| | | | | 3. Risk Change Review & Approval Process |
| RISK MANAGEMENT IN | | | | As new risks are identified or existing risks expire, |
| PROJECT & PLANNING | | | | the Risk Management Plan will be updated. Risks will |
| ABSTRACT | | | | be reviewed on a weekly basis in the project status |
| In businesses, risk management entails organized | | | | meeting. The plan will be maintained in the |
| activity to manage, uncertainity and threats and | | | | project’s SharePoint site. |
| involves people following procedures and using tools | | | | What is a Risk Management Plan? |
| in order to ensure conformance with | | | | A Risk Management Plan summarizes the proposed |
| risk-management policies. The Risk Management Plan | | | | risk management approach for the project and is |
| is dependant upon the identification of the projects | | | | usually included as a section in the business plan. The |
| risks, their criticality, status, strategy and status.The | | | | Risk Management Plan is dependant upon the |
| good news is that managers can make project and | | | | identification of the projects risks, their criticality, |
| planning as one of their strengths. The result will be | | | | status, strategy and status. The risk Management |
| better risk management, more effective | | | | Plan describes: |
| management and greater satisfaction from working | | | | - the process which will be used to identify, analyze |
| with people. | | | | and manage risks both initially and throughout the life |
| INTRODUCTION | | | | of the project; |
| Risk management is activity | | | | - how often risks will be reviewed, the process for |
| directed towards the assessing, mitigating (to an | | | | review and who will be involved; |
| acceptable level) and monitoring of risks In some | | | | - who will be responsible for which aspects of risk |
| cases the acceptable risk may be near zero. Risks | | | | management; |
| can come from accidents, natural causes and | | | | - how Risk Status will be reported and to whom; and |
| disasters as well as deliberate attacks from an | | | | - the initial snapshot of the major risks, current |
| adversary. The main ISO standards on risk | | | | grading, planned strategies for reducing occurrence |
| management .In businesses, risk management entails | | | | and Severity of each risk (mitigation strategies) and |
| organized activity to manage,uncertainity and | | | | who will be responsible for implementing them . |
| threats and involves people following procedures and | | | | Why would you develop a Risk Management Plan and |
| using tools in order to ensure conformance with | | | | Risk Management Table? |
| risk-management policies. The strategies include | | | | A Risk Management Plan and Risk Management Table |
| transferring the risk to another party, avoiding the | | | | are developed to: |
| risk, reducing the negative effect of the risk, and | | | | - provide a useful tool for managing and reducing the |
| accepting some or all of the consequences of a | | | | risks identified before and during the project; |
| particular. | | | | - document risk mitigation strategies being pursued in |
| Project Risk Management | | | | response to the identified risks and their grading in |
| A risk is something that may happen and if it does, | | | | terms of occurrence and Severity; |
| will have a positive or negative impact on the project. | | | | - provide the Executive Sponsor, Steering Committee |
| A few points here. "That may happen" implies a | | | | senior management with a documented framework |
| probability of less then 100%. If it has a probability of | | | | from which risk status can be reported upon; |
| 100% - in other words it will happen - it is an issue. | | | | - ensure the communication of risk management |
| An issue is managed differently to a risk and we will | | | | issues to key stakeholders; |
| handle issue management in a later white paper. A | | | | - provide a mechanism for seeking and acting on |
| risk must also have a probability something above | | | | feedback to encourage the involvement of the key |
| 0%. It must be a chance to happen or it is not a risk. | | | | stakeholders; and |
| The second thing to consider from the definition is | | | | - identify the mitigation actions required for |
| "will have a positive or negative impact". Most people | | | | implementation. |
| dive into the negative risks but what if something | | | | How do you develop a Risk Management Plan? |
| goes right? | | | | The following is one way to develop your plan. It |
| Management Plan | | | | consists of a series of steps that become iterative |
| There are four stages to risk management planning. | | | | throughout the life of your project. Firstly: |
| They are: · | | | | Step 1: Identify the risks |
| - Risk Identification | | | | Before risks can be properly managed, they need to |
| - Risk Response | | | | be identified. One useful way of doing this is defining |
| - Risk Monitoring and Control | | | | categories under which risks might be identified. For |
| Risk Identification | | | | example, categories might include Corporate Risks, |
| There are different sorts of risks | | | | Business Risks, Project Risks and System Risks. |
| and we need to decide on a project by project basis | | | | These can be broken down even further into |
| what to do about each type. Business risks are | | | | categories such as environmental, economic, human, |
