Professional Documents
Culture Documents
Projects deal with change, and dealing with change is risky business. Researches
shown that numerous project managers are [not] prepared nor appropriately managed
risk. Are you ready to manage the risk that can plague your project and potentially your
business as well? When I talk about risk, I'm talking about things that haven't happened
yet. There's a probability of some sort of event occurring that'll have an impact on your
project. This impact could be positive when things go right, or it could be negative when
they go wrong.
With the significance of risk management in mind, let's look at the two major categories
for risk, positive and negative risk. Positive risks are often called opportunities, and they
still need to be managed. While we're not going to focus on opportunities, the logic and
the process of dealing with them is the same as for negative risks. It's just that their are
typically more instances of negative things happening in projectsthat have to
managed. So, we'll focus on negative risks.
Negative risks are events that could cause your project to be thrown off course. So, it's
vital that you pay attention to them. Whether you are dealing with positive or negative
risks, there are standard series of steps to follow when managing risks. First, you need
to identify the risks on your project. When you see something that will probably
happen, you should take action ahead of time, before the impacts are felt in your
project. Be proactive rather than being reactive, to appropriately determine when to take
action.
You need to take the second standard step for risk management and asses the
likelihood of a risk happening, and determine which risks you will address. Addressing
risk means taking action. Determining the actions to take is step three. Investigating
alternatives to steer your project through the least bumpy section of the road. You might
try to smooth out part of the road for a more comfortable ride. Using either alternative,
the idea for you is a project manager is to control how much your projects are exposed
by risk.
The last step in the management process is to control risk on an ongoing basis. This is
important to do, because risk change over time. So, you should constantly assess your
project for the likelihood of a risk happening, and it's potential impact. Understanding the
consequences of any risk will help you manage it. The last thing you want is for a risk to
effect deliverable's, your budget, or your quality standards when you could have
addressed it proactively.
As I help you examine risk in this course, keep in mind that managing risk doesn't
mean playing it safe at all costs. Any sort of change comes with a level of risk. It's how
you manage it that makes all the difference, which is why I will help you asses
approaches to deal with risks as they crop up. If you don't, they can literally create havoc
on your projects. Ultimately, project management is risk management. Managing risk
shows that you're aware of your challenges, and you've considered your options.
By clearly understanding your risk in the scheme of what you're trying to achieve, your
project has a greater chance of being delivered successfully.
Consider having these risk assessment discussions at major milestones in your project
such as Stage-Gates. Having regular, open and frank discussions about risk will help
you manage risk as a regular course of doing business. Lastly, after each of these risk
assessmentdiscussions, create or update your overall risk plan. This plan details the
risks you are managing and provides an ongoing means of reporting what actions you're
taking and the status of each risk. The risk plan helps you ensure you're on top of what's
going with risk and your project.
Working these plans proactively can help you be cool, calm and collected in your risk
management approach. It treats risk management as an everyday event and an
essential part of keeping your project on track. If you ignore the whole idea of risk you'll
end up fighting fires. This is a tough way to spend your day. Jumping from crisis to crisis
can have a negative impact on your schedule, your costs and the quality of the products
you deliver. Not to mention the emotional drain it puts on you and your team.
And you'll be so busy putting out the fires that any process improvement
opportunities that could come out of risk would be largely overlooked. If you look and act
like you're in control of risk then you'll have a better chance of getting others engaged in
a sensible risk management approach. In addition, you will help your management
perceive you as a person with a balanced business approach to implementing your
project and dealing with the challenges that change brings to the business environment.
fun. Some people are cautious walking down stairs. And there's everyone in
between. You need to take this into consideration when you talk about risk in your
project.
The key is to always listen carefully as you discuss elements of your project. The
second thing to keep in mind, is that people have a natural tendency to want to protect
scope, time, or money when these triple constraints are discussed. Which way they lean
will depend upon their prior experience, the organizational culture they're used to, and
the particulars of your project. For example, one organization I know of is involved in
yearly industry trade shows.
At these shows, the company is expected to display new products. If they don't have
new products ready to show off at the trade shows, it'll impact their business. A project
stakeholder in this instance will be totally focused on time constraints, because it is
critical they have products ready to demonstrate at the trade show. Risk impacts to cost
and scope are a much lower priority for them. In another scenario, which
demonstrates a different risk tolerance, there are regulated industries where scope is of
critical importance.
