BrianStar.com

Archive for February, 2011

Managing Risks is an essential part of an organisations well being. Without good risk management strategies they are left open to attack from internal and external sources that can cause real damage. Without assessing and managing risks on a regular basis a company might find they pay the price with their reputation and their bottom line.

The good news is that risk management no longer needs to be a difficult task. Latest developments in risk management software make it easier for a firm to identity and deal effectively with arising problems before they become significant issues. Good risk software provides a structured end-to-end risk management framework for managing an extensive range of strategic and operational risks in a consistent and cost effective manner.

Choosing Risk Management Software

When looking for risk management software, the following key elements should be considered:

good automation of the key elements of the risk and mitigation cycle
a shared central repository of information
the linking of risks to strategic objectives with both ‘top down’ and ‘bottom up’ views of information
the facility to establish links between risks, controls and people
easy to implement and understand
tools for developing new risk management strategies
a centralised and consistent view of both organisation and individual responsibilities
a wide selection of templates to simplify each stage of the risk management process
rapid implementation so you can be up and running straight away

Using Risk Management Software

Good risk management software should enable a user to do the following:

1. Identify Risks

Probably the most crucial part of all risk management software is its ability to assist in the identification and allocation of risks. Software should have the following functionality that enables you to:

record individual risks
classify each risk by types (e.g. financial, legal, compliance etc.)
import related documents and associate them with the relevant risks

2. Assess Risks

Having identified risks the software now needs to aid you in their assessment. Look for software that:

helps assess and quantify the impact and likelihood of the risk
is an intuitive system for calculating inherent risk
provides different views of each risk

3. Mitigate Risks

Once each risk has been assessed the next stage is to identify ways in which to mitigate that risk. Risk management software needs to help you:

automate calculation and communication of residual risk
create and communicate mitigation and contingency plans to all involved
provide templates for entry and editing of controls

4. Monitor and Report

An important part of the risk management cycle is monitoring. Keeping an eye on the progress of risk management measures and their outcome is crucial to ensure they are effectively dealt with and not at risk of reoccurring. Reporting on this progress to management board and relevant departments and individuals is another necessary part of the risk management process. Risk management software can help with this, look for the following features:

presentation of summary and detailed reporting information on screen
a dashboard facility for producing different ranges of information e.g. for consolidated, summary information at a departmental level
the facility to export reporting data to office applications
current and historical views
standard and customisable reports
automated email-based reminder and escalation facility e.g. To risk managers with uncompleted tasks
vertical and horizontal views e.g. To view the status of all risks classified as ‘Regulatory Risks’

RISK MANAGEMENTIN PROJECT & PLANNING

ABSTRACT

In businesses, risk management entails organized activity tomanage, uncertainityand threats and involves people following procedures and using tools in order to ensure conformance with risk-management policies. The Risk Management Plan is dependant upon the identification of the projects risks, their criticality, status, strategy and status.The good news is that managers can make project and planning as one of their strengths. The result will be better risk management, more effective management and greater satisfaction from working with people.

INTRODUCTION

Risk management is activity directed towards the assessing, mitigating (to an acceptable level) and monitoring of risks In some cases the acceptable risk may be near zero. Risks can come from accidents, natural causes and disasters as well as deliberate attacks from an adversary. The main ISO standards on risk management .In businesses, risk management entails organized activity to manage,uncertainity and threats and involves people following procedures and using tools in order to ensure conformance with risk-management policies. The strategies include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular.

Project Risk Management

A risk is something that may happen and if it does, will have a positive or negative impact on the project. A few points here. “That may happen” implies a probability of less then 100%. If it has a probability of 100% – in other words it will happen – it is an issue. An issue is managed differently to a risk and we will handle issue management in a later white paper. A risk must also have a probability something above 0%. It must be a chance to happen or it is not a risk. The second thing to consider from the definition is “will have a positive or negative impact”. Most people dive into the negative risks but what if something goes right?

