“Good Risk Management fosters vigilance in times of calm and instills discipline in times of crisis”
– Dr. Michael Ong
What is risk?
A possibility of change in the expected outcome of a task or event implies a risk. Every activity has an inherent risk in it. Even walking on the road has its own risks, like getting hit by a truck.
Simplest of the tasks on a project has risks. For instance, as project release gets closer project’s software architect may fall sick, thereby increasing the risk of delivery. Any of scope, cost, schedule and quality of the project may be affected due to materialization of a risk.
On the day you wanted to buy that project management software, you come across a discount code that saves you 50% on the cost! This is also a risk – although a positive one. Positive risk is called an opportunity.
If risk occurs on a project it may lead to a positive or negative impact on one or more of project objectives.
There are “known unknowns” and “unknown unknowns” on a project. What does this mean?
“Known unknowns” are identified risks on the project. If you have only one architect working on the project you know that if he has an emergency there is no one to fill in for him during his absence. Such risks cost you money when they materialize. This expenditure is covered from contingency reserves.
“Unknown unknowns” are those risks that you cannot proactively identify. During project execution, your lead developer may find out that a piece of scope has never been covered in requirements documentation. You cannot plan for these types of risks. When unknown unknowns occur, their expenditure is covered from management reserves.
Every organization has some amount or risk tolerance. Degree or tolerance depends on factors such as nature and complexity of project, extent of rewards in the offering. If you are building a nuclear reactor the amount of risk tolerance would be much lower, whereas you may exhibit more risk tolerance for a software product that is looking to time the market.
I’d like to thank Jesse VanWay for this information! – Shiv
Risk attitude of an organization
The three concepts related to risks that an organization can exhibit –
- Risk tolerance – amount of risk that organization can withstand before it reacts to take an evasive measure
- Risk appetite – amount of risk the organization can afford to take in anticipation of reward
- Risk threshold – the is the point of risk level at which organization decides whether to accept risk. Below threshold organization will accept risk, above threshold organization will not tolerate risk.
Project Risk Management Knowledge Area has 6 processes, 5 of them in planning process group alone! Why? Because, you prepare for a risk before you give it a chance to materialize. Most of risk related processes are executed in planning state before the actual project work starts. A risk involved with an activity has a chance of materialization the moment work is started!
What project management activities do you do to attend project risk?
- Planning The Management Of Risk is a project management activity to create a plan that identifies methods of managing risks, assigns responsibilities for people who handle risks, outlines risk budget, defines risk categories, and identifies probability and impact matrix.
- Identifing Project Risks Proactively is the project management activity to come up with a register for all risks, known as Risk Register. This risk register contains list of identified risks, their sources, and potential responses.
- Analyzing Risks In Qualitatively is the project management activity where risks in the risk register are ranked and prioritized based on urgency, probability of them coming true, and potential impact. These are based on subjective analysis, and so are quicker to do than the next project management activity.
- Analyzing Risks In With Numerical Analysis is the project management activity where risks in the risk register are analyzed using statistical tools and their priorities are updated.
- Planning Appropriate Responses for Risks is the project management activity for developing actions to enhance opportunities and reduce threats to project objectives posed by risks.
- Monitoring and Controlling Risks is the project management activity to actually implement risk response plans, track and monitor residual risks, and identify new risks.
How to deal with negative risks (or threats)?
Let us look at this with an example. Meeting with an accident is a real (negative) risk involved with driving a car. How can one deal with it?
- Avoid – just don’t drive the car at all.
- Transfer – take an insurance. In case of an accident, at least financial losses will be covered.
- Mitigate – regularly service the car, learn all the traffic rules and driving etiquette, and mitigate the risk of accident happening.
- Accept – just don’t do anything about it. Drive without a worry in the world. If it happens, it happens.
How to make the best of positive risks (or opportunities)?
A friend tells you about a piece of real estate available for purchase near an upcoming airport project. You feel that total amount to be invested is out of your reach. If you get to invest in it though, the price is expected to be doubled every year for next 3-4 years and it makes for a great investment opportunity right now. What would you do?
- Exploit – invest all your savings, take up a loan. Go for it.
- Share – team up with the friend who can invest partially and together buy the piece of land.
- Enhance – go for aggressive bargain, offer all-cash-deal to get it if possible. Enhance the benefit of this opportunity.
- Accept – show interest but don’t do anything actively. If the seller comes around for your price you will make the deal.
If you need a mnemonic to remember these, consider this silly one-
If you need a mnemonic to remember these, consider this –
“Negative ATMA, PositivE SEA“
Negative risks you can Avoid, Transfer, Mitigate or Accept; Positive risks you can Exploit, Share, Enhance or Accept.
Exam pointer – This can go into the Brain dump you create a week before your exam. Expect few questions on risk management.