Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
1 OPMT2510 – Project Quality and Risk Management Table of Contents Introduction .................................................................................................................................................. 1 What We Covered in the Previous Module .................................................................................................. 1 What We Will See in This Module ................................................................................................................ 2 Module 4: Learning Objectives ..................................................................................................................... 2 Risk Response................................................................................................................................................ 2 Avoid ............................................................................................................................................................. 3 Mitigate ......................................................................................................................................................... 3 Transfer ......................................................................................................................................................... 3 Accept ........................................................................................................................................................... 3 Exploit ........................................................................................................................................................... 3 Enhance......................................................................................................................................................... 4 Share ............................................................................................................................................................. 4 Accept ........................................................................................................................................................... 4 Risk Response Planning Summary ................................................................................................................ 4 Specific Action for Risk Responses ................................................................................................................ 4 Contingent Response .................................................................................................................................... 5 Criteria for Effective Risk Responses............................................................................................................. 5 Constructing a Risk Registry .......................................................................................................................... 6 Tracking and Controlling Risk ........................................................................................................................ 7 Summary ....................................................................................................................................................... 9 Introduction Welcome to our third module dedicated entirely to Project Risk Management: Risk Response and Control. What We Covered in the Previous Module Last module we covered how to assess and prioritize Risks using Qualitative and Quantitative methods. 2 We also presented how to prioritize risks based on the results of the Analysis. If any of the above sounds unfamiliar to you or you feel uncertain of your grasp of the concepts, return to the previous module to review the material and discussions. You can also use one of the Discussion Boards to ask questions. What We Will See in This Module In this module we will cover how to plan a response to the risks and to then track and control the risks. Learning Objectives #outcome Upon completion of Module 4, you will be able to: 1. Know the 8 generic approaches to Risk Response. 2. Understand how contingent response is different from Risk Response. 3. Build a risk registry. 4. Apply techniques to Track and control risk. /outcome Risk Response Plan Risk Response is the actions and decisions we take prior to a potential Risk event. Remember: a risk is the chance of something happening that will impact project objectives. When that something happens, it is not a risk anymore. Project management practice, as captured by the PMBoK, describes 8 generic responses to risk. The project team will define the specific responses by applying the generic strategy in the context of the project. #accordion Generic Risk Responses: Threats Avoid Mitigate Transfer Accept /accordion Threats Opportunities Exploit Enhance Share Accept 3 Avoid Appropriate for the higher end of the PIM: i.e., the high priority Risks. Probability reduced to 0% or virtually 0%. This could mean: o Reducing scope o Increasing budget or schedule o Shutting down the project Almost always requires an understanding of cause and effect (or task level specificity). Mitigate • • • • • Appropriate for the higher end of the PIM: i.e., the high priority Risks. Reduce the probability and/or impact. This could mean: • Reducing complexity • Earlier testing • Training or skills acquisition • Redundancy Almost always requires an understanding of cause and effect. “Quality” is a big piece of these activities. Transfer • • • • • • Appropriate for relatively lower levels of the PIM. Contract out to share risk (at higher cost). Party must be better equipped to handle risk This could mean: – Insurance, bonds – Contracting product or service Type of contract is important (cost plus vs. fixed price). “Quality” can be a big piece of these activities. Accept • • • • • Appropriate for low end of the PIM. Acknowledge potential. Consciously decide to focus limited resources elsewhere. This does not mean that we don’t take action if it occurs. Active form could be a contingency reserve. Opportunities Exploit • • • Appropriate for the higher end of the PIM. Probability increased to 100% or virtually 100%. This could mean: – Ensuring certain resources are available – Expand scope to include the opportunity – Ensure certain performance functions are available through prototyping/testing/etc. 4 • Almost always requires an understanding of cause and effect (or task level specificity). Enhance • • • • Appropriate for the higher