PMI Virtual Library

2010 Teresa James

Easy Risk Analysis
I
always knew I should be doing some sort of risk analysis,
but I could not nd a tool that worked for me. Because
project managers usually suer from information overload,
how can we select from the mountains of
published literature a manageable
number of books and articles on
performing a documentation
review? How can we nd
and choose the experts
for a Delphi process?
How can we get an
entire group to
participate in a
brainstorming
session?
I have found the
Crawford Slip Method
(CSM) a simple and
powerful tool for analyzing
risk that has the side benet of
supporting team building. I rst heard
about this method during a seminar presented by project
management risk guru Carl Pritchard, founder and principal
of Pritchard Management Associates. Tis method sounded
like an easy way to identify risks with minimal amount of
required time, equipment, and training. I decided to try it.
And since then, I have become a believer in the value of using
CSM. In my discussion below, I examine some of the aspects
of CSM and some from the nominal group technique, which
includes the group review and ranking of the answers.
For those of us who are skeptics about the value of
assessing risk assessment, we should consider the alternative.
I have worked in situations where the sta was always
responding to the immediate crisis, and their response was
often preempted by the next crisis. Managing a project with
By Teresa James, PMP
such a reactive approach is not as eective as a proactive
approach, particularly when considering how this aects
team morale and how it fatigues the teams reghters.
The Crawford Slip Method
CSM dates back to 1925, when
a professor in California, Dr.
C. C. Crawford, invented
the method. It is an
eective approach
to facilitating
brainstorming
sessions for a
variety of issues,
such as identifying
risks. Although
brainstorming sessions
can generate needless
problems, such as a few
people monopolizing the entire
discussion, these sessions can help teams
build upon existing ideas. Te one shortcoming I see with
CSM is that participants cannot take other peoples ideas
and build on them. One way I have addressed this with my
teams is through using the nominal group technique, which
encourages discussion and prioritization (as described in Step
8 below).
I have used CSM many times and it has helped my
teams clearly identify a projects risks and engage quieter team
members in group discussions. Here is the process, as I apply
it when leading project teams.
Requirements Before the Meeting
Before applying CSM in a brainstorming session, I suggest
performing these ve activities:


I have found the
Crawford Slip Method
(CSM) a simple and powerful tool for analyzing
risk and that has the side
benefit of supporting
team building.

PMI Virtual Library | www.PMI.org | 2010 Teresa James

2






Outline the question the team will explore
Identify the sessions participants
Schedule a one-to-two-hour meeting that all participant
can attend
Provide each participant with ten sticky notes and one pen
Bring extra sticky notes and pens
Te key to an eective session begins with clearly
dening the question explored. Here are two questions I
have used: What risk is associated with the new application
going live in six months? and What risk is associated with
completing the new employee training within two months?
Spend some time formulating the question. I have used some
of the risks I have already identied as example answers to
help me formulate my questions.
Tose participating in the session can include team
members and stakeholders. It is important to invite
individuals who understand the session question and who are
in a position to oer answers.
Ask the participants to provide ten answers to the
question; ask that they write one answer on each piece of
paper. By using sticky notes, you can expedite the process of
putting the answers on the wall. Sticky notes also enable you
to easily group and regroup the participants answers.
I once presumed that all participants would their own
bring pen. How wrong I was. Tat is when I learned to
provide all the materials needed such as sticky notes and
pens. Often I also bring colored felt-tip pens and colored
sticky notes that are at least 4"x4"; these materials enable
participants to easily read the answers from across the room.
And the colors make the meeting a bit more festive and help
create an environment of fun.
Steps to Follow During the Meeting
Step 1: Explain the process
You could use this white paper as a basis for the explanation.
Step 2: Define the terms
Tere are a few key terms that the group must dene. I
usually propose a denition and let the group come to a
consensus. Here are the key terms and denitions I propose.
Te nal denitions are not the critical part, a common
understanding is.
Risk is a positive or negative unknown that will impact 1.
the projects objectives.
Qualitative risk analysis involves rating the probability of 2.
risks using a scale, such as high/medium/low (H/M/L).
High probability: Te risk usually always happens.
Medium probability: Te risk occasionally happens.
Low probability: Te risk will most likely not
happen.
3. Quantitative risk analysis involves assessing the impact
of a risk on time, cost, scope, quality, or customer
satisfaction.
High impact: A50 percent increase or decrease in one
or more areas.
Medium impact: A 20-50 percent increase or
decrease in one or more areas.
Low impact: A 20 percent increase or decrease in one
or more areas.
Step 3: Ground rules
I use the following short list of ground rules for the meeting.
1. No idea is a stupid one.
2. No personal attacks, just an open discussion of ideas.
3. Everyone must participate.
4. Put yourself in another stakeholders shoes and
imagine what that person would say.
5. Lets have some fun.
Step 4: Pass out the sticky notes before
asking the question
Step 5: Ask the question
One of the keys to CSM is the repetition of the question at
one-minute intervals. Te facilitator asks the question and
gives participants one minute to write one answer. Te process
is repeated until everyone has written ten answers. By requiring
the participants to write ten answers, I encourage them to dig a
little deeper. Te rst ve answers often come easily to almost
everyone; but those last few usually take a little longer.
I always explain to my sessions participants that the
format for the answer is, X may happen and will result in Y.
For example, We may lose subcontractor support and this
will result in being unable to nish the programming. A one-
or two-word answer is not sucient.
Step 6: Evaluate your answers
Tis step was not part of the original CSM, but I nd it
useful for participants to rate their answers. I use the H/M/L
PMI Virtual Library | www.PMI.org | 2010 Teresa James
3



