IT Project Risk Management Process - A Practical and Effective Approach
It is said that a strong risk management process can decrease problems on a project by as much as 80 or 90 percent. In combination with solid project management practices having a well-defined scope, incorporating input from the appropriate stakeholders, following a good change management process, and keeping open the lines of communication a good risk management process is critical in cutting down on surprises, or unexpected project risks. Today, one cannot deny from the fact that such risk management process can help in problem resolution.
However, there are certain steps whose absence can affect project risk management process. Here are seven-step risk management processes that can be effectively utilized to accomplish desired project result.
Step 1: Each person involved in the planning process individually list at least ten potential risk items. Often with this step, team members will assume that certain project risks are already known, and therefore do not need to be listed. For example, scope creep is a typical problem on most projects. Yet it still must be listed because even with the best practice management processes in place, it could still occur and cause problems on a project over time. Therefore it should be addressed rather than ignored.
Step 2: Collect the lists of project risks and compile them into a single list with the duplicates removed.
Step 3: Assess the probability, the consequence and the detect-ability of each item on the master list. This can be done by assigning each item on the list a numerical rating such as on a scale from 1 to 4 or a subjective term such as high, medium, or low. Detect-ability is optional, but it can be simple to assess if a risk is harder to see, such as with scope creep, then it's a riskier item. If it's easier to catch early, such as loss of management support or loss of a key resource, then it's lower risk.
Step 4: Break the planning team into subgroups and to give a portion of the master list to each subgroup. Each subgroup can then identify the triggers warning signs for its assigned list of project risks.
Step 5: Subgroups must be able to identify possible preventive actions for the threats and enhancement actions for the opportunities.
Step 6: At this stage the subgroups must create a contingency plan that should includes the actions one would take if a trigger or a risk were to occur. This plan has to be created for those risks scoring above a certain cut-off point, which are determined after looking at the total scores for all risks.
Step 7: Determine the owner of each risk on the list. The owner is the person who is responsible for watching out for triggers and then for responding appropriately if the triggers do in fact occur by implementing the pre-approved and now established contingency plan. Often, the owner of the risk is the project manager, but it is always in the best interest of the project for all team members to watch for triggers while working on the project.
Often, the steps in which triggers and preventive actions are identified are overlooked. However, these are vital to the entire risk management process. After a team has completed this exercise once, the members will be better conditioned on what to pay attention to while managing the project so they are more proactive in catching changes or issues early. If these steps in the risk management process are skipped, the team can find themselves in constant reaction mode, simply implementing a contingency plan for each risk after that risk catches them by surprise.
A risk management process does not have to be complicated or time consuming to be effective. By following a simple, tested, and proven approach that involves seven steps taken at the beginning of each project the project team can prepare itself for whatever may occur.
|