Managing Risks – Qualify Risks
Managing Risks – Qualify Risks (#3 in the series Managing Risks)
By John Filicetti
As you go through the following risk analysis, you will be asked to qualify the risk probability and impact in terms of Low, Medium, and High. Qualifying risks is a discipline unto itself and the accuracy of your results is commensurate with the techniques you use and your historical experience with risk analysis.
Before you begin any qualification analysis, you will want to determine your organization’s tolerance to risk. Can the organization operate in a high-risk environment or are they conservative and want only low-risk projects? If you work for a small company, an additional project cost of $250,000 or a delay of two 2 months may put your entire company at risk. If you work for a large organization, these overruns may be acceptable for a project. How much cost and delay is acceptable? Remember we are not asking for your preference; it’s just the bottom-line numbers your company can tolerate. Determine and write down the company’s risk tolerance.
Next, you will want to qualify each risk item by asking:
- What is the impact to the project if the risk item occurs (Low, Medium, High)?
- What is the probability or likelihood of the risk item occurring (Low, Medium, High)?
- Review archived projects to see if similar tasks from the past have taken longer than your estimates or have cost more.
- Find out your team’s confidence level. If the resources that will do the work aren’t comfortable with your cost or duration estimates, then the risk is more likely to occur.
Once the impact and probability has been determined, you will want to prioritize which risks are going to be actively managed focusing on the following order in priority (you might want to modify this priority table according to your organization’s sensitivities):
| Impact | ||||
| High | Medium | Low | ||
| Probability | High | 1 | 1 | 2 |
| Medium | 2 | 3 | 4 | |
| Low | 4 | 5 | 6 | |
John F. Filicetti, PMP, MBA
John Filicetti is a Sr. Sales Engineer/PM-PMO-PPM Consultant with a great depth of experience and expertise in enterprise project management, project management methodologies, Project Portfolio Management (PPM), Project Management Offices (PMOs), Governance, process consulting, and business management. John has directed and managed project management teams, created and implemented methodologies and practices, provided project management consulting, created and directed PMOs, and created consulting and professional services in such areas as project portfolio management, Governance, business process re-engineering, network systems integration, application development, infrastructure, and complex environments. John has enjoyed many years as PMO Director for large corporations in the Seattle area and leads the PMO Roundtable discussion group and forum.
Another matrix to evaluate and quantify risks that I have come across is:
Probability: High – 3; Medium – 2; Low – 1
Loss-Given-Occurrence: High – 3; Medium – 2; Low – 1
Risk Wgt = Probability score x Loss score
Mitigation process quality: Excellent – 9; Good – 3; Absent – 1
Severity = Risk Wgt / Mitigation Process Score