In this chapter, we are going to look at two of the tools and techniques in the monitor and control risks process, namely – Risk Reassessment and Risk Audits.
The word reassessment is something that you would’ve heard frequently in real life. The meaning of Risk Reassessment is in the same lines as the literal meaning/purpose of the word and focuses on Risks specifically.
There are three aspects of Risk Reassessment that you must remember for the RMP Exam. They are:
1. Identifying New Risks
2. Closing Risks that are no longer applicable
3. Keeping tab on existing risks to figure out if any further action is required
Points 1 & 2 are pretty self-explanatory. Point 3 is where a bulk of the action is. We will keep checking if the impact and/or the probabilities of risks are the same now (As compared to when they were planned before). The level of impact of a risk or its probability could change when project execution begins. Even some risks that are in the watchlist could have changes to their probability and/or impact. In such cases, we take these risks through the risk management cycle and then formulate a response. The whole idea is to reassess and re-strategize those risks where we feel our existing response strategy may be inadequate.
When a new risk is identified during this process, we take that risk through the full risk management cycle in order to formulate a response strategy for the newly identified risk.
As the project progresses:
• The probability of a risk occurring comes down
• The impact of the risk (if it occurs) goes up
Remember the chapter on Risk & Uncertainty titled Managing Uncertainty? Risks always move with uncertainty. The greater the uncertainty, the greater the risk. So, as the project moves forward and more and more work gets completed, the uncertainty comes down and so does the likelihood of the risk materializing.
Projects vary and not all projects are similar. So, when we do this risk reassessment activity too would vary from case to case. As a general rule of the thumb, risk reassessment should be scheduled regularly, especially where projects have schedule or cost slippages. The whole idea here is to reassess the situation to take remedial actions to bring the project back on track.
Risk Audits is another tool and technique that we use during the monitor and control risks process. It is also part of the overall process improvement of the project.
Risk Audits are concerned with:
• Measuring the effectiveness of the risk responses
• Measuring the effectiveness of the risk management processes in the project
When we perform Risk Audits, we examine the risk responses (that were implemented) to determine if they were effective in handling the risks and their root causes. The output of this audit is always documented. Similarly, we can also audit and gauge the effectiveness of the risk management processes in the project as a whole too.
The idea behind these kinds of activities is to be more proactive than be reactive. We are constantly trying to refine and improve our processes and efficiency and this risk audit can greatly help the risk management practices in not only the project but also the whole organization as well (If we properly capture the results of our audits and create lessons learned documents)
It is the responsibility of the Project Manager to conduct periodic risk audits. How frequently risk audits happen, who does them, and how the output is captured etc. is specified in the risk management plan. Typically risk audits are scheduled at significant project milestones. For smaller or low-complexity projects, we can even take up risk audit as a onetime activity towards the end of the project.
Steps in Risk Audit:
a. Identify who will participate
b. Follow the risk audit specifications documented in the risk management plan
c. Collect, analyze and document all relevant information
d. Use recommendations to improve the process
As we conduct the audit, the participants may have several questions. All these questions will help us measure the effectiveness of the response that was implemented. In order to achieve maximum benefits out of this activity, all the participants must be in the same page before the meeting and understand the project clearly.
Prev: Overview of Tools & Techniques used in Monitor & Control Risks
Next: Workarounds and Reserve Analysis