Discussion on:
View:
Show:
The matrix is good idea. Question is whom can I involve to or who must be in the Brainstorming team? Every member, steering committee, external consultant or it is up to project manager only? The way of decision making process in this case is missing for me, but on the other way it is project methodology question not for this article probably. Anyway good idea and thanks for it.
Yeah, I've read that an individual can come up with more ideas working alone than in a group situation. Just as people can trigger ideas in others, it's also possible that it can be inhibiting (for social reasons).
I guess, as with everything else, it depends on the circumstances. External consultants will be needed in brainstorming for risk if the project manager lacks necessary knowledge.
But you know what they say, it's better to get other people involved in identifying the risks so that everyone will be in a better position to manage it themselves.
I guess, as with everything else, it depends on the circumstances. External consultants will be needed in brainstorming for risk if the project manager lacks necessary knowledge.
But you know what they say, it's better to get other people involved in identifying the risks so that everyone will be in a better position to manage it themselves.
There are risks and risks for an IT project, but usually the project manager and the IT business analysts identify them then they map the risks over the risk consequence map. One method to distinguish between risks is to classify them as: internal (non-technical, or technical) or external (predicatble, non predictable). Another method is to identify them starting from problem analysis or from the primary risk source analysis. Identification methods might be based on: objectives, scenarios, taxonomies, common risks checking. A third method details the project and/or program portfolio risk, and afourth method distinguishes risks as those of: technical performance, purchasing planning, procurement cost, technical support, due to unpredictable events outcome. Along a project lyfe cycle risks might include unknown aspects as: cost variation, effort variation, time rescheduling, technical operations or execution delays, project benefits, etc.
However, for any of the above mentioned method application the project manager and the IT&C business analysts may evaluate and plan in advance the risks, their costs, and their potential consequences inside projects, mapping the risk estimated values over the usual map of "risk management categories". This map with two coordinates has on the vertical axis the probability for materializing a risk (outcome) represented as: very improbable [0.00-0.25], improbable [0.25-0.5], probable [0.5-0.75], and very probable [0.75-1.00]. On the horizontal axis is represented the risk impact or its consequence as: negligible [0.00-0.25], marginal [0.25-0.5], critical 0.5-0.75], and crisis [(0.75-1.00]. As a result there are 16 cells of binomial type (probability or likelihood, impact orconsequence) covering all possible crossings between the mentioned closed interval values. Four decreasing exponential curves drawn over the respective cell map share the total surface in 4 main areas of overall risk level: low, moderate, high, and crisis. The 1-st curve starts approximatively from point value (0.0, 0.5)and finishes around point (0.175, 0.0); the 2-nd curve starts from (0.125, 1.00) and finishes around (0.5, 0.0); the 3-rd starts from (0.375, 1.0) to (0.75, 0.0), while the 4-th curve starts from (0.625, 1.0) to (1.0, 0.0). The areas between curves denote the mentioned overall risk level categories: low, moderate, high, and crisis.
A project might contain many risk categories even from the last two categories but this doesn't necessarily mean that the project couldn't be successfully accomplished.
However, for any risk category it is necessary for the respective project manager to assemble a risk treatment plan to bypass it or proceed in consequence, and to have an already prepared contingency plan for the project. The risk classification list of the respective project might become more useful if the implied organization project management office and its director and project managers will identify and will proceed in a specific, organization particular way, to its programs and project characteristic risks including the mentioned risk criteria.
Sincerely,
Mihail Sadeanu, PhD
IT&C Project Manager
S&T Romania
mihail.sadeanu@snt.ro
www.snt.ro
However, for any of the above mentioned method application the project manager and the IT&C business analysts may evaluate and plan in advance the risks, their costs, and their potential consequences inside projects, mapping the risk estimated values over the usual map of "risk management categories". This map with two coordinates has on the vertical axis the probability for materializing a risk (outcome) represented as: very improbable [0.00-0.25], improbable [0.25-0.5], probable [0.5-0.75], and very probable [0.75-1.00]. On the horizontal axis is represented the risk impact or its consequence as: negligible [0.00-0.25], marginal [0.25-0.5], critical 0.5-0.75], and crisis [(0.75-1.00]. As a result there are 16 cells of binomial type (probability or likelihood, impact orconsequence) covering all possible crossings between the mentioned closed interval values. Four decreasing exponential curves drawn over the respective cell map share the total surface in 4 main areas of overall risk level: low, moderate, high, and crisis. The 1-st curve starts approximatively from point value (0.0, 0.5)and finishes around point (0.175, 0.0); the 2-nd curve starts from (0.125, 1.00) and finishes around (0.5, 0.0); the 3-rd starts from (0.375, 1.0) to (0.75, 0.0), while the 4-th curve starts from (0.625, 1.0) to (1.0, 0.0). The areas between curves denote the mentioned overall risk level categories: low, moderate, high, and crisis.
