|
11.6 Risk Monitoring and Control
|
Risk monitoring control is the process of keeping track of the identified riks, monitoring
residual risks and identifying new riks, ensuring the execution of risk plans, and evaluating
their effectiveness in reducing risk. Risk monitoring and control records risk metrics that are
associated with implementing contingency plans. Risk monitoring and control is an ongoing process
for the life of the project. The risks change as the project matures, new risks develop, or
anticipated risks disappear.
Risk control may involve choosing alternative strategies, implementing a contigency
plan, taking corrective action, or replanning the project. The risk response owner should
report periodically to the project manager and the risk team leader on the effectiveness of the
plan, any unanticipated effects, and any mid-course correction needed to mitigate the risk.
Good risk monitoring and control processes provide information that assists with
making effective decisions in advance of the riskīs occuring. Communication to all project
stakeholders is needed to assess periodically the acceptability of the level of risk on the
project.
The purpose of risk monitoring is to determine if:
Risk responses have been implemented as
planned. Risk response actions are as effective
as expected, or if new responses should be developed. Project assumptions are still valid. Risk expouse has changed from its prior
state, with anlysis of trends. A risk trigger has occurred. Proper policies and procedures are
followed. Risks have occurred or arisen that were
not previously identied.
 |
|
|
|
|
 |
11.6.1 Inputs to Risk Monitoring and Control
.1 Risk management plan. The risk management plan is described in Section 11.1.3.
.2 Risk response plan. The risk response plan is described in Section 11.5.3.1.
.3 Project communication. Work results and other project records described in Section 10.3.1 provide information about project performance and risks. Reports commonly used tomonitor and control risks include Issues Logs, Action-Item Lists, Jeopardy Warnings, or Escalation Notices.
.4 Additional risk identification and analysis. As project performance is measured and reported, potential risks not previously identified may surface. The cycle of the six risk processes should be implemented for these risks.
.5 Scope changes. Scope changes often require new risk analysis and response plans. Scope changes are described in Section 5.5.3.1.
11.6.2 Tools and Techniques for Risk Monitoring and Control
.1 Project risk response audits. Risk auditors examine and document the effectiveness of the risk response in avoiding, transferring, or mitigating risk occurrence as well as the effectiness of the risk owner. Risk audits are performed during the project life cycle to control risk.
.2 Periodic project risk reviews. Project risk reviews should be regulary scheduled. Project risk should be an agenda item at all team meetings. Risk ratings and prioritization may change during the life of the project. Any changes may require additional qualitative or quantitative analysis.
.3 Earned value analysis. Earned value is used for monitoring overall project performance against a baseline plan. Results from an earned value analysis may indicate potential deviation of the project atcompletion from cost and schedule targets. When a project deviates significantly from the baseline, updated risk identification and analysis should be performed. Eaned value analysis is described in Section 10.3.2.4.
.4 Technical performance measurement. Technical performance measurement compares technical accomplishments during project execution to the project planīs schedule of technical achievement. Deviation, such as not demonstrating functionality as planned at a milestone, can imply a risk to achieving the projectīs scope.
.5 Additional risk response planning. If a risk emerges that was not anticipated in the risk response plan, or its impact on objectives is greater than expected, the planned response may not be adequate. It will be necessary to perform additional response planning to control the risk.
11.6.2 Outputs from Risk Monitoring and Control
.1 Wokaround plans. Workarounds are unplanned responses to emerging risks that were previously unidentified or accepted. Workarounds must be properly documented and incorporated into the project plan and risk response plan.
.2 Corrective action. Corrective action consists of performig the contingency plan or workaround.
.3 Project change requests. Implementing contingency plan or workarounds frequently results in a requirement to change the project plan to respond to risks. The result it issuance of a change request that is managed by integrated change control, as described in Section 4.3.
.4 Updates to the risk response plan. Risks may occur or not. Risks that do occur should be documented and evaluated. Implementation of risk controls may reduce the impact or probability of probability of identified risks. Risk rankings must be reassessed so that new, important risks may be properly controlled. Risks that do not occur should be documented and close in the risk response plan.
.5 Risk database. A repository that provides for collection, maitenance, and analysis of data gathered and used in the risk management processes. Use of this database will assist risk management throughout the organization and, over time, form the basis of a risk lessons learned program.
.6 Updates to risk identification checklists. Checklists updated from experience will help risk management of future projects.
previous page
