Home
About Us
Site Map
Products
Services
PMP® Certification
PM Tips & Tricks
PM Tools & Techniques
Links
Contact Us
BLOG

 

 

This page is devoted to news, tips, and any other information the Project Management community may find useful or interesting.

September 2010

Residual Risk

Most of us in the IT industry are used to calculating our risk probability and impact scores when the risk is first identified and that's the score the accompanies the risk event throughout all our reporting. We may go one step further and calculate a dollar cost or effort cost for the risk event (though rarely), but that initial score is the one that will accompany the risk throughout the project and it's the one we report on. The scores we're reporting are those of the unmitigated risk. In the case of risks which we accept, this is appropriate but when we devise and deploy a strategy to mitigate the risk, it is not the only score that is relevant.

Just as important as the score of the unmitigated risk is it's score after we devise the mitigation strategy. This is probably more important than the original score after implementation of the mitigation strategy because it's the one that measures the effectiveness of the strategy. This score is called the residual risk.

The objective of mitigation is to avoid the risk, in which case the residual risk would be 0, reduce it's probability, or its impact. How much we succeed in reducing probability and/or impact will determine the residual score and this score should be less than the PI score we have set for the project. If it isn't, we should continue to investigate possible strategies until we find one that does reduce it below the threshold. We also need to revisit the strategy periodically to determine its current effectiveness. Assessing the effectiveness of the strategy should be done by evaluating the probability and impact of the risk event based on the mitigation strategy and the current state of affairs of the project. The residual score should be less than the threshold. If it isn't, you will have to explore new strategies.

We should also report the amount of residual risk when reporting on risk to the project. Reporting on risk as though it were unmitigated is misleading. If the scores are the same as they were before mitigation, what was the risk budget spent on? Risk management requires a budget, mitigation strategies cost money. The justification for that spend should be a business case where the benefits exceed the cost. The cost is the cost of the mitigation strategies for the project. The benefit is the amount of risk reduction (reduction = initial PI - residual PI). Reporting to your project in this way will tell them what they are getting for their money. Reporting on the residual risk will inform your stakeholders of how much risk the project is exposed to. Including the threshold for the project will tell them that project risk is being managed as planned (providing all risks are below the threshold). Where there are risks not below the threshold, you need to provide an explanation or plan.


Comments
Login or Sign up to post comments.

2010 Commonwealth Games

The news media is alive with stories about athletes canceling their participation in the Games, countries advising athletes to delay departure for India and in some cases canceling their participation altogether. There are several things that I find noteworthy about this situation:
  • The stories are reported as news, not sports
  • The stories span all media, print, radio, television, internet
  • India has had 7 years to get ready for these games
The first 2 points speak to the profile of the Games in India. They have an extremely high profile. It seems that India is carrying the banner for countries that are considered less developed than the Western world. There may be some jealousy here since India doesn't seem to have suffered the same economic downturn as North America. India was hoping to excel at hosting these games and now that they've suffered this set-back, their reputation is badly tarnished.

There are 2 points I'd like to make here as a project manager. The first is that, no matter how long the project takes you can still overrun your schedule and the second is that no matter how minor you consider your project's defects to be, beauty is still in the eye of the beholder or stakeholder.

It probably isn't fair to lay the entire blame for the PR fiasco at the feet of the project management team; there seems to be ample evidence of wide spread corruption and government interference but the project management team must bear the lion's share of the blame. Not only has this fiasco set India's reputation as a forward looking industrious nation back, it has also set the profession of project management back. I would suggest that India is one country that should be seriously looking at formal training for their project managers. Certification as Project Management Professionals (PMP®) should be mandatory for any senior PM roles. They can start by ensuring that their are plenty of good PMP® Exam Preparation training courses available and then encourage their PMs to go get certified.
Comments
Login or Sign up to post comments.

Sikorsky Crash and Risk Management

On March 12, 2009 a Sikorsky S-92 helicopter carrying workers to the Hibernia oil rig crashed with the loss of 14 passengers and 2 crew. Only one passenger survived after being plucked from the North Atlantic by rescuers. The cause of the crash was attributed to a seized transmission which had seized upon losing all its lubricant. The transmission performs much like a car transmission and when it seizes the helicopters rotor will no longer turn depriving it of its lift.

The pilot of the helicopter attempted to reach land after becoming aware of the loss of lubricant, but never made it and crashed into the North Atlantic. The pilot was under the misapprehension that he had 30 minutes from the time he lost lubricant until the transmission would seize, he did not. The transmission seizure took the pilot by surprise so could not bring the craft down gently as he would otherwise have done. The pilot could be excused his misapprehension, after all it was the same one the FAA held and was advertised by Sikorsky: the S-92 has 30 minutes of flying time between loss of transmission lubricant and transmission seizure. This is a criteria for helicopter safety established by the FAA and when the S-92 failed this particular test, Sikorsky made design changes to address the failure. The problem was that there was no re-test after the design change.

This failure on the part of Sikorsky begs the question: "How do we weigh injury or the loss of human life against the loss of money?" I'm assuming that no one at Sikorsky decided that the loss of 16 souls was less important than the cost of ensuring the transmission met the 30 minute criteria. Sikorsky did eventually pay the families of the 16 to settle a law suit, the amount they paid is privileged according to the terms of the settlement. At some point project managers of projects where safety is on the line must make a decision: how to prioritize a risk event that could cause injury or death against one that would cause a financial loss. It seems to me that this is where we can be helped by Enterprise Risk Management. The corporate policy on safety should give the project manager guidelines around managing safety risks and the project budget should cover the appropriate mitigation strategies. Otherwise, we will continue to see disasters like the Sikorsky S-92 crash.
Comments
Login or Sign up to post comments.