Risks can be categorized in three categories: known knowns, known unknowns, and unknown unknowns. After categorizing risks, the project manager should then mitigate those risks.
Can all risks be mitigated? Explain.
Mitigate is only one of three risk treatments that we use when managing risk at my company. Mitigate means to reduce the probability or impact of a risk event. This is option two for us. Option one is to eliminate the risk by eliminating the cause of the risk. For example, let’s say I need to be in LA next week to perform acceptance testing on the technology installed. One risk is travel delays due to bad weather. To eliminate this risk I could travel a day or two in advance to ensure I had adequate time to get to the site before the testing is scheduled to begin.
If we aren’t able to eliminate a risk we look for ways to mitigate it. We look at impact and probability separately. We might be able to do something that reduces the impact of a risk even if we can’t reduce the probability. For example, when we open our new showroom in LA one risk is that we have a technical problem during the opening day show. We have done everything we can at this point to test the systems to ensure they are working properly, so we can’t do much more to reduce the probability of a problem. However, we can reduce the impact by having a technical resource on-site during the show. In that way if something does go wrong we can respond to it quickly and minimize the impact to the people at the show.
The third treatment is to transfer the risk to a third party. For example, if the showroom burns down, we can transfer the financial risk to an insurance company. Purchasing fire insurance does not reduce the probability of a fire but it does reduce the financial impact.
How would you assess the probability of a risk occurring and the impact that risk has on your project?
We have a risk matrix that we use to evaluate probability and impact on projects risks. Typically during the early stages of project planning we will brainstorm a list of potential risks. We also leverage risk documents from previous projects to help develop the list. Once we have the initial list we talk through each task and try to assign a high/medium/low rating for impact and probability. This is purely a subjective measure. However, the combination of impact/probability generates a priority rating for each of the risks which we then use to determine which risks we will work on further.
For the risks that score above a certain level we develop risk response plans and we add contingency to the schedule and the budget. We use a % system to determine the contingency amount. For example, if the plan to respond to a certain risk will cost $50,000 and add 4 weeks to the schedule, if we think there is a 10% chance of it happening, we will add $5,000 to the budget and 1 day to the schedule. Some risks will become reality, others will not. The percentages balance out over the project.
How should project managers deal with risk events?
In our environment we have people responsible to watching the risk events or triggers. Assuming the project team has developed risk response plans (and identified the triggers), the project manager should ensure that the person assigned to the risk event activates the appropriate response plan.
No comments:
Post a Comment