Your project might be fulfilling commitments that are legislated by law. Compliance and
scope considerations, along with on-time implementation to meet legal requirements will
be top of mind for your stakeholders. Cost might take a bit of a back seat in these
instances.While considering people's risk tendency, you should also take the
second risk tolerance component into consideration. Performance appraisals. How is
your stakeholder being appraised by their manager? What are they being told they're
doing well, and what do they need to improve? To obtain this information, it is absolutely
fundamental that you post critical questions, and listen to the answers you receive.
Without directly asking about their personal performance appraisal, you can ask
them "What outcomes are you most excited about, "and what potential negative
outcomes most concern you?" If you have these candid discussions about their
expectations and concerns early on in the project, you'll get a feel for which project
constraints they'll want to focus on. There's usually a risk/reward balance in any
organization, and an underlying culture in the willingness to accept or manage risk.
Some entrepreneurial organizations will take significant risk, whereas more conservative
industries will want to mitigate their risk, and they'll expect you, as a project manager, to
conform to their style. The techniques I've discussed here can position you well to
understand how you need to proceed, relative to project risk. The more you understand
your organization's position on risk, the better you'll be able to successfully focus your
risk management efforts, and prioritize risk activities.
For example, in the construction industry there are safety risks. In IT there are
information requirement risks, and risks involving the creation of solutions that are too
complex. To help, most industries have associations, online resources, and risk
tools that you can leverage. Use them to identify risks. Examine your project against
others in your industry. You might also find resources through other project managers
involved in your industry. The Project Management Institute also has project
management standards for projects in government, software, and construction that are
useful.
The last technique to consider for risk identification is to look at your work breakdown
structure, or WBS, and identify risks by tasks or group of tasks. As you will use the tasks
in the WBS to deliver your projects, using the identified tasks in the WBS can trigger risk
ideas that you would have otherwise missed. This is a good, systematic last step to help
ensure you have thoroughly considered potential risks that may plague your project. You
can't address risks you haven't identified.
Launching your risk management approach with thorough and well considered risk
identification practices will help ensure you manage your project in a controlled,
proactive manner.
one common area for risks might be that you don't have enough people, or you lack
people with the relevant skills.
You could have a substantial list of risks, but in many cases, they may all tie back to this
category of people and skills. A second way to categorize risks is by business
areas, such as external market risks, or shifts in business strategy. This can be very
helpful, when you are dealing with your client, and the risks they may bring to the
project. Taking this approach can enhance the perception, that you are managing the
project with your client, and their needs in mind.
It can also help engage your client, to ensure you manage their risks appropriately. A
third way to categorize risks is by technical topics.These might include design and
development problems, testing and maintenance risks, and technical uncertainty. Or,
you can use technical product risks, such as a requirement potentially being too
complex, or other risks, such as managing external vendors. Fourth, you can utilize an
integration risks category.
Integration risks surface when you are working on your project, and there are many
other things happening in the organization. If you have nine other projects targeting a
particular business area, this might signal a need to address integration risks. When
solutions need to be brought together. As all the changes brought about by these
projects may need to be coordinated, significant risks could surface. This is a risk topic
that is often overlooked by project managers. Although these are common risk
categories, you might find others are more usefulon the specific projects you manage.
No matter the categories you use, here are a few tips for managing risks with risk
categories. First, don't hesitate to revise your risk categories if it's helpful. As the project
progresses, you learn more about the risks that are substantial. As a result, more
relevant categories may surface. Some risks may blend into other categories, depending
on the stages in your project, so keep your eye on the ball. Continue to identify risk and
risk categories as the project unfolds.
You can do this as your regular team or status meetings. My second tip is this, keep
your list of categories short and simple. Try to avoid a multitude of categories, so you
and your team don't have a hard time keeping them all contained. Lastly, be as succinct
as you can when assigning risk categories. Package the risks, so there's a common
relevance across different areas of the project that you, your project team, and other
stakeholders, easily understand.
Using well crafted risk categories can help you manage your project risks more
easily, but it also helps your stakeholders to see the risks for what they are, and helps
you make better decisions to address them.
would be there is an x percent chance that the fuel truck drivers will go on strike causing
the fuel trucks to be delayed in refueling the aircraft. This will increase costs by y
dollars per flight due to delays.
Second tip for writing risk records, don't hesitate to have multiple risk records for the
same risk. In each record, you outline different causesbecause the mitigation action will
be different. In my airport management example, writing multiple risk records to
address different causes of the fuel truck delay risk event would have been a valuable
thing to do. Another risk record, similar to the one I just shared with you, could be written
to address the situation they did think of when a fuel truck mechanical failure occurs.
