RISK MANAGEMENT PLANNING
Following the decision to proceed with a project, detailed project planning begins. During this process, you must assess and mitigate potential risks to the project. Risk management planning is the process of identifying risks and developing mitigation strategies and contingency plans to minimize their impact. It involves all resources concerned in the enterprise (e.g., project manager, project team, stakeholders, technical support).
Project risks come in two types: identifiable risks and unmanaged assumptions:
• Identifiable risks—Risks identified during engagement contracting activities (i.e., project initiation) or during planning. For the most part, they are highly visible and immediately apparent to everyone (or at least someone) involved with the project.
• Unmanaged assumptions—Project assumptions that are not monitored to ensure continued validity. If an assumption fails to remain valid, it becomes a risk.
Process
Risk planning requires two sets of process steps after establishing a risk planning team: identifying risks and instituting assumption management.
1. Establish risk management planning team
2. Design identifiable risk planning
2.1. Identify risks
2.2. Categorize risks
2.3. Prioritize risks
2.4. Develop risk mitigation strategies
2.5. Establish risk contingency plans
3. Begin assumption monitoring planning
3.1. Identify assumptions
3.2. Verify assumption validity
3.3. Establish assumption monitoring metrics.
Risk Classification
To institute a consistent approach to risk management planning, we need a risk classification scheme. Numerous schemes are possible; as an enterprise matures in its management of risk, it will develop its own schema. The following are useful starting points:
1. Risk categories
1.1. Scope/change management risk
1.2. Operational risk
1.3. Financial risk
1.4. Project management risk
1.5. Strategic risk
1.6. Technology risk
1.7. Failed assumption
2. Risk evaluation factors
2.1. Risk severity
2.2. Risk probability
2.3. Risk timeframe
3. Risk mitigation strategies
3.1. Risk acceptance
3.2. Risk avoidance
3.3. Risk protection
3.4. Risk research
3.5. Risk reserves
3.6. Risk transfer
Adhering to a rigorous, consistent scheme for classifying risk may seem like overkill. However, if knowledge transfer concerning risk is an enterprise priority (and it should be), it is much simpler to classify risks during the risk planning process than to try to retrofit classification. (See Chapter 6, Closure: Risk Knowledge Transfer, for more information.)
Deliverables
The deliverables from this process establish risk management priorities and plans to be managed during the execution/control phases of the project. For risks of high impact or probability, the actual project plan and budget should reflect the cost and time of the mitigation strategy. Risk management planning deliverables include:
• Project risk worksheets
• Project assumption worksheets
• Risk management mitigation strategies included in the project plan.