IS4600 Term Paper Risk Management vs Uncertainty Management

advertisement
Risk Management vs. Uncertainty Management
Bobby Deng
IS4600 Software Project Management
IS4600 Bobby Deng
1
Introduction
Risk management is almost a staple in every project and is widely used. However, there is an
argument that uncertainty management is superior to risk management, and more projects should adopt
this style instead. Uncertainty management suggests a different perspective which could allow for more
opportunities. But is uncertainty management better than risk management? When talking about risk and
uncertainty, these two words are often used interchangeably with one another. This is not the case.
“Uncertainty exists when the probability of a particular outcome is not known. Risk is the probability of
an undesirable outcome, while uncertainty exists when the prior outcome of a random event is not
known” (Stoelsnes 2005). Risk cannot be eliminated; therefore projects try to minimize the negative
outcomes of risks and attempt to optimize positive risks. This is the purpose of risk management. To be in
control of all the risks, you would follow the cycle of risk management with its following steps: risk
identification, evaluation, mitigate, and transfer. However, risk management only focuses on the negative
risks. Where the purpose is to avoid loss and produce gains. In Chapman and Ward (2003), the authors
argue that the focus should be on uncertainty rather than risk, and on transforming existing project
risk management processes into project uncertainty management. And by doing so, we can direct
attention to areas not addressed in project management. Before we dive deeper into this argument, we
have to understand what risk management and uncertainty management are. We will examine how each
management style is used.
What is Risk?
According to a definition, a risk is the potential that a given action or activity (including the
choice of inaction) will lead to a loss (an undesirable outcome). The notion implies that a choice having
an influence on the outcome sometimes exists (or existed). Potential losses themselves may also be called
"risks". Any human endeavor carries some risk, but some are much more risky than others. A risk can be
defined in six different ways depending on the situation. It can be defined differently in the food industry,
finance, insurance, securities trading, and workplace. Since we are talking about project management, we
will focus on its definition of risk. A risk is some future event that happens with some probability and
results in a change, either positive or negative, to the project. Usually risk is associated with loss. A risk is
an important factor to consider in all projects. You have to be aware of and consider all the risk while
planning your project. Make sure you have ways to mitigate the risk if it ever happens. The established
levels of risk are high, medium, and low. High complexity in a project will cause risk to be high. It is best
to avoid projects with high risk. However, with big risk comes big reward. Risk can be either having a
IS4600 Bobby Deng
2
good outcome or a bad outcome. There is a balance there if you can handle to risk of the project failing.
Medium and low risk projects are very doable and have high success rate, this usually means that it has
been done before and it is easy to follow. Part of defining a project is to include the risk level. High risk
project usually take the longest. All these different considerations create risk management.
Risk Management
Now that we have a clear understanding of what a risk is, we now ask what the risks of my
project are. What is the probability of this risk? What is the lost? Cost of the loss? Are there alternatives?
How do I prevent the lost? As you can see, there are many questions that arrive when you think of risks
for a project. No matter how small or large a project is, there are bound to be risks. This is where risk
management comes in to show you the way. Risk management plays a significant role in a project. The
more complex the project, the more important it is to have a risk management plan. The bigger the
project, the more risks there are. Risk Management follows a life cycle of four steps. In all four steps,
both the project manager and the team members go through all four steps together. These are: risk
identification, risk assessment, risk mitigation, and risk monitoring and control. During the risk
identification phase, you identify what the risks are. You want to find out whether the risks are technical,
project management related, organizational or external risks. A technical risk may be the availability of a
technology and how complex it is. A project management risk could be poor allocation of resources. An
organizational risk could be that the project conflicts with other projects. An external risk could be
workers going on strike. You would identify all the risks of a project and put it in some sort of a template.