Last, my third tip for writing risk records. Don't write the records and leave them to
collect dust. You need to be continually going back to your records to see how the risks
are tracking. As the project progresses, your risk may change. Specifically with
probability of occurring,and potential impacts. You may also surface other potential
causes for the risk to occur. Keep your risks current, and you will always be on top of
things that could derail your project.
You might think it seems a bit redundant to write multiple records for risks with the same
impact, and keep reviewing them all the time.However, you will want to
understand when you need to act to address risks and ensure those actions will be
useful. Starting with specific and structured risk records makes your risks relatively
easy to review and update. With well crafted risk records, your risk management plan
can be pragmatic, inefficient, and a well crafted risk plan proactively addresses the
problems the can plague your project which can be the difference between
successful delivery of project outcomes, or a project that gets cancelled before it
delivers any value.
First and foremost, the risk register captures details for the risks that have been
identified at the beginning and during the life of the project.It also includes the high,
medium, or low grades in terms of their likelihood of occurring and how seriously they'd
impact your project.Second, you include the plans for treating each risk, as well as the
costs of any treatment strategy, who's responsible to execute, and the results if that
strategy was executed.
Third, your risk register should identify the owner of the risk and how the risk is tied to a
task or series of tasks in the project schedule. Risks typically manifest themselves in the
execution of tasks or a hurdle to executing a task appropriately. As a means of tracking
your risks appropriately, and understanding when they might occur, or the risk possibility
is past, having risks tied to tasks is a useful management practice.
Now that I've outlined the data to include in your risk register, let's talk about best
practices for making the risk register as pragmatic as possible. First, use your risk
register as a risk focus task or to-do list. You should have statuses related to each
risk and allocate action items to each risk. You should also assign resources to each
risk-related action, so it's clear who's responsible for managing the risks.
My second best practice to share, ensure you understand the in's and out's of your
project before you build and publish your first risk register. This allows you to collect the
knowledge and understanding of your key stakeholders and understand how they want
to manage risk. It also helps to know where to get the information you're going to
need to ensure your risks are relevant. Third, sort the risks in your risk register by
probability and impact to your project.
You'll be dealing with a number of risks in a typical project. However, you do not need to
share every risk with your sponsor and senior stakeholders. They will probably only be
interested in risks that they have to address themselves. Having your risk register sorted
appropriately means you can easily share the top risks with senior stakeholders. One
last best practice, make your risk register complete,but keep it brief and to the
point. Your risk register should be much more than a list saying you have 20 risks.
Ensure it can quickly convey essential risk information and what you're doing about the
risks. Also, make sure it's updated at least after every status meeting. Your risk register
will serve as a great tool if you are vigilant by including and maintaining the right
information throughout the project. It brings your risk management plan to life and gives
you a concise crisp summary of the status of all the risks on your project at any point in
time.
efficient and effective. First and foremost, don't make it too complicated. Don't be too
fine in your determinations for high, medium, and low risks. Remember, you're just trying
to regulate the effort you go through, not chase every risk. You just want to know where
to focus your risk management energies.
Second, to help everyone on your project team understand your qualitative
analysis, draw up a table like this one, known as the three by three risk matrix. It has
probability on one axis, and impact on the other. By recording your findings in this sort of
format, you can easily see the risks. Last, after you complete your three by three
matrix, look at where your risks lie. If there are a large percentage of medium-medium
risks, ensure you didn't put them into that segment by default.
Maybe it's out of habit. The question you need to ask yourself is, "Did I really label the
risks qualitatively, "in relation to the others?" Basically, you're going to have to
address your high-probability, high-impact risks first. These have to be your
priority. Then you'll look at your risks rated high-medium, and medium-high. You may
also consider your medium-mediums. For all of your lows, you're probably not going to
do much at all, and that's okay.
If you go through the qualitative risk analysis process quickly and efficiently, you are well
on your way to making your risk management approach manageable, and well-suited to
the needs of your project.
closely at the probability of each risk occurring. Because we're looking for a more
refined estimate in this quantitative analysis stage, I would assign a probability in
increments of 10. So ten percent, twenty percent and so forth.
The second step is to estimate the cost to your project, or your organization, if a risk
came to fruition. The dollar values you choose to estimate the cost would depend upon
the overall budget of your project. If you were managing a project whose total budget is
100,000 dollars or less, then I would estimate the cost in increments of 5,000
dollars. Half a million or less, then I would use estimates in increments of ten thousand
dollars. For one million or more of total project budget, I would use increments of 50,000
dollars.
