26 What is the lifecycle of a risk?
ฝัง
- เผยแพร่เมื่อ 11 ก.ย. 2024
- As we track the progress of risks, it might be helpful to use a set of recognised risk status values. David proposes a set of status values that describe the lifecycle of a typical risk.
Very briliant indeed. Dr. Hillson's expertise in risk management is beyond expectations. He explains the concepts in a very soft language, and briefly, but very easy to grasp them.
Thanks Hamenya. My motto is "Understand deeply so you can explain simply". Actually risk management isn't really hard, it's about asking and answering questions, being curious and persistent, and motivated to find out what's possible.
This man is brilliant!!!!
Thanks, you're very kind.
Doc...problem vs issue? Any video about that?
Sure. Check out #8 in this series "What is the difference between risks and problems or issues?". Go to th-cam.com/video/E8ByyKVCYKM/w-d-xo.html
So what is a “closed” for an opportunity? Is that a failure of opportunity management? While for a threat it is a success of threat management?
So is it opposite? Because “problem” and “benefit” at the end are failure for threat management, but success for opportunity management.
It would only make sense if close for opportunity meant we were unsuccessful in attaining the benefit. Please confirm.
Maybe have a second level to “closed risk” just the way there is a second level to “occurred risk”.
Threat “closed” becomes “problem resolved” or “threat resolved”
Opportunity “closed becomes “benefit lost” or “opportunity lost”
Thanks for your question Arvin. Here's something I wrote in 2018 which hopefully will answer your question:
As we manage individual project risks, they pass through a lifecycle which can be described using a set of status values. These can help us to understand where each risk is in its lifecycle, so that we can determine what we should do next. The following set of standard status values might be useful:
• Unknown: A risk that has not yet been identified.
• Draft: A proposed risk that has not yet been validated.
• Rejected: A Draft risk that is not valid.
• Escalated: A Draft risk that is outside the scope of the project and that should be managed at program level or elsewhere in the organisation.
• Active: A valid risk with a probability of occurrence greater than zero and that will impact one or more project objective if it occurs. An Active threat can affect the project negatively, while an Active opportunity has a potential positive effect.
• Deleted: A risk that is no longer valid, perhaps resulting from a change in the project’s strategy, environment, objectives, or scope.
• Expired: The time window in which the risk could have occurred has passed, so the risk no longer needs to be considered.
• Closed: A risk (threat) for which the response has been fully effective and the risk can no longer affect the project.
• Occurred: The risk has happened and the impact is being experienced.
Using these status values, we can describe the lifecycle of a typical individual project risk:
• All risks start as Unknown. When they are identified, they become Draft risks which need to be reviewed and validated. A Draft risk can be Rejected if it is not considered valid, or it can be Escalated if it is outside the scope of the project. If the project manager decides to Escalate a risk, he or she determines who should be notified about the risk, and then communicates the details to that person or party. Draft risks that are considered valid and in scope for the project become Active.
• Active risks need to be assessed, and appropriate responses should be developed and implemented. The status of Active risks should be monitored regularly, and they may remain Active for some time. Alternatively, Active risks might be marked as Deleted or Expired if they can no longer affect the project due to changes in the project context (Deleted) or if the time of their potential impact has passed (Expired). We might be pleased that a threat has Expired since it can no longer have a negative effect, but we might regret an Expired opportunity where the positive impact is no longer possible.
• When an Active threat is successfully managed so that it can no longer affect the project, it is marked as Closed. Opportunities cannot be Closed, as they remain Active until they have either Occurred, Expired, or been Deleted.
• If and when a risk actually happens, it is marked as Occurred. It is good for an opportunity to occur, and bad for a threat to occur. A risk might occur if the response to a threat proved ineffective or the response to an opportunity was successful (or perhaps it was due to chance or luck!). When a threat has Occurred, it is converted to an issue or problem and managed accordingly. When an opportunity has Occurred, the additional benefits must be recognised and managed.
I hope this is helpful. Thanks again for your question.
RiskDoctorVideo yes it was indeed helpful, it gave some clarity in the difference between “deleted” and “expired”, and why a failed opportunity management would only end up as either “deleted” (no longer within the scope) or “expired” (no longer within the time frame), or if it is achieved it becomes “benefit” and until then it remains “active”..
Got it thanks! I appreciate these videos quite a lot, and getting a quick response to my question is even more appreciated! Thanks a lot!!
I would also share my understanding on what was written by Risk Doctor, that, since the interest in managing a positive risk (opportunity) is on maximizing it, this is to say, for positive risks, our quest is not to close it, but rather, we want it to be a success, so closing the positive risk could simply be considered just as a failure in that sense.
I hope Dr. Risk will correct me if I'm wrong.