BrianStar.com

Archive for the ‘Risk Management’ Category

Every project manager and business leader needs to be aware of the practices and principles of effective risk management. Understanding how to identify and treat risks to an organisation, a programme or a project can save unnecessary difficulties later on, and will prepare managers and team members for any unavoidable incidences or issues.

The OGC M_o_R (Management of Risk) framework for risk management identifies twelve risk management principles, which are intended not … to be prescriptive but [to] provide supportive guidance to enable organisations to develop their own policies, processes, strategies and plan.

Organisational context
A fundamental principle of all generic management methods, including PRINCE2 and MSP as well as M_o_R, is that all organisations are different. Project managers, programme managers and risk managers need to consider the specific context of the organisation in order to ensure thorough identification of risks and appropriate risk treatment procedures.

The term organisational context encompasses the political, economic, social, technological, legal and environmental backdrop of an organisation.

Stakeholder involvement
It is easy for a management team to become internalised and forget that stakeholders are also key participants in everyday business procedures, short-term projects and business-wide change programmes.

Understanding the roles of individual stakeholders and managing stakeholder involvement is crucial to successful risk management. Stakeholders should, as far as is appropriate, be made aware of risks to a project or programme. Within the context of risk management and stakeholder involvement, appropriate concerns: the identity and role of the stakeholder, the level of influence that the stakeholder has over and outside of the organisation, the level of investment that the stakeholder has in the organisation, and the type, probability and potential impact of the risk.

Organisational objectives
Risks exist only in relation to the activities and objectives of an organisation. Rain is a negative risk for a picnic, a positive risk for drought-ridden farmland and a non-risk for the occupants of a submarine.

It is imperative that the individual responsible for risk management (whether that is the business leader, the project/programme manager or a specialist risk manager) understands the objectives of the organisation, in order to ensure a tailored approach to risk management.

M_o_R approach
The processes, policies, strategies and plans within the M_o_R framework provide generic guidelines and templates for risk management within a particular organisation. These guidelines are based on the experience and research of professional risk managers from a wide range of organisations and management backgrounds. Following risk management best practices ensures that individuals involved in managing the risks associated with an organisations activity are able to learn from the mistakes, experiments and lessons of others.

Reporting
Accurately and clearly representing data, and the transmission of this data to the appropriate staff members, managers and stakeholders, is crucial to successful risk management. The M_o_R methodology provides standard templates and tested structures for managing the frequency, content and participants of risk communication.

Roles and responsibilities
Fundamental to risk management best practice is the clear definition of risk management roles and responsibilities. Individual functions and accountability must be transparent, both within and outside an organisation. This is important both in terms of organisational governance, and to ensure that all the necessary responsibilities are covered by appropriate individuals.

Support structure
A risk management support structure is the provision within an organisation of standardised guidelines, information, training and funding for individuals managing risks that may arise in any specific area or project.

This can include a centralised risk management team, a standard risk management approach and best-practice guidelines for reporting and reviewing organisational risks.

Early warning indicators
Risk identification is an essential first step for removing or alleviating risks. In some cases, however, it is not possible to remove risks in advance. Early warning indicators are pre-defined and quantified triggers that alert individuals responsible for risk management that an identified risk is imminent. This enables the most thorough and prepared approach to handling the situation.

Review cycle
Related to the need for early warning indicators is the review cycle. This establishes the regular review of identified risks and ensures that risk managers remain sensitive to new risks, and to the effectiveness of current risk management policies.

Overcoming barriers to M_o_R
Any successful risk management strategy requires thoughtful consideration of possible barriers to implementation. Common issues include:
established risk management roles, responsibilities, accountabilities and ownership
an appropriate budget for embedding a risk management approach and carrying out risk management activities
adequate and accessible risk management training, tools and techniques
risk management orientation, induction and training processes
regular assessment of M_o_R approach (including all of the above issues)

Supportive culture
Risk management underpins many different areas and aspects of an organisations activity. A supportive risk management culture is essential for ensuring that everybody with risk management responsibilities feels confident raising, discussing and managing risks. A supportive risk management culture will also include evaluation and reward of risk management competencies for the appropriate individuals.

