|
Effective Risk Management
Some projects appear to have a
passive and ad hoc approach to the management of risk,
without the benefits of either tracking the root causes
of identified risks or making proactive decisions and
actions to mitigate the risks. In a passive and ad hoc
approach, risks may be identified but they are largely
ignored in the planning and execution process until
undesired events occur, at which time solutions are
sought.
This approach often includes an assumption that
additional resources will be made available to solve the
problems that arise, precludes the prevention of some
undesirable events, and increases the costs of
addressing others. An inexperienced project team,
inadequate front-end risk management planning, and a
tradition of budget increases may be the primary
motivation for passive risk management and deterrents to
implementing proactive risk management.
It is the owner’s responsibility to
ensure that project risks are rigorously and
aggressively managed and reviewed by senior managers in
each of the project phases. The previously discussed risk
identification, analysis, and mitigation planning are
important, but they are not sufficient. Active risk
management includes the assignment of mitigation
responsibilities to appropriate project participants and
the oversight of follow-through regarding every risk
factor.
This chapter reviews some tools and methods that
can form the basis for the development of risk
management excellence by owners.
RISK MANAGEMENT PLAN
The risk management plan ties together all the
components of risk management—i.e., risk identification,
analysis, and mitigation—into a functional whole.
The
plan is an integral part of the project plan that
informs all members of the project team and their
supervisors of the risks to the project, how they will
be managed, and who will manage them throughout the life
of the project. It should be part of the initial project
approval package, and an updated plan should be part of
all subsequent project planning and performance reviews.
Risk management plans are dynamic documents that are
used to guide day-to-day decisions by the project team.
The sample table of contents shown in Box 7-1 provides
an outline of the issues that should be covered in a
risk management plan. The level of detail in the plan
may be adjusted for small, relatively simple projects,
but the basics of risk identification, analysis, and
mitigation need to be covered. The risk register
(described later in this chapter) is often the core of
risk management plans for smaller projects.
WATERFALL DIAGRAMS
A risk mitigation effort is a project activity and thus
should have assigned resources, assigned personnel, and
an estimated cost and duration. Similarly, a risk
mitigation activity should be included in the project
network and tracked, reported, and managed along with
other project activities. The assigned objective of a
risk mitigation activity is to reduce the impact or
likelihood of a specific risk factor. If a risk is high,
it is unacceptable to the project, its mitigation is
critical to project success, and it must therefore be
closely monitored by project management.
A risk
mitigation activity may thus be on the project’s
critical path, making the activity especially important.
Even if actual execution of a risk mitigation activity
is assigned to a contractor, the owner’s project
director should follow its progress, because failure to
mitigate the risk may require other efforts to avoid
project failure.
Waterfall diagrams are used to incorporate risk
mitigation activities in the standard project management
procedures. They differ in this way from a risk
register, which tracks and monitors risks separately
from other project activities. Figure 7-1 shows a
hypothetical waterfall diagram, extracted from the
context of a project network diagram, with the project
risks qualitatively tracked over time and divided into
three color-coded zones of severity.
The red zone
corresponds to high or unacceptable risks; the yellow
zone corresponds to moderate but unacceptable risks; and
the green zone corresponds to low, acceptable risks.
|
