Quantifying Project Risk
Prevailing wisdom regarding project risks states that your risk management plan must:
So far so good.
Then the team assesses the impact. This almost always results in either a "T-Shirt" estimation (large/medium/small), or a relative one to ten score where a larger number implies a greater impact.
This impact measurement is then multiplied by the probability factor, giving a total risk score.
But a T-shirt or relative type number does not result in a meaningful impact measurement. What does .2 X high mean? Or even .2 X 7? The risk has not actually been quantified because a relative estimate does not provide enough information to make meaningful decisions. At best, we are only able to rank the risks by score to determine an order of priority.
Now we have a problem because as project managers, we need to answer certain questions:
We are now in a position to truly understand the potential cost of a risk and we can make an informed decision whether to avoid, mitigate, transfer, or accept the risk. If we choose to mitigate, we can answer the questions about how much time or money to apply to the mitigation effort. Since we know the cost of the risk, there is no reason to spend more to mitigate the risk than the risk itself would cost if it occurs.
- Identify project risks
- Quantify the risks
- Based on potential impact, develop plans to avoid, mitigate, transfer, or accept each risk.
- Monitor and control risks
So far so good.
Then the team assesses the impact. This almost always results in either a "T-Shirt" estimation (large/medium/small), or a relative one to ten score where a larger number implies a greater impact.
This impact measurement is then multiplied by the probability factor, giving a total risk score.
But a T-shirt or relative type number does not result in a meaningful impact measurement. What does .2 X high mean? Or even .2 X 7? The risk has not actually been quantified because a relative estimate does not provide enough information to make meaningful decisions. At best, we are only able to rank the risks by score to determine an order of priority.
Now we have a problem because as project managers, we need to answer certain questions:
- How much will it cost me in time and money if this risk actually occurs?
- How do I know whether to avoid, mitigate, transfer, or accept the risk?
- How much should I spend to mitigate the risk?
We are now in a position to truly understand the potential cost of a risk and we can make an informed decision whether to avoid, mitigate, transfer, or accept the risk. If we choose to mitigate, we can answer the questions about how much time or money to apply to the mitigation effort. Since we know the cost of the risk, there is no reason to spend more to mitigate the risk than the risk itself would cost if it occurs.
posted by michael at 8:02 PM
0 Comments:
Post a Comment
<< Home