the science behind breakthrough improvements

First step
You can manage,
  what you can measure;
You can measure,
  what you can define;
You can define,
  what you understand.


discover further
  • Six Sigma Basics
  • Statistics
  • Probability Theory
  • Methods, Tools & Techniques

  • Subscribe RSS

information
  • About Us
  • Terms of Use
  • Contact Us
  • Links



Valid XHTML 1.0 Strict

Risk Management

Share/Comment
Tweet This Tweet Share on Facebook Facebook
Send feedback Feedback e-mail to a friend EMail

To understand risk management, let us first understand what is a risk and what is not a risk?

Consider the following statement, "I run a risk of collision when I drive on a crowded street as my brake pads are completely worn-out". Is it a risk? No, it is not. In fact the collision is certain, unless of course you are driving on an absolutely empty freeway - which you are not in this case! It is a problem and needs a fix.

Now consider the following statement, "I need to attend a critical negotiation meeting at customer location at 11:00 hours sharp. It takes 25 minutes to reach under normal traffic conditions. I can start for that meeting only at 10:30 hours due to an important assignment. I run a risk of reaching late and lose on initial negotiation advantage". Is this a risk? Yes, it is. The element of uncertainty makes it a risk. And you can possibly explore mitigation strategies like going on a motorcycle rather then using a car. At this stage, it is also important to recall the exact meaning of word mitigate, "to moderate or lessen a quality or condition in force or intensity".

Risk has two key elements - a) an uncertainty and b) an impact in terms of potential loss (if it happens).

Risk management is a continuous process. Risk management process involves following key steps:

  1. Identify risks
  2. Assess each risk
  3. Rank all risks according to their severity
  4. Plan for risk mitigation and contingency on the basis of outcome of step 3
  5. Monitor each risk
  6. Control deviations (if any) from risk mitigation plan

Identify

Risk identification is carried out at the beginning of every project. Subsequently, it is revisited during each project review on an ongoing basis for all residual risks and new risks. The identification of risk is highly project specific. In general, any project has three key dimensions viz. cost, specifications, and time; and risks can be discovered in these contexts. Each risk must be clearly documented in a "condition (i.e. uncertainty)" - "consequence (i.e. impact)" format. In our previous example, "condition" is the occurrence of heavy traffic and "consequence" is losing the initial negotiation advantage.

It is always a good idea to create a risk classification or taxonomy. Each risk must be classified according to the taxonomy. Once this data acquires critical mass, it helps in developing better risk management strategies.

Assess

Risk assessment involves determining the uncertainty, the impact, and the first risk indicator. The uncertainty is the probability of occurrence of the risk. This probability can be determined either qualitatively or quantitatively. For qualitative measure, it is recommended to use 4 categories (to avoid middle point bias) such as 1-low, 2-medium, 3-high, and 4-very high. The quantitative measure is a normal probability scale measure from 0 to 1. The impact can be determined in terms of its severity, preferably a value from 1 (lowest) to 4 (highest). The first risk indicator is earliest condition or event that signals risk turning in to a problem.

Rank

After successful risk assessment, ranking is a relatively simple task. Sorting the product of the probability of every risk and its corresponding impact generates the risk ranking. This now becomes an important input for risk mitigation planning. The risk ranking determines the extent of risk planning focus.

Plan

At this step, a mitigation approach is developed for each risk, to either avoid or reduce the impact of risk. The responsibility to implement the mitigation strategy is assigned to a team member along with a target date. The actual execution of the mitigation plan is called risk resolution. In addition, a contingency plan is also developed to handle the situation when a risk turns in to a problem.

Monitor

It involves regular tracking of risk resolution process and first risk indicator. The deviations in the risk resolution process are recorded. Occurrence of first risk indicator may trigger activation of contingency plan.

Control

At this step, strategy to reduce deviation in the risk resolution process is developed and implemented.

All the above six steps are carried out on an ongoing basis for a project so that all risks stay managed during its life cycle.

Minimum Risk Documentation Format

The following table outlines a minimum documentation format to record each project risk:

Documentation Format

November, 2005   |  Permalink   |  Home   |  Previous Topic   |  Next Topic - Coming up soon.


comments powered by Disqus

Commenting Guidelines
We hope the conversations that take place on “discover6sigma.org” will be constructive in context of the topic. To ensure the quality of the discussion stays in check, our moderators will review all the comments and may edit them for clarity and relevance. The comments that are posted using fowl language, promotional phrases and are not relevant in the said context, may be deleted as per moderators discretion. By posting a comment here, you agree to give “discover6sigma.org” the rights to use the contents of your comments anywhere.

Copyright © 2005-14 Sanjaya Kumar Saxena
Rights reserved. Please seek permission for reproduction.