A project might contain many risk categories even from the last two categories but this doesn't necessarily mean that the project couldn't be successfully accomplished.
However, for any risk category it is necessary for the respective project manager to assemble a risk treatment plan to bypass it or proceed in consequence, and to have an already prepared contingency plan for the project. The risk classification list of the respective project might become more useful if the implied organization project management office and its director and project managers will identify and will proceed in a specific, organization particular way, to its programs and project characteristic risks including the mentioned risk criteria.
Sincerely,
Mihail Sadeanu, PhD
IT&C Project Manager
S&T Romania
mihail.sadeanu@snt.ro
www.snt.ro
You state that there are many other evaluation methods or risk analysis methods. Can you give me some of these and their pros and cons versus the 'likelyhood' method?
Thanks
Thanks
Hello there !
Here are some site addresses with useful document downloads and additional information about risk management evaluation methods:
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
http://www.nr.no/~abie/RiskAnalysis.htm
http://www.rspa.com/spi/project-risk.html#papers
http://www.mindtools.com/pages/article/newTMC_07.htm
http://www.comp.glam.ac.uk/Teaching/ismanagement/riskman1f.htm
http://www.nationmaster.com/encyclopedia/Risk-management
Hope to be useful,
MS.
Here are some site addresses with useful document downloads and additional information about risk management evaluation methods:
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
http://www.nr.no/~abie/RiskAnalysis.htm
http://www.rspa.com/spi/project-risk.html#papers
http://www.mindtools.com/pages/article/newTMC_07.htm
http://www.comp.glam.ac.uk/Teaching/ismanagement/riskman1f.htm
http://www.nationmaster.com/encyclopedia/Risk-management
Hope to be useful,
MS.
In addition, there must be a column for risk mitigation also, so you will know your own preparation for these risks, which then can be updated as and when you get information
Hello all project managers !
I have found an interesting paper concerning the subject at: http://www.welcom.com/documents/WhitePaper_RiskManagement_A4.pdf
The document includes a table entitled "Risk matrix with corresponding tolerance bandwidth" having 5 levels for each of the two specific input parameters: Probability, and respectively Impact, while the output measure denoted as "Tolerance" is presented by 6 possible levels. It's a very interesting document issued by Dan Patterson from Welcom.
I have found an interesting paper concerning the subject at: http://www.welcom.com/documents/WhitePaper_RiskManagement_A4.pdf
The document includes a table entitled "Risk matrix with corresponding tolerance bandwidth" having 5 levels for each of the two specific input parameters: Probability, and respectively Impact, while the output measure denoted as "Tolerance" is presented by 6 possible levels. It's a very interesting document issued by Dan Patterson from Welcom.
It's good to get more and relevant info. Not so big for reading but enough to understand what's was missing for me in the article. Thanks Mihail.
This looks like a nice article
http://www.digite.com/digiblog/prabhas/2005/12/it-risk-management.html
Sort of encapsulates this discussion.
http://www.digite.com/digiblog/prabhas/2005/12/it-risk-management.html
Sort of encapsulates this discussion.
I'm wrestling with what must be a common problem. Invidual project managers can record a high impact/high probability risk within their own project and then manage it. If the project itself isn't particularly critical to the organisation, what rules should be used to promote an individual project risk up onto the corporate risk register for global visibility? Simply its raw score isn't the answer. How do we stop corporate risk registers getting too big and too bland in a risk averse blame culture? How can corporate risk registers really add value?
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
