CMMi Management

Its a Problem not a Risk

By Mainak Biswas April 10, 2007 - 1,488 views

Risk Management is a fundamental discipline for any planning process. Risk is defined as a possibility of a loss and has a probability associated against it. As a manager, it is important to continuously monitor risks and take actions to mitigate them. Dr. Robert Charette said that risk management is not about future decisions but, future of present decisions.

The process to identify risks starts the beginning of the planning process itself. All the participants brainstorm to find out all the possible risks that may affect their plans. Then a monetary value is put against the risk which represents the amount of loss that will incur if the event actually occurs and finally, a percentage value is put against the risk item that represents the probability of the risk actually occurring. The impact of the risk is calculated as a product of probability and loss amount. This gives managers a way to prioritize risks and manage them effectively. For risks that can adversely impact our plans, it is also important to write up a contingency plan i.e. what will we do if this risk occurs.

Decision making under a scenario of chaos is normally not as effective. I think the biggest benefit of risk planning is that it helps us in executing a pre-planned action at the time of chaos. This is because the action has been planned thoughtfully before the risk has actually occurred and hence the element of urgency does not cloud the judgment. For example, a data centre might consider fire as a risk to its facility and servers. Now, unless a plan has been drawn up earlier that tell the superintendent on duty about what to do in case of a fire, it will be difficult to take the “right action” or take “all the actions” that might be required to protect the facility and data in case there is fire.

Too often within the planning process, people write down known issues as risks. Known issues are problems and not risks. For example, if you know that your organization does not have the skills to deliver the project then it’s a problem – not risk! You have to deal with it right away.

A problem is a risk that has already been realized. They have a 100% probability.  The only reason someone wants to put a known problem as a risk is because they don’t want to deal with it right away. It’s same as saying – “OK! I know we cannot deliver this project but let’s put this down as a risk as we will deal with it later. Let’s focus on getting the SOW signed now”.

This is wrong! Problems must be dealt with as soon as the identified and Risks can only be dealt with once they are occurred. In a nutshell, Risks always deal with future events and not present while whatever is known right now is a problem and not a risk.

Thus as a customer, if  you ever come across a risk management plan where problems are listed as risks then you should be aware and ask your vendor to address them right away i.e. before the plan is approved.

Page Scrolled