Risk management - why do procedures so rarely work?
The apparent simplicity of
In any textbook, including PMBOK, the risk management procedure is described in crystal clear and understandable terms.
subject to qualitative and quantitative analysis
place in the appropriate section of the risk matrix
decide on working with him
track until onset or loss of relevance.
However, in real life it is not often possible to see a careful adherence to these procedures and even less often - the benefits of this.
Behind the seeming simplicity is the daily work of the project manager, requiring discipline, creativity and intellectual effort. And since risk is a probable event in the future that may not happen, there is no time to do this now and there is no wish — there are more pressing tasks.
Suppose a project manager understands that risk management is necessary. Convince him not to. But how to do it in the most effective way? What techniques and tools should be used in order to really reduce losses from the occurrence of risks with minimal time?
Risk management tools
There is a set of mandatory tools, the presence of which, as well as the quality of the content, already indicate that the project manager is trying to manage risks. This is
Critical Risk Cards
Assignments and tasks related to risks 3r3-33242.
However, their presence in itself does not provide a result.
First - it is necessary to correctly determine the risk. As a rule, the chain of events leads to adverse consequences. What to call risk? Consequences or one of the events that lead to it?
Let's look at a simple example.
The figure shows the same chain, but the emphasis is on different links.
You can try to never be late for work. For example, in order to certainly avoid being late, go out half an hour earlier. And this is a good option if you are a lark, and half an hour of sleep in the morning is not a great value for you.
And you can redirect a landline phone to a mobile, and certainly avoid a missed call, despite being late.
The cost of dealing with the probability of occurrence of risk in two cases is different. Half an hour of sleep or worthless redirection to the mobile. Depending on what we are fighting against, the cost of prevention can vary dramatically.
A risk event is what we will fight with, what we will try to prevent.
The following criteria can be used as a practical hint to determine a risk event: 3r-3264.
The event is under direct control - it can be recognized, it can be influenced.
The event is guaranteed to lead to consequences.
There is a standard way to solve the problem and this method is usually inexpensive.
Identifying risks is an ongoing process. They can be formulated on the basis of previous experience, analysis of the current situation, they can be reported by anyone, and in any form. If you keep your eyes open, the risk information will always be there.
The question is, what of this worthy to get into the registry?
An entry in the risk register should be distinguished by concreteness: 3r33232.
If it happens
The consequences will come
We can do the following on this matter
For each risk, a responsible and control date is assigned.
I recommend the following structure of the risk register, which, however, can be changed or supplemented in accordance with specific conditions and preferences: 3r-3264.
No - Unique Risk Code
The name is a brief risk designation
Description — A description of the risk event and the consequences of 3r-3242.
Open - Date of risk registration
The initiator is the name of the initiator 3r-3242.
Risk control - name of the person responsible for regular risk control 3r33242.
Priority - High /Medium /Low 3r33242.
Required Decision Date - When to decide on actions to take or a problem 3r32242.
Consequences of the occurrence of risk (time and cost) - What will the occurrence of risk, in numerical terms.
Action to combat the risk - What to do with risk 3r3242.
Responsible for the actions - Who should perform these actions 3r33242.
Planned date of action - When you need to perform actions 3r-3242.
Action at risk - What to do if the risk comes 3r33242.
Status Date - The date the status was updated
Status - Open /Analysis completed /Resolved /Closed 3r33242.
The most important risks are worthy of creating a separate document for them - a risk map.
In the risk map, we write:
A detailed description of what may happen
what consequences arise, preferably in money, 3r33242.
probability of occurrence 3r33242.
options for action (do nothing, do something, do something else)
The decision and action plan
The risk map is very convenient for escalation. If actions depend on someone else who is not at the mercy of the project manager, then escalation is necessary.
3. Execution of the risk management plan 3r33232.
You can identify risks, keep a register, issue cards. But if there is no action on risks, then all the previous steps are useless.
The following risk management strategies and examples of its application are possible: 3r33232.
[b] Dodge - do not do the project; abandon the use of unknown technology.
Restrain - take any action to reduce the likelihood or impact of the consequences: engage a subcontractor with relevant experience; move risky tasks to the beginning of the project; conduct additional testing.
Take - to form a reserve for the occurrence of risk (time buffer, reserve in the budget) 3r323242.
Transfer - to entrust someone (customer, contractor, insurance company) with responsibility for the implementation of the task for which there is a risk, or its consequences.
After you have decided on which strategy to choose, have planned actions, it is important to ensure their implementation.
On one of the projects I applied the following practice. He appointed a risk meeting with the deputy general manager of the customer and came with several risk cards. I asked to read, if necessary, explained something, asked to choose one of the options or formulate another solution. After that - sign on paper. It is very stimulated to the actions of people in the subordination of this leader.
However, such a scheme is not always applicable if it does not correspond to the corporate culture or the manager has a tactic of avoiding a decision. Manipulation is creative.
On another project, we wrote out risk maps on the project portal (see 3r33257. Using JIRA and Confluence in project management 3r33258.), Which were then automatically collected into the registry. This option is more convenient than trying to fit all the abundance of information in the Excel spreadsheet. Moreover, due to communication with the task management system, it was easy to plan and control risk actions.
This presentation does not pretend to the severity of terms and completeness of the disclosure of the topic. Instead, I tried to share what really works.
If you realize the importance of risk management, systematically use tools and take a practical approach to this, then you can avoid a lot of complications and unnecessary work caused by them.
It may be interesting
Situs QQ Online
Situs QQ Online