PMcrunch

How do we define risks on projects?  How do we control risks to ensure successful outcomes?
 

These are some interesting [tag]risk management[/tag] questions.  Based on some current experience coordinating [tag]risk[/tag] across scores of major defense programs, here are 6 key items that can be considered in a ‘closed loop’ risk management program:
 

1. What is the deliverable?  If there is a perceived risk, there is some ‘thing’ of concern.  What is it?  It will be difficult to get very far without an explicit description of exactly what this deliverable is.  It is also important that it is documented that the Requester and Provider have agreed on the documented deliverable.

2. When is the deliverable needed?  It is critical that one single, specific date is established.  It is also extremely helpful if there is documentation that the parties - Requester and Provider - have agreed to that date.

3. What is the [tag]risk mitigation date[/tag]?  The ‘mitigation date’ is a sort of ‘go or no go’ decision date.  It is a key checkpoint or milestone at which risk can be assessed - or re-assessed - as to probability of occurrence, when there should be a high degree of clarity as to whether the deliverable can be met, but at the same time that there are still mitigation options.  The basis for this is that when there is enough time, there are options available, whereas when the deliverable date is very close, there is a greatly reduced field of options available to mitigate.  In addition to establishing a mitigation date, is equally important that the Requester and Provider formally agree to that date.

4. A risk level needs to be assigned by the Requester, and the Requester is uniquely positioned to determine the Impact, which is a severity level that occurs if the deliverable is not met.

5. A risk level also needs to be assigned by the Provider, and the Provider is uniquely positioned to determine the probability or likelihood of meeting the deliverable.  This can change over time - which is the reason for establishing the mitigation date.  If a high enough degree of clarity has not developed by a given mitigation date, one strategy is to establish a new mitigation date based on new information.

With the above information - 5 items - many risks within a project or program can be managed.  Risks need to be worked constantly, but with the above information, the project manager is in a position to best identify issues in a timely manner, to know when to re-evaluate as time horizons change, and to know what to do when a wider field of mitigation options is still available.
____________________________
John Reiling, PMP
Project Management Training Online
Lean Six Sigma Training Online