1. Why risk management?
Because we face a series of problems:
1. What potential problems will our project have that we can't see yet?
2. How likely is the risk to occur?
3. Who is responsible for monitoring and addressing risks?
4. What strategies and measures do we use to deal with project risks?
5. What is the psychological tolerance of project stakeholders to risks?
To solve these problems, what should we do?
1. Project risks need to be identified, analyzed, responded to and monitored.
2. There should be a plan for the risk management of the entire project.
3. Consider the risk coping strategies summed up by predecessors.
2. What are the risks in the project?
1. Important personnel suddenly leave the project team, such as being transferred to other projects, suddenly falling ill, changing jobs, etc.
2. Changes in industry standards or related policies during the project.
3. Significant changes in requirements.
4. Some members are not competent for their work.
5. The cooperation of various departments is not satisfactory, and the required assistance cannot be obtained.
6. There are technical problems that are difficult to solve in the middle of the project.
7. Traffic problems caused by natural disasters prevented the project from completing the system launch on the planned date.
8. Accidents cause the computer system to crash, and most of the project's documents and data are lost.
……
……
3. How to carry out risk management?
What is risk? Project risks are uncertain events or situations that, if present, will have a positive or negative impact on project objectives. There are two types of risks: foreseeable risks and unforeseen risks. Foreseeable risks can be foreseen, planned and managed. The unforeseen risk is unforeseeable, unplanned and unmanageable, so it requires emergency measures.
The risk of threatening the project is also acceptable in some cases, and if it is well balanced, it can also have a positive impact, such as fast follow-up, fast follow-up brings the risk of rework, but if it can be planned And well managed, fast follow-up can also greatly reduce the project duration.
Risk management is to systematically identify, analyze and respond to risks, maximize positive impacts and minimize negative impacts. Specifically include the following work:
1. Risk Management Plan - A plan that defines the risk management approach and risk management activities.
2. Risk identification - identify the risks that may have an impact on the project and describe their characteristics.
3. Qualitative Risk Analysis - Qualitatively analyze the listed risks and prioritize them according to their impact on the project.
4. Quantitative Risk Analysis - Assess/measure the likelihood of risk occurrence and the quantification of its impact on project objectives.
5. Risk response plan - formulate measures and methods to increase the opportunities for the project and reduce the threat of risks to the project.
6. Risk monitoring - monitor the identified risks and residual risks, identify possible new risks, implement risk response plans, and evaluate the effectiveness of plan implementation throughout the project execution process.
The risk management plan is to plan the project risk calendar activities. content include:
1. Overall risk management methods, tools and data sources.
2. Roles and responsibilities related to risk management
3. Risk management budget
4. Risk management work schedule
5. Risk assessment method
6. The degree to which the risk can be accepted by the various project stakeholders
7. Content and format of the risk response plan report
8. Tracking and recording methods of risk management activities
In the risk management plan, it is necessary to clarify how to manage risks, what method to use, who is responsible for risk A and who is responsible for risk B, and the responsibilities should be clear. There are also risk assessment methods, which is why we consider an event as a risk to the project. There is also the risk that if there is a risk, what is the limit that the project stakeholders can bear? What is the budget for each risk? How are risks monitored? How to report? How to track and record. These things need to be clearly defined in the risk management plan.
Project risk identification is a process that is repeated many times in the entire project. It is best to review the risks at each regular project meeting. Which of the identified risks have actually occurred and what is the impact? How to deal with it? What other potential risks may occur? After solving the previous risk, there are no residual risks and secondary risks. During risk identification, possible participants include: project team members, project management or specialized risk management personnel in the company, technical experts, customers, end users, experienced project managers outside the project team, other project stakeholders, etc. So what can be used to identify project risks?
1. Project initiation report
The project initiation report clarifies the overall goal of the project, and the whole project is carried out around this goal.
2. Scope Statement
The scope statement defines the scope of the project, from which we can determine in advance what risks will be involved in a certain work in the scope, and its impact on the project.
3 、 WBS
The WBS is the project's scope baseline and contains all the work to complete the project.
4. Cost and schedule estimates
There are bound to be costs in responding to the risks that arise. Progress is often where the greatest risk arises.
5. Resource planning
The resource plan clarifies the resources and the quantity of resources required for each stage of the project. If the resources are not available on time, it is definitely a big risk.
6. List of Assumptions and Limitations
The assumption is to assume that something is true, but it is still uncertain whether it is true or not. For example, when formulating a schedule, it can be assumed that a certain key technical personnel will be in place when the test starts, then there is a certain risks of.
Constraints are the factors that limit the success of a project and are where project risk arises.
Methods of risk identification:
1. Project document review
This is the first step in risk identification, identifying assumptions and constraints in the project documentation, understanding the project's objectives, project scope, project resource plan, schedule, cost estimates, etc.
2. information gathering technology
A. brainstorming
The members of the project team sit around the table and express their opinions on where and what risks may occur in the project. Diverge your thoughts as much as possible and thoroughly brainstorm.
Matters needing attention: 1. The principle of "three nos".
