Page 1 of 2

Print
Close

Take a Risk (Part 1)

Geoff Choo

May 12, 2004

Uncertainty is the biggest enemy of the project manager. In other words, what you don't know may hurt you.
Uncertain events, obstacles and issues always crop up when they are least expected and for every step you
take forward, you find yourself sliding two steps back.

Thinking hard about how you're going to deliver your project scope is important, but it's even more important
to think about what can prevent you from completing your project. That means taking a proactive approach
to managing risks before they happen. While you can't prevent risks from happening, you can greatly reduce
the negative impact on your project's scope, schedule, budget and quality.

And this is where the PMBOK risk management can really make the difference. The PMBOK defines risk
management as the systematic process of planning, identifying, assessing and handling project risks using
the six processes of risk management planning: risk identification, qualitative risk analysis, quantitative risk
analysis, risk response planning, risk monitoring and control. In this article, you will learn how and why using
this risk management approach can greatly increase the chances of delivering your project on time and on
target.

Risk Management Planning

Contrary to what you might think, risk management planning isn't about figuring out what the risks are and
how to handle them. That will come much later in the process. What we want to do in this stage is to create
a risk management plan that outlines how we're going to decide what sort of risk management we're going
to perform on our project. That means deciding upfront what risk methodology we're going to use, who will
be involved and what their responsibilities will be, what techniques we will use for risk identification,
qualification, quantification (if we're going to have enough resources to use this process), as well as risk
monitoring and control.

How does this impact your project? You will have a clear roadmap to help guide your risk management
activities and help prevent wasting time and resources thinking about what you have to do later on.

Risk Identification
The PMBOK risk identification process teaches you that the best way to identify risk is to seek the collective
feedback of project team members and stakeholders in the definition of project risks and their triggers by:

1. Going through every entry in your WBS

2. Examining each and every entry against a checklist of risk categories
3. Using a variety of information-gathering methods like brainstorming, SWOT analysis, the Delphi

http://www.gantthead.com/articles/articlesPrint.cfm?ID=217627 10/21/2008
 Page 2 of 2

method and so on to come up with a list of risk events and their triggers, which are early warning signs
that help tell you when a risk is about to occur or has occurred.

The key things to note are that your risk identification team shouldn't be spending time here on deciding
what methods you'll be using to identify the risk, since that should have already been previously defined in
the risk management plan. Also, it's important to remember that as you gather your risks, you shouldn't be
concerned about debating the merits of including a risk on your list or discussing possible handling
strategies. You will have time for that later. The main thing you want to do now is to document as many risks
as you can. These identified risks not only make up essential input into the rest of the risk management
process, but also impact other planning processes like cost estimating and activity duration estimating.

How does this impact your project? The systematic use of risk categories and checklists help ensure that
you identify all possible risks that are critical to your project. Risk categories also serve as useful seed topics
to spark off the brainstorming process. Involving your team members and stakeholders in the process will
help ensure that you get the widest possible range of feedback and input into the risk identification process
as possible. Modern projects are too complex for any one person to know everything. You need the breadth,
depth and diversity of insight, knowledge and judgment that only people with different talents, experiences
and skills can bring.

Qualitative Risk Analysis

In the qualitative risk analysis process, you'll begin to filter down your previously created list of identified
risks by giving a priority to each risk you have identified in the risk identification process. You'll derive this list
of prioritized risks as well as the overall risk ranking by making subjective cardinal or ordinal assessments of
the probability of occurrence and magnitude of impact of identified risk events, creating a risk ranking matrix,
testing your project assumption with alternative scenarios and data precision ranking.

How does this impact your project? You have limited resources to deal with risks and you need to spend
your precious resource only on the more important risk, or the one with the greatest probability of
occurrence. The list of prioritized risks will tell you which risks need further quantitative analysis and which
should be carried over directly to your risk response planning instead. Since this is an ongoing process that
gets carried out throughout the project lifecycle, you'll be able to accumulate a repository of data that lets
you track the trends of your qualitative risk analysis results. This will give you great insight into the risk
challenges your projects face over time. The overall risk ranking lets the organization create a risk ranking
methodology that will let your organization compare the levels of risks of individual projects in the overall
project portfolio and make smarter decisions regarding the more efficient allocation of project budget and
resources.

In our next installment, we will take a look at quantitative risk analysis, risk response planning and risk
monitoring and control.

Geoff Choo helps plan, design, implement, and manage enterprise software development projects for Northern Italian companies.
He can be reached at gantt.head@tiscali.it.

Copyright © 2008 gantthead.com All rights reserved.

The URL for this article is:

http://www.gantthead.com/article.cfm?ID=217627

http://www.gantthead.com/articles/articlesPrint.cfm?ID=217627 10/21/2008