Risks are uncertain events that bring threats or opportunities to the project.
The project is carried out in a complex natural and social environment, influenced by numerous factors. For these internal and external factors, project managers often have insufficient awareness or insufficient power to control them. The process and results of the project are often beyond people's expectations, sometimes not only do not achieve the main purpose of the project, but make them suffer various losses, and sometimes bring them good opportunities. Projects carry risks like any other economic activity. To avoid and reduce losses and turn threats into opportunities, we must understand and master the source, nature and regularity of project risks, and then implement effective management. The following describes how to carry out project risk management from the planning stage and monitoring stage in the five process groups of project management.
planning stage
Risk management plan preparation
The risk management plan is how risk management activities will be addressed and performed for the project. The risk plan can be formulated by the method of meeting. If the project investment scale is relatively large, all the representatives of the project stakeholders (such as: senior project manager, project manager, technical manager, business department director , salesperson , etc. ) should be invited to participate . Risk management planning meeting, comprehensively consider the impact of risks on the project, and formulate an adequate risk management plan.
In the plan, basic risk management activities should be identified (such as a risk assessment meeting held every 15 days), the risk management process for the project should be defined, the timetable and cost of risk management should be estimated, and risk management activities should be incorporated into the project plan. The risk management fee is incorporated into the cost expense plan.
Risk Identification
The goal of risk identification is to identify potential problems in the project that may affect the achievement of project objectives (leading to cost overruns, schedule delays), to identify which risks may affect the project, and to describe the characteristics of these risks . Risk identification is a process repeated many times throughout the project. Risks are reviewed at almost every regular project meeting. Which of the identified risks have actually occurred and what is the impact? How to deal with it? What other potential risks may occur? After solving the previous risk, there are no residual risks and secondary risks.
According to the actual situation of the project, risks can be divided into two categories: technical risks and management risks, and each category is subdivided into various subcategories. For example, technical risks include: requirements, design, testing, etc. Identify project risks based on a combination of organizational risk lists or from project initiation reports, scope statements, WBS , cost and schedule estimates, resource plans, and lists of assumptions and constraints. The main methods adopted are project document review and information collection techniques. Project document review is to find out assumptions, constraints , understood goals, project scope, project resource plans, schedules, cost estimates, etc. in project documents. The quality and consistency of these plans and project requirements and assumptions form the risk list. Through the above methods and technologies, the main risk categories of the project , risk events , and aspects that may affect the project can be found out, and a detailed risk record can be formed. As follows:
