Faced with a new project or undertaking, where does one start with the risk management process?
If your firm is in familiar territory, the RBS for another recent project might be the starting point for this project. But what if not?
Then one can start with the loci of risk within your domain.
Here's a generic start for the 'headings' under which a RBS might be formulated.
Client/customer: familiarity with this type of project
Less familiar more risk, particularly in project definition cycle of :need/opportunity--functional requirements--Quality Function Deployment--performance requirements--product specification (in engineering detail).
Customer certainty
Is the customer good at developing a 'concept of operations' for the project and then the functional and performance components? Will customer immaturity lead to 'change' battles and threaten project value to the PM?
Customer maturity for project type
Will the customer be able to identify needs, functions, performance requirements, understand final specifications, cooperate with a Project Delivery System, participate in Project Boards, Change Management discipline, etc.
Business environment
Client's competitive environment, your competitive environment. This also leads to the customer and the project 'community', those who do, can our would have an interest in the project's success or failure: 'stakeholders' in common parlance.
Type of project: your familiarity with it, current market position of this project, supply side circumstances
Location (not an issue for some types of project)
Nature of local conditions, site conditions, social conditions, local regulations, access, etc.
Suppliers: who is there to do the delivery of the project (e.g. construction skills, installation/implementation/change skills for IT, etc.)
Technology
This relates particularly to construction, IT and engineering projects that are in a different technology environment from the project manager or employ technologies unfamiliar to the relevant members of the project team.
Type of project: what hazards does this type of project typically encounter, and how are they typically dealt with: managed, accepted, transferred, designed out?
Team
Size, experience in domain, experience generally, familiarity with the project system used, familiarity with the applicable technology, worked together or not?
Contract terms
Do you and they understand the contract; is the risk allocation in the contract workable or acceptable to both parties. How are disputes handled? How are payments made? How are pre-payment acceptance points managed?
THEN
Each of the hazard areas can be considered against the CATWOE framework to form a more detailed area of hazard vulnerability before reducing to a risk schedule, which tabulates:
- the item
- expected probability of occurrence (a range)
- expected cost if occurs (a range in $)
- mitigating options
- cost of any mitigating action (re-design, transfer, manage)
- risk manager.
