Friday, February 20, 2009

Managing Additional Risks and Scope Changes

Since you never know when a situation will arise that will cause you to reevaluate your project risks, you should prepare for unanticipated situations by knowing what to do when they occur.

There are two ways to recognize new risks. The first is identifying additional risks during project management processes. The second is identifying new risks caused by changes to the project scope. Your initial risk management plan and risk response plan will not account for these new risks, which is why additional risks and scope changes are important inputs to the risk monitoring and control process.

As the project team members go through their normal project management processes like weekly meetings or status reporting, they may identify additional risks. You must add these additional risks to the risk log. The risks listed in the risk log are inputs to the risk monitoring and control process.

Once a project scope change has been approved, the change log becomes the input. The project team will then review the approved changes to see if any new risks emerged as a result of the scope change.

To identify priorities and triggers and to plan responses, you must input the information about additional risks and the approved scope change into the cycle of risk management processes. There are six main risk processes.
  1. risk management planning
  2. risk identification
  3. qualitative risk analysis
  4. quantitative risk analysis
  5. risk response planning
  6. risk monitoring and control
As you implement the six processes, you will find that often the information from one process is needed to drive the next process. For example, you must complete risk management planning before risk identification can occur.

Risk management planning addresses how the additional risks and scope changes will be approached in regards to risk management. Depending on the magnitude of the risk or scope change, it may or may not affect how you conduct risk management for the project as a whole. For example, a new risk or scope change may be important enough that the budget for risk management of the project is increased.

A project team should consider any changes that may need to be made to the risk management plan before moving on to risk identification.

Risk identification determines which risks are most likely to affect the project. The project team will examine scope changes to identify any new risks that may threaten the project. The team will then take these new risks, or the additional risks that were already identified, and document their details and characteristics. From this point on, new risks will refer to both additional risks and risks identified from scope changes.

After examining the risk management plan and identifying new risks, the next logical step is to find out the potential impact of each risk and how likely it is that each new risk will occur. To do this, you must implement the next two risk management processes: qualitative and quantitative risk analysis.

Qualitative risk analysis assesses the potential impact of new risks and determines the likelihood that each will occur. Qualitative risk analysis prioritizes the new risks based on their potential impact on project objectives. This helps determine which risks are most likely to threaten the project.

Quantitative risk analysis is a numerical analysis that determines the probability that the new risk will occur. It also explores the consequences that the new risk will have on project objectives and on the project as a whole.

The first four processes direct the project team to the risks that are most likely to threaten the project. Risk response planning is the process where specific actions are planned in response to these new, threatening project risks. During this process, project managers assign individuals or groups ownership of particular risks. Common risk responses include avoidance, transference, mitigation, and acceptance.

Risk management planning and risk response planning will help you monitor and control risks effectively. The risk management plan and the risk response plan provide the details that a project team needs to carry out the risk monitoring and control process.

By inputting additional risks and scope changes into the cycle of the risk management process, you will be able to identify priorities and triggers and plan responses. This will help you monitor and control your project effectively.

No comments: