Project Risk Management
When planning a project you hope for the best, but there is always a chance of something unexpected preventing this. Project risk management is about having the confidence of knowing what to do if the worse occurs, and what this will cost.
Project risk management consists of two key aspects: determining the risk, and designing counter measures.
Determining Risk
When determining risk there are three key aspects to consider:
- The event causing the risk.
- The likelihood of the event happening.
- The impact on the plan if the event occurs.
Risk Events
When planning, it is impossible to determine every risk causing event that may occur. Many things can occur on a project, and you could spend forever trying to anticipate them all. However, as will become clear, it is not important to consider them all, you need to consider a representative selection of events that could effect a project.
Risk Likelihood
Even when we have a set of risk events, we do not generally have accurate statistics about their occurrence. It is unlikely therefore that we can determine their exact likelihood. This is a reason that a subjective scale of high, medium, or low is often used to determine likelihood. It focuses attention on those events you feel will be most likely to occur.
Risk Impact
The next step is to determine what impact a risk event may have on a project. This means determining what effect it will have on the scope, time, resource, or quality aspects of the project plan. These can vary from an annoyance through to a total catastrophe. Various scale scan be used but a similar three point scale of high, medium, or low is also often used.
Why Do It?
The process described so far appears very subjective, liable to error, and will definitely not be complete. So why do it? This is a valid question for many project plans, which just determine risk and go no further. However what we are really interested in is delivering a project plan in a way that satisfies the customer. This is the importance of the counter measures part. It states what you will do if a risk event occurs to mitigate the damage.
Designing Counter Measures
When designing counter measures it will be noticed that the same counter measure can be employed to cover several different types of risk. What is more those same counter measures will most likely prove useful against risks you have not anticipated. This is the power of risk planning; by planning how to deal with the worst that you can think of, you are also providing insurance for events you have not considered. Therefore you have raised the possibility that the project will be delivered successfully.
Generic Risk Counter Measures
Risk counter measures will reduce the likelihood, the impact, or both of a risk happening. There are various generic risk counter measures that can be used to reduce risk. As an example supposing you wanted to cross a busy road in order to buy some fish and chips. Your options could be:
- Eliminate the risk: Buy fish and frozen chips from a supermarket and cook them at home.
- Cease the activity: Decide not to have fish and chips.
- Reduce the likelihood: Carefully check the road and only cross when there is no traffic.
- Reduce the impact: Wear body armour so that if you are hit then it will have less effect.
- Early warning: Check the road to see if there is any traffic before crossing.
- Avoid: Decide to have a pizza instead from a shop on your side of the road.
- Share or transfer: Ring for a taxi to go and collect your fish and chips.
- Accept risk: Just cross the road anyway.
Selecting Counter Measures
To select appropriate counter measures you check your list of risk events and consider for each of them what you could do to mitigate the effect of it happening. You start with the high likelihood and high impact events, and work down to the low likelihood and low impact events. For each consider the generic counter measures list and see if any can apply to the risk event you are considering. As an example for a test plan if there is a risk of the software being delivered to testing that does not even run, you may cease the testing activity. By documenting this in advance in the test plan all stakeholders are aware of the possibility of this extreme action. Another event may be the loss of one of the testing team. This could be covered by:
- Reducing the likelihood, by ensuring the team are well paid, and have had a successful health check,
- Reducing the impact, by having spare team members, or a call off arrangement with a contract agency,
- Early warning, by having a strong system of staff appraisal, and other measures to see if staff are likely to become unavailable,
- Accept the risk, by notifying the customer that if the event occurs then the scope, time scale, or quality standards will have to be adjusted and meeting convened to discuss.
There are other possibilities, but there are costs associated with all of them.
A Balanced Risk Management Plan
A balance must be struck between no planning, and planning to the point of project paralysis. The key is to balance the cost of the planning process, along with likely costs of counter measures, against the benefits to be delivered by the project. This can only be done in conjunction with the various stakeholders. If it is done at the start of a project it might even lead to the conclusion that the project is not worth pursuing. If it is pursued then the risk plan enables a more accurate judgment to be made about the likely overall costs. A risk management plan makes you think about what it is you want to achieve, and what you are willing to pay for it. As a result you stand a far higher chance of achieving success.
Plans and Risk
- Performance Testing explains Performance Testing and the match against non-functional requirements.
- Characteristics of Project Plans - the five key characteristics of a project plan.