Continual improvement
In an evolving organisation, nothing stands still. An effective risk management policy includes the capacity for re-evaluation and improvement. At a practical level, this will require the nomination of an individual or a group of individuals to the responsibility of ensuring that risk management policies and procedures are up-to-date, as well as the establishment of regular review cycles of the organisations risk management approach.

The active management of credit risk has been receiving increasing regulator attention and strategic focus at many financial institutions. Regulators cite poor credit risk management at the portfolio level, weak credit standards for borrowers and counterparties, and insufficient attention to changes in economic and other circumstances affecting the capacity of borrowers and counterparties as the highest contributors to inadequate credit risk management. Regulators have changed capital charges to make financial institutions more responsive to actual credit exposure and have set new rules for how much capital banks must set aside to cover potential losses.

The basic principles for an effective credit risk management process were outlined in the consultative paper Principles for the Management of Credit Risk, issued by the Basle Committee on Banking Supervision. We consider it appropriate to underscore these principles in view of the current regulatory and credit market influences.

Definition of Credit Risk

Credit risk is the risk of loss arising from a borrowers or counterpartys inability to meet its obligations. The majority of a financial institutions credit risk arises from its lending activities outstanding loans and leases, trading account assets, derivative assets, and unfunded lending commitments that include loan commitments, letters of credit, and financial guarantees. It also exists in other activities such as acceptances, interbank transactions, trade finance, and retail and investment settlements.

Managing Credit Risk

It is important to formulate and implement a structured credit policy and related processes to manage credit risk. Strategies for credit risk management, including credit policy development and risk monitoring, is the responsibility of business unit and senior management, and the board of directors.

Financial institutions should establish credit limits to control the risk in all credit-related activity. Limits by industry sector, geographical region, product, customer, and country should be specified, along with the approaches to be used for calculating exposures against those limits, and made part of credit policy. Consideration should also be given to the spread across industries or regions as the default of one firm or industry may also affect others. Larger financial institutions might also consider multiple limits for each borrower or borrower group, by product, operational unit, and borrower member so that banking and trading activities of those borrowers or borrower groups creating credit risk can be more adequately monitored. While the trend has been that many financial institutions monitor total exposures in those categories, most have not set maximum limits on those exposures.

Commercial Portfolio Credit Risk Management

Credit risk in the commercial portfolio can be managed based on the risk profile of the borrower, repayment source, and the nature of underlying collateral given current events and conditions. Commercial credit risk management should begin with an assessment of the credit risk profile of an individual borrower or counterparty based on current analysis of the borrowers financial position in conjunction with current industry, economic, and macro geopolitical trends. As part of the overall credit risk assessment of an obligor, each commercial credit exposure or transaction should be assigned a risk rating and be subject to approval based on approval standards defined in credit policy. Subsequent to loan origination, risk ratings should be adjusted on an ongoing basis as necessary to reflect changes in the obligors financial condition, cash flow, or ongoing financial viability. The regular monitoring of a borrowers or counterpartys ability to perform under its obligations allows for adjustments to be made that will affect the credit exposure measurement.

Risk rating aggregations should be considered for measurement and evaluation of concentrations within portfolios. Risk ratings are also a factor in determining the level of assigned economic capital and the allowance for credit losses.

To manage the relative risk within the commercial portfolio, many financial institutions utilize participation or syndication of exposure to other financial institutions or entities, loan sales and securitizations, and credit derivatives to manage the size of the loan portfolio and the relative associated credit risk. These activities can play an important role in reducing credit exposures for risk mitigation purposes or where it has been determined that credit risk concentrations are undesirable.

Consumer Portfolio Credit Risk Management

Credit risk management for consumer credit should begin with initial underwriting and continue throughout a borrowers credit cycle. Consumer and other common attributes to evaluate credit risk. Statistical techniques may be used to establish product pricing, risk appetite, operating processes, and metrics to balance risks and rewards appropriately. Statistical models can be purchased or created that use detailed behavioral information from external sources such as credit bureaus, along with internal historical experience. These models should be validated periodically to assure they continue to be statistically valid and reflect performance of the institutions customer base, particularly if used for credit scoring. When used, these models will form the foundation of an effective consumer credit risk management process and may be used in determining approve/decline credit decisions, collections management procedures, portfolio management decisions, adequacy of the allowance for loan and lease losses, and economic capital allocation for credit risk.

Accurate Calculations of Exposures

Assuring accurate calculations of exposures against limits is critical to managing credit risk. Methodologies will vary according to product types. For lending products and current accounts, the book balance is considered an appropriate measure, with related accruals included as part of the exposure as default of a counterparty on the primary exposure would also likely lead to loss of interest income. The current market value should be used for issuer exposures on bonds and equities, with replacement cost of the trade used as measure for any unsettled trades. For foreign exchange and derivatives, exposure should be measured at the replacement cost of the trades plus an add-on value based on the nominal value to reflect potential future adverse movements in the replacement cost.

Concentrations of Credit Risk

Portfolio credit risk should be evaluated to assure that concentrations of credit exposure do not result in undesirable levels of risk or in violations of regulatory requirements. Regular review and measure of concentrations of credit exposure against established limits by product, industry, geography, and customer relationship should be performed. For specialized industries, additional measurement categories may be appropriate, such as geographic location and property type for commercial real estate loans. When exposures exceed established limits, an escalation process should be triggered to avoid potential conflicts and to assure senior management is aware of all excesses. Periodic revalidation of established limits would be appropriate to assure that the limits continue to match the strategic risk appetite, provide for targeted asset mix, and recognize potential exposures as anticipated.

Examination of Credit Risk Management

Regulatory examination activities use a variety of techniques to assess a financial institutions credit risk, including a sampling of loans and review of the institutions credit management processes. Consideration is given to the complexity of the financial institutions products and activities, and overall risk management practices. Designing, implementing, and adjusting processes and practices to effectively manage credit risk will limit unanticipated exposures.

For more information about credit risk management, please visit <a rel=”nofollow” onclick=”javascript:_gaq.push(['_trackPageview', '/outgoing/article_exit_link']);” href=”http://www.younginc.com”>www.younginc.com</a>

Risk Management and Control

Key words: risk, risk management, risk assessment and risk control, risk identification, risk management planning, risk resolution, risk monitoring

Abstract

Any large scale projects involve certain risks and that is true of software projects. Risk management is an emerging area that aims to address the problem of identifying and managing the risks associated with the software projects.

The basic motivation of having risk management is to avoid disasters of heavy losses. The current interest in risk management is due to the fact that the history of software development projects is full of major and minor failures. A large percentage of projects have run considerably over budget and behind schedule, and many of them have been abandoned midway. It is now argued that many of these failures were due to the fact that the risks were not identified and managed properly.

Risk management is an important area, particularly for large projects. Like any management activity, proper planning of that activity is central to success.

Risk Management Overview

Risk is defined as an exposure to the chance of injury or loss. That is, risk implies that there is a possibility that something negative may happen. In the context of software projects, negative implies that there is an adverse effect on cost, quality, or schedule. Risk management is the area that tries to ensure that the impact of risks on cost, quality, and schedule is minimal.

Like configuration management which minimizes the impact of change, risk management minimizes the impact of risks.

Risk management can be considered as dealing with the possibility and actual occurrence of those events that are not regular or commonly expected. The commonly expected events, such as people going on leave, resource unavailability or some requirement changing are handled by normal project management. So, in a sense, risk management begins where normal project management ends.

Most projects have risk. The idea of risk management is to minimize the possibility of risks materializing, if possible, or to minimize the effect of risk actually materializing.

It should be clear that risk management has to deal with identifying the undesirable events that can occur, the probability of their occurring, and the loss if an undesirable event does occur. Once this is known, strategies can be formulated for either reducing the probability of risk materializing or reducing the effect of risk materializing (risk mitigation). So the risk management revolves around risk assessment and risk control.

Risk Assessment

Risk assessment is an activity that must be undertaken during project planning. This involves identifying the risks, analyzing them, and prioritizing them on the basis of the analysis. The major planning activity in risk management is assessment and consequent planning for risk control. Due to the nature of a software project, uncertainties are most near the beginning of the project. As the project nears its end, risks can be assessed more precisely. Due to this, although risk assessment should be done throughout the project, it is most needed in the starting phases of the project. In addition, early identifying risk provides the management with a lot of time to effectively handle the risks.

