risk management how to develop a risk response plan alphapm inc
TRANSCRIPT
Risk Management
How To Develop a Risk Response Plan
alphaPM Inc. www.alphaPM.com
The Value of Risk Management
Risk Management is one of the most powerful and effective tools for ensuring that a project meets its schedule, budget and quality objectives – yet it is all too often one of the least used.
It is an obvious fact that problems occurring later in a project are harder and more costly to fix (if they can be fixed at all), than if they were anticipated and addressed earlier (think “Titanic”).
The Risk Response Plan is a very easy tool to use for applying Risk Management to your project.
Risk Management Processes
Risk Identification
and they are iteratedthroughout the project
Risk Response
Planning
Risk Monitoring
and ControlRisk Analysis
There are four stages to developing and maintaining a Risk Response Plan
Risk Response Plan
# Date Risk
Probability of
Occurrence(H/M/L)
Impact
(H/M/L)
Expected Value
(H/M/L)Mitigating Actions
Action By – Target DateStatus
1
2
3
4
5
6
7
8
9
10
This Risk Response Plan can be used to identify and maintain project risks,and covers all the stages of Risk Management
(A soft copy of this template is available in the PM Toolkit library).
Risk ResponsePlanning
RiskAnalysis
RiskIdentification
Risk Monitoringand Control
Risk Management Processes
# Date Risk
Probability of
Occurrence(H/M/L)
Impact
(H/M/L)
Expected Value
(H/M/L)Mitigating Actions
Action By – Target DateStatus
Risk Identification
- Project Charter
- Project Scope Statement
- Project Plan
- Historical Information
- Lessons Learned
Tools
& T
ech
niq
ues
- Documentation Reviews
- Information Gathering techniques (e.g brainstorming)
- Checklists
- Assumptions Analysis
- Diagramming techniques
- Identified Risks
- Project Plan updates
Ou
tpu
tsIn
pu
ts
Risk Analysis
- Identified Risks
- Work Performance information
- Qualitative and Quantitative Risk Analysis techniques
- Risk Probability and Impact Assessment
- Probability and Impact matrix
- Risk Categorization
- Prioritized Risks
Risk Response
Planning
- Prioritized Risks
- Project Plan
- Risk Response Plan
- Contingency Reserve
- Project Plan updates
Strategies for
addressing risks
- Avoidance
- Transference
- Mitigation
- Acceptance
Risk Monitoring
and Control
- Work Performance
- Change Requests
- Project Plan
- Ongoing Risk Analysis
- Risk Reassessment
- Risk/Project audits
- Variance and Trend analysis
- Performance measurement
- Reserve management
- Corrective actions
- Workaround plans
- Project plan updates
- Update Risk Response Plan
- Lessons learned
The following are some of the inputs, tools and techniques and outputs that
can be used to complete the Risk Response Plan through each Risk
Management Stage.
Risk Response Plan
# Date Risk
Probability of
Occurrence(H/M/L)
Impact
(H/M/L)
Expected Value
(H/M/L)Mitigating Actions
Action By – Target DateStatus
1 1/15/05 Vendor may not deliver application software on time
2 1/15/05 Subject matter experts may not be available on dates planned
3 1/15/05 Snowstorm may prevent cutover team from working on site
4 1/15/05 Server capacity may not support the planned number of users
5 1/15/05 Client may change requirements causing delay in cutover
6
7
8
9
10
Step 1:Identify Risks
Step 1 – Identify Risks
Using some of the tools and techniques shown in the previous slide (e.g. brainstorming with subject matter experts and key team members or using checklists), identify the risks that may affect the project.
Identify categories of risk (e.g. Technology, Staffing, Contractual etc.), to improve the process of discovering risks.
Do not start to “red light” or resolve risks at this Risk Identification stage.
Risk Response Plan
# Date Risk
Probability of
Occurrence(H/M/L)
Impact
(H/M/L)
Expected Value
(H/M/L)Mitigating Actions
Action By – Target DateStatus
1 1/15/05 Vendor may not deliver application software on time
H H
2 1/15/05 Subject matter experts may not be available on dates planned
L L
3 1/15/05 Snowstorm may prevent cutover team from working on site
L H
4 1/15/05 Server capacity may not support the planned number of users
M M
5 1/15/05 Client may change requirements causing delay in cutover
M H
6
7
8
9
10
Step 1Identify Risks
Step 2Analyze Risks
Step 2 – Analyze Risks
Determine (with the involvement of subject matter experts and key project stakeholders) the probability of occurrence and the impact for each risk, using the following criteria as a guide.
Probability of occurrenceHigh – 70 - 100%Medium – 30 – 70%Low – 0 - 30%
ImpactHigh – Will delay cutover or have major cost impact e.g. more than $15,000.Medium – Will cause impact to major milestones or cause cost impact of $5,000 to $15,000.Low – Will have only minor effects on the schedule or the cost of the project.
Note: These values can be adjusted to match the risk tolerance of your organization and the size and nature of the project.