Management Plan

There are four stages to risk management planning. They are:

Risk Identification Risk Response Risk Monitoring and Control

Risk Identification

There are different sorts of risks and we need to decide on a project by project basis what to do about each type. Business risks are ongoing risks that are best handled by the business. An example is that if the project cannot meet end of financial year deadline, the business area may need to retain their existing accounting system for another year. The response is likely to be a contingency plan developed by the business, to use the existing system for another year. Generic risks are risks to all projects. For example the risk that business users might not be available and requirements may be incomplete. Each organisation will develop standard responses to generic risks.

Risk Response

There are four things you can do about a risk. The strategies are:

Avoid the risk. Do something to remove it. Use another supplier for example. Transfer the risk. Make someone else responsible. Perhaps a Vendor can be made responsible for a particularly risky part of the project. Mitigate the risk. Take actions to lessen the impact or chance of the risk occurring. If the risk relates to availability of resources, draw up an agreement and get sign-off for the resource to be available. Accept the risk. The risk might be so small the effort to do anything is not worth while.

A risk response plan should include the strategy and action items to address the strategy. The actions should include what needs to be done, who is doing it, and when it should be completed.

Risk Control

The final step is to continually monitor risks to identify any change in the status, or if they turn into an issue. It is best to hold regular risk reviews to identify actions outstanding, risk probability and impact, remove risks that have passed, and identify new risks.

Risk management is not a complex task. If you follow the four steps, you can put together a risk management plan for a project in a short space of time.

Risk Management Plan

1. Purpose

The purpose of the risk management plan is to document the process and methods that the project team will employ to monitor identified risk, identify and evaluate potential trigger events (indicated an imminent risk event), implement and monitor risk containment strategies and assess on an ongoing basis project progress and activities to identify potential risk events not identified during project plan development.

2. Team Roles & Responsibilities

The project team will review/manage risks in the weekly project status meeting. See the risk log for a listing of identified risk and risk owners.

3. Risk Change Review & Approval Process

As new risks are identified or existing risks expire, the Risk Management Plan will be updated. Risks will be reviewed on a weekly basis in the project status meeting. The plan will be maintained in the projects SharePoint site.

What is a Risk Management Plan?

A Risk Management Plan summarizes the proposed risk management approach for the project and is usually included as a section in the business plan. The Risk Management Plan is dependant upon the identification of the projects risks, their criticality, status, strategy and status. The risk Management Plan describes:

the process which will be used to identify, analyze and manage risks both initially and throughout the life of the project; how often risks will be reviewed, the process for review and who will be involved; who will be responsible for which aspects of risk management; how Risk Status will be reported and to whom; and the initial snapshot of the major risks, current grading, planned strategies for reducing occurrence and Severity of each risk (mitigation strategies) and who will be responsible for implementing them .

Why would you develop a Risk Management Plan and Risk Management Table?

A Risk Management Plan and Risk Management Table are developed to:

provide a useful tool for managing and reducing the risks identified before and during the project; document risk mitigation strategies being pursued in response to the identified risks and their grading in terms of occurrence and Severity; provide the Executive Sponsor, Steering Committee/senior management with a documented framework from which risk status can be reported upon; ensure the communication of risk management issues to key stakeholders; provide a mechanism for seeking and acting on feedback to encourage the involvement of the key stakeholders; and identify the mitigation actions required for implementation.

How do you develop a Risk Management Plan?

The following is one way to develop your plan. It consists of a series of steps that become iterative throughout the life of your project. Firstly:

Step 1: Identify the risks

Before risks can be properly managed, they need to be identified. One useful way of doing this is defining categories under which risks might be identified. For example, categories might include Corporate Risks, Business Risks, Project Risks and System Risks. These can be broken down even further into categories such as environmental, economic, human, etc. Another way is to categorize in terms of risks external to the project and those that are internal. For a medium to large project, start by conducting a number of meetings or brainstorming sessions involving (as a minimum) the Project Manager, Project Team members, Steering Committee members, external key stakeholders. It is often advisable to use an outside facilitator for this. Preparation may include an environmental scan, seeking views of key stakeholders etc. One of the most difficult things is ensuring that all major risks are identified. For a small project, the Project Manager may develop the Risk Management Table perhaps with input from the Executive Sponsor/Senior Manager and colleagues, or a small group of key stakeholders.

Step 2: Analyze and evaluate the Risks

Once you have identified your risks you should analyze them by determining how they might affect the success of your project.Risks can result in four types of consequences:

1.benefits are delayed or reduced;

2.timeframes are extended;

3.outlays are advanced or increased; and/or

4.output quality (fitness for purpose) is reduced.

Risks should be analyzed and evaluated in terms of occurrence of occurring and Severity of impact if they do occur. Firstly, assess the occurrence of the risk occurring and give this a rating of Low (L), Medium (M) or High (H) occurrence. Once you have rated the occurrence, assess the Severity of the impact of the risk if it did occur and rate at Low (L), Medium (M) or High (H) Severity.

RISK MANGEMENT ASSESSMENT IN PROJECT

Risk assessment validates that your project will succeed. Software development experts evaluate and test the software-based technical and business risks as they relate to your business, market, and service plans. The significant risks are identified and detailed in comprehensive Risk Event Descriptions. You are also provided with a quantification of each risks impact on cost, revenue, and schedule.

CONCLUSION

People and risk are as integral to farming as are weather, prices and technology. Project and planning must have careful attention if managers are to have a full understanding of their sources of risks and their alternatives for handling risk. Managers paradigms, understanding of project and planning resource skills determine the success they will have with people. . The good news is that managers can make project and planning as one of their strengths. The result will be better risk management, more effective management and greater satisfaction from working with people.

RISK MANAGEMENT IN HR AND ITS ROLES

Abstract :

This paper aims to provide an introduction to some of the key risk management roles, issues and processes. This paper is not intended to be an all-singing, all dancing description of the risk management industry. Rather, we hope that it provides a summary of the themes and practices that we use in risk management. This may enable actuaries to understand how risk management ideas and processes can addvalue to their organisation and how they can use these concepts in their work.

DEFINITION OF RISK MANAGEMENT:

“Risk is the threat that an event or action will adversely affect an organisation’s ability to maximise stakeholder value and achieve its business objectives and business strategies. Risk arises as much from missed opportunities as it does from possible threats.”

Basically, risk management is the sum of all proactive management-directed activities within a program that are intended to acceptably accommodate the possibility of failures in elements of the program. “Acceptably” is as judged by the customer in the final analysis, but from an organization’s perspective a failure is anything accomplished in less than a professional manner and /or with a less-than-adequate result.
The key words are:

proactive management accommodate acceptably professional possibility

It is possibilities that are being accommodated. It is management’s job to do the planning that will accommodate the possibilities. The customer is the final judge, but internal goals should be to a higher level than customer expectations.

WHAT IS RISK MANAGEMENT?

Risk Management is the process of protecting an organization from financial harm by identifying, analyzing, financing, and controlling risk at the lowest possible cost. Effective Risk Management is a progression of actions that are taken with the purpose of minimizing losses or injuries within the organization. Ascendant HR believes that your employees are your companys most valuable resource.

A well-designed insurance and risk management program allows you to use your financial and human resources to pursue your companys strategic goals.

ROLES OF RISK MANAGEMENT:

There are two types of Roles in Risk Management, They are:

1) People are a source of risk,e.g., shortage of employees, people doing sloppy work, an employee refusing to take on additional responsibility or a key employee leaving two months after completion of a one-year training program.

2) People are important in handling risk, e.g., people using their ingenuity to solve unexpected problems, employees going the extra mile for the good of the organization, a key employee redesigning her own job to avoid unnecessary delays in getting work done, or an employee persuading a talented friend to apply for a position in the business.

RISK MANAGEMENT OVERVIEW:

The goal of Risk Management is to identify, assess, and resolve risk items before they become threats to a specific project or to the organization as a whole. Risk Management plans should include short-term and long-term risks to project schedules, costs, and the functionality, adequacy and quality of project deliverables. Risk Management is an integral part of the overall quality assurance effort necessary to minimize the major sources of rework, schedule and cost overruns, and performance and quality degradation. Risk Management consists of the following two broad categories of activities: risk

Assessment and risk control.

Risk Assessment Risk Identification Risk Analysis Risk Prioritization Risk Control Risk Management Planning Risk Resolution Risk Monitoring

THE HUMAN RESOURCE MANAGEMENT AND RISK MANAGEMENT INTERFACE:

Like risk, human resources are pervasive in the business. Human resource management

is most effective when integrated with decision making throughout the business. This leads to recognition that each production, financial and marketing decision has a human component or influence. Which choice is made, how the decision is carried out, the follow up and monitoring depend on people. Isolating management team and employee issues from production, financial and marketing management frustrates people and creates unnecessary risk in a business enterprise.

To understand fully how human resource management and risk management are

Interrelated one must understand human resource management. It is the staffing, training,

development, motivation, and maintenance of employees to help accomplish organizational goals. Effective human resource management also helps employees accomplish their career goals.

Human resource management is a process that can be broken down into specific activities:

1) Job analysis and writing job descriptions

2) Hiring

3) Orientation and training

4) Employer/employee interactions

5) Performance appraisal, compensation and discipline

1) Job analysis and writing job descriptions :

The first activity is job analysis and writing job descriptions. Job analysis is

determining the duties and skill requirements of a job and the kind of person to fill it. The

emphasis is on what the farm needs rather than on who wants to be promoted or who could be easily hired. The tasks that must be carried out to accomplish the firms goals determine duty and skill requirements. Job descriptions summarize for both employees and employers just what a job entails: job title, duties, compensation, and skills, knowledge and abilities to do the job. In family farm businesses, job descriptions for family members often include both management and labor responsibilities. Such a combination of responsibilities makes job analysis and job descriptions more not less important in small businesses.

2) Hiring:

Is the next human resource management activity. The objective of hiring is to

staff each job with a person who can succeed in the position. In todays exceptionally tight labor market, hiring is one of the most difficult human resource activities. The position must be described carefully and creatively to potential applicants. From among the pool of applicants,people must be carefully chosen if they and the employer are to have a successful relationship.

3) Orientation and training:

The next activity after hiring is orientation and training. Orientation socializes new

people to the business. It introduces them to the firms mission, its history and its culture. It gives them the information essential for getting off to a good start. Training and experience give the employees the knowledge, skills and abilities necessary to succeed in the position.

4) Employer/employee interactions:

Day-to-day employer/employee interaction includes leadership, motivation, and

communication that build on hiring, orientation and training. Employer/employee interaction cannot make up for an ill-defined job, having hired the wrong person or inadequate orientation and training.

5) Performance appraisal, compensation and discipline:

The last three activities are closely related: performance appraisal, compensation and

discipline. Performance appraisal is the continuous assessment, in cooperation with the

employee, of how she or he is doing relative to the standards and expectations laid out in the job description and follow up training. Performance appraisal also includes dentifying with the employee whatever corrective action may be necessary and steps by which the employee can advance his or her career.

Compensation includes the monetary and non monetary rewards received by employees.

The management team and employees carefully choose these rewards. The rewards need to be feasible for the organization while helping satisfy employee needs.

Discipline is giving each employee expectations, rules, policies and procedures and then

working with the employee to get behavior consistent with employer expectations.

Human resource activities lead to four important implications for risk management.

1) These activities are necessary to keep human resources in harmony with the riskmanagement tools adopted by the management team. Risk management decisions are carried out by people. Having the right people in place, trained, motivated and rewarded are essential to success in risk management.

2) Human resource calamities, e.g., divorce, chronic illness, accidental death, can

hamper carefully made and appropriate risk management decisions. Risk management should anticipate the likelihood of human resource calamities. Human resource contingency planning needs to be an integral part of risk management.

3) No management team stays together indefinitely. Every farm will eventually have

different managers or be out of business. Management succession is a significant source of risk.Human resource considerations, plus legal and financial considerations, directly affect success in management succession and thus risk management. Management succession requires each of the human resource management activities: job analysis, job descriptions, selection, training, interaction, performance appraisal, compensation and discipline.

4) Human resource performance evaluation should be tied to risk management.

Risk management strategies are carried out through people. Human resource failures can cause the best planned risk management strategies to fail. Risk management depends on explicit duties being specified in managers job descriptions, delegation of power and authority to manage risk following indicated guidelines, and responsibility at the action level of risk management.

Understanding these activities helps explain the relationship between human resources and risk.Failure to successfully carry out these activities increases risk and penalizes the organization by not taking advantage of what its people could be contributing.

MANAGERS SKILLS :

The effective integration of Risk management and human resource management requires

that managers have certain skills. Most important are:

1) Leadership

2) Communication

3) Training, Motivation

4) Conflict Management and Evaluation.

1) Leadership:

Every human resource manager has leadership responsibility. No group of people comes

close to its potential without effective leadership. Planning, organizing, staffing and controlling can substitute to some extent for leadership. Delegation of authority and responsibility and other tools for empowering employees decrease the need for leadership. Motivation, trust and careful development of procedures and policies are also helpful. Still, each ship needs a captain. Some leadership is necessary.

2) Communication:

Communication is an essential skill for effective human resource management. In

human resource management, clear messages, listening and use of feedback are especially important. Interpersonal relations, interviewing in the hiring process, building rapport in the management team and with employees, orientation and training, performance interviews, conflict resolution and discipline, all require communication. Mediocre communication skills tremendously complicate these activities.

3) Training, Motivation :

Training is helping people learn. Effective training requires teaching skills, an

understanding of how adults prefer to learn, patience, communication, a systematic approach and evaluation of whether the training has been effective.

Motivation of employees challenges every manager. Employee motivation helps the

organization accomplish its goals while also helping workers accomplish their career goals. No motivation recipe guarantees employee motivation. Nevertheless, some managers are more effective than others in developing a work environment in which employees are consistently motivated. These managers use a combination of: understanding and satisfying employee needs, compensating fairly, making it possible for employees to do their jobs with minimum frustration and treating employees equitably. The skill to motivate employees is nebulous yet real. The employers who are best at it have usually worked long and hard to develop the skill. Attributing the ability to motivate people to nothing more than a natural gift understates how hard the best human resource managers work to develop this skill.

4) Conflict Management and Evaluation :

Conflict is inevitable in farm teams: among employees, between employees and the management team and among the management team. Managers must learn to deal with conflict rather than avoid it. Avoiding the conflict and its causes simply postpones the pain and agony that come from personnel blowups. Conflict management strategies provide the management team positive steps for addressing the conflict. Effectiveness with the strategies is an essential skill.

Most employees have a fervent desire for Evaluation, i.e., information about their performance. Many supervisors find it extremely difficult to share performance evaluations in an honest and helpful manner. Employees dread poorly done evaluations and evaluation interviews. Supervisors lacking evaluation skills combat their frustrations by postponement, inflated evaluations and vague communication. Both supervisors and employees need training in evaluation for it to be useful and pleasant for both parties.

CONCLUSION:

Managers paradigms, understanding of human resource management and human resource skills determine the success they will have with people. Like the rest of risk management, blaming others for management shortcomings neither solves problems nor provides escape from the problems. The good news is that managers can make human resource management one of their Strengths. The result will be better risk management, more effective management and greater satisfaction from working with people.

Article by:

X.Queen Shanthana Mary

M. Phil Scholar,

Department of management studies & research,

Karpagam University,

Risk Management and Control

Key words: risk, risk management, risk assessment and risk control, risk identification, risk management planning, risk resolution, risk monitoring

Abstract

Any large scale projects involve certain risks and that is true of software projects. Risk management is an emerging area that aims to address the problem of identifying and managing the risks associated with the software projects.

The basic motivation of having risk management is to avoid disasters of heavy losses. The current interest in risk management is due to the fact that the history of software development projects is full of major and minor failures. A large percentage of projects have run considerably over budget and behind schedule, and many of them have been abandoned midway. It is now argued that many of these failures were due to the fact that the risks were not identified and managed properly.

Risk management is an important area, particularly for large projects. Like any management activity, proper planning of that activity is central to success.

Risk Management Overview

Risk is defined as an exposure to the chance of injury or loss. That is, risk implies that there is a possibility that something negative may happen. In the context of software projects, negative implies that there is an adverse effect on cost, quality, or schedule. Risk management is the area that tries to ensure that the impact of risks on cost, quality, and schedule is minimal.

Like configuration management which minimizes the impact of change, risk management minimizes the impact of risks.

Risk management can be considered as dealing with the possibility and actual occurrence of those events that are not regular or commonly expected. The commonly expected events, such as people going on leave, resource unavailability or some requirement changing are handled by normal project management. So, in a sense, risk management begins where normal project management ends.

Most projects have risk. The idea of risk management is to minimize the possibility of risks materializing, if possible, or to minimize the effect of risk actually materializing.

It should be clear that risk management has to deal with identifying the undesirable events that can occur, the probability of their occurring, and the loss if an undesirable event does occur. Once this is known, strategies can be formulated for either reducing the probability of risk materializing or reducing the effect of risk materializing (risk mitigation). So the risk management revolves around risk assessment and risk control.

Risk Assessment

Risk assessment is an activity that must be undertaken during project planning. This involves identifying the risks, analyzing them, and prioritizing them on the basis of the analysis. The major planning activity in risk management is assessment and consequent planning for risk control. Due to the nature of a software project, uncertainties are most near the beginning of the project. As the project nears its end, risks can be assessed more precisely. Due to this, although risk assessment should be done throughout the project, it is most needed in the starting phases of the project. In addition, early identifying risk provides the management with a lot of time to effectively handle the risks.

At a very high level, the software risks can be broadly divided into three categories:

Cost risk
Performance risk
Schedule risk

Cost risk is the degree of uncertainty associated with budgets and outlays for the project and its impact on the project. Performance risk is the possibility that the system will be unable to deliver all or some of the anticipated benefits or will not perform according to the requirements. Here performance includes quality. Schedule risk is the degree of uncertainty associated with the project schedule or the ability of the project to achieve the specified milestones.

The goal of risk assessment is to prioritize the risks so that risk management can focus attention and resources on the more risky items. Risk identification is the first step in risk assessment, which identified all the different risks for a particular project. These risks are project-dependent, and their identification is clearly necessary before any risk management can be done for the project.

Some list of risks specific to the projects and solutions:

Personnel Shortfall: Staffing with top talent, Job matching, Teambuilding, Key-Personnel agreement, Training, Rescheduling Key People.
Unrealistic Schedules and Budgets: Detailed multisource cost and schedule estimation, Design to cost, Incremental development, Software reuse, Requirements scrubbing.
Developing the wrong software functions: Organization Analysis, Mission Analysis, User Surveys, Prototyping, early user manuals.
Developing the wrong user interface: Prototyping, Scenarios, Task Analysis, and User characterization.
Gold Plating: Requirements scrubbing, Prototyping, Cost-Benefit analysis, Design to cost.
Continuing Stream of requirements changes: High change threshold, Information hiding, Incremental development
Shortfalls in externally furnished components: Benchmarking, Inspections, Reference checking, Compatibility Analysis.
Shortfalls in externally performed tasks: Reference checking, Pre-award audits, Award-fee contracts, Competitive design or Prototyping, Teambuilding.
Real-Time performance shortfalls: Simulation, Benchmarking, Modeling, Prototyping, Instrumentation, Tuning.
Straining Computer Science Capabilities: Technical Analysis, Cost-Benefit Analysis, Prototyping, Reference checking.

The top-ranked risk item is personnel shortfalls. This involves just having fewer people than necessary or not having people with specific skills that a project might require. Some of the ways to manage this risk is to get the top talent possible and to match the needs of the project with the skills of the available personnel. Adequate trainings along with having some key personnel for critical areas of the project will also reduce this risk.

The next item, unrealistic schedules and budgets, happens very frequently due to business and other reasons. It is very common that high-level management imposes a schedule for a software project that is not based on the characteristics of the project and is unrealistic. This risk applies to all projects. Project-specific risks in cost and schedule occur due to underestimating the value of some of the cost drivers. Recall the cost models like COCOMO, Function Point estimates. Even the size estimate is correct, by incorrectly estimating the value of the cost drivers; the project runs the risk of going over budget and falling behind schedule. The cost and schedule risks can be approximated by estimating the maximum value of different cost drivers along with the probability of occurrence and then estimating the possible cost and schedule overruns.

The next few items are related to requirements. Projects run the risk of developing the wrong software if the requirement analysis is not done properly and if development begins too early. Similarly, often improper user interface may be developed. This requires extensive rework of the user interface later or the software benefits are not obtained because users are reluctant to use it. Gold plating refers to adding features in the software that are only marginally useful. This adds unnecessary risk to the project because gold plating consumes resources and time with little return. Some requirement changes are to be expected in any project, but some time frequent changes are requested, which is often a reflection of the fact that the client has not yet understood or settled on its own requirements. The effect of requirement changes is substantial in terms of cost, especially if the changes occur when the project has progressed to later phases. Performance shortfalls are critical in real-time systems and poor performance can mean the failure of the project.

If a project depends on externally available components either to be provided by the client or to be procured as an off-the shelf component or dependency with other services the project runs some risks. The project might be delayed if the external component is not available on time. The project would also suffer if the quality of the external component is poor or if the component turns out to be incompatible with the other project components or with the environment in which the software is developed or is to operate. If a project relies on technology that is not well developed, it may fail. This is a risk due to straining the computer science capabilities.

Using the checklist of the top-10 risk items is one way to identify risks. This approach is likely to suffice in many projects. The other methods are decision driver analysis, assumption analysis and decomposition. Decision driver analysis involves questioning and analyzing all the major decisions taken for the project. If a decision has been driven by factors other than technical and management reasons, it is likely to be a source of risk in the project. Such decisions may driven by politics, marketing, or the desire for short-term gain. Optimistic assumptions made about the project also are a source of risk. Some such optimistic assumptions are that nothing will go wrong in the project, no personnel will quit during the project, people will put in extra hours if required, and all external components (hardware and software) will be delivered on time. Identifying such assumptions will point out the source of risks. An effective method for identifying these hidden assumptions is comparing them with past experience. Decomposition implies breaking a large project into clearly defined parts and then analyzing them. Many software systems have the phenomenon that 20% of the modules cause 80% of the project problems. Decomposition will help identify these modules.

Risk Control

Whereas risk assessment is a passive activity identifying the risks and their impacts, risk control comprises active measures that are taken by project management to minimize the impact of risks. Though risk assessment is primarily done during project planning as risk assessment in early stages is most important, like cost and schedule estimation, the assessment should be evaluated and changed, if needed, throughout the project.

Like any active task (e.g., configuration management, development), risk control starts with risk management planning. Plans are developed for each identified risk that needs to be controlled. Many risks might be combined together for the purposes of planning, if they require similar treatment. This activity, like other planning activities, is done during the project initiation phase. The risk management plan has five components.

These are

i) Why the risk is important and why it should be managed

ii) What should be delivered regarding risk management and when

iii) Who is responsible for performing the different risk management activities,

iv) How will the risk be abated or the approach be taken, and

v) How many resources are needed?

The main focus of risk management planning is to enumerate the risks to be controlled (based on the risk assessment) and specify how to deal with a risk. One obvious strategy is risk avoidance, which entails taking actions that will avoid the risk altogether.

Another obvious strategy is risk reduction; if the risk cannot be avoided, perhaps the probability of the risk materializing can be reduced or the loss due to the risk materializing can be reduced.

The actual elimination or reduction is done in the risk resolution step. Risk resolution is essentially implementation of the risk management plan. For example, if the risk avoidance is to be user, the activities that will avoid the risk have to be implemented. Similarly, in the plan it might have been decided that the risk can be reduced by prototyping. Then prototyping is done in the risk resolution step and necessary information obtained to reduce the risk. Incidentally, prototyping is very important technique for reducing risks associated with requirements or reducing risks of the type perhaps this cannot be done?

Risk monitoring is the activity of monitoring the status of various risks and their control activities. Like project monitoring, it is performed through the entire duration of the project. Like many monitoring activities, a checklist is useful for monitoring. While monitoring risks, like with monitoring costs and schedules, reassessments might need to be performed, if the real situation differs substantially from the situation predicted earlier based on assessment and planning.

References

Continuous Risk Management Guidebook, Pittsburgh, PA:Software Engineering Institute

Barry W. Boehm. Tutorial: Software Risk Management, IEEE Computer Society Press

What do these companies have in common, Southwest Airlines, Neiman Marcus, Marriot, Disney, and Enterprise Car Rental? They are all customer service pioneers. Each company has forged a new path through their commitment, dedication, and innovations, to become known as leaders in delivering excellent customer service. Serving the customer is more than some fancy words on their company mission statements. Customer service truly represents the very essence of each companys existence.

These companies, along with hundreds more, have already done the hard work; they have laid the ground work, set the examples, and blazed the trails for other companies to follow. They have demonstrated how to achieve success by serving the customer.

Why then, dont all companies follow this proven path to success?
Do they not know the core principles these companies follow?

To borrow a concept from the Late Show with David Letterman, this is a top ten list of principles all companies need to implement to achieve service excellence.

Number 10: Focus The customer should always be the number one focus of any company. All decisions, services, and products should be based upon satisfying the needs and expectations of the customers.

Number 9: Take Action The best laid plans will never come to life, without action. If you are going to talk-the-talk, then you must walk-the-walk. When companies, which brag about the importance of customer service, fail to deliver outstanding service, customers and employees lose faith and trust in them.

Number 8: Create Happy Employees Your employees beliefs, attitudes and behaviors determine the quality of the customer service provided. The quality of customer service will never exceed the quality of the people who provide it. Happy employees create happy customers.

Number 7: Develop Employees The three key words in employee development are training, training, and training. Teach your employees how to serve the customer, equip them to serve, and then empower them to serve with excellence.

Number 6: Establish Relationships Customer loyalty is achieved by having a relationship with your customers. The stronger the relationship, the more loyal your customer becomes. Relationships are built upon trust, communication, and interaction. Every customer interaction is an opportunity to further enhance communication and improve trust.

Number 5: Measure Performance If you cant measure it, you cant manage it. Measuring customer satisfaction, customer feedback, and employee adherence to customer service standards is paramount in delivering exceptional customer service with any degree of consistency. Always inspect what you expect.

Number 4: Build Team Unity To achieve optimal success everyone must be on the same page, striving for the same goal, aspiring to the same vision, and functioning as a team. Teamwork will always produce greater results, then individuals working alone.

Number 3: Formulate a Plan Is the care your customers receive by design or by default? Without a crystal clear, well defined, universal set of customer service standards you will leave customer satisfaction up to chance. If you fail to plan, you plan to fail.

Number 2: Commit to Excellence Customer service is the number one differentiator in todays competitive marketplace. Having a good product or a low price does not guarantee a competitive advantage or customer loyalty anymore. Commit to installing and fostering a customer-first culture within your company. Serving with excellence is a choice.

And the Number 1 principle all companies need to implement to achieve service excellence is:

Belief Believe in the power of customer service. Believe in necessity of customer retention. Believe in the relationship between customer loyalty and the growth of your business. Believe that becoming customer-focused not only makes good business sense but it guarantees increased revenue and profit. It has been said, A belief is not merely an idea the mind possesses, it is an idea that possesses the mind.

I challenge every company to not only implement these principles, but to have the faith, courage, and vision to move beyond providing excellent customer service to building a reputation as a customer service pioneer.

Some companies make things happen
Some companies watch what happens
Some companies wonder what happened