risk are fundamental conditions which cause the identified risk.

    4. Updated risk categories - The process of identifying risks can lead to new risk categories being added.


Posted by Elyse at 6:12 AM | Comments (1)

Risk Probability and Impact Definitions

Within Risk Management Planning, it is essential to define risk probability and impact. Commonly an impact scale is developed which reflects the impact of negative impacts of threats or the positive aspects of opportunities. Below is an example which reflects the realive and numeric methods.

Defined Conditions for Impact Scales of a Risk on Major Project Objectives
(Examples are shown for negative impacts only)

Project Objective
Very low / 0.05
Low / 0.10
Moderate / 0.25
High / 0.40
Very High / 0.80

Cost
Insignificant cost increase
< 10% Cost Increase
10 - 25% cost increase
25 - 40% Cost Increase
>40% Cost Increase

Time
Insignificant time increase
< 5% Time Increase
5 - 10% Time Increase
10 - 20% Time Increase
> 20% Time Increase

Scope
Scope decrease barely noticeable
Minor Areas of scope affected
Major areas of scope affected
Scope reduction unacceptable to sponsor
Project end item is effectively useless

Quality
Quality degradation barely noticeable
Only very demanding applications are affected
Quality reduction requires sponsor approval
Quality reduction unacceptable to sponsor
Project end item is effectively useless
This table presents examples of risk impact definitions for four different project objectives
Posted by Elyse at 5:25 AM | Comments (0)

February 5, 2007

Risk Categories

Risk Categories are a common listing of sources of risk. Depending on the size of the project, one might employ a Risk Breakdown Structure (RBS).

RSB.jpg

Download file

The Risk Breakdown Structure is a hierarchical structure which decomposes identified risk categories into sub-categories. Risk categorization helps to identify potential risks for a project.

Posted by Elyse at 6:39 AM | Comments (1)

Risk Management Planning

Risk Management Planning is about defining the process of how to engage and oversee risk management activities for a project. Risk Management planning is an important part of project management. Having a plan on how to manage risk, allows one to task to plan versus innovating and deciding after the fact and in the midst how to handle a risk. The earlier Risk Management planning is engaged within increases the possibility of success of all risk management activities and processes especially if the process definition was created with input and buy-in from the project manager and key project stakeholders.

The inputs for Risk Management Planning are:

  • Project Scope Statement – The Project Scope Statement documents the project scope including a description, major deliverables, project objectives, project assumptions, project constraints, and a statement of work. In Risk Management Planning, the project scope statement is commonly used for identifying project boundaries and assumptions.

  • Project Management Plan – The Project Management plan contains the WBS which is used in Risk Management Planning to determine possible areas where risks can occur. For example, if the WBS has usability testing being the last item completed after integrated testing. This is a risk. The usability of the application may have affect on how the information is passed into and out of the application. This could be considered a Project Management Planning Risk.

  • Organizational process assets – The organizations’ process assets may contain defined standards and policies pertaining to risk management. Process assets included are risk categories, roles and responsibilities, and processes of how to have a decision made.

  • Enterprise environmental factors – Enterprise environmental factors reveal the risk tolerance of the organization and the individuals involved in the project. For example, patient billing departments or leaders commonly have absolutely no risk tolerance for any impact to cash flow. This is especially true in non-for-profit organizations like hospitals. However educators and researchers have a high level or risk tolerance. Therefore in an academic medical center, one could have two ranges of risk tolerance. Understanding how much risk your stakeholders and organization are comfortable with help with decisions regarding the type, level, and amount of risk management to apply in the project.


Once the inputs have been obtained the only tool and technique used to engage in risk management planning is the planning meetings and analysis.
  • Planning Meetings and Analysis – The planning meetings are used to construct the risk management plan. Commonly attendees are the stakeholders, team members, and the project manager. The Risk costs and action plans are developed with assignments and risk responsibilities. When facilitating planning meetings a couple of tips are:
    • Ensure people can access the inputs to the planning process beforehand – Have a project collaborative a web site and store core project documents including the Project Scope Statement, Project Management Plan, your organization's policies on risk management, and any environmental factors that may affect your project.

    • Assure the object is to discuss and make decisions about the risk plan – During the Risk Management Planning meetings it is good to cover the five major elements of risk management. These are:

      1. Methodology — Define how risks will be identified, how risk analysis (qualitative and quantitative) will be done, how risk response planning will happen, how risks will be monitored, and how ongoing risk-monitoring activities will occur.

      2. Roles and Responsibilities — Determine who will have responsibility for resolving which risks. Create a matrix, list, or table and assign names. Your organization may already have pre-assigned roles and responsibilities.

      3. Budget — Determine an order-of-magnitude estimate for how much risk-management activities will cost for the project, based on time estimates and personnel costs, and the size, impact, and importance of your project.

      4. Schedule — Define when risk-management activities should be done, and schedule them. High-visibility, important projects will require more frequent risk identification and response than low-visibility or routine projects.

      5. Templates and definitions of terms — Obtain copies of your organization's templates and any pre-existing risk categories and definitions. You and your team will need to discuss and agree on what these terms mean.

    Risk Management Planning meetings are all about planning for subsequent risk identification and analysis. It's important not to get involved in actually identifying risks during these meetings.

The output of the Risk Management Planning process is the Risk Management Plan. The Risk Management Plan documents Project Risk Management will be structured and performed on the project.

The components of the Risk Management Plan are as follows:

  1. Methodology – Methodology describes how the Risk Management processes will be performed, the tools which will be utilized, and the data source for handling risk.

  2. Roles and responsibilities – Roles and responsibilities matrix identifies the lead, support, and risk management team for each action item in the risk management plan, and assigns people to the roles clarifying their responsibility and accountability.

  3. Budgeting – Budgeting assigns resource and estimates costs needed for risk management. Simply state it is just better to be honest and above board, budgeting for risk with a risk contingency.

  4. Timing – Timing clarifies the frequency of the risk management process and schedules some risk management activities in the project schedule. Without timely monitoring and response, risks can easily escalate into negative events or become missed opportunities because you failed to exploit them.

  5. Risk categories - Risk categories are potential causes of risk included in the Risk Management Plan for use during the Risk Identification and Risk Analysis processes. Risk categories are sometimes shown as a Risk Breakdown Structure (RBS). The RBS is a hierarchically organized depiction of the identified project risks arranged by risk category and subcategory that identifies the various areas and causes of potential risks.

  6. Definitions of risk probability and impact - Agreeing on standard definitions helps to ensure that everyone is communicating on the same wavelength. Definitions are included in the Risk Management Plan for later use during Risk Analysis.

  7. Probability and impact matrix - The probability and impact matrix assists in determining whether a risk is considered low, moderate, or high by combining the two dimensions of a risk: its probability of occurrence, and its impact on objectives if it occurs.

  8. Revised stakeholder tolerances — As discussions become more specific during planning meetings about actual risks and actual costs, schedules, scope, objectives, and quality criteria, you will begin to get a better idea of your stakeholders' tolerance for risk than you had at the start of the process.

  9. Reporting formats – Reporting formats depict the content and format of the risk register. The Risk Register is a document on which you will record identified risks and their characteristics.

  10. Tracking – Tracking describes how and when risk information will be documented and reviewed for the benefit of current project, future needs, and lessons learned. Tracking also specifies whether risk management processes will be audited.

Posted by Elyse at 4:43 AM | Comments (0)