Risk Management on projects is well understood in some domains and poorly understood in other.
It is remarkable that a science which began with the consideration of games of chance should become the most important object of human knowledge - Pierre Simon, Marquis de Laplace (1749-1827), in his book “Analytic Theory of Probabilities”
First let's establish a definition of risk.
The DOD D5000.2 defines risk as “a measure of the inability to achieve program objectives with defined cost and schedule constraints.”
I say "a"definition, because there are several definitions. It's critical to establish the definition of risk before starting down the path of managing risks.
Then let's establish some "rules" for risk management. These come from Risk Management Process
& Implementation Practice Book Number One: Overview and Guidance Little Aqua Book, Prepared by
American Systems Corporation, 13990 Parkeast Circle, Chantilly, VA 20151-2272.
- RULE 1: Projects that don't manage risk are at risk.
- RULE 2: Risk management is not free; prepare to commit resources, define a risk management process, and make a risk reserve available.
- RULE 3: Centralize risk management responsibility; distributed responsibility must be coordinated.
- RULE 4: Prioritize risks and only deal with the most critical. All non-negligible risks must have mitigation strategies.
- RULE 5: Program managers are responsible for action; risk managers are responsible for risk identification and follow-up.
- RULE 6: The risk management process must be defined and consistently implemented throughout an organization. Activities must tree up to the organization’s risk management policy.
Here are some sources of Risk Management that can guide you through the mase (listed in order of importance)
- Effective Risk Management: Some Keys to Success, 2nd Edition, Edmund H. Conrow, AIAA 2003.
- Managing Risk: Methods for Software System Development, Elaine M. Hall, Addison Wesley, SEI SEries on Software Engineering, 1998.
- How to Lie with Statistics, Darrell Huff, W. W. Norton, 1954.
- Development of Risk Management Extensions to the PMI Project Management Body of Knowledge, Dr. Edmund Conrow, Acquisition Quarterly Review, Spring 2003.
- RISK MANAGEMENT GUIDE FOR DOD ACQUISITION Sixth Edition (Version 1.0).
- The Death of Risk Management, 2008 NDIA Systems Engineering Conference.