end of the PIM. Increasing the probability and/or impact. This could mean: • Training or skills acquisition • Choosing to build during a favourable time of year. • Ensure certain performance functions are available through prototyping/testing/etc. Almost always requires an understanding of cause and effect. Share • • • • Appropriate for relatively lower levels of the PIM. Contract out to share risk (at shared benefit). Party must be better equipped to capitalize on risk. This could mean: – Joint ventures – Bonus structures Accept • • • • Appropriate for low end of the PIM. Acknowledge potential. Consciously decide to focus limited resources elsewhere. This does not mean that we don’t take advantage if it occurs. Risk Response Planning Summary Threat Response Avoid Mitigate Transfer Accept Generic Strategy Eliminate uncertainty Modify exposure Allocate ownership Include in baseline Opportunity Response Exploit Enhance Share Accept #discussion Risk Response Actions 1. Identify 5 Risk Response actions you take at work. 2. Select the generic response(s) that are aligned with this action. Explain why this is the case. /discussion Specific Action for Risk Responses Now that we know the 8 generic Risk Response strategies, how do we determine specific action? And where do we go for possible answers? 5 Use Subject Matter Experts; approach departments responsible for the areas in question. For example: • Quality Management • Engineering • Finance • Legal • Procurement • Project Management • Etc. Knowing the cause of the risk can also help in estimating specific action. The Risk Registry is a helpful reference along with other quality tools such as: Cause and Effect diagrams Failure Mode and Effects Analysis – FMEA Hazard Analysis and Critical Control Points – HACCP Contingent Response Contingent Response is a Plan to be executed only if predetermined conditions are met. It reduces or eliminates the need to completely understand cause and effect. In a Contingent Plan, your actions will be determined by pre-set triggers: “if this happens, do this…” In essence, we are detecting some impact condition or precondition and taking action to mitigate. Note: this is different from Risk Reserve or Contingency Reserve. #reading Read “Black Swans and Contingent Action.pdf” before continuing. /reading Criteria for Effective Risk Responses When developing Risk Responses, check that they are: Appropriate: addresses the risk Affordable: cost-effective Actionable: defined time window for response Achievable: realistic Assessed: it works, and you can check that it does Agreed: stakeholders agreed and are committed to the response Allocated/Accepted: defined owner responsible for implementing the response #reading 6 Read “Effective Strategies in Exploiting Risk.pdf” before continuing. /reading Constructing a Risk Registry A Risk Registry is a place to store and organize all the relevant information relating to the Project Risks. It normally takes the form of a table with columns for each of the data elements (or characteristics) that you want to capture. The number of columns or number of characteristics to be captured is determined by your specific needs. We are going to review one simple example, but you can find many other suggestions and templates online to help you with ideas for fields to capture. This example is drawn from the Oil and Gas Industry. The intent is to demonstrate the structure of a risk being recorded and not the details within. #image /image During the Risk Identification phase you would be able to fill the first 3 columns in this example: Risk, Identification Phase and Category. By performing Risk Assessment, the next 3 columns can be filled: Probability, Impact and Severity. And in the Response Planning phase the last 3 columns get completed: Response, Responsible and Contingency Plan. #image 7 /image The Risk Registry will be the most important Output from Risk Response planning, allowing you to monitor and control the execution of the Risk Management Plan. Other outputs of Response Planning are modifications to the Project Plan and updates to other Project documentation. #discussion Responding to Risk Read Effective Risk Responses.pdf Now think back to our Rockworkz2 exercise. Choose a subset of 5 risks related to security, develop it into a Risk Registry by Assessing them and Planning responses to the risks. Present it as a table, choosing appropriate headings for your columns. Post your table in the Forum for discussion Once you have posted your table, review some of your colleagues’ tables. Find an example where someone else chose a different approach to a risk that you also discussed. Comment on the differences. /discussion Tracking and Controlling Risk 8 Once you have built a Risk Registry complete with the planned responses, the project team is ready to start executing the plan. By their design, the actions you planned will start affecting the Risks themselves. For instance, if you are executing a Mitigation plan to address a Threat, would you expect its impact and/or probability to remain the same? Also consider what happens throughout the life of a project. Are the conditions affecting your project— external and internal—remaining static? What about your knowledge of the project itself? Thus Risks need to be continuously re-assessed. In projects, the reassessment is normally done through regularly scheduled review sessions, with the objective of: Monitoring the effect of the execution on the risk. Is the execution being effective? Does it need adjustment? Monitoring “natural” changes to risks based on changed understanding, and to account for the changing conditions of a project. Identify realized Risk events. Implement contingent action plans. Resolve issues. Keep in mind that not all Risks will be tracked and controlled with the same frequency. One of the goals of Risk Assessment was to prioritize them so that limited resources can be focused on the most important entries of the Risk Registry. Now consider the Probability and Impact Matrix (PIM) which was discussed in Module 3. It can be used as a tool to graphically present the changes to Risks, as in this example: #image /image The movement of a risk on a PIM is a graphical representation of a Risk Trajectory. 9 Summary In this module we covered how to plan responses to Risks, including the eight generic responses, and identified characteristics of good responses. We also learned how to complete a Risk Registry and track and control Risks.