eBook - ePub
Practical Project Risk Management, Third Edition
The ATOM Methodology
David Hillson, Peter Simon
This is a test
Share book
- 384 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Practical Project Risk Management, Third Edition
The ATOM Methodology
David Hillson, Peter Simon
Book details
Book preview
Table of contents
Citations
About This Book
This new edition of an award-winning risk management classic is more actionable than ever with new chapters on facilitating risk conversations and running a risk workshop. Risk isn't just about threat; it's also about opportunity. You have to be ready to take advantage of the most unexpected events—good or bad—with any project you are managing. But how does this work in practice? The Active Threat and Opportunity Management (ATOM) methodology offers a simple, scalable risk process that applies to all projects in all industries and business sectors. For each process step, the authors offer practical advice, hints, and tips on how to get the most out of the risk management process. Risk management really can work in practice. This Project Management Institute award-winning methodology is already used by top corporations. Whether you are someone with no prior knowledge of risk management or someone who simply needs guidance on how to apply risk management successfully, this book will help you tackle the ups and downs of this unpredictable world.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoās features. The only differences are the price and subscription period: With the annual plan youāll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weāve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Practical Project Risk Management, Third Edition an online PDF/ePUB?
Yes, you can access Practical Project Risk Management, Third Edition by David Hillson, Peter Simon in PDF and/or ePUB format, as well as other popular books in Business & Investimenti e titoli. We have over one million books available in our catalogue for you to explore.
Information
PART I
The Problem
1
The Challenge of Managing Risk
Few would disagree that life is risky. Indeed, for many people it is precisely the element of risk that makes life interesting. However, unmanaged risk is dangerous because it can lead to unforeseen outcomes. This fact has led to the recognition that risk management is essential, whether in business, projects, or everyday life. But somehow risks just keep happening. Risk management apparently does not work, at least not in the way it should. This book addresses this problem by providing a simple method for effective risk management. The target is management of risks on projects, although many of the techniques outlined here are equally applicable to managing other forms of risk, including business risk, strategic risk, and even personal risk.
The book is divided into three parts, starting with defining the problem in an effort to understand the underlying reasons for the apparent failure of project risk management to deliver the promised or expected benefits. The main body of the book describes a generic risk management process applicable to most projects, focusing on simple guidelines to make risk management work in practice. Finally, the book considers implementation issues, applying the risk management process to different types of projects, and addressing the steps necessary to use risk management effectively.
But before considering the details of the risk management process, there are some essential ideas that must be understood and clarified. For example, what exactly is meant by the word risk?
RiskāThe Definition Debate
Some may be surprised that there is any question to be answered here. After all, the word risk can be found in any English dictionary, and surely everyone knows what it means. But until quite recently, risk practitioners and professionals were engaged in an active and controversial debate about the precise scope of the word.
Everyone agrees that risk arises from uncertainty, and that risk is about the impact that uncertain events or circumstances could have on the achievement of goals. This agreement has led to definitions combining two elements of uncertainty and objectives, such as āA risk is any uncertainty that, if it occurs, would have an effect on achievement of one or more objectives.ā Traditionally, risk has been perceived as bad; the emphasis has been on the potential effects of risk as harmful, adverse, negative, and unwelcome. In fact, the word risk has been considered synonymous with threat. But this is not the only perspective.
Obviously, some uncertainties could be helpful if they occurred. These uncertainties have the same characteristics as threat risks (i.e., they arise from the effect of uncertainty on achievement of objectives), but the potential effects, if they were to occur, would be beneficial, positive, and welcome. When used in this way, risk becomes synonymous with opportunity.
In the past, risk practitioners have been divided into three camps around this debate, as illustrated in Figure 1-1.
Figure 1-1: RiskāThe Definition Debate
One group insisted that the traditional approach must be upheld, reserving the word risk for bad things that might happen. This group recognized that opportunities also exist, but saw them as separate from risks, to be treated differently using a distinct process (row a).
A second group believed that there are benefits from treating threats and opportunities together, broadening the definition of risk and the scope of the risk management process to handle both (row b).
A third group seemed unconcerned about definitions, words, and jargon, preferring to focus on ādoing the job.ā This group emphasized the need to deal with all types of uncertainty without worrying about which labels to use (row c).
In recent years the definition debate has become less contested. The majority of official risk management standards and guidelines now use a broadened definition of risk, including both upside opportunities and downside threats, as we discuss toward the end of Chapter 3 (see Figure 3-5). In fact, the first reference to this broader definition can be found in the 1996 edition of A Guide to the Project Management Body of Knowledge (PMBOKĀ® Guide) from the Project Management Institute (PMI). Since then the Association for Project Management (APM) in their Body of Knowledge and Project Risk Analysis and Management (PRAM) Guide has also adopted this wider definition in their risk management processes, with tools and techniques to identify, assess, and manage both opportunities and threats. Following this trend, increasing numbers of organizations (though not all) are widening the scope of their risk management approach to address uncertainties with positive upside impacts as well as those with negative downside effects.
Given the increasing popularity of the wider application of risk management to both threats and opportunities, as well as the attraction of using a single process to deal with two related concerns, this book adopts the inclusive position. Using a common process to manage both threats and opportunities has many benefits, including:
ā¢ Maximum efficiency, with no need to develop, introduce, and maintain a separate opportunity management process
ā¢ Cost-effectiveness (double ābangs per buckā) from using a single process to achieve proactive management of both threats and opportunities, resulting in avoidance or minimization of problems, and exploitation and maximization of benefits
ā¢ Familiar techniques, requiring only minor changes to current techniques for managing threats so organizations can deal with opportunities
ā¢ Minimal additional training, because the common process uses familiar processes, tools, and techniques
ā¢ Proactive opportunity management, so that opportunities that might have been missed can be addressed
ā¢ More realistic contingency management, by including potential upside impacts as well as the downside, taking account of both āovers and undersā
ā¢ Increased team motivation, by encouraging people to think creatively about ways to work better, simpler, faster, more effectively, etc.
