Risk Management Plan

advertisement
Project Risk Management
Author: <>
Date: <>
Version: <>
Table of Content
1
PROJECT RISK MANAGEMENT ........................................................................................................................... 1
2
RISK MANAGEMENT PLANNING ......................................................................................................................... 3
2.1
3
RISK IDENTIFICATION .......................................................................................................................................... 4
3.1
3.2
3.3
4
OUTPUT: RISK REGISTER ............................................................................................................................... 6
RISK RESPONSE ................................................................................................................................................... 6
6.1
6.2
7
OUTPUT: RISK REGISTER ............................................................................................................................... 5
ADDITIONAL RISKS ........................................................................................................................................... 5
RISK QUANTIFICATION ........................................................................................................................................ 5
5.1
6
TOOLS............................................................................................................................................................. 4
CHECK LIST FOR RISK IDENTIFICATION .............................................................................................................. 4
OUTPUT: RISK REGISTER ............................................................................................................................... 4
RISK QUALIFICATION ........................................................................................................................................... 5
4.1
4.2
5
OUTPUT: RISK MANAGEMENT PLAN ................................................................................................................ 3
TOOLS AND TECHNIQUES .................................................................................................................................. 6
OUTPUT: RISK REGISTER ............................................................................................................................... 7
RISK MONITORING AND CONTROL .................................................................................................................... 8
7.1
7.2
CHECK LIST FOR RISK MONITORING AND CONTROL............................................................................................ 8
OUTPUT: RISK MONITORING AND CONTROL..................................................................................................... 8
1 Project Risk Management
When conducting the project risk management process, the work should be carried out as an iterative
process throughout the project phases and it also needs to be carried out across different knowledge areas
of the project. The main objectives for the risk management process should be to increase the probability
and impact of positive events, and decrease the probability of negative events in the project. The project risk
management processes are divided in 5 different areas:
1.
2.
3.
4.
5.
Risk Management Planning
Risk Identification
Risk Quantification
Risk Response
Risk Monitoring and Control
1/8
Project Risk Management
Author: <>
Date: <>
Version: <>
Figure 1. Risk Management overview, from PMBOK Guide - 4th Edition.
2/8
Project Risk Management
Author: <>
Date: <>
Version: <>
2 Risk Management Planning
As a first step, a risk management plan needs to be defined for the approach and risk management activities
for the project. Each section described in the project risk process occurs in one or more of the project
phases. The work flow is an iterative process and shown below:
Guidelines
Templates
Lessons Learned database (Knowledge Center)
Risk
Management
Planning
Organizational
Process Assets
Project Scope
Scope Definition
Project
Management
Plan
Develop Risk
Management
Plan
Risk Management Approved Change Requests
Plan
Approved Preventive Actions
Approved Corrective Actions
Risk
Identification
Approved Change Requests
Risk Register
Qualitative
Risk Analysis
Risk Register (updates)
Quantitative
Risk Analysis
Risk Register (updates)
Risk
Response
Planning
Project Management Plan
(updates)
Risk Register (updates)
Risk
Monitoring
and Control
Integrated
Change
Control
Recommended Preventive Actions
Recommended Corrective Actions
Requested Changes
Risk Register
2.1 OUTPUT: Risk Management Plan
The risk management plan should describe how the risk management will be structured and
performed on the project, and should include the following:
a) Approach, tools and data sources that may be used to perform the risk management on
the project.
b) Roles and responsibilities. Lead, support and project team, and belonging activity for the
risk management.
3/8
Project Risk Management
Author: <>
Date: <>
Version: <>
c) Risk categories and tools to be used in project risk management (updated risk register and
quantitative, qualitative, risk response as well as risk monitoring and control strategy for
the project).
d) Planning and Timing. Define how often the risk management process should be
performed. Continuous reviews, audits and integration with change control system
3 Risk Identification
The process of risk identification seeks to name and identify the risks of the project.
3.1 Tools
Typical tools for indentifying the risks of a StreamServe implementation project are:
 Brainstorming
 Workshop
 Checklist of standard risks (as in attached spreadsheet)
3.2 Check List for Risk Identification
1) Collect project scope and project plan / risk plan
2) Collect and analyse resources:
a) Previous documentation
b) Interviews with key stakeholders, questionnaires
c) Organizational Process Assets: Tools from Knowledge Center, check lists, web resources
d) Organizational Process Assets: Lessons learned, project repository at Knowledge Center
3) Gather workshop with key stakeholders and experts, members of project team. Go through
documents and brainstorm for risks.
4) Interviews with key stakeholders and experts for in depth comments and opinions.
a) How is network diagram affected? Critical line?
b) What strategic risks can be identified?
5) Apply, if necessary other methods: Brainstorming, Delphi method, SWOT analysis, root/cause
diagram.
6) Document identified risks into risk register
7) Perform iterative checks during project execution to update risk register
8) If needed, invite PMO or other third party for Risk or Project Review.
3.3 OUTPUT: Risk Register
<Risks identified in process are as follows, starting to map a risk register:
Risk
>
4/8
Project Risk Management
Author: <>
Date: <>
Version: <>
4 Risk Qualification
Check list of qualitative analysis is as follows:
1) Estimate probability
2) Analyse and estimate impact
3) Categorize and rank project risks
4) Decide on which risks that are acceptable and which risks that are non-acceptable
5) Decide on possible trends in the qualitative risk analysis result
6) Enter the results in the risk register
The probability and impact of identified and prioritized risks (qualitative and quantitative) should be updated
in a Probability/Impact matrix within the risk register.
Risk
Probability
Impact
PxI
4.1 OUTPUT: Risk Register
Information for identified risks updates the risk register, together with risk priority:
Risk
PxI
Risk Prio
4.2 Additional Risks
Additional analysis and management of risk can also be updated at this point, typically listing a) acceptable
risks, and, b) non acceptable risks:
Risk, additional
analysis needed
Acceptable Risk
Non Acceptable Risk
5 Risk Quantification
Quantitative risk analysis is performed on risks that have been prioritized by the qualitative risk analysis in
previous section as potentially and significantly impacting the project. The quantitative analysis process
analyzes identified risks and assigns a numeric rating to those risks. Check list of quantitative analysis is as
follows:
1. Investigate stakeholders and organizational risk thresholds
2. Divide risks in acceptable and non acceptable risks
3. Perform EMV, Earned Value Management, if needed
4. Analyse time estimations and project planning for activities in project plan
5. Add results and update risk register, in order to analyse and determine status of the project plan,
timeframe and budget

