|
Know Thy Risk
Risk
is all-pervading and projects are not immune from it. Overshooting
budgets, project delays and deliverables that fail to conform
to client specifications are all kinds of risks that a project
faces. The Project Management Institute’s Project Management
Body of Knowledge (PMBOK) Guide defines risk as an uncertain
event or condition that, if it occurs, has a positive or negative
effect on a project’s objectives. According to it, the
project risk management includes the processes concerned with
conducting risk management planning, identification, analysis,
responses and monitoring and control on a project. A project
manager must not only actively identify and assess risks inherent
in the project but also devise an effective plan to mitigate
those risks for successful completion of the project. Given
that, an effective risk management system is and should be
an integral part of project management.
The
cover story aptly focuses on the issue of risk. It emphasizes
on the need to have a Formal Risk Management Plan, which it
says is a good idea in most cases. A formal plan provides,
in writing, the strategy and ground rules for the risk management
process, identifies stakeholders, sets objectives, defines
the process and presents roles and responsibilities. It should
also contain the template(s) for documentation associated
with the risk management program. It is helpful to create
(or copy from others, if possible) the defined risk areas
(e.g., technical, financial, project management, and environmental,
etc.). The plan should also present requirements for prioritizing
and for closing risks. However, as no size fits all, every
company is different in its risk tolerance and its specific
risk management process, and hence borrowing from another
company may not be useful, the author suggests. Develop a
plan that aptly addresses the need of your company, in terms
of risk management.
The
author suggests that to ensure greater effectiveness, oversight
of the risk management program is needed. Since risks can
affect any or all areas of a company, one accepted idea is
to have the risk management control at the highest level of
the organization practicable. This can save resources or provide
economy of scale for solutions. He, however, cautions that
the higher level of control, the wider the reach, but also
the less direct contact or oversight at the working level.
Some companies maintain the risk management at the project
or program level. While it may work, it doesn’t encourage
the sharing of information, strategies or lessons learned
across projects, he says. The author advises to develop what
he calls ‘the Risk Management Database’ which contains
such information as the Probability of occurrence, Impact/Severity
and Mitigation strategies. This risk database should be reviewed
periodically —from weekly to quarterly—depending
on the number and severity of the risks. In preparation for
the review, the designated owner(s) of each risk should update
the status. Also, the risk database should be available for
viewing by anyone who has an interest or a role.
As
business environment becomes more complex than ever, it only
adds to the uncertainty and hence the risk. It means that
risk management must be an integral part of good management
practices.
-
Amit Singh Sisodiya
|
