ALTE DOCUMENTE
|
|||
ASK ChapterBM "Enter the chapter number" chapter SEQ chapter \* Arabic \r 3
THIS PAGE LEFT INTENTIONALLY BLANK
|
Explain This module explains risk and introduces the concept of proactive risk management to minimize the impact of risk. |
|
Explain Risk is the possibility of suffering a loss. For any given project, the loss could be such things as diminished quality of the end product, increased cost, missed deadlines, or failure of the whole project. Emphasize Risk is not inherently bad. But risk is inherent in every project. |
n Risk is the possibility, 11311j91l not the certainty, of suffering a loss.
n The loss could be anything from diminished quality of an end product to increased cost, missed deadlines, or project failure.
n Because risk is a fundamental ingredient of opportunity, it is not inherently bad, but it is inherent in every project.
n Successful teams deal with risk by recognizing and minimizing uncertainty.
|
Explain The slide lists some examples of where risks might originate. The list is not exhaustive. Emphasize Risk can be found everywhere in an IT project. Poorly thought-out planning can be a source of risk, as can a shortage of money or people or a lack of training on new technology. Transition Make it clear that there is no one-to-one relationship between the list of sources on this slide and the list of possible consequences on the next slide. |
The items listed on this slide show where risks can be generated, but they are not the conditions or the consequences.
|
Explain These are examples of the types of impact that can result from risk. The list is not exhaustive. Emphasize Risks can affect a project in many different ways. To find them, you have to look beyond just cost. |
Risks can affect a project in many different ways. The slide offers some typical impacts for the purpose of illustration.
|
Prepare Review the delivery guide for this module. Read the instructions on the slide. Facilitate Lead the class in brainstorming ideas for dealing with fire safety in a warehouse. Write the ideas on a flip chart, making mental note of those that you can use later to illustrate the difference between mitigation and contingency planning. Remember, the whole point of the exercise is to illustrate that most people think of the consequences of risk, not the conditions that cause it. |
Read the instructions on the slide and follow any additional directions the instructor might have for you.
|
Explain MSF risk management sets forth a discipline and environment of proactive decisions and actions to assess continuously what can go wrong, determine which risks must be dealt with, and implement strategies for dealing with them. Emphasize Key point: MSF advocates proactive risk management, which requires a visible, measurable, and repeatable process for managing risks. |
n Risk management should be proactive, not reactive.
n It should continuously assess what can go wrong so that the team can use that information for all project decision-making.
n Proactive risk management requires a visible, measurable, and repeatable process.
n Preventing risk is the transition point between proactive and reactive risk management.
|
Explain MSF risk management is an ongoing five-step process that should be part of all project management. The key to its success is keeping it simple. Emphasize Although the "identify" step looks like a one-time event in the process, it is actually ongoing. Transition The next three lessons examine the steps in the proactive risk management process in detail. |
n Identifying risks allows the team to bring risks to the surface so they can deal with them before they hurt the project.
n Analyzing risks converts risk data into information the team can use to make decisions.
n Devising risk plans is the next step that turns information into decisions and actions.
n Tracking risks allows the team to monitor the status of risks and any actions taken to mitigate them.
n Controlling risk moves risk management into day-to-day project management, which is crucial in making sure that risk management remains a high-profile activity.
|
Explain The risk assessment document is the compilation of all of the risk assessment pieces. It is a living document that the team should review at every major milestone, at a minimum. |
Risk assessment document is a fundamental piece of the risk assessment process. In a sense it fills dual roles similar to those of a sword and a shield.
n As a sword, it is a decision enabler that:
Prioritizes effort.
Highlights dependencies.
n As a shield, it defends a project through education and escalation against:
Arbitrary changes by management.
Arbitrary dates.
Fixed project variables.
|
Explain The items on the slide do not necessarily represent all the things that the risk assessment document could contain, but they do represent those things that should be there at a minimum. For example, risks are often described using a risk statement approach, whereas other times they are described by separating risk causes from risk consequences. The contents of the risk assessment document should clearly explain what the project risks are, what is being done to prevent them, and what will be done if they occur. |
n The items on the slide do not necessarily represent all the things that the risk assessment document could contain, but they do represent those things that should be there at a minimum. For example, risks are often described using a risk statement approach, while other times they are described by separating risk causes from risk consequences.
n The contents of the risk assessment document should clearly explain what the project risks are, what is being done to prevent them, and what will be done if they occur.
|
Explain Identifying risks is a crucial first step in the proactive risk management process because risks can't be managed until they've been identified. Emphasize Risk identification is not a one-time event. |
n Identifying risks gives the project team the opportunities and the information it needs to bring risks to the surface.
n Because risk identification involves all key team players, it also reveals for the team the assumptions and viewpoints that those players hold.
n A fundamental aspect of risk identification is that the team should treat it as a positive action, not a negative one.
