PROJECT RISK MANAGEMENT
This is the third and last in the series of articles on RISK Management. After discussing 4 of the 6 processes, we are left with Plan Risk Responses and Control Risks now. The earlier 4 processes were in planning part and the remaining two now are in action part of risk management process. Let us start looking into them.
Plan Risk Responses
Plan Risk Responses: Inputs
We have planned the risk management, identified risks, quantified and qualified them. What next? We need to have plan of actions ready at hand to act when a risk occurs. For that what we do is we take all the identified risks as per decided priority and will prepare rather plan our action if it occurs in the lifetime of project. To do that, we need list of risks and Risk management plan.
So, Risk Management Plan and Risk Register are the inputs to this process.
Plan Risk Responses: Outputs
When we are planning responses to risks, or when we have actions ready to take when a risk occurs, is it not that we have a plan at hand and that plan needs to be updated in respective subsidiary plan. YES, there you are. As we know that when a risk occurs, any of the variables like schedule, cost, quality, scope, etc. will get affected. So when we have a response planned, then those plans have to be updates. Below are some of the plans probably one has to update, but not limited to:
- Scope Baseline
- Schedule Base line
- Cost Baseline
- Schedule Management plan
- Cost Management Plan
- Quality Management Plan
- Procurement Management plan
- Human Resource Management plan
As the entire above said subsidiary plans are part of Project Management Plan update, we will say Project Management Plan update is one output. Along with PM Plan, many project documents are also updated. Below given are some of the updates to risk register that will need updating in the plan risk responses process.
- Roles and responsibilities
- Contingency reserves
- Budget and Schedule required
- Signs of a risk
- Response strategies
- Action planned for individual risks
And below project documents may also needs updating
- Assumptions log updates (log with new information gained through application of risk responses)
- Technical documents
- Change requests
Plan Risk Responses: Outputs
Inputs and outputs are OK, what about tools and techniques. They quiet interesting with this as below:
- Strategies for negative risks
- Avoid – avoid the risk by changing the plan, adjusting variables or at times shut down the project.
- Transfer – transfer the risk to a third party like insurance company.
- Mitigate – Early actions or steps will be taken to reduce the impact.
- Accept – acknowledge the risk and don’t take any action unless risk occurs.
- Strategies for positive risks or Opportunities
- Exploit- eliminates the uncertainty and ensures the risk occurs.
- Enhance – Increase the chances of risk occurrence.
- Share – allocate the ownership of the opportunity to a third party like insurance company.
- Accept – take the advantage of risk if it happens but don’t pursue it actively.
- Contingent Response Strategies – some responses are designed to be used only if risk occurs. Certain times the response plan will be executed only if predefined conditions exists. There will be sufficient time and warning to implement these strategies.
- Expert Judgment
You are ready with your responses to all identified risks and now the last process is to CONTROL RISKS.
We have plans, priorities, strategies, risks at hand. What to do with them? This process will speak about implementing risk responses and evaluating the effectiveness of process.
Control Risks: Inputs
Just try to do the same thing what we have been doing so long. Identify the inputs using common sense.
If the process effectiveness has to be measured, we need to know how the processes are used and project is receiving them. That is WORK PERFORMANCE Information. Work Performance information will be provided in agreed format so called reports. As we are controlling risks here, we need RISK register and as the performance is measures on risk management and risk management is a process which happens throughout the project I need project management plan also.
So, the inputs will be Project Management Plan, Risk register, work performance reports and work performance information.
Control Risks: Outputs
What will be the outputs? Same way, we are taking project management plan so the control process may demand some changes to it. So, Project Management Plan updates are one output. When there is an update required, it is routed through change process so change request is another output. We are taking work performance information as input, but the risk management process happens throughout the project so the same will be output also. As there will be changes to the risk information and defined limits project documents also will get updated. Last one , as it is a control process we will be updating the process, templates and other similar documents so process assets updates is also a output.
So, Project Management Plan Updates Project Document Updates, Change requests, work performance information, Organizational process assets are the outputs.
Control Risks: Tools and Techniques
Inputs and outputs are clear now and we need to know the tools and techniques used. Let me put them down in line.
- Risk reassessment: there is a chance of identifying new risks while performing control risks. You may also remove some risks as they are no more needed or may have occurred. In any of such situations we need to re-assess risks.
- Risk Audits: audits or conducted to know how the risk management is carried out.
- Variance & Trend analysis: comparing planned results and actual results is variance analysis. Performance information is used in establishing trends.
- Technical Performance Measurement: Compares technical accomplishments to the schedule of technical achievements.
- Reserve analysis: amount of reserve remaining VS amount of RISK remaining.
- Meetings: Frequent discussions about risk gives chance to understand risks better and identify new risks.
Questions & Answers
- You team who is responsible for RISK management is observing and analysing some data to understand what are the planned results and what the actual results are. This they are doing to understand the level of control they need to plan. What is the team doing?
- A. Trend Analysis
- B. Variance Analysis
- C. Variance & Trend Analysis
- D. Analysis
Correct Answer: C [ it is variance and trend analysis that is discussed in the question]
- Name the strategies for negative and positive risks.Correct Answer: Negative [avoid, transfer, mitigate, accept] positive [ exploit, enhance, share, accept]