At a very high level, the software risks can be broadly divided into three categories:

Cost risk
Performance risk
Schedule risk

Cost risk is the degree of uncertainty associated with budgets and outlays for the project and its impact on the project. Performance risk is the possibility that the system will be unable to deliver all or some of the anticipated benefits or will not perform according to the requirements. Here performance includes quality. Schedule risk is the degree of uncertainty associated with the project schedule or the ability of the project to achieve the specified milestones.

The goal of risk assessment is to prioritize the risks so that risk management can focus attention and resources on the more risky items. Risk identification is the first step in risk assessment, which identified all the different risks for a particular project. These risks are project-dependent, and their identification is clearly necessary before any risk management can be done for the project.

Some list of risks specific to the projects and solutions:

Personnel Shortfall: Staffing with top talent, Job matching, Teambuilding, Key-Personnel agreement, Training, Rescheduling Key People.
Unrealistic Schedules and Budgets: Detailed multisource cost and schedule estimation, Design to cost, Incremental development, Software reuse, Requirements scrubbing.
Developing the wrong software functions: Organization Analysis, Mission Analysis, User Surveys, Prototyping, early user manuals.
Developing the wrong user interface: Prototyping, Scenarios, Task Analysis, and User characterization.
Gold Plating: Requirements scrubbing, Prototyping, Cost-Benefit analysis, Design to cost.
Continuing Stream of requirements changes: High change threshold, Information hiding, Incremental development
Shortfalls in externally furnished components: Benchmarking, Inspections, Reference checking, Compatibility Analysis.
Shortfalls in externally performed tasks: Reference checking, Pre-award audits, Award-fee contracts, Competitive design or Prototyping, Teambuilding.
Real-Time performance shortfalls: Simulation, Benchmarking, Modeling, Prototyping, Instrumentation, Tuning.
Straining Computer Science Capabilities: Technical Analysis, Cost-Benefit Analysis, Prototyping, Reference checking.

The top-ranked risk item is personnel shortfalls. This involves just having fewer people than necessary or not having people with specific skills that a project might require. Some of the ways to manage this risk is to get the top talent possible and to match the needs of the project with the skills of the available personnel. Adequate trainings along with having some key personnel for critical areas of the project will also reduce this risk.

The next item, unrealistic schedules and budgets, happens very frequently due to business and other reasons. It is very common that high-level management imposes a schedule for a software project that is not based on the characteristics of the project and is unrealistic. This risk applies to all projects. Project-specific risks in cost and schedule occur due to underestimating the value of some of the cost drivers. Recall the cost models like COCOMO, Function Point estimates. Even the size estimate is correct, by incorrectly estimating the value of the cost drivers; the project runs the risk of going over budget and falling behind schedule. The cost and schedule risks can be approximated by estimating the maximum value of different cost drivers along with the probability of occurrence and then estimating the possible cost and schedule overruns.

The next few items are related to requirements. Projects run the risk of developing the wrong software if the requirement analysis is not done properly and if development begins too early. Similarly, often improper user interface may be developed. This requires extensive rework of the user interface later or the software benefits are not obtained because users are reluctant to use it. Gold plating refers to adding features in the software that are only marginally useful. This adds unnecessary risk to the project because gold plating consumes resources and time with little return. Some requirement changes are to be expected in any project, but some time frequent changes are requested, which is often a reflection of the fact that the client has not yet understood or settled on its own requirements. The effect of requirement changes is substantial in terms of cost, especially if the changes occur when the project has progressed to later phases. Performance shortfalls are critical in real-time systems and poor performance can mean the failure of the project.

If a project depends on externally available components either to be provided by the client or to be procured as an off-the shelf component or dependency with other services the project runs some risks. The project might be delayed if the external component is not available on time. The project would also suffer if the quality of the external component is poor or if the component turns out to be incompatible with the other project components or with the environment in which the software is developed or is to operate. If a project relies on technology that is not well developed, it may fail. This is a risk due to straining the computer science capabilities.

Using the checklist of the top-10 risk items is one way to identify risks. This approach is likely to suffice in many projects. The other methods are decision driver analysis, assumption analysis and decomposition. Decision driver analysis involves questioning and analyzing all the major decisions taken for the project. If a decision has been driven by factors other than technical and management reasons, it is likely to be a source of risk in the project. Such decisions may driven by politics, marketing, or the desire for short-term gain. Optimistic assumptions made about the project also are a source of risk. Some such optimistic assumptions are that nothing will go wrong in the project, no personnel will quit during the project, people will put in extra hours if required, and all external components (hardware and software) will be delivered on time. Identifying such assumptions will point out the source of risks. An effective method for identifying these hidden assumptions is comparing them with past experience. Decomposition implies breaking a large project into clearly defined parts and then analyzing them. Many software systems have the phenomenon that 20% of the modules cause 80% of the project problems. Decomposition will help identify these modules.

Risk Control

Whereas risk assessment is a passive activity identifying the risks and their impacts, risk control comprises active measures that are taken by project management to minimize the impact of risks. Though risk assessment is primarily done during project planning as risk assessment in early stages is most important, like cost and schedule estimation, the assessment should be evaluated and changed, if needed, throughout the project.

Like any active task (e.g., configuration management, development), risk control starts with risk management planning. Plans are developed for each identified risk that needs to be controlled. Many risks might be combined together for the purposes of planning, if they require similar treatment. This activity, like other planning activities, is done during the project initiation phase. The risk management plan has five components.

These are

i) Why the risk is important and why it should be managed

ii) What should be delivered regarding risk management and when

iii) Who is responsible for performing the different risk management activities,

iv) How will the risk be abated or the approach be taken, and

v) How many resources are needed?

The main focus of risk management planning is to enumerate the risks to be controlled (based on the risk assessment) and specify how to deal with a risk. One obvious strategy is risk avoidance, which entails taking actions that will avoid the risk altogether.

Another obvious strategy is risk reduction; if the risk cannot be avoided, perhaps the probability of the risk materializing can be reduced or the loss due to the risk materializing can be reduced.

The actual elimination or reduction is done in the risk resolution step. Risk resolution is essentially implementation of the risk management plan. For example, if the risk avoidance is to be user, the activities that will avoid the risk have to be implemented. Similarly, in the plan it might have been decided that the risk can be reduced by prototyping. Then prototyping is done in the risk resolution step and necessary information obtained to reduce the risk. Incidentally, prototyping is very important technique for reducing risks associated with requirements or reducing risks of the type perhaps this cannot be done?

Risk monitoring is the activity of monitoring the status of various risks and their control activities. Like project monitoring, it is performed through the entire duration of the project. Like many monitoring activities, a checklist is useful for monitoring. While monitoring risks, like with monitoring costs and schedules, reassessments might need to be performed, if the real situation differs substantially from the situation predicted earlier based on assessment and planning.

References

Continuous Risk Management Guidebook, Pittsburgh, PA:Software Engineering Institute

Barry W. Boehm. Tutorial: Software Risk Management, IEEE Computer Society Press

Managing Risks is an essential part of an organisations well being. Without good risk management strategies they are left open to attack from internal and external sources that can cause real damage. Without assessing and managing risks on a regular basis a company might find they pay the price with their reputation and their bottom line.

The good news is that risk management no longer needs to be a difficult task. Latest developments in risk management software make it easier for a firm to identity and deal effectively with arising problems before they become significant issues. Good risk software provides a structured end-to-end risk management framework for managing an extensive range of strategic and operational risks in a consistent and cost effective manner.

Choosing Risk Management Software

When looking for risk management software, the following key elements should be considered:

good automation of the key elements of the risk and mitigation cycle
a shared central repository of information
the linking of risks to strategic objectives with both ‘top down’ and ‘bottom up’ views of information
the facility to establish links between risks, controls and people
easy to implement and understand
tools for developing new risk management strategies
a centralised and consistent view of both organisation and individual responsibilities
a wide selection of templates to simplify each stage of the risk management process
rapid implementation so you can be up and running straight away

Using Risk Management Software

Good risk management software should enable a user to do the following:

1. Identify Risks

Probably the most crucial part of all risk management software is its ability to assist in the identification and allocation of risks. Software should have the following functionality that enables you to:

record individual risks
classify each risk by types (e.g. financial, legal, compliance etc.)
import related documents and associate them with the relevant risks