2. The organizer should pay attention to controlling the scene, not to let some people talk all the time while others do not talk.
3. There is a special person to record, but no record of who said it
4. The organizer is careful not to let everyone stray from the topic.
B. Delphi technology
Delphi technology is an expert technology, and the specific organization method: experts related to the organization can be centralized or dispersed, and the topics to be discussed are sent to the participants, and then everyone writes their own opinions and hands them to the organizer. The participants will synthesize and organize these views, and then send the sorted views to each participant, and the participants will further express their own views based on the sorted views, and so on. can be declared over.
C. to interview
Interviews include business experts, technical experts, industry experts, experienced project managers, and more.
D. SWOT analysis
SOWT analysis is a comprehensive analysis of one's own strengths, weaknesses, opportunities and threats to the environment. It can be represented by a two-dimensional table.
E. lessons learned
3. Reference table
This is a database of information based on historical data and experience, and should be maintained and supplemented frequently.
4. Graphical technology
There are two such graphical techniques: fishbone diagrams and system flow diagrams.
System flow chart is also called transaction flow chart, which describes the logical process of each processing procedure in computer transaction processing from data input to output.
Qualitative risk analysis to determine the importance of all identified risks as a basis for further risk management activities. The most important result is a list of scores for the identified risks, ranked according to the score indicating their importance. This often depends on Experience and expert opinion. It takes the form of a two-dimensional assessment of risk.
Probability (P)
(0-1.0) Impact on project objectives I (0-1.0)
Probability/Impact Score Matrix
Project goal very low (0.05) low (0.1) medium (0.2) high (0.4) very high (0.8)
Cost increase is not obvious increase < 5% increase 5-10% increase 10-20% increase > 20%
Time schedule delay is not obvious Delay <5% Delay 5-10% Delay 10-20% Delay > 20%
Minor changes in scope of work, just notify minor/insignificant changes Significant changes Unacceptable changes to project stakeholders render parts of the project plan unusable
A slight reduction in quality only needs to be notified that there is a problem only where the quality is very high A reduction in quality requires approval from the user
Quantitative risk analysis with the goal of:
1. Determine the likelihood of achieving specific project objectives (schedule, cost, quality).
2. Quantitatively assess the risks of the project.
3. Determine the project risks that should be most concerned by quantitatively assessing the impact of risks.
4. Identify realistic, attainable goals regarding cost, time, and scope of work
The methods used are:
1. Interview is usually the first step in quantitative analysis, which is used to collect estimates of project risk probability and impact degree from project stakeholders, including optimistic and pessimistic estimates, to obtain a range of values, and probability is often used for analysis.
2. Sensitivity analysis: Estimate the impact of a risk on the project objectives when other risks remain at a normal level, and help determine which risk has the greatest impact on the project.
3. Decision tree: a structured decision analysis method, combined with the analysis of the probability of a decision path and its impact, can analyze which decision has the best benefits.
4, Monte Carlo method, simulation analysis.
decision tree
Development plan selection
Develop a risk response plan, formulate measures and methods to increase favorable opportunities for the project and reduce the threat of risks to the project, including the formulation of measures and the arrangement of responsible persons. The developed risk response plan should be suitable for the severity of the risk and be cost-effective. , timely, realistic, and actionable, agreed by all parties, and responsible for implementation.
Risk response strategy:
1. Risk transfer. Transferring the impact and responsibility of risks to a third party does not eliminate the risk. Usually, a third party is paid for the risk as a reward for taking the risk, in the form of a contract. For example: insurance, performance rewards and penalties.
2. Risk reduction. Seek to reduce the likelihood and impact of adverse risks, such as: adopting less complex processes; selecting more reliable suppliers; redundant designs; increasing resources or time.
3. Risk acceptance. Negative acceptance and positive acceptance, for high-risk events can develop a "retreat plan": risk reserve fund, backup plan, change the scope of work. The most commonly used measures are risk reserves: costs, resources, time. The amount of risk reserve depends on the probability, impact and acceptable risk loss of the risk.
Risk monitoring, monitoring identified risks and residual risks, identifying possible new risks, implementing risk response plans, and evaluating the effectiveness of plan execution throughout the project process, should judge:
1. Whether the risk response measures are implemented as planned.
2. Whether the risk response measures are effective and whether new measures need to be formulated.
3. Whether the project assumptions still hold.
4. Whether the status of the risk is changing.
5. Are there any signs of risk?
6. Whether the correct project charter and process are followed.
7. Whether there are unidentified risks.
4. Common mistakes in risk management
1. There is basically no risk management in the project.
2. Passive response, no active analysis, prevention, monitoring and prior countermeasures.
3. Risk analysis is only carried out in the early stage of the project, and there is no continuous monitoring during the project process.
4. There is no analysis and measures after the risk occurs and is dealt with to prevent the risk from recurring.
5. Risk responsibility is not assigned and unclear.
6. The identification and monitoring of risks are not based on everyone, and the project manager alone is the one who shoots the head.
7. Risks are not recorded and tracked, and lessons learned cannot be summarized.