Every project involves some degree of risk ("nothing ventured, nothing gained...."), but that risk can be controlled with a bit of careful analysis, planning and communication. As a project manager (or a manager dealing with projects), it is your job to anticipate project risks, and then to devise appropriate means to control those risks before they can get out of hand.
This is where the risk management process comes in, beginning with risk identification and analysis. The starting point in the risk identification and analysis process is full consideration of perceived project value and complexity. Risk analysis will take time, and add overhead to the project schedule and budget. The effort and cost of any risk management effort should be appropriately sized to the project at hand, considering priority, value and return on investment.
Smaller projects, of lesser value and visibility will not demand the same attention to "risk" as larger projects, with greater value, visibility and cost. And, as with all governance endeavors, the process should be sized to fit the project.
Common Sense Steps for Analyzing Risk
Risk analysis revolves around the question of possibility and probability. There are so many types of risks for IT projects, but that fact alone does not automatically every risk is possible for every project. If "possibility" is not a factor within a given project, there will be no need for further analysis. But if a given risk is in fact "possible", then the next question arises - is it probable? Probability is a key question - the more probable the risk, the more important the risk analysis effort.
Possibility, Probability and Project Scope
Effective risk identification and analysis is predicated upon the existence and quality of project scope and goals. If you have clearly identified your project goals and priorities, then you will be able to use that knowledge to assess the impact and consequences of any probable project risks. For example, if you view probable risk and likely impact in context of overall project priorities, you will be in a better position to evaluate the need for targeted action.
To that end, with your identified risks in hand (considering the possible and probable), you can now move on to consider the following types of questions:
- Can this risk affect the quality of my product or project end-result?
- Can this risk affect project budgets and costs?
- Can this risk affect the project schedule?
- Can this risk affect the project planning and management process?
- Can this risk affect the stability of project work environment?
For each "yes", you can then proceed to the next question....
Does this risk pose a sufficient threat to my project so that further action is warranted?
If the answer is "no", then the results of that analysis should be properly documented, thus declaring that no further action is warranted. Remember that the goal of risk management is not just to avoid risk, but to also apply logic and reality to any decisions and strategies for dealing with risk. If, at this point, you can acknowledge risks, and logically decide to take no further action, your goals in risk management will be realized.
However, if the answer is once again "yes", thus acknowledging the need for further action, then continued assessment should proceed. encompassing the question of impact and consequences.
- Once you acknowledge the possibility of impact, and the need for further action, you will then need to look at the issue of consequences. For example, you may know that a delay in network card delivery could impact a desktop installation project, but how will that delay affect the overall project .... will that one delay affect the entire schedule, or can other parallel activities help to make up for that lost time?
- The answers to these types of questions will help you to pinpoint the likely consequences of a given risk. With this information in hand, you can then begin to evaluate your options to either avoid the risk in entirety, accept the risk and move forward with the project without any specific risk related action, or take steps to lessen the risk impact (mitigate the consequences).
Of course, the viability of any risk "response" will depend upon project specifics and the capability of the performing organization to execute controlling procedures. It's all part of having a nimble management approach and ready-to-go management standards.
Even under the best of circumstances, management is a challenge. When you learn to fast track, you’ll learn to work smarter, not harder. And that’s the value of every lesson, resource and template available at Fast Track Manage Learning. We teach you how to fast track your way to successful projects, committees and more. Learn More
Source: Unless noted otherwise, all content is created by and for ITtoolkit.com
ITtoolkit.com staff writers have experience working for some of the largest corporations, in various positions including marketing, systems engineering, help desk support, web and application development, and IT management.
ITtoolkit.com is part of Right Track Associates, proprietors and publishers of multiple web sites including ITtoolkit.com, Fast Track Manage, HOA Board List and more. We started ITtoolkit.com in 2001 and have continued to grow our web site portfolio, Toolkit products, and related data services. To learn more, visit us at Right Track Associates.