Risk Management

From EUDP
Revision as of 18:27, 26 August 2009 by Ellyk (Talk)

Jump to: navigation, search

Common Activities

What

Risk is the possibility of suffering loss. Risk management is the activity of eliminating or reducing the impact of undesired events that will make your project suffer.

Tx oodocs 5cb37a537c.gif

How

The dish

Risk Management.

Ingredients

  • Risk events.
  • Risk probabilities.
  • Risk impact.
  • Possibility of detection before release.

Process

Do risk management in a systematical way and let it be a continuously repeated task through the different phases of your project.

Use the following process to arrange risks with respect to seriousness. The risk given the highest rank should be addressed first in your subsequent risk mitigation activity. 

  1.     Identify risk events and their probabilities.
  2.     Evaluate the possible risks.
  3.     Estimate the chance of detecting a risk event in tests.
  4.     Rank the risks by multiplying the probability, the risk impact and the test-detection rate. Plot the risks (identification and rank) in a table as the one below.
  5.     Do Risk mitigation. The most serious risk first.
  6.     Document your risk management evaluations and decisions.

How in detail

Use the following process to arrange risks with respect to seriousness. The risk given the highest rank should be addressed first in your subsequent risk mitigation activity.

1. Identify and list possible risk events:

Identify possible risk events by research and interviews: Study available project documentation and ask the costumer and colleagues about possible risk events. List the possible risk events but do not asses them until all possible events are listed.


1. Classify how likely each risk event is to occur.

Classify how likely each of the listed risk event is to occur.

To systematically do so it is important to analyse your project at different levels.

First consider the system from an overall perspective, then on components level. Consider both external and internal events.

Give the risk a possibility-rank from 1 to 10, where 10 is the rank for risks which will occur for example within a probability of 95-99,9% (Events that are guaranteed to happen are not risks!).

Note, that the probability intervals should be chosen specific for the current project. As an example the rank 10 in the automobile industry corresponds to a probability of more than 10%, and the rank 5 corresponds to a failure probability of 0,2% (the ranking scale is not necessary linear). The scale in the table shown below does not necessary match your project.

Tx oodocs 8dd56498f1.gif

1. Evaluate the possible risks:

Clarify how serious each risk will affect the project if it occurs. Would the considered risk event introduce serious effects on the project schedule, project quality or ability? Or does it introduce only a minor consequence? To evaluate the effects of a risk event it is important to consider all possible consequences from a given risk event. As an example a defect electrical component could result not only in a detected failure of the system, but could also cause other components to suffer due to unwanted current/voltage levels. Or it could introduce 230V on the front panel causing a dangerous situation for the customer.

Give the risk-impact a rank from 1 to 10; 10 being the most serious one: that the project can not be realised and will need to close:

In the table below, the estimated impact listed are examples of impacts to (software, hardware and mechanical items) performance, support, cost and schedule and should be used only as a guideline to rank the actual risk event. For each risk events, the (true) statement given the highest rank in the table decides the rank of the risk impact.

Blah.gif

1. Estimate the chance of detecting a risk event in tests:

How likely is each risk to be measured/found by test before releasing the product to the customer. Give the risk-detection a rank from 1 to 10. If the failure/event is almost certain found in the planned tests, the rank should be 1. If it is not possible to detect the failure/risk event in a planned test, rank the risk event by 10.

1. Rank the risks.

The risk-seriousness is the product of probability, impact and detection ranks. This gives numbers from 1 to 1000. 1000 indicating the most serious risks which should be addressed first in the project risk management activities.


RISK RANK = PROBABILITY RANK x IMPACT RANK x DETECTION RANK


As an illustration and to get an overview of the listed risks, the risks can be indicated in a table as the one below. Each risk is shown in the proper place indicating reference name (or number) and the corresponding seriousness (rank). The colors indicate the seriousness of the risks.

Tx oodocs 0168e7bef0.gif

1. Risk mitigation.

Consider first the risks that belong to the red areas in the table. These are the most serious (important) risks and should be addressed first. To reduce the impact of this risk, either the probability or the impact of the risk should be reduced to allow the risk to be moved from the red area into a yellow or even to a green area.

Can there be or are there scheduled activities to prevent each risk to occur or to change the possibility that the risk event will happen? Are there straightforward methods to reduce the impact of this risk?

1. Document your risk management evaluations and decisions.

To be effective, the risk management activities in your project should be a re-occurring activity through the different phases of your project. Therefore it is very important to document your risk management activities in order to take care of your evaluations and decisions throughout the project. Be sure that recommended actions are implemented.

Risk management considerations from the current project can most probably also be re-used in your next projects. So be careful to document your evaluations and activities.

The risk management activities can be symbolised by the following figure

(ref.: [1]):

Tx oodocs ae899a5d91.png

Function Description

Identify Search for and locate risks before they become problems.


Analyse Transform risk data into decision-making information. Evaluate impact, probability, and timeframe, classify risks, and prioritise risks.


Plan Translate risk information into decisions and actions (both present and future) and implement those actions.


Track Monitor risk indicators and mitigation actions.


Control Correct for deviations from the risk mitigation plans.


Communicate Provide information and feedback internal and external to the project on the risk activities, current risks, and emerging risks. 

                Note: Communication happens throughout all the functions of risk management.
Retrieved from "http://eudp.net/index.php?title=Risk_Management&oldid=1194"