It is a Project Management process area at Maturity Level 3. The purpose of Risk Management (RSKM) is to identify potential problems before they occur so that risk-handling activities can be planned and invoked as needed across the life of the product or project to mitigate adverse impacts on achieving objectives.
Risk management is a continuous, forward-looking process that is an important part of management. Risk management should address issues that could endanger achievement of critical objectives. A continuous risk management approach is applied to effectively anticipate and mitigate the risks that may have a critical impact on the project.
Effective risk management includes early and aggressive risk identification through the collaboration and involvement of relevant stakeholders, as described in the stakeholder involvement plan addressed in the Project Planning process area. Risk management must consider both internal and external sources for cost, schedule, and performance risk as well as other risks.
Specific Practices by Goal
SG 1 Prepare for Risk Management
Preparation is conducted by establishing and maintaining a strategy for identifying, analyzing, and mitigating risks. This is typically documented in a risk management plan. The risk management strategy addresses the specific actions and management approach used to apply and control the risk management program.
- SP 1.1 Determine Risk Sources and Categories.
Identification of risk sources provides a basis for systematically examining changing situations over time to uncover circumstances that impact the ability of the project to meet its objectives. Risk sources are both internal and external to the project.
- SP 1.2 Define Risk Parameters.
Parameters for evaluating, categorizing, and prioritizing risks include risk likelihood (i.e., probability of risk occurrence), risk consequence (i.e., impact and severity of risk occurrence), thresholds to trigger management activities.
- SP 1.3 Establish a Risk Management Strategy.
A comprehensive risk management strategy addresses items such as the following:
. The scope of the risk management effort.
. Methods and tools to be used for risk identification, risk analysis, risk mitigation, risk monitoring, and communication.
. Project-specific sources of risks.
. How these risks are to be organized, categorized, compared, and consolidated.
. Parameters, including likelihood, consequence, and thresholds, for taking action on identified risks.
. Risk mitigation techniques to be used, such as prototyping, piloting, simulation, alternative designs, or evolutionary development.
. Definition of risk measures to monitor the status of the risks.
. Time intervals for risk monitoring or reassessment.
SG 2 Identify and Analyze Risks
The degree of risk impacts the resources assigned to handle an identified risk and the determination of when appropriate management attention is required.
- SP 2.1 Identify Risks.
The identification of potential issues, hazards, threats, and vulnerabilities that could negatively affect work efforts or plans is the basis for sound and successful risk management.
- SP 2.2 Evaluate, Categorize, and Prioritize Risks.
The evaluation of risks is needed to assign relative importance to each identified risk, and is used in determining when appropriate management attention is required.
SG 3 Mitigate Risks
The steps in handling risks include developing risk-handling options, monitoring risks, and performing risk-handling activities when defined thresholds are exceeded.
- SP 3.1 Develop Risk Mitigation Plans.
A critical component of a risk mitigation plan is to develop alternative courses of action, workarounds, and fallback positions, with a recommended course of action for each critical risk. The risk mitigation plan for a given risk includes techniques and methods used to avoid, reduce, and control the probability of occurrence of the risk, the extent of damage incurred should the risk occur (sometimes called a “contingency plan”), or both.
- SP 3.2 Implement Risk Mitigation Plans.
To effectively control and manage risks during the work effort, follow a proactive program to regularly monitor risks and the status and results of risk-handling actions. The risk management strategy defines the intervals at which the risk status should be revisited.
No comments:
Post a Comment