Risk Response Plan
# Date Risk
Probability of
Occurrence(H/M/L)
Impact
(H/M/L)
Expected Value
(H/M/L)Mitigating Actions
Action By – Target DateStatus
1 1/15/05 Vendor may not deliver application software on time
H H
2 1/15/05 Subject matter experts may not be available on dates planned
L L
3 1/15/05 Snowstorm may prevent cutover team from working on site
L H
4 1/15/05 Server capacity may not support the planned number of users
M M
5 1/15/05 Client may change requirements causing delay in cutover
M H
6
7
8
9
10
Step 1Identify Risks
Step 2Analyze Risks
H
M
L
L M H
Pro
bab
ilit
y
Impact
Expected Value
High
Medium
Low
Step 2 – Analyze Risks (continued)
Using the tables below, match the probability and impact for each risk to find the Expected Value of the “Risk Exposure”.
Risk Response Plan
# Date Risk
Probability of
Occurrence(H/M/L)
Impact
(H/M/L)
Expected Value
(H/M/L)Mitigating Actions
Action By – Target DateStatus
1 1/15/05 Vendor may not deliver application software on time
H H H
2 1/15/05 Subject matter experts may not be available on dates planned
L L L
3 1/15/05 Snowstorm may prevent cutover team from working on site
L H M
4 1/15/05 Server capacity may not support the planned number of users
M M M
5 1/15/05 Client may change requirements causing delay in cutover
M H H
6
7
8
9
10
Step 1Identify Risks
Step 2Analyze Risks
H
M
L
L M H
Pro
bab
ilit
y
Impact
Step 2 – Analyze Risks (continued)
Using the tables below, match the probability and impact for each risk to find the Expected Value of the “Risk Exposure”.
Expected Value
High
Medium
Low
Risk Response Plan
# Date Risk
Probability of
Occurrence(H/M/L)
Impact
(H/M/L)
Expected Value
(H/M/L)Mitigating Actions
Action By – Target DateStatus
1 1/15/05 Vendor may not deliver application software on time
H H H Establish a penalty clause in the contract with the vendor .
JR – 1/23/05
2 1/15/05 Subject matter experts may not be available on dates planned
L L L (No need to address since Expected Value is “Low”)
3 1/15/05 Snowstorm may prevent cutover team from working on site
L H M Arrange for key team members to stay in a nearby hotel. BD – 1/20/05
4 1/15/05 Server capacity may not support the planned number of users
M M M Arrange for extra server capacity to be installed JR – 1/28/05
5 1/15/05 Client may change requirements causing delay in cutover
M H H Establish a “freeze” date, with any changes applied to a future release
LK – 1/22/05
6
7
8
9
10
Step 1Identify Risks
Step 2Analyze Risks
Step 3Identify actionsto mitigate each
risk
Step 3 – Identify actions to mitigate each risk
For risks with a High and Medium Risk Exposure, identify the actions that can be taken to “mitigate” each risk (i.e. Reduce the probability and/or the impact of the risk). Ensure an “owner” and due date is assigned for each action.
Note: A “best practice” is to directly address any risks that have a probability of occurrence that is greater than 50% and incorporate the mitigating actions for those risks in the project plan.
Risk Response Plan
# Date Risk
Probability of
Occurrence(H/M/L)
Impact
(H/M/L)
Expected Value
(H/M/L)Mitigating Actions
Action By – Target DateStatus
1 1/15/05 Vendor may not deliver application software on time
H H H Establish a penalty clause in the contract with the vendor .
JR – 1/23/05
1/25/05 – Penalty clause inserted in contract to cover any expenses resulting from a delay in delivery.
2 1/15/05 Subject matter experts may not be available on dates planned
L L L (No need to address since Expected Value is “Low”)
3 1/15/05 Snowstorm may prevent cutover team from working on site
L H M Arrange for key team members to stay in a nearby hotel. BD – 1/20/05
1/25/05 – Accommodations booked for weekend of cutover for key staff
4 1/15/05 Server capacity may not support the planned number of users
M M M Arrange for extra server capacity to be installed JR – 1/28/05
1/25/05 – Vendor has not confirmed delivery yet
5 1/15/05 Client may change requirements causing delay in cutover
M H H Establish a “freeze” date, with any changes applied to a future release
LK – 1/22/05
1/25/05 – Client Sponsor notified in writing that requirements will be frozen as of 2/15/05.
6
7
8
9
10
Step 1Identify risks
Step 2Analyze risks
Step 4 – Monitor and control risks
This Risk Response Plan should be started at a high level at the very beginning of the project, and then done at a more detailed level during the planning phase, with high risks directly addressed in the project plan.
The status of each risk and mitigating action should be reviewed regularly (e.g at the weekly project team meeting, along with the review of the project schedule) and documented here to provide an audit trail. The Risk Response Plan should be revisited formally at least monthly during the project life cycle, and/or at the end of each phase, to monitor identified risks and ensure new potential risks are identified and addressed.
Step 3Identify actionsto mitigate each
risk
Step 4Monitor and control risks
Risk Management: Lessons Learned
• RMS Titanic left Queenstown at 1:30pm on April 11, 1912
• Received ice warnings on April 12, 13 and six on April 14, from 9am to 9:40pm. (Not known if messages were delivered to the bridge, or ignored).
• Iceberg hit at 11:40pm on April 14, causing holes in 5 bulkheads.
• Ship finally starts sinking just after 2am on April 15.
Reference: www.titanic.com
April 11April 12April 13April 14 April 101912
What are some of the Lessons Learned
Risk Management
How To Develop a Risk Response Plan
alphaPM Inc. www.alphaPM.com