Decision Tree
5/8
Project Risk Management
Author: <>
Date: <>
Decision definition
Decision Node
Version: <>
Chance Node
Net Path Value
/ Impact
Choice #1
Choice #1
Decision
Choice #2
Procedure
Decision
Choice #1
Choice #2
Decision
Choice #2
5.1 OUTPUT: Risk Register
Risk
Probability
Impact
PxI
Risk Prio
6 Risk Response
6.1 Tools and techniques
A strategy for each identified risk should be chosen from standard alternatives and behavior below, where a
qualitative analysis of the risk provides the proper risk response:
1. Avoidance – Perform a task to remove the risk
2. Transference – Make someone else responsible for the risk
3. Mitigation – Take actions to lessen the impact or chance of the risk occurring.
4. Acceptance – Accept the risk.
A SWOT analysis gives the threats and opportunities for a certain risk, mirrored risk1.
1
Probability and Impact Matrix, PMBOK Guide Third Edition, p. 252.
6/8
Project Risk Management
Author: <>
Date: <>
Version: <>
Attention Area
Given the threats and opportunities, a risk response is needed for a certain risk identified within the
attention area.
THREAT
GENERIC STRATEGY
OPPORTUNITY
Avoid
Transfer
Mitigate
Accept
ELIMINATE UNCERTAINTY
MODIFY EXPOSURE
ALLOCATE OWNERSHIP
INCLUDE IN BASELINE
Exploit
Enhance
Share
Accept
6.2 OUTPUT: Risk Register
A part from the risk register, the following are reviewed and updated with changes:
 Risk Response Plan
A risk response plan should include the strategy and action items to address the strategy.
 Contractual Agreements
 Risk Response Items
The risk register, serves as an inputs to a revised project plan:
Risk
PxI
Planned Risk Response
Risk Prio
7/8
Project Risk Management
Author: <>
Date: <>
Version: <>
7 Risk Monitoring and Control
The risk management and control tools, typically used in a StreamServe implementation projects, are either
a) periodic risk reviews (iterative process), and/or combined with b) project risk response audits.
7.1 Check List for Risk Monitoring and Control
1) Monitor identified risks stated in risk register.
a. Project review
b. Answer questions: closed risks? Changes in assessment?
c. Update risk register
2) Determine effectiveness of responses
3) If needed, external risk audits (steering board, PMO etc.)
7.2 OUTPUT: Risk Monitoring and Control
Risk
Action*
Action for identified important risk can be selected from alternatives listed below:





Recommended Preventive Actions
Workaround Plans
Corrective Actions
Change Requests
Updates to Risk Register
8/8
Download