| Risk category |
risk event |
Aspects that may affect the project |
| technical risk |
(1) Insufficient understanding of methods, tools and techniques ; (2) Insufficient experience in the application field ; (3) Application of new technologies and development methods, etc. |
Cause cost overruns and schedule delays |
| demand risk |
(1) Lack of clear understanding of the product ; (2) Lack of recognition of product requirements ; (3) Insufficient customer participation in making demands ; (4) No priority needs ; (5) New needs due to uncertain needs ; (6) Constantly changing needs ; (7) Lack of effective requirements change management process ; (8) Lack of relevant analysis on changes in demand. |
May produce the wrong product or poorly build the intended product. |
| manage risk |
(1) Insufficient definition of plans and tasks ; (2) Unrealistic promises ; (3) Availability of experienced personnel ; (4) Communication among employees, etc .; (5) Subcontractor management. |
Cause cost overruns and schedule delays |
Qualitative and quantitative risk analysis
风险分析是指对已识别的风险做出进一步的分析,定义出风险的优先级以及发生的可能性。在分析过程中,组织组成员、风险专家对风险的概率及影响进行了科学的分析评估,对风险清单中列明的所有风险计算出一个确定的风险值,其计算公式为:风险概率*风险影响,以便确定风险的可接受度或不可接受度,然后再根据风险值确定风险相对优先顺序。对于优先级高的风险(比如:进度延误大于30%,或者费用超支大于30%;风险发生的几率为1.0 ~ 0.8),将其单独列在《风险管理报告》中,并提交高层经理和项目管理部。同时分派项目风险管理人员对高级别的风险展开实时跟踪监控及记录。如下是风险分析表实例:
| 风险类别 |
风险事件 |
可能性 |
影响 |
风险值 |
| 技术风险 |
需求不明确,增加需求,导致需求蔓延。 |
70% |
50% |
35% |
| 技术风险 |
采用新技术可能导致进度的延期。 |
50% |
30% |
15% |
| 管理风险 |
进度要求紧,合同金额和日期有限。 |
30% |
50% |
15% |
| 管理风险 |
开发人员对测试工作不重视。 |
20% |
80% |
16% |
| 管理风险 |
开发人员的流动。 |
15% |
60% |
9% |
风险应对计划编制
根据定性和定量分析的结果,根据风险的重要性、影响范围及发生概率等制订了风险应对计划。在该计划中,充分考虑以下几个因素:风险重要性、成本有效性、应对的及时性、项目环境中的现实性、是否可以被项目干系人所接受,并为每一个风险指定了相关的责任人以及应采取的风险应对措施,同时,兼顾增加对项目有利的机会、减少对项目的威胁。对不同的风险,采取了不同的措施。对于《风险管理报告》中所列的重点监控风险,专门组织高层经理、项目组骨干成员、项目管理部、客户代表等人参与的讨论会议,对重点风险的应对给予更有效的应对策略,并使其应对办法取得重点项目干系人的认同与支持。会后形成的主要应对策略示例如下:
| 风险类别 |
风险事件 |
应对措施 |
| 技术风险 |
... ... |
1、培训、聘请顾问以及为项目团队招聘合适的人才等。 2、选用项目所必须的技术、在技术应用之前,针对相关人员开展好技术培训工作。 |
| 需求风险 |
... ... |
1、项目建设之初就和用户书面约定好需求变更控制流程、记录并归档用户的需求变更申请。 |
| 管理风险 |
分包商风险 |
1、指定分包经理全程监控分包商活动、让分包商采用经认可的开发流程、督促分包商及时提交和汇报工作成果、及时审计分包商工作成果等。 |
| 管理风险 |
职责不明确风险。 |
1、定义项目追踪过程并且明晰项目角色和责任。 2、项目建设之初就和项目各干系方约定好沟通的渠道和方式、项目建设过程中多和项目各干系方交流和沟通、注意培养和锻炼自身的沟通技巧。 |
| 管理风险 |
缺乏领导支持风险 |
1、主动争取领导对项目的重视、确保和领导的沟通渠道畅通、经常向领导汇报工作进展。 |
| 管理风险 |
进度风险 |
1、分阶段交付产品、增加项目监控的频度和力度、多运用可行的办法保证工作质量避免返工。 |
| 管理风险 |
质量风险 |
1、经常和用户交流工作成果、品牌管理采用符合要求的开发流程、认真组织对产出物的检查和评审、计划和组织严格的独立测试等。 |
| 管理风险 |
团队成员能力和素质风险 |
1、在用人之前先选对人、开展有针对性的培训、将合适的人安排到合适的岗位上。 |
| 管理风险 |
团队成员协作风险 |
1、项目在建设之初项目经理就需要将项目目标、工作任务等和项目成员沟通清楚,采用公平、公正、公开的绩效考评制度,倡导团结互助的工作风尚等。 |
| 管理风险 |
人员流动风险 |
1、尽可能将项目的核心工作分派给多人(而不要集中在个别人身上)、加强同类型人才的培养和储备。 |
| 管理风险 |
工作环境风险 |
1、在项目建设之前就选择和建设好适合项目特点的管理和满足项目成员期望的办公环境、在项目的建设过程中不断培育和调整出和谐的人文环境。 |
监控阶段
风险监控
风险监控是指执行风险应对措施,并且连续对项目工作进行监督以发现新的风险。随着项目实施的进展,内部和外部的环境的变化,记录在风险应对计划中的风险优先级、发生的概率、影响的范围等都可能出现变化,另外还可能出现一些之前没有预计到的风险,为此对已识别风险进行定期跟踪、监测残余的风险、识别新产生的风险,对于保证风险计划的有效执行是必不可少的。
比如:以周和里程碑为单位,定期对风险实行评估、审计。每周的项目例会中将风险管理作为一个议程,对风险应对措施实施的有效性以及当前风险的状态进行检查,并识别项目中可能出现的各类新的风险。在里程碑阶段,通过《里程碑报告》来总结此阶段的风险措施的执行情况,并组织相关项目干系人重新评估风险,同时更新《风险应对计划》。对于在项目执行过程中新出现的风险,将其提交项目管理部门组织进行评审后,更新到组织级《风险列表库》中,为后续的项目制定风险管理计划提供依据。