Cmme process domain-rskm Risk Management

 

SG 1 prepares for Risk Management

Establishes and maintains strategies for identifying, analyzing, and mitigating risks. This strategy is generally written into a project risk management plan. The risk management strategy deals with specific measures, resources, and management methods suitable for controlling the risk management outline, including planning the risk source, risk classification scheme, and risk evaluation, definition, and control parameters. Related Practices:

• Sp1.1 identify risk sources and categories
  Sp1.2 defines risk parameters
  Sp1.3 establish risk management strategy

Risks come from multiple sources. The common sources of risks for IT projects are uncertain requirements, staff flow, use of new technologies, unreasonable progress, and insufficient developer skills. There are also many types of risks. Large categories can be classified into project management risks, business risks, and technical risks. Note that the purpose of determining risk sources and classifications is to provide a mechanism for collecting and summarizing risks to ensure that risks can attract the attention of managers. On the one hand, different risk types and sources may have different risk probabilities, influences, stakeholders, risk thresholds, and other basic parameters.

Defining risk parameters mainly involves determining the risk definition, evaluation and sorting criteria. It is important to determine the threshold of various risks. A risk threshold is a risk monitoring and control point. When the impact of a risk assessment exceeds the threshold, you must consider implementing a risk mitigation plan. The implementation of a risk mitigation plan can be implemented immediately at the critical risk we assess. One is that, although it is not yet critical, the mitigation plan must be implemented when the risk exceeds the threshold.

The content corresponding to sp1.3 can be directly understood as a risk management plan, which should be an important part of the project plan. The risk management plan should define the project risk management team members, the risk parameters used by the project, risk identification methods and tools, and the risk mitigation policies that the project may adopt, how the project monitors risks and so on.

SG 2 identifies and analyzes risks

Identify and analyze risks to determine their relative importance. The degree of risk affects the allocation of resources to deal with risks and determine when the appropriate managers should pay attention to them. The risk is analyzed by adding an identifier to the risks of internal and external sources, and then evaluating each risk to determine its likelihood and subsequent results. The identification of risk categories based on established risk classification methods and criteria for risk management strategies will provide the necessary information for risk handling. Related risks can be grouped to effectively handle risks and use risk management resources. Related Practices:

• SP 2.1 identifies risks
  SP 2.2 evaluates, classifies, and sorts risks in sequence

Risk identification involves various methods, such as brainstorming, surveys, risk checklists, and risk libraries. The WBS work breakdown structure must be used to identify risks of products and technologies. In the risk identification stage, we will form a risk register, and enter the names, sources, categories, and other basic risk attributes of risks.

Sp2.2 mainly refers to the risk qualitative analysis content mentioned in PMBOK. It is mainly to determine the impact of each risk, the risk value = the probability of risk occurrence * the impact of risk. We should obtain the final risk value for each risk we identify and then sort the risk priority. The risk probability impact matrix is introduced in qualitative risk analysis. organizations and projects can define the scope of risk values based on the probability impact matrix, which is the key risk of the project. When a risk is assessed as a key risk of my project, we must consider coping with and mitigating the risk.

 

SG 3Mitigate risks

Handle risks and mitigate risks when appropriate, so as to reduce the adverse impact on project achievement.

The procedure for handling risks includes proposing risk handling opinions, supervising risks, and performing risk handling activities when the specified threshold is exceeded. Develop and implement risk mitigation plans for selected risks to actively reduce the potential impact of risks. Such schemes may include contingency plans to deal with the impact of the selected risk in case of occurrence, which is irrelevant to the intention to mitigate the risk. The criteria, thresholds, and parameters used to initiate risk management activities are defined by the risk management strategy. Related Practices:

• SP 3.1 develop risk mitigation plan
  SP 3.2 implement risk mitigation plan

The criteria, thresholds, and parameters set forth in the risk management strategy are used to determine when risk management actions need to be taken. The risk mitigation plan only targets key risks of the project and only monitors general risks. For common measures to mitigate, accept, circumvent, and transfer risks, we recommend that you have more than one method to mitigate key risks. In sp3.1, You Need To determine the level and threshold of risks, which indicate when the risks will become unacceptable and will initiate risk handling actions. In addition, the risk mitigation plan also needs to include emergency response methods after risks are converted into problems.

Implementation of a risk mitigation plan requires the implementation owner of the mitigation plan to regularly track whether the risk has been mitigated after the implementation of the mitigation plan. Whether the probability and extent of risk are reduced. With these tracking and re-evaluation, you can re-update the risk status and priority.

Level 3 risk management requires that risk management has risen to the level of organization. The organization has a standard definition of risk management procedures and parameters, and projects can be tailored. In addition, the Organization will form a risk library for the project to identify risks. Level 4 requires quantitative management of risks. Sub-processes of risk management need to be quantified, such as risk identification and risk analysis. Some sensitivity analysis, Monte Carlo simulation, and other quantitative risk analysis methods should be used for risk analysis.