Project Risk Management

 

Project risks are uncertain events or condition if occur, may have huge impact on cost, quality, time and scope. Project Risks could have low, medium or high impact. Project risks could have low, medium and high probability of occurrence.  If any risk associated with project has high probability and high impact. It means we need to be more vigilant for that kind of risk. For example, project requirements not frozen on schedule, it could lead to effort variance and schedule slippage for the project, Proper Infrastructure has to be setup for product deployment, it could be medium risk on the project. If you are not good at  Risk Management, you reputation as a Project Manager will be at stake. You may be in deep trouble if something happen unexpectedly and you were not prepared for it and you did not have any agreement with the client for the same.

 

As a proactive Project Manager you must ensure that all the risks associated with Project needs to be identified, plan, mitigates, execute, tracked and controlled. Don’t forget to involve stakeholder/sponsor/key player of the project in the Risk management process. You should made them aware of all the risks throughout the project and always update them time to time on the progress for risk mitigation by sending them risk tracking reports. You need to have mitigation plan in place to reduce the probability of occurrence of risks and impact on the project.

 

 

I can share my experience with you, I was working on web project. Initially the project was estimated and approved for 459 pds. When we started working on prototype, client kept on changing the requirements which result in effort variance to 610 pds. We have overworked 151 pds. Then our PM has spoken with client and asked him to approve change requirements for 151 pds. Initially he was reluctant to approve it, then my PM explained him what they have agreed it in Risk management plan. Thanks to PM , he had already identified  change in requirement as a risk and mitigation was change request procedure will follow and re-estimation of the new change request will be done. Then client approved the change request for 151 pds after looking at risk management plan.

 

If risks not identified, analyzed, mitigated and controlled efficiently, then loss could be anything from the diminished quality of a solution to increased cost, missed deadlines, or project failure. Project risks management is an iterative process and needs to be assessed continuously throughout a project.

 

You can have 3 strategies to deal with risk associated with project. These are as follows:

 

Avoid:

 

You can just avoid the risks by choosing familiar technology if you think new technology may cause high risk. You can also make some changes in project plan to avoid some risks like extending the project schedule and reducing the scope of the project

 

 

Transfer:  

 

Risk transfer requires a shifting a negative impact of threat along with ownership of the response, to third party. Contract may be used to transfer the specific risks to the third party. For example, you can say that if client does not approve the intermediate deliverable, project will be delayed and cost of the efforts will be re-estimated. This explain that your transferring responsibility of the risk on the shoulder of the client.

 

Mitigate:

Risk Mitigation implies a reduction in a probability and/or impact of adverse risk event to an acceptable threshold. For example, if your project has more complex functionality, you can plan for more testing time for it.

 

Risk Management includes following activities:

 

Risk Management Planning:

 

 

It is the process of deciding how to approach and conduct the risk management planning for the project. In this process, team manages current risks, plans and executes risks strategies. During the Risk Management planning, Project management also utilizes their experience for handling risks with previous projects. Some organization has well defined policies for handling risks management on the project. We also need to plan when and how often risk management process will be performed through the project.   We need to define tool, approaches and data source that may be used to perform Risk Management. Risk Management Planning should be completed early during Project Planning.

 

Risk Identification:

 

Risks needs to be identified and documented throughout the life cycle of the project. Project Management, Project Lead, Group leader, Stakeholder needs to be involved in the identification process of the risks.

People associated with risks also needs to be identified with their roles and responsibilities in risk management planning. 

 

Analyze and Prioritize risks

It is very essential to determine how often  risks may  occur on the project and how severe it will have impact on the project. All the risks may not necessarily have high probability of occurrence and high impact on the project. Calculating the risks help us to prioritize and mitigate the risks efficiently, for example risks having high probability and high impact on the project needs our extra attention. Ideally, we should  categorize probability of occurrence and impact of risk into low, medium and high. It is better to assign some numeric value to it. Like 1 to low, 2 to medium and 3 to high. Then you can draw the table depending on their probability of occurrence and impact on the project.

 

Risk Details	Probability High     = 3 Medium  = 2 Low      = 1 (A)	Impact/Damage High     = 3 Medium  = 2 Low      = 1             (B)	Total             (C) = (A) x (B)
Inexperience with Web site creation, deployment, and ongoing support	2	2	4
Proper infrastructure has to be setup on the Client deployment site before actual deployment.	2	2	4
Client changes requirement quite often.	2	3	6
Client slips on schedule for giving feedback on the intermediate deliverables.	2	3	6

 

Planning and Scheduling Risks Mitigation:

 

Once identification and analysis of the risks are done. Now we need to have some action plan in place to plan and schedule the risks. We have to use the information developed in the risk analysis stage to formulate risk mitigation strategies, plans, and actions. Allocate time for risk planning in the project plan.

 

All the risks must have mitigation plan identified with the person responsible for mitigation plan. PM needs to keep close watch on all the risks irrespective of their rating and ensure that mitigation plan is in place for all the risks. There are certain risks that you can avoid. For example, if new and unfamiliar technology is a risk for the project you can choose alternative technology for the project if it is feasible.

 

Tracking and Controlling:

 

We have to monitor the status of specific risks and the progress of their specific mitigation plans. We also need to report this progress to the team, customers, and key stakeholders. We need to execute the risk mitigation plan and report the status of the risks to the team and customer. I reiterate that Risk Management is an iterative process, risk needs to be identified, plan, mitigate, execute, tracked and controlled throughout the project.

 

Risks Also needs to be documents as a learning for future projects.

 

Sr. No	Risk Details	Occurrence Phase	Effect Details	Rating	Mitigation	Tracking	Contingency	Closed Date
2	Proper infrastructure has to be setup on the Client deployment site before actual deployment.	Deployment	This may cause a schedule overrun leading to extending the acceptance phase.	4	Client should ensure that it is properly done.	Deployment phase.	Escalate the issue to PM/Stakeholders/Sponsors at offshore. The client is already aware of the issue and has agreed to provide a proper setup.
4	Client changes requirement quite often.		This may cause a schedule overrun.	6	Proper Change Control Procedure will be followed.		Schedule changes into the application after acceptance of existing code.
5	Client slips on schedule for giving feedback on the intermediate deliverables.		This may cause a schedule overrun.	6	Client should ensure that feedback is given as per dates decided in the project plan.		Escalate the issue to PM/Stakeholders/Sponsors.

 

 Reference : Analyzing requierements  and Defining MS  .Net  Solution Architecture