Saturday, December 13, 2008

Avoiding a Project's Most Threatening Risks

Have you ever deviated from your regular driving route because excessive traffic or road construction may have put you at risk of being late for an important appointment?

In everyday life, people often modify their personal plans or schedules in order to avoid the unwanted consequences of potential risks. In the same way, project managers are often forced to change or modify their project plans in order to eliminate threatening project risks.

As a project manager, you will encounter various risks throughout your project's development. Although you can never prevent every project risk, you should make every attempt to eliminate as many as possible.

One risk response strategy that you can use to help you achieve a successful project completion is avoidance. Avoidance involves changing your project plan to eliminate an identified risk or the condition that causes the risk. This risk response strategy also involves protecting your project objectives from the impact of identified risks.

As a project manager, you can often respond to some risks that arise early in the life cycle of a project by clarifying requirements, obtaining information, improving communication or acquiring expertise. However, there are other types of project risks that you will need to avoid in order to promote a successful project completion. These types of risks include those that have a high probability of negatively impacting project objectives and those that have the ability to cause complete project failure.

Avoidance is one strategy that you can use to help you deal with these types of risks. Such things as reducing scope to avoid high-risk activities, adding resources or time, adopting a familiar approach instead of an innovative one or avoiding an unfamiliar contractor are all ways in which you can eliminate threatening project risks.

The first type of risk that you should avoid during the life cycle of your projects is unacceptable risks. These types of risks have a high probability of occurrence and an extreme or very high level of potential impact.

You should also avoid uncontrollable risks. These risks cannot be absorbed by the project's available resources or existing contingency reserves. They are also risks that do not have mitigation or transference strategies available.

The last type of risk that you should avoid throughout your project's development is potentially harmful risks. These risks are especially threatening to project success because they have the potential to harm a project's personnel.

As a project manager, there are three key questions that you can ask in order to determine if an identified project risk should be avoided. If you can answer "yes" to even one of these questions, the risk that you are examining should be flagged for avoidance. The three questions include:
  • Is the level of risk unacceptable?
  • Are the means for controlling the risk unfeasible?
  • Is there a potential for harm?
As a project manager, how do you determine whether the level of an identified risk is unacceptable to your project and its outcomes? One of the best ways to answer this question is to examine the prioritized list of quantified risks that resulted from your project's quantitative risk analysis process.

This list indicates which risks pose the greatest threat or present the greatest opportunity to your project objectives and overall outcomes. This prioritized list of quantified risks also includes a measure of potential risk impact.

You should examine your project's prioritized list of quantified risks and set aside those risks that have an extreme or very high level of potential impact. Once this is done, you should make every effort to modify your current project plan in order to avoid these types of risks. Typically, project managers classify risks with an extreme or very high level of potential impact as unacceptable because of the possible danger they pose to the success of overall project outcomes.

Another element to consider when trying to determine whether the level of an identified project risk is unacceptable is the risk thresholds for the project. Risk thresholds, which are established in a project's risk management plan, indicate the level of risk that is acceptable to individual project stakeholders. If you have identified a project risk that has the potential to greatly exceed one or more of the established risk thresholds for your project, this is a risk to avoid because it threatens the successful completion of your project.

Another question to consider when trying to determine if an identified project risk should be avoided is: are the means for controlling the risk unfeasible? All projects are subject to such things as cost and time constraints. As a result, some project risks may be too expensive to control.

In addition, most projects are allotted a limited amount of contingency reserves. These reserves are the amount of money or time needed to reduce the impact of cost and schedule overruns on critical project objectives and outcomes.

If you find that the means for controlling one of your identified risks is not feasible and cannot be absorbed by your project's available contingency reserves, this is a risk that you should avoid. A careful examination of such things as your project budget, schedule, and personnel and material resources will help you decide whether your project has the means to reduce or eliminate the risk's potential impact or whether it would be more beneficial to avoid the risk altogether.

The third and final question that project managers can ask in order to determine whether an identified project risk should be avoided is: Is there a potential for harm? In most cases, a risk is considered harmful if it involves the presence of dangerous materials or conditions at the project site.