If you're managing multi-million dollar projects, then you might want to conduct more
detailed approaches to estimate the impact of risks.The third step, is to multiply your
estimates for the probability and cost impact and sort the answers so you have a guide
to determine what your most important risks are that you should address. For example,
if Risk A has a probability of occurring of 70 percent and an impact of10,000 dollars, the
resulting answer would be 70 percent of 10,000 dollars, which is 7,000 dollars.
If Risk B had a probability of occurring of 30 percent but a cost impact of
150,000 dollars, the resulting importance ranking would be 30 percent of 150,000
dollars or 45,000 dollars. This method suggests Risk B be addressed before Risk
A. Remember, this is only a guide. You should look at each of your projects risks to
determine what makes sense. The last step, is to take your most important risks and ask
"If I was going to "address this risk, how much would that cost?" You certainly should
spend an appropriate amount of money to mitigate a risk that isvital to your projects
success.
There could potentially be a number of ways to address a risk however. The greater the
potential impact, the more analysis you may want to perform to investigate alternatives
to relieve your project of the risk. The thing you should remember, is that quantitative
analysis can be a bit of a balancing act. You want to dedicate enough time so that
you get a thorough analysis but not too much time so you get bogged down with your
estimates. Allocate your time based on the potential impact of each risk.
This will give you the information you need and let you get on with the job of managing
your risks. Performing a quantitative risk analysishelps you ensure that you have control
over the elements that can adversely impact your project. When you have those adverse
elements under control, you are well on your way to ensuring your project can be
delivered with integrity.
addressed. This should consider the overall financial impact of the risk, the cost of
addressing the risk, and the risk tolerance of your sponsor and senior
stakeholders. Once you've done this, you are ready to take the fourth and final step to
completing your risk analysis.
Share your final prioritized risks with your sponsor. Here are some final tips as you use
these steps to finalize your risk analysis. First, risk prioritization involves a lot of
judgment calls and estimations. Don't be afraid of going forward without a lot of
facts. You rarely have solid facts when it comes to risks. Next, it is important that you
communicate your estimates and assumptions and consider those of your sponsor and
stakeholders.
Although there is science involved, most good risk analysis exercises involve a healthy
dose of art in the form of intuition and frequent communication. Lastly, fault on the side
of being inclusive. Involve as many stakeholders as you can. Not only will you produce a
better risk analysis product in the event an unexpected risk does become an issue, you
won't be alone when answering the "why didn't you think of that" type questions that
may be raised by senior leaders.
There are a number of steps to take when identifying and analyzing risks. But engaging
in methodical effort is worth it. As risks coming to fruition as issues are likely to seriously
impact your project, leading the project team and stakeholders through a practice of
diligent risk analysis, you will be well positioned to manage the good and bad ebbs and
flows of your project.
the risk. For example, let's say you're working on a project where you're designing and
building animportant component of a large machine, and let's say your project team
believes your current plan of making the component out of fiberglass might be
inadequate because the component needs to be rigid, but the fiberglass might be too
flexible.
So instead, you and the team decide to make the component out of steel. You've just
employed an avoidance treatment technique. You've avoided the risk of using fiberglass
altogether. The second risk response is transference. You move the risk to someone
else. Examples of this are taking out insurance that something bad could happen, kinda
like when you get insurance on your car. The impact of the risk istransferred to the
insurance company.
You don't totally eliminate the impact because you still have to pay the deductible, and
the impact to your project is something you'd still have to deal with. So, the impact of the
risk isn't zero. However, it's significantly reduced. Typically, with transference, you'd
get some relief from the transferee, such as a payment from insurance. The third risk
response is to mitigate the risk. Let me show you how you can reduce the probability of
a risk occurring in this first example.
Let's say you're working on a project where you're depending on vendors to supply you
with parts. If you have a vendor that's at risk of being late, you may need to have a
mitigation strategy. One approach is to put a contingency contract in place with a
second vendor. You may spend more, but the alternate contract should help you ensure
you get things done on time. Of course, the risk of the alternate vendor being late may
still happen, but overall you're driving down the probability of the risk occurring.
In a second mitigation example, you can reduce the impact of a risk
occurring. Considering the scenario we discussed, when you're depending on a
vendor to deliver your product on time, you can create an alternate project
schedule, where you perform an installation later involving the parts you're receiving
from the vendor. This might not be ideal, but if the supplier is late, the impact on your
project won't be as great. In addition to avoidance, transference, or mitigation, there is
another response option.
