1 Risk Management Principle: Tool 2E
1 Risk Management Principle: Tool 2E
Risk Analysis
Identify and describe risks to gain awareness of the risk type, probability of occurrence, and potential impacts Quantified Risk s
Risk Handling
Prepare a method of response to eliminate, accept, or reduce the impact/probability of risks
Risk Responses
Risk Monitoring
Monitor the risk environment throughout the project lifecycle to update strategies and forecasts
8-1
2
2.1
2.1.1
2.1.2
2.2
Analysing Risk
Risk analysis involves identifying all known risks at an early stage of the project and establishing a risk register describing the nature of the risk, probability of occurrence, and possible impact.
8-2
2.2.1
2.2.2
2.2.3
2.3
Handling Risk
Risk handling involves developing specific, discrete responses to address each risk and to reduce overall project uncertainty. If the identified risks are unacceptable, seek ways of preventing or reducing those risks and create fallback plans. In some cases, risks can be
8-3
eliminated while other risks are completely external to the project, presenting little scope for reduction.
2.3.1
Develop Responses
Develop suitable responses for each risk: Avoid remove the risk, usually by eliminating the cause Transfer allocate the risk to others through contracts or insurance Mitigate reduce the risk probability, risk impact, or both Accept accept the possible consequences of the risk; absorb within project allowances, or fund specific risks separately
2.3.2
Evaluate Responses
Transferring risk will be cost-effective only if the contractor has proper and effective control over the source of the risk. For insurance of project-associated risks, consult with GSK Corporate Insurance and Risk Management for advice and for the appropriate insurance arrangements. With mitigation or acceptance, the risk is not removed completely. In these instances, establish a fallback plan (e.g., emergency responses) in case the risk occurs. Identify any secondary effects associated with the proposed response. Ensure that any costs, time, and resources required to implement any response or fallback plan are identified and included in the Project Plan, schedule, and cost estimate or budget. Determine the feasibility of the responses, both individually and collectively. Consider the cost of managing the risk versus the perceived benefits of the proposed responses. It may be better to accept some risk as is, rather than expending resources reducing it.
2.3.3
Assign Responsibility
Where mitigating actions are feasible and justifiable, assign action owners and due dates to each risk. Place the ownership of risks with those best placed to manage them, and who have the necessary expertise, resources, and authority to carry out any mitigating action.
2.3.4
Accumulate Results
Consolidate plans (e.g., contractual, insurance, and fallback) and incorporate them into the overall project plans. Price the cumulative results of the risks and their responses to assess the overall impact to project costs.
R1
Make adequate provision for risk management actions in project cost estimates. For Class 1 through Class 3 estimates, the risk results may be used to help determine the amount of contingency required within the range of typical contingency levels. For the Class 4 estimate, the results are used to determine the impact on project contingency and if a risk allowance is required. For more information on setting contingency and risk allowances, see the Cost Estimating and Schedule Development practices, along with Tools 11C Detailed Contingency Estimating Method and 11D Estimating Risk. Document the recommendations, including those risks that the project team has consciously decided to accept or ignore. Communicate the risk strategies to the project team, senior management, and stakeholders. Obtain agreement from stakeholders regarding the handling of
8-4
2002 GlaxoSmithKline, Rev.2 July 2008
major project risks. Ensure that decisions made regarding risk are agreed throughout all project stages.
2.4
Monitoring Risk
Establish risk controls to ensure the ongoing management of project risk. Continually review project risks and their significance, monitor the effectiveness of risk response strategies, and regularly update fallback plans. Ensure that the risk management process remains consistent with the main project objectives.
2.4.1
Identify Triggers
Identify the potential triggers that would indicate the occurrence of a risk, and make sure these triggers are visible to the project team. Monitor the triggers on a frequent basis, and use the information to update forecasts.
2.4.2
2.4.3
2.5
Responsibilities
This section describes the risk management responsibilities for various roles.
8-5
2.5.1
Project Sponsor
Conducts an initial assessment of overall project complexity and associated business risks during the Inception stage Obtains agreement from stakeholders regarding the handling of major project risks
2.5.2
Project Manager
Defines the risk management strategy for the project and documents it in the Project Plan Sets up the risk management workshop Assigns suitable responses to and owners for risks Documents the results of the risk assessment in a risk register (further updates to the risk register may be delegated to the contractor) Includes adequate provisions for risk management actions in project cost estimates Monitors risks and uses the latest information to update forecasts Documents risk occurrences and communicates results to others
2.5.3
Customer
Actively participates in the risk management workshop Takes ownership of risks that fall under the Customer's authority
2.5.4
Contractor
Actively participates in the risk management workshop Takes ownership of risks that fall under the contractor's authority
8-6