Post date: Jul 16, 2012 8:47:47 AM

A thorough risk identification forms the basis for an effective risk monitoring and controlling process throughout the later project phases. How can this be performed and how should this be tackled?

Process Overview

First of all, it is important that the various aspects of a risk definition are taken into account. During risk identification, various discussions take place in order to identify main risks, their probability of occurrence and their impact on the project.

In order to prepare for these brainstorming meetings, different information gathering techniques such as brainstorming, interviewing, expert judgement, the Delphi technique, root cause identification and SWOT (Strengths Weaknesses Opportunities Threats) Analysis are employed.

During this information gathering process, different diagramming methods such as influence, flowchart, Fishbone (Ishikawa) help in the process of risk categorization, in the identification of corresponding triggers and give the first insight that helps in the elaboration of mitigation or contingency plans.

Information Gathering

In order to have a baseline information for risk management, it is recommended to capture this information using a project management tool. This information can be considered the baseline for further risk related tracking on the project.

More specifically, the following information would be worth to capture:

· Probability, which specifies the probability that the risk will happen, using a percentage value.

· Impact, which specifies the severity of adverse effects should the risk actually happen.

· Category, which specifies the risk type, possibly in the context of a Risk Breakdown Structure (RBS).

· Description, which specifies details regarding risk.

· Mitigation Plan, which specifies the plan to mitigate the risk.

· Trigger, which specifies the condition that triggers the contingency plan.

· Trigger Description, which specifies the trigger type.

· Contingency Plan, which specifies the fallback plans, should the risk occur.

· Internal and external tasks and work packages affected by the risk.

· Other projects affected by this risk.

· Issues connected to the risk.

· Documents associated with this risk.

· Other risks that impact this risk.

· Other risks impacted by this risk.

· Contingency reserves for significant risks.

· Management reserves for significant risks.

Tracking Using Expected Monetary Value (EMV)

This information represents a solid basis for further risk tracking. However, it is important to see the effects of risks over time and their evolution from one iteration to another.

Although this detailed information offers the possibility of a fine grained control over risk evolution, a more coarse grained, quantitative overview is offered by the Expected Monetary Value (EMV) approach which allows us to measure risks over time in a quantitative manner.

The Expected Monetary Value (EMV) is defined using the following formula:

Expected monetary value (EMV) = probability * impact

When considering and registering for each iteration the top ten risks with their probability of occurrence and the impact, we can get information with regards to risk trends in a project, from one iteration to another.

This method can be safely used in a wide variety of projects, including agile, the term “iteration” here can be safely replaced with “Sprint” in case Scrum is employed.

Steps For Tracking

1) Perform risk prioritization in order to identify the top ten or more risks for the project (this process needs to be examined for each iteration) and the upper boundary for the number of risks should be established based on project type and risk tolerance at organizational level.

2) For each iteration of a specific project, establish risks and their impacts using qualitative and quantitative analysis and track them in a table, for example in an Excel worksheet. For an iteration of a software project, the information could look like in the figure below:

Figure 1 – Tracking Risks for a Specific Iteration

3) When information from several iterations is available, track it in a table that, for each iteration, depicts the EMV associated with it. Again, an Excel worksheet can be used for this purpose.

Figure 2 – Tracking Risks for Several Iterations Using EMV

4) Based on the aforementioned table, create a line chart showing the risk trend using EMV during the project. This can be easily accomplished by using the Line Chart functionality from the “Insert” tab inside Microsoft Excel. The chart corresponding to the aforementioned table looks like this:

Figure 3 – Risk Trend with EMV

Common Pitfalls When Computing EMV

1) Positive risks are not taken into account. This is important since they reflect the places where gains can be registered. When identifying risks, in case of positive ones, instead of mitigation, “Exploit”, “Enhance” and “Share” should be considered as possible risk response strategy.

2) Residual and secondary risks are forgotten.

3) If the number of risks significantly varies throughout iterations and new risks with significant exposure are disovered along with original risks from previous phases which are still applicable, then a clear trend for the evolution of risks originally identified might be difficult to examine.

In this case it would be recommended to consider two separate charts, one that is focused on the trend of original top ten risks during several iterations of the project and another one that shows the evolution of risks at project level in general, highlighting how many new were discovered within time and how many were removed.

Conclusion

The line chart reflecting risk trends using EMV is a valuable tool for risk monitoring and controlling, giving an accurate view of risk evolution within projects. By consulting it regularly, proactive actions can be initiated in order to mitigate threats or exploit opportunities.

Keeping track of these charts during different projects is a valuable method to contribute to the knowledge base of the organization with regards to risk management and represents a basis for further analysis of risks in future, similar projects.