|
Explain MSF advocates using formal risk statements that state both the condition and the consequence of each risk in a clear and easily understood fashion. Emphasize Often team members identify only one side of the risk equation. It's important to make sure that they also identify the condition and the consequence. |
n A risk can't be managed effectively until it's been stated clearly.
n Risk statements should clearly and simply state the condition of the risk (the cause) and the consequence of the risk (the effect).
n Team members should look for shared conditions and consequences across multiple risk statements to see if they constitute a root issue.
|
Explain Analyzing risks converts the raw risk data from the identification process into information the team can use to make decisions. Analysis helps the team focus on the right risks. It considers three factors: risk probability, risk impact, and risk exposure. Emphasize Analyzing risks allows the team to quantify risk priorities. Transition The next three slides examine those factors in more detail. |
n By analyzing risks, the project team moves from gathering raw data about risks to deciding what to do about them.
n Risk analysis allows the team to quantify risk priorities.
n In analysis, the team considers the likelihood that the risk will occur and how serious the impact will be if the risk occurs and then assigns a degree of exposure calculated by comparing the risks with others from the same project.
|
Explain The easiest way to estimate probability is with a simple numeric scale because risk probability is generally a best-guess estimate. Emphasize Measuring risk is relative. You can use any scale you want, but you must use the same one across the project. A consistent scale keeps the measurement meaningful. |
n Often risk probability is defined using non-numeric scales, such as colors-red, green, and yellow-or levels-high, medium, and low. But MSF risk management calls for using numeric scales, such as 3, 2, and 1.
n Because probability is generally an estimate, it's best not to get too precise with the scale that you use to calculate it. On a scale of 1 to 3, it's easy to determine whether a risk is a 2 or a 3. On a scale of 1 to 20, it would be very difficult to determine whether a risk is a 17 or an 18.
|
Explain You should use a simple scale for risk impact as well. But, unlike risk probability, you can sometimes quantify risk impact. In those cases, a dollar value is the best way to quantify the impact. Emphasize Again, consistency is important because you will multiply this figure by the probability figure to calculate exposure. |
n Often risk impact is defined using non-numeric scales, such as colors-red, green, and yellow-or levels-high, medium, and low. But MSF risk management calls for using numeric scales, such as 3, 2, and 1.
n Whatever you do, don't mix different scales. Pick the lowest common denominator and continue using it.
|
Explain Risk exposure is an artificial way of quantifying the overall threat of a risk. You calculate it by multiplying probability times impact. It has meaning only within the context of the project and by comparison with other risks. Emphasize Risk exposure is meaningful only in relationship to other risks that use the same scales. |
n The risk exposure calculation is why consistency in scales is so important.
n Because you will use exposure to compare one risk against another, you must have a consistent scale to make the comparison meaningful. For example, on one project a risk with an exposure of 9 could be the highest risk on the project. On another, a risk with an exposure of 9 could be relatively low. The point is, the same probability and impact scale must be used across a project so that the exposure comparisons have meaning.
|
Prepare Read the instructions in the delivery guide for this module and on the slide. Facilitate Keeping the students in a large group, lead them through a brainstorming session to identify and document five risks from the chosen activity scenario and then to prioritize these risks. Debrief Finish the activity by engaging the students in a discussion about the variations in how they thought the risks should be assessed. |
Read the instructions on the slide and follow any additional directions the instructor might have for you.
|
Explain The team should make plans only for those risks with consequences that it can't accept. To determine which risks to plan against, the team should examine whether it knows enough about the risk, whether it can live with the consequences, whether it can avoid the risk, whether it can reduce the likelihood the risk will occur, and whether it can reduce the impact if the risk occurs. Transition The next two slides examine how teams can do risk planning if they can't live with the consequences of a risk or can't avoid it. |
n The team should balance the risk consequence against the effort needed to avert it.
n Planning involves developing actions to address individual risks, prioritizing risk actions, and creating an integrated risk management plan.
|
Explain Mitigating risk means taking steps ahead of time to keep a risk from occurring or driving its impact to an acceptable level. It's not the same thing as risk avoidance because mitigation focuses on prevention and minimization. Emphasize Proactive mitigation focuses on addressing root causes rather than symptoms. |
n Mitigating risk means taking steps ahead of time to keep a risk from occurring or driving its impact to an acceptable level.
n Proactive mitigation focuses on addressing root causes rather than symptoms.
n After you have determined the root cause, you should look for similar situations in other areas of the project.
n Some risks cannot be reasonably mitigated, or simply cannot be mitigated at all.
|
Explain MSF risk management focuses on preventing risks ahead of time, whether by reducing their probability, minimizing their impact, transferring risks, or avoiding them altogether. Emphasize MSF risk management is very proactive, rather than reactive. |
n Risk reduction tries to minimize the likelihood that a risk will occur (for example, by building a warehouse out of fireproof materials) or to minimize the impact (for example, by installing automatic sprinklers).
