L9 Flashcards
(23 cards)
There are 3 main risk categories that make it easier to bundle together, what are they?
- common cause (HR, vendors, tech, etc)
- business area (strategy change, market risk)
- technical area (design, production..)
What are the 5 further risk categories?
- Scope risks (scope creep, ill-defined scope, new legal req.)
- Schedule risks (task delays, estimation errors)
- Resource risks (cost est. errors, funding changes, team lacking skills)
- Tech risks (tech failures/feasibility)
- Commercial risks (ROI est. errors)
What is the name of the risk assessment?
Failure Mode and Effect Analysis (FMEA)
What is the goal of FMEA?
- risk prioritisation, power/interest map
- adapt strategy
What are the steps in FMEA?
- List all ways a project can fail
- Evaluate severity S
- Estimate likelihood L
- Estimate the inability to detect D
- Calculate risk priority number
- Consider ways to reduce S,L,D for each cause of failure
How do you calculate the risk priority number? RPN
RPN = S * L * D
Who does the FMEA?
You can do it internally or outsource
What is an alternative to FMEA?
A risk matrix.
Just looking at impact vs probability.
Low/med/high
What’s the simplest risk assessment method?
Traffic lights - high/med/low risk
High = formal risk mitigation plan
Med = careful monitoring
Low = ignore
When would we use a quantitative risk analysis?
For top priority risks
What are quantitative risk analysis methods?
- field/lab experiment
- probability/statistical analysis
- Monte Carlo simulation
- scenario analysis
What are the 6 risk mitigation techniques?
- Escalate the risk
- Avoid the risk
- Accept the risk
- Share the risk
- Limit the risk
- Transfer the risk
How do you escalate the risk?
Involve the project sponsor or client and make a change in strategy
How do you avoid the risk ?
Abandon possible causes: reliable sources
Choose projects based on risk profile
How do you accept the risk?
Understand that time/cost/scope could be compromised somewhat
For low priority risks
How do you share the risk?
Collaborate with client/vendors/suppliers
Eg Shell stakeholder analysis
How do you limit the risk?
Roll-out plans: P&G
Stage-gate model: MoD
How do you transfer the risk?
- Insurance
- use means from financial markets (interest rate options)
- Use contractors (with penalty payments)
How do you reduce the probability/impact of a risk?
- Monitor: risk register, communication, external project assurance.
- Testing: simulation/prototyping/beta
- Contingency: backup plans, cost/time buffer
- Process standards: health&safety, staff training, regular inspections
How do we choose what response to do once we’ve identified a risk?
Do a probability/impact matrix.
If it’s low:low, you can accept the risk.
If it’s high:high, we shouldn’t take the risk
Rest are reduce/transfer
What is your risk responsibility as a PM?
- use risk to prioritise your daily tasks
- communicate risks to stakeholders (sponsor, client, team members)
- discuss risk at team meetings (keep updating risk plan)
- Be proactive not reactive
How can risk be self-inflicted?
- Thoughtless optimism (leads to underestimating time to completion)
- Management cutting time to motivate workers
BUT inflated time estimates lead to student syndrome, Parkinson’s law, Murphy’s law.
What does a PM need to be aware of?
Goldratt’s critical chain
- capacity should not always be equal to demand. Sometimes you’ll have too many/few resources.
- multitasking does NOT reduce idle time as the time to switch gets larger
- network complexity makes a difference