For each risk you should identify how it affects the scope of the project. The columns should include the
scope triangle elements which are scope, time, cost, quality, and resources. In risk assessment, you come
up with the probability of the risk occurring, the loss that could happened and think out the worst case
scenario. By doing so, you will be prepared for the worst. All these new information should be filled in on
a new template. You should include columns for the probability of it happening, the impact, the priority,
and if it can be mitigated. This way the risks are all laid out in front of you and you can add to it as more
come to mind. In the next steps, you will fill in the matrix. It is important not to ignore things that seem
unlikely. No matter how small the probability, you will be glad you've considered if it happens. Next you
want to figure out how to mitigate the risk. Think of alternatives to best minimized the losses. You can
choose to accept, avoid, go to your contingency plan, mitigate, or transfer the situation. To accept the risk
means that there is nothing that can be done. If it happens, it happens. To avoid the risk means that the
project plan can be modified to avoid the risk. A contingency Plan is a backup plan for when the risk
occurs. To mitigate the risk is to minimize the impact if the risk occurs. To transfer the risk is to pass on
IS4600 Bobby Deng
3
the impact. An example of transferring a risk is by buying an insurance policy. Also, these alternatives
might further incur other risks. Lastly, you monitor the project for risks and put it in a risk log. It is best to
be prepared, and by following the risk management process, you will be the most prepared you can be.
What is Uncertainty?
Uncertainty and risk are often grouped together as similar processes. However there is a
difference. When you are talking about risk, you are talking about an undesirable outcomes' probability.
Uncertainty is when the outcome is not known so there is no probability. Uncertainty arises from a lack of
information. This is either because the information is not available and yet to be developed or that the
information cannot be developed. For example, when remodeling a house, you don't know the exact time
that it'll take to finish. You cannot estimate the time it will take to finish by mathematical evaluation.
There are many factors that can happen that will change your end time. You can however, put an
uncertainty factor for each task of a project. This way you can tell which projects are over and which
projects are under the uncertainty factor. For example if a project is estimated to take 100 days but you
took 200 days, your uncertainty factor will be 2.
Uncertainty Management
Uncertainty Management can be broken down into three basic steps. These steps are: identify,
track and reduce. There are five different types of uncertainty. The first type is variability associated with
estimates. This is the big part of the project. It is the size of project parameters such as time, cost, and
quality related to particular activities. The second type is uncertainty about the basis of estimates. This is
where uncertainty arises from estimates produced by project parties. Each person has a different view so
their views are different. The third type is uncertainty about design and logistics. This is uncertainty that
arises from the nature of the project deliverable and the process for producing it are fundamental
uncertainties. This type of uncertainty is usually resolved during the beginning part of a project. This is
because during the beginning of the project, the design and logistics are given to you. This type is also
easy to resolve because you can just ask what the client wants. The next type of uncertainty is uncertainty
about objectives and priorities. This is where you want to aim at improving project performance. You
should find clarity about project objectives and the relative priorities between objectives and acceptable
trade-offs. The last uncertainty type is uncertainty about fundamental relationships between project
parties. This is where you are uncertain of how your team works together. You do not know who works
well together, who is responsible, and who fits which role. The next step after you’ve identified the
IS4600 Bobby Deng
4
uncertainties is to track the uncertainty. In this step you want to go through all your uncertainties and find
more information about them. You want to learn more about the origins and hopefully resolve the
uncertainty. Furthermore you can also deem an uncertainty as unimportant and move on to more
important things. For uncertainties that you still have, you will want to move on to the next step to reduce
the uncertainty. To help reduce uncertainty, the easiest way is to break down big tasks into smaller tasks
that can be more easily estimated. Back to the example of remodeling your house, it is hard to estimate a
time of completion. Breaking down the task into smaller tasks will help resolve this. A small task could
be replacing a cabinet or plating seeds. These smaller tasks are easier to give a time of estimation for.
More specifically, there are other ways to reduce uncertainty. If you have fixed-schedule and fixed-scope
projects, add buffer time in the schedule. This works for low-uncertainty projects, especially those that
repeat the same type of work many times. For fixed-schedule projects, use an agile process such as
Scrum, and adjust scope in a planned way to meet the schedule. This is an effective way to conduct a
project when estimates are poor, and scope is poorly-defined and changes frequently, while still allowing
for planning and a useful degree of predictability. For unscheduled projects with unknown scope,
uncertainty is very high, and planning is not possible. In this case, a strategy such as Kanban, which
focuses on constraining work-in-progress, is effective. Uncertainty cannot be eliminated with estimation
techniques because of unpredictable events. The best way is just to keep track of uncertainty and try your
best to reduce it with the listed methods above.