Project managers must be able to identify any risks that have the potential to harm their project team members or stakeholders. These risks may include such things as faulty machinery or unsafe working conditions.

More examples of harmful project risks are listed below. As a project manager, you should immediately flag these types of risks for avoidance. These risks include:
  • tasks that involve handling, storage or disposal of hazardous materials
  • major construction work in locations vulnerable to seismic activity
  • other potentially damaging natural events.
It is important to remember that unforeseen risks will continue to arise as a project progresses. As a project manager, it is your responsibility to analyze these unexpected risks, as well as all identified project risks, in order to determine if they should be avoided. Once this decision is made, you can then modify your project plan to avoid the selected risks. This will help you ensure that your project remains on a progressive track and heads toward a successful completion.

Avoidance is sometimes the best response. As a project manager, you can use avoidance to eliminate some of your project's most threatening risks and their potential impact. This risk response strategy is a key contributor to overall project success.

Wednesday, December 10, 2008

Common Causes of Project Risk

Marina is a project manager for Outback Retailers. Her current project involves the development of a new type of high-speed racing bike. She has learned that there are several identified risks that have the potential to negatively impact her project objectives.

As a result, Marina is trying to develop risk responses that will eliminate or reduce the impact of these identified risks. Do you think it is possible for Marina to address two or more of her project risks with the same response?

Yes! By addressing more than one project risk with the same response, Marina will be able to deal with risk threats and risk opportunities more quickly, which will maximize the likelihood of a successful project completion.

Every project will encounter numerous risks. Many of these risks will be driven by a common risk cause. A common risk cause is an event or situation that produces more than one project risk.

As a project manager, you can identify common risk causes during the risk identification and risk analysis processes. It is important to take advantage of these opportunities whenever and wherever possible.

It is important to remember that every project is unique. Therefore, you cannot expect to identify the same common risk causes in every project that you manage. However, there are some causes that may occur more frequently than others. These common risk causes include:
  • unavailability of resources
  • inadequate quality standards
  • lack of communication
  • inadequate tools or technology
One common risk cause that may threaten the successful completion of your project is unavailability of resources. These resources may be people or materials. During the life cycle of your project, many risks may arise if you do not have sufficient personnel or supplies available to complete the project as planned. Such things as excessive cost and schedule overruns are only two of the risks that you may encounter if your project is threatened by a lack of available workers or materials.

Another common risk cause is inadequate quality standards. Identifying this common risk cause early in the course of a project is especially valuable because this risk cause has the potential to create several project risks that can adversely affect the promised consumer deliverable.

As a project manager, it is important to remember that if quality standards are not properly set or are not specific enough, your project will either fall below the expected standard or aim for a standard not required by the client.

Marina, from Outback Retailers, is beginning the risk response planning process for her current project. After studying the results from her project's other risk management processes, she finds that some of the quality procedures that concern the new product are not clearly detailed. In addition, phase three may be short by two people due to a recent staff reduction. Marina hopes that the identification of these two common risk causes up front will help make her risk response planning process more efficient.

A lack of communication is another example of a common risk cause. In daily life, whether at home or at the office, people often suffer the unpleasant consequences of not giving or receiving adequate or accurate information. This is especially true in project management. If clear and open lines of communication are not firmly established, a project may be put in serious jeopardy. Such things as change requests and project plan modifications may not be properly carried out if there is a break in communication.

Inadequate tools or technology is a common risk cause that can severely impact the outcome of a project. It is difficult to develop a product efficiently or according to its established standards if you do not have the adequate tools or technology to complete the product as specified in the project plan.

It is also possible that a project may suffer a complete failure if critical tools are not readily at hand when needed. This common risk cause may also result in project deliverables not meeting widely accepted industry standards.

As a project manager, it is important to remember that some of your project risks may be driven by a common risk cause. As a result, the identification of these common risk causes is a valuable input to risk response planning because it may allow you to address more than one project risk with a single response. This will help eliminate the creation of redundant risk responses and make your risk response planning process more efficient.

