Project Success Tips

 
<< Previous    [1]  2    Next >>

Risk Management Frameworks
Article 3 in a Series on Risk Management
By Glen Alleman

Let’s start with a quick review of the previous two articles in this series on Programmatic Risk Management. This article will establish the principles of Risk Management, ending with one of the top level approaches to communicating about risk status.

Programmatic risk arises from three sources: (1) the naturally occurring “noise” in the cost and schedule. This is called the Deming risk. Attempts to control this type of risk is a waste. (2) The variances that emerge dynamically through the interactions of the work elements of the schedule, the cost components, and of course the performance of the technology. This is a stochastic risk driven by the underlying probabilistic activities of the planned work. (3) The technical risk causing unplanned delays and cost overruns. 

Managing all three of these risk types calls for a structured approach. There are many suggestions for managing risk. Some are actually credible. Let’s start with a framework for managing risk that is a guide for assessing the success of any specific risk management approach. 

There are two primary frameworks: 

1.  The Software Engineering Institute’s Continuous Risk Management, 
 http://www.sei.cmu.edu/solutions/risk/. Start with the tutorial titled Rethinking Risk Management: NDIA Systems Engineering Conference.
http://www.sei.cmu.edu/library/abstracts/risk/upload/dorofeetutorialndia09_8819.pdf

2.  The US Department of Defense Risk Management Process, 
http://www.acq.osd.mil/sse/docs/2006RMGuide4Aug06finalversion.pdf

 

Both frameworks take care to separate Issues from Risks. Risk management is the overarching process that encompasses identification, analysis, mitigation planning, mitigation implementation, and tracking. 

An important difference between issue management and risk management is that issue management applies resources to address and resolve current issues or problems, while risk management applies resources to mitigate future potential root causes and their consequences. 

The Software Engineering Institute’s CRM has the following structure:
 

SEI Risk Process diagram

 

While the US DoD Risk Management process has the following structure:
 

DOD Risk Process diagram 

 

Both have similar elements and both have been field proven in a variety of domains. The SEI paradigm is centered on software development, while the DoD paradigm has a more general purpose approach. 

<< Previous    [1]  2    Next >>

FREE Report

How Projects Get Done

Get your free newsletter
and 18-page Special Report ($29 value) on how to manage projects successfully

Main Menu

● Home
● Info for PMs
● Articles
● Index
● Meet the Experts
● Info for Our Authors
● About Us
● Contact
● Privacy Policy
● Press Releases
● Site Map

 

 
Authors Welcome
If you are an experienced project manager and would like to write articles for the newsletter, please email me at ray@projectsuccesstips.com. I am looking for first-person project stories with real lessons learned.

Thanks,
Raymond Posch, PMP
Publisher

 

 

Home Info for PMs Index Meet the Experts Info for Our Authors About Us Contact Whitelist Information Press Releases Site Map

We respect your privacy. View our privacy policy.

©Copyright 2009-2010 Raymond J. Posch and New Spirit Productions. All rights reserved.