2. Assess Risks

Having identified risks the software now needs to aid you in their assessment. Look for software that:

helps assess and quantify the impact and likelihood of the risk
is an intuitive system for calculating inherent risk
provides different views of each risk

3. Mitigate Risks

Once each risk has been assessed the next stage is to identify ways in which to mitigate that risk. Risk management software needs to help you:

automate calculation and communication of residual risk
create and communicate mitigation and contingency plans to all involved
provide templates for entry and editing of controls

4. Monitor and Report

An important part of the risk management cycle is monitoring. Keeping an eye on the progress of risk management measures and their outcome is crucial to ensure they are effectively dealt with and not at risk of reoccurring. Reporting on this progress to management board and relevant departments and individuals is another necessary part of the risk management process. Risk management software can help with this, look for the following features:

presentation of summary and detailed reporting information on screen
a dashboard facility for producing different ranges of information e.g. for consolidated, summary information at a departmental level
the facility to export reporting data to office applications
current and historical views
standard and customisable reports
automated email-based reminder and escalation facility e.g. To risk managers with uncompleted tasks
vertical and horizontal views e.g. To view the status of all risks classified as ‘Regulatory Risks’

RISK MANAGEMENTIN PROJECT & PLANNING

ABSTRACT

In businesses, risk management entails organized activity tomanage, uncertainityand threats and involves people following procedures and using tools in order to ensure conformance with risk-management policies. The Risk Management Plan is dependant upon the identification of the projects risks, their criticality, status, strategy and status.The good news is that managers can make project and planning as one of their strengths. The result will be better risk management, more effective management and greater satisfaction from working with people.

INTRODUCTION

Risk management is activity directed towards the assessing, mitigating (to an acceptable level) and monitoring of risks In some cases the acceptable risk may be near zero. Risks can come from accidents, natural causes and disasters as well as deliberate attacks from an adversary. The main ISO standards on risk management .In businesses, risk management entails organized activity to manage,uncertainity and threats and involves people following procedures and using tools in order to ensure conformance with risk-management policies. The strategies include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular.

Project Risk Management

A risk is something that may happen and if it does, will have a positive or negative impact on the project. A few points here. “That may happen” implies a probability of less then 100%. If it has a probability of 100% – in other words it will happen – it is an issue. An issue is managed differently to a risk and we will handle issue management in a later white paper. A risk must also have a probability something above 0%. It must be a chance to happen or it is not a risk. The second thing to consider from the definition is “will have a positive or negative impact”. Most people dive into the negative risks but what if something goes right?

Management Plan

There are four stages to risk management planning. They are:

Risk Identification Risk Response Risk Monitoring and Control

Risk Identification

There are different sorts of risks and we need to decide on a project by project basis what to do about each type. Business risks are ongoing risks that are best handled by the business. An example is that if the project cannot meet end of financial year deadline, the business area may need to retain their existing accounting system for another year. The response is likely to be a contingency plan developed by the business, to use the existing system for another year. Generic risks are risks to all projects. For example the risk that business users might not be available and requirements may be incomplete. Each organisation will develop standard responses to generic risks.

Risk Response

There are four things you can do about a risk. The strategies are:

Avoid the risk. Do something to remove it. Use another supplier for example. Transfer the risk. Make someone else responsible. Perhaps a Vendor can be made responsible for a particularly risky part of the project. Mitigate the risk. Take actions to lessen the impact or chance of the risk occurring. If the risk relates to availability of resources, draw up an agreement and get sign-off for the resource to be available. Accept the risk. The risk might be so small the effort to do anything is not worth while.

A risk response plan should include the strategy and action items to address the strategy. The actions should include what needs to be done, who is doing it, and when it should be completed.

Risk Control

The final step is to continually monitor risks to identify any change in the status, or if they turn into an issue. It is best to hold regular risk reviews to identify actions outstanding, risk probability and impact, remove risks that have passed, and identify new risks.

Risk management is not a complex task. If you follow the four steps, you can put together a risk management plan for a project in a short space of time.