ā¢ Improved chances of project success, because opportunities are identified and captured, producing benefits for the project that might otherwise have been overlooked.
Having discussed what a risk is (āany uncertainty that, if it occurs, would have a positive or negative effect on achievement of one or more objectivesā), it is also important to clarify what risk is not. Effective risk management must focus on risks and not be distracted by other related issues. A number of other elements are often confused with risks but must be treated separately, such as:
ā¢ Issues. This term can be used in several different ways. Sometimes it refers to matters of concern that are insufficiently defined or characterized to be treated as risks. In this case an issue is more vague than a risk, and may describe an area (such as requirement volatility, or resource availability, or weather conditions) from which specific risks might arise. The term issue is also used (particularly in the UK) as something that has occurred but cannot be addressed by the project manager without escalation. In this sense an issue may be something totally unforeseen or the result of a risk that has happened, and is usually negative.
ā¢ Problems. A problem is also a risk whose time has come. Unlike a risk that is a potential future event, there is no uncertainty about a problemāit exists now and must be addressed immediately. Problems can be distinguished from issues because issues require escalation, whereas problems can be addressed by the project manager within the project.
ā¢ Causes. Many people confuse causes of risk with the risks themselves. The cause, however, describes existing conditions that might give rise to risks. For example, there is no uncertainty about the statement āWe have never done a project like this before,ā so it cannot be a risk. But this statement could result in a number of risks that must be identified and managed.
ā¢ Effects. Similar confusion exists about effects, which in fact only occur as the result of risks that have happened. To say āThe project might be lateā does not describe a risk, but what would happen if one or more risks occurred. The effect might arise in the future (i.e., it is not a current problem), but its existence depends on whether the related risk occurs.
Clarifying Some Confusions
There is now widespread agreement on what a risk isāan uncertainty that, if it occurs, would have a positive or negative effect on achievement of one or more of the projectās objectives. Unfortunately, the practice of project risk management is still often confused by two complicating factors that lead people away from focusing on the real risks:
ā¢ Choices, not true uncertainties. Risks are uncertain and might or might not happen. On inspection, many so-called ārisksā identified by project teams are actually choices. These are not things that might happen by chance, but decisions or actions that the project can just choose to do or not. This confusion particularly seems to affect identification of opportunities. Often these choices are related to a value engineering process where improvements in cost or schedule are made by making changes to the project specification/performance or scope. For example, we might choose to subcontract a difficult part of our project: this is not an āopportunityā because it is not uncertaināwe either decide to do it or we donāt. These items should be excluded from the Risk Register.
ā¢ āBusiness-as-usualā risks. Too often, Risk Registers contain risks that can be considered as ābusiness as usual,ā which are commonplace for almost all similar projects, and for which standard responses already exist. For example, āWe may find errors during integration testing.ā The purpose of integration testing is actually to find errors, and we have processes in place to find them and address them. Another example would be āWe may need to recruit additional skilled staff.ā The project organization would have existing HR processes in place to deal with this. By including such risks in the Risk Register, the āreal risksā may be hidden or undervalued. āReal risksā are uncertainties that are not covered by existing processes, where it is no oneās job to find them and address them. If the chosen response to a risk is for someone to do their normal job and follow an existing procedure, then it is a ābusiness-as-usualā risk, and it should be removed from the Risk Register.
Using Risk Management on Projects
The widespread occurrence of risk in life, business, and projects has encouraged proactive attempts to manage risk and its effects. History as far back as Noahās Ark, the pyramids of Egypt, and the Herodian Temple shows evidence of planning techniques that include contingency for unforeseen events. Modern concepts of probability arose in the 17th century from pioneering work by Pascal and his contemporaries, leading to an improved understanding of the nature of risk and a more structured approach to its management.
Without covering the historical application of risk management in detail here, clearly those responsible for major projects have always recognized the potentially disruptive influence of uncertainty, and they have sought to minimize its effects on achievement of project objectives. Recently, risk management has become an accepted part of project management, included as one of the key knowledge areas in the various bodies of project management knowledge and as one of the expected competencies of project management practitioners.
Unfortunately, embedding risk management within project management leads some to consider it as ājust another project management technique,ā with the implication that its use is optional and appropriate only for large, complex, or innovative projects. Others view risk management as the latest transient management fad. These attitudes often result in risk management being applied without full commitment or attention and are at least partly responsible for the failure of risk management to deliver the promised benefits.
To be fully effective, risk management must be closely integrated into the overall project management process. It must not be seen as optional, or applied sporadically only on particular projects. Risk management must be built in, not bolted on if it is to assist organizations in achieving their objectives.
Built-in risk management has two key characteristics:
ā¢ First, project management decisions are made with an understanding of the risks involved. This understanding includes the full range of project management activities, such as scope definition, pricing/ budgeting, value management, scheduling, resourcing, cost estimating, quality management, change control, and post-project review. These must take full account of the risks affecting the project, giving the project a risk-based plan with the best likelihood of being met.
ā¢ Second, the risk management process must be integrated with other project management processes. Not only must these processes use risk data, but there should also be a seamless interface across process boundaries. This has implications for the project toolset and infrastructure, as well as for project procedures.
Benefits of Effective Risk Management
Risk management implemented holistically, as a fully integral part of the project management process, should deliver benefits. ...