| ongoing risks that are best handled by the business. | | | | etc. Another way is to categorize in terms of risks |
| An example is that if the project cannot meet end | | | | external to the project and those that are internal. |
| of financial year deadline, the business area may need | | | | For a medium to large project, start by conducting a |
| to retain their existing accounting system for another | | | | number of meetings or brainstorming sessions |
| year. The response is likely to be a contingency plan | | | | involving (as a minimum) the Project Manager, Project |
| developed by the business, to use the existing | | | | Team members, Steering Committee members, |
| system for another year. Generic risks are risks to all | | | | external key stakeholders. It is often advisable to |
| projects. For example the risk that business users | | | | use an outside facilitator for this. Preparation may |
| might not be available and requirements may be | | | | include an environmental scan, seeking views of key |
| incomplete. Each organisation will develop standard | | | | stakeholders etc. One of the most difficult things is |
| responses to generic risks. | | | | ensuring that all major risks are identified. For a small |
| Risk Response | | | | project, the Project Manager may develop the Risk |
| There are four things you can do about a risk. The | | | | Management Table perhaps with input from the |
| strategies are: | | | | Executive Sponsor/Senior Manager and colleagues, or |
| - Avoid the risk. Do something to remove it. Use | | | | a small group of key stakeholders. |
| another supplier for example. | | | | Step 2: Analyze and evaluate the Risks |
| - Transfer the risk. Make someone else responsible. | | | | Once you have identified your risks you should |
| Perhaps a Vendor can be made responsible for a | | | | analyze them by determining how they might affect |
| particularly risky part of the project. | | | | the success of your project.Risks can result in four |
| - Mitigate the risk. Take actions to lessen the impact | | | | types of consequences: |
| or chance of the risk occurring. If the risk relates to | | | | 1.benefits are delayed or reduced; |
| availability of resources, draw up an agreement and | | | | 2.timeframes are extended; |
| get sign-off for the resource to be available. | | | | 3.outlays are advanced or increased; and/or |
| - Accept the risk. The risk might be so small the | | | | 4.output quality (fitness for purpose) is reduced. |
| effort to do anything is not worth while. | | | | Risks should be analyzed and evaluated in terms of |
| A risk response plan should include the strategy and | | | | occurrence of occurring and Severity of impact if |
| action items to address the strategy. The actions | | | | they do occur. Firstly, assess the occurrence of the |
| should include what needs to be done, who is doing | | | | risk occurring and give this a rating of Low (L), |
| it, and when it should be completed. | | | | Medium (M) or High (H) occurrence. Once you have |
| Risk Control | | | | rated the occurrence, assess the Severity of the |
| The final step is to continually monitor risks to | | | | impact of the risk if it did occur and rate at Low (L), |
| identify any change in the status, or if they turn into | | | | Medium (M) or High (H) Severity. |
| an issue. It is best to hold regular risk reviews to | | | | RISK MANGEMENT ASSESSMENT IN PROJECT |
| identify actions outstanding, risk probability and | | | | Risk assessment validates that your project will |
| impact, remove risks that have passed, and identify | | | | succeed. Software development experts evaluate |
| new risks. | | | | and test the software-based technical and business |
| Risk management is not a complex task. If you | | | | risks as they relate to your business, market, and |
| follow the four steps, you can put together a risk | | | | service plans. The significant risks are identified and |
| management plan for a project in a short space of | | | | detailed in comprehensive Risk Event Descriptions. |
| time. | | | | You are also provided with a quantification of each |
| Risk Management Plan | | | | risk’s impact on cost, revenue, and schedule. |
| 1. Purpose | | | | CONCLUSION |
| The purpose of the risk management plan is to | | | | People and risk are as integral to farming as are |
| document the process and methods that the project | | | | weather, prices and technology. Project and planning |
| team will employ to monitor identified risk, identify | | | | must have careful attention if managers are to have |
| and evaluate potential trigger events (indicated an | | | | a full understanding of their sources of risks and their |
| imminent risk event), implement and monitor risk | | | | alternatives for handling risk. Managers’ |
| containment strategies and assess on an ongoing | | | | paradigms, understanding of project and planning |
| basis project progress and activities to identify | | | | resource skills determine the success they will have |
| potential risk events not identified during project plan | | | | with people. . The good news is that managers can |
| development. | | | | make project and planning as one of their strengths. |
| 2. Team Roles & Responsibilities | | | | The result will be better risk management, more |
| The project team will review/manage risks in the | | | | effective management and greater satisfaction from |
| weekly project status meeting. See the risk log for a | | | | working with people. |
| listing of identified risk and risk owners. | | | | |