Download our third module dedicated entirely to Project Risk Management

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
Document related concepts
no text concepts found
Transcript 
1
OPMT2510 – Project Quality and Risk Management
Table of Contents
Introduction .................................................................................................................................................. 1
What We Covered in the Previous Module .................................................................................................. 1
What We Will See in This Module ................................................................................................................ 2
Module 4: Learning Objectives ..................................................................................................................... 2
Risk Response................................................................................................................................................ 2
Avoid ............................................................................................................................................................. 3
Mitigate ......................................................................................................................................................... 3
Transfer ......................................................................................................................................................... 3
Accept ........................................................................................................................................................... 3
Exploit ........................................................................................................................................................... 3
Enhance......................................................................................................................................................... 4
Share ............................................................................................................................................................. 4
Accept ........................................................................................................................................................... 4
Risk Response Planning Summary ................................................................................................................ 4
Specific Action for Risk Responses ................................................................................................................ 4
Contingent Response .................................................................................................................................... 5
Criteria for Effective Risk Responses............................................................................................................. 5
Constructing a Risk Registry .......................................................................................................................... 6
Tracking and Controlling Risk ........................................................................................................................ 7
Summary ....................................................................................................................................................... 9
Introduction
Welcome to our third module dedicated entirely to Project Risk Management: Risk Response and
Control.
What We Covered in the Previous Module
Last module we covered how to assess and prioritize Risks using Qualitative and Quantitative methods.
2
We also presented how to prioritize risks based on the results of the Analysis.
If any of the above sounds unfamiliar to you or you feel uncertain of your grasp of the concepts, return
to the previous module to review the material and discussions. You can also use one of the Discussion
Boards to ask questions.
What We Will See in This Module
In this module we will cover how to plan a response to the risks and to then track and control the risks.
Learning Objectives
#outcome
Upon completion of Module 4, you will be able to:
1. Know the 8 generic approaches to Risk Response.
2. Understand how contingent response is different from Risk Response.
3. Build a risk registry.
4. Apply techniques to Track and control risk.
/outcome
Risk Response Plan
Risk Response is the actions and decisions we take prior to a potential Risk event. Remember: a risk is
the chance of something happening that will impact project objectives. When that something happens,
it is not a risk anymore.
Project management practice, as captured by the PMBoK, describes 8 generic responses to risk. The
project team will define the specific responses by applying the generic strategy in the context of the
project.
#accordion
Generic Risk Responses:
Threats
Avoid
Mitigate
Transfer
Accept
/accordion
Threats
Opportunities
Exploit
Enhance
Share
Accept
3
Avoid




Appropriate for the higher end of the PIM: i.e., the high priority Risks.
Probability reduced to 0% or virtually 0%.
This could mean:
o Reducing scope
o Increasing budget or schedule
o Shutting down the project
Almost always requires an understanding of cause and effect (or task level specificity).
Mitigate
•
•
•
•
•
Appropriate for the higher end of the PIM: i.e., the high priority Risks.
Reduce the probability and/or impact.
This could mean:
• Reducing complexity
• Earlier testing
• Training or skills acquisition
• Redundancy
Almost always requires an understanding of cause and effect.
“Quality” is a big piece of these activities.
Transfer
•
•
•
•
•
•
Appropriate for relatively lower levels of the PIM.
Contract out to share risk (at higher cost).
Party must be better equipped to handle risk
This could mean:
– Insurance, bonds
– Contracting product or service
Type of contract is important (cost plus vs. fixed price).
“Quality” can be a big piece of these activities.
Accept
•
•
•
•
•
Appropriate for low end of the PIM.
Acknowledge potential.
Consciously decide to focus limited resources elsewhere.
This does not mean that we don’t take action if it occurs.
Active form could be a contingency reserve.
Opportunities
Exploit
•
•
•
Appropriate for the higher end of the PIM.
Probability increased to 100% or virtually 100%.
This could mean:
– Ensuring certain resources are available
– Expand scope to include the opportunity
– Ensure certain performance functions are available through prototyping/testing/etc.
4
•
Almost always requires an understanding of cause and effect (or task level specificity).
Enhance
•
•
•
•
Appropriate for the higher end of the PIM.
Increasing the probability and/or impact.
This could mean:
• Training or skills acquisition
• Choosing to build during a favourable time of year.
• Ensure certain performance functions are available through prototyping/testing/etc.
Almost always requires an understanding of cause and effect.
Share
•
•
•
•
Appropriate for relatively lower levels of the PIM.
Contract out to share risk (at shared benefit).
Party must be better equipped to capitalize on risk.
This could mean:
– Joint ventures
– Bonus structures
Accept
•
•
•
•
Appropriate for low end of the PIM.
Acknowledge potential.
Consciously decide to focus limited resources elsewhere.
This does not mean that we don’t take advantage if it occurs.
Risk Response Planning Summary
Threat Response
Avoid
Mitigate
Transfer
Accept
Generic Strategy
Eliminate uncertainty
Modify exposure
Allocate ownership
Include in baseline
Opportunity Response
Exploit
Enhance
Share
Accept
#discussion
Risk Response Actions
1. Identify 5 Risk Response actions you take at work.
2. Select the generic response(s) that are aligned with this action. Explain why this is the case.
/discussion
Specific Action for Risk Responses
Now that we know the 8 generic Risk Response strategies, how do we determine specific action? And
where do we go for possible answers?
5
Use Subject Matter Experts; approach departments responsible for the areas in question. For example:
• Quality Management
• Engineering
• Finance
• Legal
• Procurement
• Project Management
• Etc.
Knowing the cause of the risk can also help in estimating specific action. The Risk Registry is a helpful
reference along with other quality tools such as:
 Cause and Effect diagrams
 Failure Mode and Effects Analysis – FMEA
 Hazard Analysis and Critical Control Points – HACCP
Contingent Response
Contingent Response is a Plan to be executed only if predetermined conditions are met.
It reduces or eliminates the need to completely understand cause and effect. In a Contingent Plan, your
actions will be determined by pre-set triggers: “if this happens, do this…”
In essence, we are detecting some impact condition or precondition and taking action to mitigate.
Note: this is different from Risk Reserve or Contingency Reserve.
#reading
Read “Black Swans and Contingent Action.pdf” before continuing.
/reading
Criteria for Effective Risk Responses
When developing Risk Responses, check that they are:







Appropriate: addresses the risk
Affordable: cost-effective
Actionable: defined time window for response
Achievable: realistic
Assessed: it works, and you can check that it does
Agreed: stakeholders agreed and are committed to the response
Allocated/Accepted: defined owner responsible for implementing the response
#reading
6
Read “Effective Strategies in Exploiting Risk.pdf” before continuing.
/reading
Constructing a Risk Registry
A Risk Registry is a place to store and organize all the relevant information relating to the Project Risks. It
normally takes the form of a table with columns for each of the data elements (or characteristics) that
you want to capture. The number of columns or number of characteristics to be captured is determined
by your specific needs.
We are going to review one simple example, but you can find many other suggestions and templates
online to help you with ideas for fields to capture.
This example is drawn from the Oil and Gas Industry. The intent is to demonstrate the structure of a risk
being recorded and not the details within.
#image
/image
During the Risk Identification phase you would be able to fill the first 3 columns in this example: Risk,
Identification Phase and Category.
By performing Risk Assessment, the next 3 columns can be filled: Probability, Impact and Severity.
And in the Response Planning phase the last 3 columns get completed: Response, Responsible and
Contingency Plan.
#image
7
/image
The Risk Registry will be the most important Output from Risk Response planning, allowing you to
monitor and control the execution of the Risk Management Plan.
Other outputs of Response Planning are modifications to the Project Plan and updates to other Project
documentation.
#discussion
Responding to Risk
Read Effective Risk Responses.pdf
Now think back to our Rockworkz2 exercise. Choose a subset of 5 risks related to security, develop it
into a Risk Registry by Assessing them and Planning responses to the risks. Present it as a table, choosing
appropriate headings for your columns. Post your table in the Forum for discussion
Once you have posted your table, review some of your colleagues’ tables. Find an example where
someone else chose a different approach to a risk that you also discussed. Comment on the differences.
/discussion
Tracking and Controlling Risk
8
Once you have built a Risk Registry complete with the planned responses, the project team is ready to
start executing the plan. By their design, the actions you planned will start affecting the Risks
themselves. For instance, if you are executing a Mitigation plan to address a Threat, would you expect
its impact and/or probability to remain the same?
Also consider what happens throughout the life of a project. Are the conditions affecting your project—
external and internal—remaining static? What about your knowledge of the project itself?
Thus Risks need to be continuously re-assessed. In projects, the reassessment is normally done through
regularly scheduled review sessions, with the objective of:
 Monitoring the effect of the execution on the risk. Is the execution being effective? Does it need
adjustment?
 Monitoring “natural” changes to risks based on changed understanding, and to account for the
changing conditions of a project.
 Identify realized Risk events.
 Implement contingent action plans.
 Resolve issues.
Keep in mind that not all Risks will be tracked and controlled with the same frequency. One of the goals
of Risk Assessment was to prioritize them so that limited resources can be focused on the most
important entries of the Risk Registry.
Now consider the Probability and Impact Matrix (PIM) which was discussed in Module 3. It can be used
as a tool to graphically present the changes to Risks, as in this example:
#image
/image
The movement of a risk on a PIM is a graphical representation of a Risk Trajectory.
9
Summary
In this module we covered how to plan responses to Risks, including the eight generic responses, and
identified characteristics of good responses. We also learned how to complete a Risk Registry and track
and control Risks.
Related documents
Evaluation Styles - University of Southampton
Evaluation Styles - University of Southampton
Personal Selling…
Personal Selling…
Passive Intermodulation
Passive Intermodulation
Compare 0 Through 10 10is 4. 6is 10. less than greater than 3. 10
Compare 0 Through 10 10is 4. 6is 10. less than greater than 3. 10
Web Store Manager – Job Description
Web Store Manager – Job Description
BCFR Epidemiology Baseline Questionnaire
BCFR Epidemiology Baseline Questionnaire
Hanchett Entry Systems
Hanchett Entry Systems
12MB - ERT for Construction
12MB - ERT for Construction
Radiography Program Estimated Specific Program Fees and
Radiography Program Estimated Specific Program Fees and
PURPOSES AND USES OF CANCER REGISTRATION
PURPOSES AND USES OF CANCER REGISTRATION
building a data structure with a pim solution
building a data structure with a pim solution