Abstract: Risk management has always been the key and difficult issue in project management. Based on the author's experience in project management for many years, this paper conducts in-depth research on the definition of risk, the characteristics of risk, risk identification and methods, risk analysis and methods, risk control, and risk factor index system. The problem has been comprehensively expounded, hoping to play a role in attracting new ideas to the majority of project managers.
I. DEFINITION OF RISK In his book on risk management Robert Charette defines risk as follows: "First, risk is concerned with what happens in the future. . . . What we reap today is the seed sown by previous activities. The problem Yes, can we create a completely different hopeful future for our own tomorrow by changing our activities today. Second, risks can change, just as hobbies, opinions, actions, or places can change.... Third, Risk leads to choice, and choice itself creates uncertainty. So risk, like death, is something whose life cycle has little certainty." Here, what we mean by project management risk is usually related to Link:
1. There are losses or gains associated with it;
2. Involves a certain probability or uncertainty;
3. A choice is involved.
Risks are certainly uncertain, but uncertain events are not necessarily risks. Therefore, we can also define project management risk as follows: Project management risk is the potential for negative consequences of project management activities or events that project managers do not want.
The characteristics of the risk
First, the objectivity and universality of risk existence.
As the uncertainty of the occurrence of losses, risk is an objective existence that is not transferred by people's will and surpasses people's subjective consciousness, and in the whole life cycle of a project, risk is ubiquitous and always present. These explain why although human beings have always hoped to recognize and control risks, until now they can only change the conditions for the existence and occurrence of risks in a limited space and time, reduce the frequency of their occurrence, and reduce the degree of loss, but cannot and cannot be completely eliminated. risk.
Second, the contingency of a specific risk and the inevitability of a large number of risks.
The occurrence of any specific risk is the result of the joint action of many risk factors and other factors, which is a random phenomenon. The occurrence of individual risk accidents is accidental and disorganized, but the observation and statistical analysis of a large number of risk accident data show that they show obvious laws of motion, which makes it possible to use probability and statistical methods and other modern risk analysis methods to analyze. Calculating the probability of occurrence of risks and the degree of loss also leads to the rapid development of risk management.
Third, the variability of risk.
This means that in the whole process of project implementation, various risks can be changed in quality and quantity. As the project progresses, some risks are controlled and eliminated, others occur and are dealt with, and new risks may arise at each stage of the project.
Fourth, the diversity and multi-level nature of risks.
Large-scale development projects are long-term, large-scale, wide-ranging, and have a large number and variety of risk factors, resulting in a variety of risks throughout their life cycle. In addition, the internal relationship between a large number of risk factors is complex, and the cross-influence between each risk factor and the outside world makes the risk show multi-level.
3. Risk identification and methods Risk identification in the project management process mainly answers the following questions:
1. What risks should be considered;
2. What are the main factors that cause these risks?
3. How serious are the consequences of these risks?
Therefore, as an excellent project manager, you must master the following risk identification methods:
1. Decomposition principle: It is to decompose the complex and difficult to understand things in the project management process into relatively simple things that are easy to understand, and decompose the large system into small systems, which is also a common method when people analyze problems (such as project work. breakdown structure WBS);
2. FALT TREES method: It is to decompose large risks into various small risks in the form of diagrams, or to decompose various causes of risks, which is a favorable tool for risk identification. This method uses a tree diagram to arrange project risks from coarse to fine, from large to small, and arranges them hierarchically, so that it is easy to find all risk factors and the relationship is clear. Similar to the fault tree, there are probability trees, decision trees, etc.;
3. Expert investigation method: Since the main task in the risk identification stage is to find out various potential hazards and make qualitative estimates of their consequences, quantitative estimates are not required, and because some hazards are difficult to use statistics in a short time. method, experimental analysis method, or causal relationship demonstration (such as the impact of changes in market demand on the economic benefits of the project, the impact of similar software developers on the organization's competition, etc.). This method mainly includes two kinds: brainstorming method and Delphi method. The latter was invented in the early 1950s by the RAND Corporation, a famous American consulting agency. It mainly relies on the intuitive ability of experts to identify risks, that is, the opinions are gradually concentrated through the investigation until they reach a certain degree of consensus, so it is also called the method of concentration of expert opinions. The basic steps are:
① The project risk management personnel will propose a risk problem investigation plan and formulate an expert questionnaire;
② Invite some experts to read the relevant background materials and project design materials, answer relevant questions, and fill in the questionnaire;
③ The risk management personnel collect and sort out expert opinions, and feed back the summary results to the experts;
④ Invite experts to fill in the form for the next round of consultation until the expert opinions tend to be concentrated.
Of course, although there are a large number of risk identification methods currently available, there are still some problems in the risk identification theory, mainly in three aspects:
① Reliability problems, i.e. whether there is a serious danger undetected;
② This question, that is, whether the data collected for risk identification, the cost of research or scientific experiments is meaningful;
③The problem of deviation, that is, whether the obtained results are objective and accurate due to the great subjectivity and uncertainty of risk identification.