Sunday, December 7, 2008

Risk Owners and Risk Thresholds

Author H. Stanley Judd once said, "A good plan is like a road map; it shows the final destination and usually the best way to get there."

As a project manager, you need to have an effective risk management plan in place before beginning risk response planning. A risk management plan can act as a guide to help you identify, analyze, and respond to various project risks and their potential consequences. This plan, which is created during the risk identification and planning process, details how the risk management processes will be structured and performed. It ensures that risks are properly managed throughout a project's life cycle.

The risk management plan has two important components that will be used in risk response planning: 1. a list of risk owners; and 2. risk thresholds.

A list of risk owners
One risk management plan component that will be used as an input to risk response planning is a list of risk owners. Risk owners include those project stakeholders who are responsible for the development, implementation, and execution of one or more risk responses. This risk management plan component is essential as a risk response planning input because it helps to ensure that everyone involved in the risk response planning process has clearly defined roles and responsibilities.

Typically, project managers are responsible for assigning the various risk owners within a project. These risk owners may be chosen from within the project team or from available subject matter experts. During risk response planning, risk owners may decide to develop risk responses as a group or divide the responses among the team members, based on their expertise.

Risk thresholds
Another component of the risk management plan that can act as an important input to risk response planning is risk thresholds. Risk thresholds are the levels of risk that are acceptable to individual project stakeholders, such as the project team members, customers or sponsors.

It is important to remember that project owners, customers, and sponsors may all have different risk thresholds for a given project, depending on their individual needs and interests.

The acceptable risk threshold for each project stakeholder forms the target against which the project team will measure the effectiveness of the risk response plan execution.

Liam, from Northern Pulp & Paper, is studying his company's established risk threshold for his current project. He wants to know how the risk threshold will influence his risk response planning process. Liam finds that the company will not tolerate a total project cost overrun of more than $5,000. He realizes that such things as purchasing additional materials or increasing staff may not be viable risk response options when handling identified project risks. Liam will keep this in mind as he progresses through the risk response planning process.

Equipped with a clear and accurate understanding of these two components, you will be able to ensure that potential project risks are dealt with effectively and in a timely manner.

Wednesday, December 3, 2008

Creating a List of Potential Risk Responses

How do you deal with risks throughout the life cycle of your projects? How do you formulate appropriate and effective responses to identified project risks?

During the risk identification process, project managers identify any risks that have the potential to negatively impact project objectives and overall project outcomes. These risks are then subjected to a qualitative and a quantitative risk analysis in order to produce a list of prioritized risks that can be dealt with in the risk response planning process.

When project managers, stakeholders, and subject matter experts are involved in identifying project risks, they often formulate a tentative list of potential responses to address these risks. These potential responses are strategies that are designed to enhance risk opportunities and reduce risk threats to project objectives. Although any action may be classified as a response, this list of potential responses created during risk identification is always specific to the project needs and the characteristics of the identified risk.

Specific details concerning the accuracy or effectiveness of these potential responses are not necessary during risk identification since that is the focus of the risk response planning process.

As a result of a project's risk identification process, you will have a list of potential responses that you can either accept, modify, reject, or add to during risk response planning.

It is important to remember that the list of potential responses created during risk identification is not a comprehensive or exhaustive list. It is simply a list of proposed suggestions that can be used to help address those risks that can have a negative impact on the success of a project. As a project manager, you will take this list of potential responses into consideration when deciding on an appropriate and effective risk response for identified and quantified project risks.

These potential responses are only suggested methods of dealing with these types of risks. Selecting the most effective and accurate response will occur later in the risk response planning process.

The following are some examples of common project risks and corresponding potential responses.

Common Project Risks
overly optimistic schedules
lack of adherence to quality procedures
unclear or vague project goals
inappropriate vendor or technology selection
budget cuts

Potential Responses
Review and monitor schedules at regular intervals.
Implement a quality management program.
Ensure that each goal is well-researched and realistic.
Perform a decision tree analysis for each major decision.
Reallocate project resources.