You can accept the risk. This means you do nothing to avoid the risk. It's a common
response for low-priority risk events. You simply accept the risk as is. If the risk event
occurs, you just absorb the impact because it's not worth the time and cost to address
it. The important thing about any risk response is that you go through your options
carefully. By responding to risks, you're enhancing the opportunities andreducing the
threats to a project's objectives.
You will likely have to decide to execute this response strategy long before you can
tell for certain that the risk will come to fruition. In contrast, risk response option B will
cost $4,500, but you can execute it immediately before the risk occurs. If both of these
response options have an equal chance of reducing the impact of the risk, you might
choose option B over A. This is because option B, although slightly more
expensive gives you a greater chance of spending nothing at all on a risk response, if
you can determine if the risk won't come to fruition at all, and not need a response.
It gives you the advantages of not having to play your cards too early. The last
consideration is the speed with which you can get permissionto execute a response
strategy. If two options are similar in their cost and effectiveness to reduce the risk, it is
usually best to choose the response action you can execute more quickly. This gives
you more flexibility in determining if and when a response is needed to a given risk. You
can take more time to be more decisive, or collect more data before spending additional
funding.
So, financials are not the only consideration when choosing your risk response
strategies. Considering other factors that allow you more management flexibility, or the
ability to trade off less sensitive project constraints to help others, is a great way to
demonstrate your prowessin considering alternatives for treating your project risks.
include contract-related actions you'll need to take with your vendors you should note
these as well.
After these fundamentals are compiled in your risk response plan these additional
elements can turn your risk response plan into a powerful control document. The most
significant item to add to each risk in the response plan is the timing for when you want
to either A, assess the status of the risk of B, execute a response action. These can
then be added as tasks in your project schedule and assigned to a specific individual.
Let's say you have two technical experts who are due to start work at a certain point in
your project, and they're currently working on another project. You see the possibility of
your experts other project running long and have noted this as a risk. In this example
you should note twotiming-critical actions against that risk. When to check the status of
the other project to determine if your technical experts will be available,and when you
need to go to the marketplace to contract other experts because the ones you planned
on won't be available.
The next significant item to have in your risk response plan are status dates for your
vendors, or to check on products from areas not under your control. For example, when
I was moving from the US to a work assignment in Australia and having my household
goods sent there by sea, I didn't know when I packed the container whether it would go
from LA to Sydney directly or via Singapore. I had to monitor the forecasted delivery of
my shipping container. True to form, it was shipped through Singapore and took longer
than expected.
I used this tracking to ensure I did not rent an apartment too early, before I
could practically occupy it with my furniture. Building a risk response plan is going to
take some work on your part, but the last thing a project needs is a weak, unmonitored
risk response plan. By ensuring your plan is robust and helps you track the actions
required to monitor and execute responses against risk, you can dramatically reduce the
impact of risk on your project.
trouble. This works well, because where's there's smoke, there's usually fire. You should
do the same thing for your project. And it rarely requires timber or construction skills. As
smoke is the warning sign for fire, I suggest you spend time thinking of what is called
"risk triggers" early warning signs, like smoke, that indicate a risk is about to come to
fruition.
It's a sign that you should be preparing to take action. Let's look at some common types
of project risk triggers. The first type of risk trigger is one that gives you an immediate
indication that a risk is happening. In your project environment, you may have technical
experts that are going to join your project at some point downstream. You request these
technical experts to start attending status meetings one month before they are due to
start so they can hit the ground running and know what's happening on the project.
The time for them to appear comes around, you remind them of their commitment and
they don't show for the status meeting. This is a likely risk trigger that other priorities
might put the experts participation in your project, at risk. The second type of risk
trigger are forward indicators. Unlike smoke, which indicates a fire is happening now,
forward indicator risk triggers are signals, something's going to happen at some period
of time in the future.
Tuna fisherman provide a useful example of a forward indicator risk trigger. Tuna
fisherman have risk triggers tied to the temperature of the water at different times of the
year. They understand if it's going to be a plentiful fishing season depending on the
water temperature.They've studied it over time. They can plan on X amount of
revenue and Y number of fisherman they'll need for a voyage based on the water
temperature which indicates a future projected tuna population they can catch.