4. Risk Analysis and Methods Risk analysis is the analysis of the consequences of any event that may occur in the project management process on the basis of risk identification to determine the probability of the event and the potential related consequences that may affect the project. . The starting point of risk analysis is to reveal the causes, effects and extent of observed risks and to propose and examine alternatives. To describe and quantify a particular risk and its magnitude, some modeling work is usually done. There are many modeling methods to help risk analysis. Typical modeling methods are:
1. Schedule network model: Risk Evaluation Review Technique (VERT) or Program Evaluation Review Technique (PERT), including independent activity networks, used to analyze the impact of an event in the project management process;
2. Life cycle cost (LCC) model;
3. Rapid response rate/quantitative cost impact model.
The first two models are used to examine schedule risk and project cost risk. It can be used when there are multiple options to consider in developing a project development plan, prioritizing the project process, and maintaining the software. The rapid response model is used when project funding is challenged, often during the budget cycle. Most of these challenges occur just before the project begins, and can therefore significantly impact the execution of the overall project. Rapid response models can also be used to examine possible cost implications to determine the budget allocations required for various alternatives to the project plan.
In addition, risk analysis has four purposes:
1. Compare and evaluate the risks of the project and determine their sequence;
2. To clarify the exact causal relationship between various risk events from the overall perspective, in order to formulate a systematic risk management plan;
3. Consider the conditions for the mutual transformation of various risks, study how to turn threats into opportunities, and also pay attention to the conditions under which opportunities can be transformed into threats;
4. Further quantify the probability and consequences of the identified risks and reduce the uncertainty in the estimation of the probability and consequences of risks.
The result of risk analysis is a "prediction list". It should be able to give the probability of a certain hazard in the project management process and the nature and probability of its consequences. Generally, there are objective probability and subjective probability about probability. There are two calculation methods: one is to calculate based on a large number of experiments with statistical methods; the other is to decompose the event set into basic events according to the classical definition of probability, and use the analytical method to calculate. But in practical work, it is often impossible for us to obtain enough information, because it is usually impossible to conduct a large number of experiments on the risk events we encounter, and because the events will occur in the future, we cannot make accurate analysis, and it is difficult When the objective probability is calculated, at this time, only decision makers or experts can estimate the possibility of the occurrence of the event, which is the subjective probability. Subjective probability is a method of making estimates with less information, that is, using a value between 0 and 1 to describe the probability of an event occurring based on personal views on whether or not the event occurred. In other words, it is the intuitive judgment of events made by the expert's long-term experience. The possibility of intuitive judgment deviation is very large. In recent years, scientists are exploring the procedures and methods to reduce these deviations from various aspects, such as the previous The essence of the Delphi method is to use a large number of intuitive judgments to solve the problem of deviations that are prone to occur in the intuitive judgments of individuals. Expert systems and artificial intelligence systems use computer-aided decision-making to improve the efficiency and accuracy of intuitive judgments. practical approximation. Scientific experiments have proved that most people's estimates cannot exceed what they have experienced and recognized, which is due to the limited experience and the limitations of the cognitive process. How to ensure that the subjective probability is as accurate as possible is a problem that still needs to be studied for a long time in the future.
The main methods used in risk analysis are: probability distribution, probability tree and extrapolation method, PERT, GERT, and Monte Carlo method is an important method that is increasingly widely used with the popularization of computers. In the case of high precision, it is more important to perform selective comparison of a few feasible solutions. Mastering the above methods has a great effect on improving the ability of project managers to manage risks.
Five, risk control Risk control refers to the use of certain technologies, such as prototyping, software automation, software psychology, reliability engineering and certain project management methods to try to avoid or transfer risks. All the research we have done on project risk has been aimed at achieving good risk control. Based on actual project management experience, we recommend the following risk control steps:
1. Negotiate with current project members to determine the reasons for staff turnover (such as poor working conditions, low income, people, market competition, etc.);
2. Include mitigation of these causes (risk avoidance) in the planned control plan prior to the start of the project;
3. When the project is launched, be prepared for the movement of people to occur, and take some measures to ensure that the project can continue once people leave (reducing the risk);
4. Establish a project team so that all project members can keep abreast of information about project activities;
5. Develop document standards and establish a mechanism to ensure that documents can be generated in a timely manner;
6. Organize a detailed review of all work, so that more people can complete their work as planned;
7. For each key technical personnel, we must train backup personnel;
8. Track events and major risk factors at project milestones for risk reassessment;
9. Maintain the collection of information on risk factors during project development.
Of course, these steps add extra cost to project management and take up a lot of effective project planning effort, but experience has proven that all these efforts are worth it.
6. Risk factor indicator system Below, combined with the actual situation of most project management, we give a risk factor indicator system diagram. When making project decisions, we can analyze project risks from the following aspects. The risk factor indicator system is shown as follows:
7. Summary As the saying goes, sharpening knives is not wrong for chopping wood. In the project development process, a successful risk management can prevent and reduce the impact of potential problems in the project, it is an effective prescription for dealing with crisis. In the project life cycle, a good project manager should achieve a balance between risk response and risk prevention: when the risk does not appear, risk management helps you reduce the probability of risk occurrence through scientific analysis and methods Or transfer risks and reduce risk losses; when a risk occurs, risk management helps you to respond quickly with a well-thought-out solution, thereby reducing the impact of the risk on the entire project.