n Risk transference tries to shift the risk to someone else (for example, by contracting for fire safety with a third party).
n Risk avoidance tries to eliminate the risk by doing something less risky (for example, by building something less prone to fire than a warehouse).
|
Explain Contingency plans are necessary for all risks, including those that have mitigation plans. They address what to do if the risk occurs and focus on the consequence and how to minimize its impact. To be effective, the team should make contingency plans well in advance. The example in the slide is used for the sake of brevity. You should try to offer industry examples. Transition The next slide looks at contingency triggers in more detail. |
n The team should focus on high-exposure risks, paying special attention to those risks with high impact that cannot be mitigated.
n Contingency plans are necessary for all risks, including those that have mitigation plans. They address what to do if the risk occurs and focus on the consequence and how to minimize its impact.
n To be effective, the team should make contingency plans well in advance.
|
Explain Contingency triggers are an important part of any contingency plan. Without triggers, any plan is incomplete. Emphasize It isn't enough to plan how you will react; you also need to decide ahead of time when you will react. |
n Contingency triggers are the criteria that project teams use to determine when it's time to execute contingency plans.
n Point-in-time triggers are built around dates, generally the latest date by which something has to happen.
n Threshold triggers rely on things that can be measured or counted.
|
Prepare Make sure you have read the delivery guide for this module for background information on this activity. Facilitate Keep the students in a large group. Using the risks developed from the last activity, have the students select the top three risks and prepare a mitigation plan and a contingency plan-including triggers-for each risk. Debrief After you've gone through the proposed plans, lead the students in a discussion of their plans. |
Follow the instructions on the slide and any additional directions the instructor might have.
|
Explain Tracking is the watchdog function of the proactive risk management process. The project team uses risk tracking to monitor the status of risks and of any actions it has taken to mitigate them. Teams should include risk reviews with regular project reviews, including assessing their progress resolving the top 10 risks. Emphasize Tracking is important for keeping risk management visibility and profile high. It ensures that the team doesn't relegate risk management to a one-time task. |
n Tracking risk is required to ensure effective action plan implementation.
n Teams should include risk reviews within regular project reviews, including assessing their progress resolving the top 10 risks.
n Project teams should find their own mechanisms for changing risk status and effectively judging progress.
|
Explain The team can focus on only so many risks at one time. Using top 10 lists is a good way to focus efforts on a limited number of major issues. Emphasize The number of risks is not important of itself, although lists work best if they contain 10 or fewer risks. A top 10 list works only if the team reviews it regularly. |
n The number of risks is not important of itself, although lists work best if they contain 10 or fewer risks.
n A top 10 list works only if the team reviews it regularly.
n Another technique for focusing on risks is using war room meetings in which specific issues receive individual attention.
|
Explain Controlling risk is the step that enables the project team to react to the dynamics of the project situation. Analysis is not an exact science, nor are risk plans. Therefore, the team needs an opportunity to re-address variations in analyses and plans in an ongoing manner. |
n The combination of tracking and controlling risk moves risk management from a planning activity to a project management activity.
n Controlling risk is the step that enables the project team to react to the dynamics of the project situation.
|
Explain Fundamentally, risks are retired so that the team is managing only those risks that require it. How a risk gets retired is an organizational issue and depends on the processes and tools put in place. One approach to retiring a risk is to archive the risk and its management plan (successful or otherwise) into a repository for use and reference by future projects. An approach at the other end of the spectrum is to simply remove risks from the risk management process after they have occurred or been resolved. |
n Fundamentally, risks are retired so that the team is managing only those risks that require it. How a risk gets retired is an organizational issue and depends on the processes and tools put in place.
n One approach to retiring a risk is to archive the risk and its management plan (successful or otherwise) into a repository for use and reference by future projects.
n An approach at the other end of the spectrum is to simply remove risks from the risk management process after they have occurred or been resolved.
|
Explain Successful risk management has certain characteristics. This slide includes an incomplete list of some of them. Emphasize Much of MSF is based on managing risk and using it to make decisions. Transition Moving forward, this course will discuss other techniques based on risk management. |
n Dealing with risks requires that the team view risk management as part of a dynamic, competitive process rather than as just an additional static project management activity.
n Using risk-based decision-making means planning risk actions first for those risks that have the greatest risk exposure for the project.
n Risk management should be a formal process to ensure that team members identify and analyze risks appropriately and properly follow through on those requiring ongoing management.
n Risk identification should be treated as a positive, valued exercise, to encourage all team members to participate. If risk identification is perceived as a negative thing, team members will be reluctant to come forward with potential risks.
|
Summarize Use these questions to reprise the essential learning points of the module. Seek out answers that show an understanding of the issues. |
n Now is the time to ask any further questions you might have about the material presented in this module.
n Although this concludes the risk management module, the concepts of risk management and the use of risk-based techniques will appear throughout the rest of the course.
THIS PAGE INTENTIONALLY LEFT BLANK
|