Risk Management vs. Uncertainty Management
Both management styles are good at what they do. Risk management is great at managing risk
and uncertainty management is great at managing uncertainty. However, there is a big problem with risk
management. The problem with risk management is that the term “risk” has become associated with only
negative events. Risk management is basically threat management. The term “risk” has become an
obstacle to improved decision and policy making. Its multiple and ambiguous usages persistently
jeopardize the separation of the tasks of identifying and evaluating relevant evidence on the one hand, and
eliciting and processing necessary value judgments on the other. (The term) ‘risk’ contaminates all
discussions of probability because of the implicit value judgment is that the term always brings with it,
just as it contaminates all discussions of value assessment because of the implicit probability judgment
that it contains”(Chapman 2003). All risks are viewed as threats therefore; risk management has basically
become threat management. Uncertainty management is not just about managing perceived threats,
opportunities and their implications. It is about identifying and managing all the many sources of
uncertainty which give rise to and shape our perceptions of threats and opportunities. An uncertainty
IS4600 Bobby Deng
5
management perspective would seek an understanding of why this variability arises, with a view to
managing it. Key concerns are understanding where and why uncertainty is important in a given project
context, and where it is not. This is where uncertainty management is better. Each management type has a
different mindset. It becomes a matter of perspective. Risk management is a team that views everything as
a threat vs. an uncertainty management team that tries to understand and manage all sources. Another
view is a team that is scared of every part of a project vs. a team of astronauts/scientists that want to
explore and understand every part of a project. You can further look into these two mindsets by looking at
the terminology used in each management type. Some terminology of risk management vs. uncertainty
management are as follows: absence of vs. availability of, major risk vs. significant uncertainty, lack of
vs. shortage or surplus of, mitigate vs. modify, avoid risk vs. resolve uncertainty, inadequate vs.
inappropriate, a poor allocation vs. an inappropriate/unclear allocation, a weakness vs. an issue, an impact
vs. a consequence/effect, and a (possible) source of risk vs. a source of uncertainty. From this terminology
comparison, you can see that risk management terminology is more extreme and negative. It is all doom
and gloom compared to uncertainty management. Uncertainty management terminology gives a sense of
hope. The terms used make resolving uncertainty more hopeful. Uncertainty management has a better
perspective than risk management.
Conclusion
In conclusion, I agree with the arguments that suggest uncertainty management as superior to risk
management in one aspect. Risk management has become threat oriented. This is not preferable because it
limits one's’ thought process. Replacing ‘risk’ with ‘uncertainty’ as a starting point could significantly
broaden thought processes. Seeking to identify sources of uncertainty encourages a more open ended,
neutral description of factors, which facilitates a less constrained consideration of response options. Risk
management is still the best way at managing risk. What I want to emphasize is that we should not
manage risk. We should manage uncertainty. Hopefully you now know the difference between these two
terms if you didn’t already. Projects today should focus on managing uncertainty and adopt this new
style. This different perspective will allow for more opportunities. Instead of preparing for earthquakes
and tsunamis, you can use that time to look for opportunities for project improvement.
References
IS4600 Bobby Deng
6
Reniers G. (2012). From Risk Management towards Uncertainty Management
AcademyPublish – Risk Assessment and Management
Stoelsnes R. & Bea R. (2005). Uncertainty Management of General Conditions in a Project
Risk Management, Palgrave Macmillan Journals, Vol. 7, No. 2 (2005), pp. 19-35
Thompson K. (2011). How Uncertainty Works, cPrime
(http://www.cprime.com/knowledge/articles/uncertainty.html)
Ward, S., & Chapman, C. (2003). Transforming project risk management into project uncertainty
management. International Journal of Project Management, 21(2), 97-105.
Wysocki R. (2011). Effective Project Management: Traditional, Agile, Extreme, 6th Edition. John Wiley
and Sons.
IS4600 Bobby Deng
7
Download