| Undertaking any project, whether in-house or in | | | | Project Success Factors (PSFs). Specific action plans |
| partnership with a professional services firm, entails | | | | are developed to address each PSF. For example, |
| risk. Project risk is defined as any area of concern | | | | assume that required key policy changes are a high |
| that could prevent a project from achieving all of its | | | | risk. An action plan must be developed to: |
| benefits. Project risk requires careful management | | | | " Focus on thorough and frequent communications |
| and involves identification, assessment, and mitigation. | | | | " Implement a steering committee structure |
| It is important at the beginning of any project to go | | | | " Obtain strong support for the project team from |
| through the risk identification process. Not all project | | | | executive management |
| risks are obvious. When identifying risks, look for | | | | " Stress the benefits of the project |
| areas in the project that are based on: | | | | " Identify training needs early |
| 1. insufficient or unreliable data, | | | | Once risks have been identified and assessed, |
| 2. insufficient preparation, | | | | mitigation plans should be developed. The plans |
| 3. inadequate resources, or | | | | document what the response will be when a risk |
| 4. lack of control. | | | | event occurs. Keep in mind a mitigation plan might be |
| Some areas to pay close attention to are: | | | | to do nothing to mitigate the risk. The need is to |
| " Requirements identification | | | | accept that a risk exists and be prepared to deal |
| " Involvement of project sponsorship | | | | with the consequences when and if it happens. This |
| " Level of project management experience | | | | type of action plan typically applies to low priority |
| " Third-party involvement | | | | minimal project impact risks. A mitigation plan should |
| " Political/cultural environment | | | | outline Plan B for the project area impacted by the |
| " Change control procedures and management | | | | risk. Knowing what Plan B is prior to having to |
| " Complexity of the technology | | | | execute it will greatly reduce the probability of |
| Risk identification is only the first step. Risks need to | | | | increasing the negative impact of the risk event or |
| be assessed to quantify and prioritize them according | | | | causing other unknown risks to occur. |
| to their impact on the project. Keep in mind | | | | An effective risk project management process |
| significant professional judgment is required during the | | | | means choosing and implementing risk-control |
| assessment process to quantify the magnitude of | | | | strategies that work. Identifying, assessing, and |
| potential negative impact and to develop risk control | | | | developing mitigation plans are not one-time events. |
| measures. The assessment process should determine | | | | These processes need to occur throughout the life |
| the (1) likelihood of the risk occurring, (2) range of | | | | of the project. As the project progresses and |
| outcomes, (3) estimated timing of the risk, and (4) | | | | project risk changes occur, documentation resulting |
| the frequency with which it will occur. It should also | | | | from the identification, assessment, and mitigation |
| determine the warning signs of the risk that will | | | | planning processes need to be updated. |
| forecast that the occurrence of the risk is imminent. | | | | The risk management process must be continuous. |
| The prioritized risks provide the basis for establishing | | | | |