Better risk management with Prince2 2009

by David Hinde on 17/09/2009

Prince2 has always had a solid but simple way of dealing with risk. With the latest version, released this month, a number of excellent ideas and concepts have been introduced. Here are the best seven.

Step 1 – Having a risk management strategy
In my experience risk management is something that is talked about a lot but rarely done. One problem is that people don’t know who should be doing what. To help with this Prince2 2009 introduces a Risk Management Strategy. It outlines the way in which risk will be identified, evaluated and dealt with in a project. It shows who should be responsible for carrying out the various risk management roles. It also sets out how much risk an organisation is willing to bear. The strategy is put together at the outset of the project; everyone reviews and signs up to it.

Step 2 – Risk identification Techniques
Where do you start when it comes to identifying all the potential risks in your project? The new manual gives a number of approaches. These include reviewing lessons learned from previous projects, carrying out a risk brainstorming session, using an industry specific prompt list showing likely areas of risk or creating a risk breakdown structure. The latter is a hierarchical diagram like an organisation chart. It can be sub divided in a range of ways, for example by product, by team or using PESTLE (political risks, economic risks, social risk, technological risks, legal risks, environmental risks) It can be used as a focal point for a workshop to identify all risks in each area of the project.

Step 3- Early warning indicators
It is all too easy for a project manager to myopically focus on a small set of performance areas such as work completed to schedule. The new manual suggests a range of other early warning indicators that identify how the project is performing. For example percentage of approvals accomplished, number of issues being raised and number of defects being captured in quality inspections.  Reviewing all aspects of a project increases the likelihood of identifying more critical risks

Step 4 – Assessing the overall risk exposure
Prince2 2009 gives an approach to show the overall risk situation of a project. Each risk is given a likelihood in percentage terms and an impact should it occur in monetary terms. By multiplying one by the other an expected value can be calculated. Totalling the expected values of all the risks gives a monetary figure that easily shows the exposure of the whole project to risk.

Step 5 – Considering the effect of time on a risk.
Prince2 has always recommended recording when each risk will occur. It calls this the proximity of the risk. But in this latest release it gives examples of how you might categorise proximity, such as imminent, in the next stage of the project or after the project. It also recommends considering whether the probability of the risk occurring and/or the impact on the project if they do occur, might vary over time. Having this information can help focus on risks that are of a more pressing concern.

Step 6 – Giving a clearer approach to help define risks
Rather than just thinking about the event that may or may not occur such as a road collapsing underneath a heavy load, the new manual considers what could cause the event. This allows for a deeper analysis of any individual risk. If the road collapses it could be caused by heavy rain, bad driving or initial poor construction of the road by the council. Understanding what are the most likely causes for each potential risk event, can help implement better mitigation plans to deal with them

Step 7 – Focus on opportunities
Risks can be opportunities. For example a new technology might appear to speed the programming of a software module. Prince2 2009 gives three ways of approaching an opportunity: exploit it by doing something that ensures it occurs, increase the probability or impact of the event occurring or simply reject the opportunity. In practice a good project manager is always looking for opportunities to improve their project, but making this explicitly part of the risk management process, improves the probability of spotting more.

All trademarks are acknowledged. Prince2, MSP and MoR are trademarks of the Office of Government Commerce

Share
Permalink

Trackback URL for this post: http://www.orgtopia.com/2009/09/17/better-risk-management-with-prince2-2009/trackback/

Comments on this entry are closed.

Previous post:

Next post: