Tuesday, October 18, 2011

Risk Assessment, Mitigation And Containment For Planners And Managers

Share this ARTICLE with your colleagues on LinkedIn .

In business planning and all of project management, risk assessment, mitigation and containment tend to be haphazardly addressed, if addressed at all. These terms seem conceptually negative (not unlike a pre-nuptual agreement would seem to anticipate a marital failure or mistrust at the outset), so they are usually shunted aside in the interest of creating a positive managerial and team environment for the attainment of an objective.

Yet risk is a part of what is required in order to generate a return or result. It must be addressed at the beginning of any incremental strategic or project plan at the very beginning, and it must be monitored and revised as necessary at regular intervals. Optimally, these reviews should be held at the same times as the variance measurement and monitoring meetings are planned.

In the simplest terms, every course of action should be analyzed for risk at the beginning, so that the plan can incorporate certain anticipatory elements of flexibility. Following is an elementary (but helpful) checklist of what should be included in an initial risk assessment. These items will seem intuitively obvious, but they are all too often ignored - most project managers and strategic planners do not want to bring potential negatives to the attention of those who retain them or who might finance them, or they would prefer to "put their heads down" (techies and turtles have this propensity in common) and just go to work on building something.

Too narrow a focus at the outset leads to poor planning and poorer results.

In actuality, if presented properly, a good risk assessment addressing possible costs, delays and contingent arrangements to mitigate or contain them demonstrates initiative, thoroughness and prudent expectation management.

Framed appropriately, this part of a presentation can actually help expedite the development of a trust between your  client/employer/investor  and yourself. Risk is not bad, per se. It is a part of all processes and actions undertaken in the real world.

Here is an outline of my proposed risk analysis component to be incorporated in presentations, planning and ongoing management:

1) Identify individual risk factors in terms of variables (such as resource access and availability, pricing changes, data loss,  discontinuation of financial support, potential competition for resources with other projects, key component failures - bottlenecks -, additional time requirements for diagnostics and repairs, inaccurate or insufficient initial input or information 'going in' to the mission, technological glitches and the like).

2) Identify the greatest individual risk factors in terms of critical points, decision nodes or intervals during the process. In any undertaking for goal attainment or program completion, there are certain "moments of truth." These are similar to the most dangerous parts of a climb or a hike, and accordingly, these critical points or events should be given extra consideration. These call for extra caution, possible alternative routes, and extra resources.

3) After having identified and isolated all of the risk factors in terms of variables and process points, try to estimate the cost (in time and resources) if any of these small nightmares were to become a reality. Remember to include the effect that some of these impediments could also have to other inter-related parts of the process.

Without doing a very speculative probability and expected value analysis, simply estimate what the likely losses in time and money might be - these should be programmed into the plan so as to be better-prepared in the event they were to actually occur. If all goes well, you'll deliver your objective under budget and faster than estimated. Of course, there's always that element of Murphy's Law that has to be acknowledged.

Example:If it is quite possible that it will rain, it makes sense to spend the money to purchase an umbrella. It is a basic insurance principle -- in this case, the cost of the umbrella is the premium invested to keep yourself , your equipment and your documents dry in the event of a soaking storm.

4) After estimating the potential costs (conservatively) in terms of time and money in terms of variables (the what) and process points (the when), construct a plan to address and hedge against these contingencies with, for example, the use of multiple suppliers, the holding of cash reserves, the running of redundant systems and storage of critical data during a system switchover, and the possible purchase of insurance as may be be appropriate.

5) Reassess your risk estimates continually as a part of a comprehensive variance analysis and process management monitoring. Change estimates, tactics or strategies as necessary to adjust for your overestimation or underestimation of risk.
Five simple steps.
A white paper regarding risk mitigation (from a technological perspective, and principally focused on internet commerce and communications issues and disaster recovery) is available from ZDNet:

Strategy Guide to Business Risk Mitigation

If you think your disaster recovery plan is just fine, think again. Your reputation and the success of your entire business is at stake every time someone transacts with you online. What happens if your system is unavailable, just once, for even a few minutes? Read this white paper for IDC Analyst research, multimedia content, risk assessment tools, solutions, and case studies that will help you build a disaster recovery plan that truly mitigates risk.

Note: Should you have any problems with the above download, simply go directly to http://whitepapers.zdnet.com/abstract.aspx?docid=2717957&promo=580&trial=25438838&tag=nl.e580.em]
Douglas E Castle [http://aboutDouglasCastle.blogspot.com]

No comments:

Post a Comment

View DOUGLAS E. CASTLE's profile on LinkedIn
Douglas E. Castle
Bookmark and Share