Risk triggers can be varied and typically involve people's behavior, unexpected schedule
changes or task deadline failures. They can show up as defects in early versions of
products being produced. No matter the type or variety, here are some hints for
determining and leveraging risk triggers. First, do some research. Potential sources for
risk triggers include: Past risk logs, post implementation reviews, and risk and issue logs
from past projects.
Second, once you've determined reasonable risk triggers, empower your team to search
for them. The reality is, that while you have to keep your eye on things, you can't be
everywhere at once. You have to empower your project team so they understand the
risk triggers too. After all, they're often the subject matter experts who are living and
breathing this everyday. So get them to staff the watchtowers and look for smoke along
with you. Third, plan on what you're going to do when you spot a risk trigger.
The whole idea of utilizing risk triggers is to enable you to react quickly and
decisively. Involve your sponsors and key stake holders in the risk trigger process, so
they know what you're going to do should some nasty smoke appear on the horizon. By
understanding risk triggers, communicating them to your team and your
stakeholders, you can spot and react to risks much more quickly. Rapid and decisive
responses to risk triggers means you'll be more effective in the management of risk in
your project environment.
Highlight the risks you are currently focused on and provide the details to
stakeholders that can help you detect and manage them. This is particularly helpful if
you need to provide more detail on your risks or your organization has a
particular sensitivity to a certain risk. For example, if your organization is
particularly sensitive to schedule risk, you might have a separate detailed report to say
when you're schedule has varied from the plan. You could include details as to why it's
varied, and any specific actions you are planning that will get you back on schedule.
During times when there are lots of schedule risks, your risk response plan extract can
go even further. You can detail the risk triggers and the actions to take if they're
noticed. It's also useful to make note of any meetings or communications that happen
around the risks, even like a phone call or email. This basically highlights how
you're managing the risk through the process. With concise and focused risk
reporting,you can help your sponsor and key stakeholders make very clear and
informed decisions.
You can also help your project team help you with appropriate and timely risk
management. Put the effort into your risk reporting, and you'll likely be able to suggest
the best way to enhance or avoid most any risk that may surface on your project.
You can address this risk proactively by spending the money and time to have sample
fiberglass components manufactured ahead of time.From these samples, you can
determine if the rigidity risk is viable. This gives you assurance, and is proactive, but can
be very expensive in some project instances. Still, it could be money well spent. The
second option is to execute a response action, immediately after an assess and respond
approach. You make an assessment based on testing the manufactured parts at the
prescribed time in your schedule, and then you decide on the immediate actions to
take, based on the results.
If the fiberglass works well, you do not spend any money on a response action you don't
need. If the risk is valid, and the fiberglass is too flexible, you have to spend the
money to correct the situation by using steel and recover any delays in your
schedule. The third option when deciding on a risk response is to be reactive. You
change something after the impact of the risk has been felt. If the fiberglass proves not
to be rigid enough once we deploy it, then we can correct it after installation.
This will probably involve some other testing processes, and coming up with a corrective
action like reinforcing the fiberglass parts in some manner. It can also upset your client
and your reputation. In this case, we've let the risk pan out and then reacted to it. It is
not usually a very good option, but can be considered for very low probability or low cost
risks. Basically, what you're trying to do is think about the right balance between your
triple constraints, time, scope, and cost.
Being proactive and doing something ahead of time typically gives you the best end
result when it comes to risk management, but it can have drawbacks in costs
and, potentially, time. Going down the assess and respond route could cost you nothing
if it works. But if the work isn't the level of quality you need, it could cost you scope and
time when you least need those challenges. Being reactive could impact all three of your
triple constraints. In our example, by trying to reinforce the fiberglass, it could mean
you'd have to perform some redesign of the entire component, and this probably would
be expensive.
Whatever the case, it pays to analyze your risks before deciding which way to execute
your response. Assess the impact of the risk and really look at how much control you
need to put in place and when to get the optimal risk management result.
helps provide you with a master list of risks that you can refer to on any project you
manage in the future, in any scenario.
Fifth, modify your plans and project tasks as appropriate to accommodate new or
altered risks. New risks that are considered can help you and the team mindfully
complete tasks or consider other approaches as appropriate. Being proactive with new
risks can also lead to the reassignment of contingency money you haven't spent. Adding
risks to your plan can help you attract these funds appropriately. Your risk plan can be
the most valuable permanent record of what transpired and did not transpire on your
project.
As such, it is a valuable document that can prevent you and your project management
peers from having to relearn painful lessons.Capturing more detail versus less in my risk
plans has always served me well, and it can also save you pain and heartache.