Risk Management Plan

1. Purpose

The purpose of the risk management plan is to document the process and methods that the project team will employ to monitor identified risk, identify and evaluate potential trigger events (indicated an imminent risk event), implement and monitor risk containment strategies and assess on an ongoing basis project progress and activities to identify potential risk events not identified during project plan development.

2. Team Roles & Responsibilities

The project team will review/manage risks in the weekly project status meeting. See the risk log for a listing of identified risk and risk owners.

3. Risk Change Review & Approval Process

As new risks are identified or existing risks expire, the Risk Management Plan will be updated. Risks will be reviewed on a weekly basis in the project status meeting. The plan will be maintained in the projects SharePoint site.

What is a Risk Management Plan?

A Risk Management Plan summarizes the proposed risk management approach for the project and is usually included as a section in the business plan. The Risk Management Plan is dependant upon the identification of the projects risks, their criticality, status, strategy and status. The risk Management Plan describes:

the process which will be used to identify, analyze and manage risks both initially and throughout the life of the project; how often risks will be reviewed, the process for review and who will be involved; who will be responsible for which aspects of risk management; how Risk Status will be reported and to whom; and the initial snapshot of the major risks, current grading, planned strategies for reducing occurrence and Severity of each risk (mitigation strategies) and who will be responsible for implementing them .

Why would you develop a Risk Management Plan and Risk Management Table?

A Risk Management Plan and Risk Management Table are developed to:

provide a useful tool for managing and reducing the risks identified before and during the project; document risk mitigation strategies being pursued in response to the identified risks and their grading in terms of occurrence and Severity; provide the Executive Sponsor, Steering Committee/senior management with a documented framework from which risk status can be reported upon; ensure the communication of risk management issues to key stakeholders; provide a mechanism for seeking and acting on feedback to encourage the involvement of the key stakeholders; and identify the mitigation actions required for implementation.

How do you develop a Risk Management Plan?

The following is one way to develop your plan. It consists of a series of steps that become iterative throughout the life of your project. Firstly:

Step 1: Identify the risks

Before risks can be properly managed, they need to be identified. One useful way of doing this is defining categories under which risks might be identified. For example, categories might include Corporate Risks, Business Risks, Project Risks and System Risks. These can be broken down even further into categories such as environmental, economic, human, etc. Another way is to categorize in terms of risks external to the project and those that are internal. For a medium to large project, start by conducting a number of meetings or brainstorming sessions involving (as a minimum) the Project Manager, Project Team members, Steering Committee members, external key stakeholders. It is often advisable to use an outside facilitator for this. Preparation may include an environmental scan, seeking views of key stakeholders etc. One of the most difficult things is ensuring that all major risks are identified. For a small project, the Project Manager may develop the Risk Management Table perhaps with input from the Executive Sponsor/Senior Manager and colleagues, or a small group of key stakeholders.

Step 2: Analyze and evaluate the Risks

Once you have identified your risks you should analyze them by determining how they might affect the success of your project.Risks can result in four types of consequences:

1.benefits are delayed or reduced;

2.timeframes are extended;

3.outlays are advanced or increased; and/or

4.output quality (fitness for purpose) is reduced.

Risks should be analyzed and evaluated in terms of occurrence of occurring and Severity of impact if they do occur. Firstly, assess the occurrence of the risk occurring and give this a rating of Low (L), Medium (M) or High (H) occurrence. Once you have rated the occurrence, assess the Severity of the impact of the risk if it did occur and rate at Low (L), Medium (M) or High (H) Severity.

RISK MANGEMENT ASSESSMENT IN PROJECT

Risk assessment validates that your project will succeed. Software development experts evaluate and test the software-based technical and business risks as they relate to your business, market, and service plans. The significant risks are identified and detailed in comprehensive Risk Event Descriptions. You are also provided with a quantification of each risks impact on cost, revenue, and schedule.

CONCLUSION

People and risk are as integral to farming as are weather, prices and technology. Project and planning must have careful attention if managers are to have a full understanding of their sources of risks and their alternatives for handling risk. Managers paradigms, understanding of project and planning resource skills determine the success they will have with people. . The good news is that managers can make project and planning as one of their strengths. The result will be better risk management, more effective management and greater satisfaction from working with people.