rating scale described above; I instruct participants to place
on each stick note a rating for probability in the upper left
corner and a rating for impact in the upper right corner.
Step 7: Stick the answers on the wall and
arrange these responses into
categories
I ask each person to place one sticky note on the wall. I
then read the notes already on the wall so the participants
can either add their notes to the proper group or start a new
group. I do this until all notes are on the wall. Any note that
duplicates another note is placed over the existing note.
Step 8: Go through the categories
When all the notes are on the wall, I evaluate the categories
with the group and move any notes as needed. I work with
the group to name the categories, such as Financial Risks
or Hardware Risks. In looking at each risk category, the
group nds the high probability/high impact risks and then
identies those risks that have a high probability or a high
impact. I verify that the group agrees with the rating. Te
group then reviews all the risks in the category to ensure
that a high risk has not been overlooked. Although the low
probability items are often silly things, like key personnel
winning the lottery and leaving the project, these often point
to real risks. Tat is why a review of all the risks is essential.
Step 9: Next steps
Te highest risks go on a risk register and the others are put
on a watch list. For some of the higher risks, the group may
decide to perform a further quantitative risk analysis. All of
the risks on the risk register are assigned risk owners and the
risk owners develop risk response plans.
At the end of a project phase, and after a risk event has
occurred, the group reviews the risk register and the watch list.
Develop the Risk Plan
Tese simple steps, which require only a couple of hours to
perform, are the basis of forming a very simple risk plan.
According to the Project Management Institutes A Guide to
the Project Management Body of Knowledge (PMBOK

Guide)
Fourth Edition, a risk plan contains these components:
Methodology
Roles and responsibilities
Budgeting
Timing
Risk categories
Denitions of risk probability and impact
Probability and impact matrix
Stakeholder tolerances
Reporting formats
Tracking
Each of these components is included in my proposed
approach:
Methodology is contained in this white paper.
Roles and responsibilities are dened in the meeting and
in the risk register.
Budgeting, including a contingency reserve, occurs
outside the meeting, but estimates can be developed using
the risk responses on the risk register.
Timing includes the time of the meeting and the interval
for reviewing the risks.
Risk categories are dened during the brainstorming
meeting.
Denitions of risk probability and impact are also
outlined during the meeting.
Probability and impact matrix is easily created outside the
meeting using the ratings listing on the sticky notes.
Stakeholder tolerances are often adjusted based on the
results of risk identication.
Reporting formats and tracking are dened during the
meeting.
So there you have it, a simple risk plan. Try it and see
for yourself if it is as easy and eective a as I suggest
it is.
About the Author
Teresa James, PMP, is a program and project manager at
Bechtel Jacobs Company, LLC (Oak Ridge, TN, USA).
She has 15 years of experience in managing information
technology projects for colleges, manufacturing
plants, hospitals, and government agencies conducting
environmental monitoring. For ve of her 15 years of
professional experience, Ms. James provided her services as an
independent consultant. Along with her Project Management
Professional (PMP) credential, she is also a Six Sigma Yellow
Belt and holds a Master of Science degree in Planning
(University of Tennessee). You may contact her via e-mail at
tljames@comcast.net.