As a project manager, it is important to remember that your project's list of potential responses, developed during risk identification, is a valuable input to the risk response planning process. This list will help you develop specific actions that you can use to minimize or prevent threatening risks from occurring, as well as to maximize potential opportunities.

Monday, December 1, 2008

Identifying Risks that Require an Immediate Risk Response

Bruce, a project manager for Precision Technologies, performed a qualitative and a quantitative risk analysis on his last project. He found these analyses very useful because they helped him identify project risks that had the potential to adversely affect his project's success.

As a project manager, you will find that the outputs from other risk management processes can be extremely useful when performing risk response planning. Two such processes include qualitative risk analysis and quantitative risk analysis. Both of these processes attempt to assess and analyze the probability and impact of potential project risks. As a result, qualitative and quantitative risk analysis outputs can serve as effective inputs to a project's risk response planning process.

A qualitative risk analysis attempts to assess the impact and likelihood of identified project risks. It also prioritizes risks according to their potential effect on project objectives and overall project outcomes. A quantitative risk analysis aims to numerically analyze the probability of each risk and its consequences on project objectives, as well as the extent of overall project risk.

As a result of both a qualitative and a quantitative risk analysis, you will receive a list of risks, together with a measure of their potential impact, that will need to be addressed in the risk response planning process.

The qualitative and quantitative risk analysis outputs that may be useful as inputs to risk response planning include:
  • list of prioritized risks
  • risk ranking of the project
  • prioritized list of quantified risks
  • probabilistic analysis of the project
  • probability of achieving project objectives
  • qualitative and quantitative risk analysis trend results
One qualitative risk analysis output that acts as a valuable input to risk response planning is a list of prioritized risks. During the qualitative risk analysis process, risks are prioritized using a number of criteria. Risks may be assigned a rank of high, medium or low, depending on their potential severity of impact. Risks may also be grouped by those that require an immediate response and those that can be handled at a later date. Prioritized risks usually include risks that affect project cost, schedule, scope, and quality.

As a project manager, you can use this list of prioritized risks during risk response planning to help you decide which risks require your immediate attention. This list will also help you formulate responses for those risks that have the potential to negatively impact critical project objectives.

Another qualitative risk analysis output that you can use as an effective input to risk response planning is a risk ranking of the project. This ranking will indicate the overall risk position of a project relative to other projects by comparing the risk scores.

A risk ranking can also be used to assign resources to projects with different risk rankings, make a benefit-cost analysis decision about the project, or support a recommendation for project initiation, continuation or cancellation.

A risk ranking will help you decide which projects have the greatest needs and which projects will produce the greatest overall benefit. This will allow you to plan effectively for those projects that require immediate risk responses.

As a project manager, you can also use quantitative risk analysis outputs when preparing for risk response planning. These outputs can help you identify sensitive risk areas and formulate potential responses to threatening project risks.

A prioritized list of quantified risks will detail which risks pose the greatest threat or present the greatest opportunity to your project, together with a measure of their impact. This will help you identify risks that require an immediate risk response.

A probabilistic analysis of the project will forecast potential project costs and completion dates. This analysis will help you determine the type of risk response that is required to address threatening cost and scheduling risks.

An estimate of the probability of achieving project objectives under the current plan will indicate whether the project is progressing as planned, or whether it requires immediate risk response action in order to be completed successfully.

The last qualitative and quantitative risk analysis output that is useful as a risk response planning input is qualitative and quantitative risk analysis trend results. Trends can be defined as patterns of results that track in a particular direction. Once you've performed multiple risk analyses on your project, a trend of results may become apparent. This trend of results will indicate the level of urgency and the importance of the risk response.

As a project manager, you can use qualitative and quantitative risk analysis trend results to help you focus on those areas that would benefit from an immediate risk response the most.

Qualitative and quantitative risk analysis outputs will help you identify risks that require an immediate risk response so that you can reduce or eliminate their impact on project objectives and increase your project's chance of success.