Risk Managment Plan
Project Sizing No two projects are the same. Projects vary vastly in size and complexity. Some projects are started and nished in a few weeks, while others take a decade or more to complete. Some projects have budgets of a few thousand dollars (or even no budget at all), while others cost billions. Some projects are relatively routine, using tried and tested strategies, while others are totally innovative and groundbreaking.
In response to this wide variety of projects, ATOM o ers a fully scalable risk management process that recognizes that simple or low-risk projects may need just a simple risk process, while complex or high-risk projects require more rigor and discipline. ATOM provides scalability in three ways: through the number and type of reviews required during the project life cycle, through the optional use of quantitative risk analysis techniques, and through the range of tools and techniques used during each of the ATOM steps.
• Reviews. Sometimes simply revisiting the risk process to determine changes to existing risks and whether any new risks have arisen is su cient. At other times a full repeat of the entire risk process might be appropriate. ATOM uses two types of reviews to meet these needs: a Major Review and a Minor Review. These can be used in various combinations depending on the size of the project.
• Quantitative risk analysis. ATOM suggests reserving use of quantitative analysis for projects that are large or high-risk, where the investment in such techniques can be justified.
• Tools and techniques. Many techniques exist for the identi cation and assessment of risks. An appropriate set of techniques should be selected to meet the risk challenge of a particular project.
Figure 3-3 presents the full scalable ATOM risk process, indicating where reviews and quantitative risk analysis (QRA) might occur. Broken lines in Figure 3-3 indicate the optional nature of QRA.
With a scalable process, a method of deciding what level of process is appropriate for any particular project is clearly important. “Project size” is a multidimensional concept with many factors to be considered. It is also a continuous variable, rather than one with a small number of discrete values. However, it is useful to have a simple tool that uses various criteria to characterize a given project, perhaps dividing projects into three groups that we can call small, medium, or large. This tool has several uses, not just relating to risk management, because many project management processes can also be scalable depending on the size of the project.
One key question is how many criteria should be used in such a sizing tool. If too few criteria are used, then it is di cult to distinguish between projects of di erent sizes. On the other hand, too many criteria can become overly complex and can lead to
Co py ri gh t 20 12 . Be rr et t- Ko eh le r Pu bl is he rs .
Al l ri gh ts r es er ve d. M ay n ot b e re pr od uc ed i n an y fo rm w it ho ut p er mi ss io n fr om t he p ub li sh er , ex ce pt f ai r us es p er mi tt ed u nd er U .S . or a pp li ca bl e co py ri gh t la w.
EBSCO Publishing : eBook Collection (EBSCOhost) - printed on 11/7/2019 7:51 PM via STRAYER UNIVERSITY AN: 1672297 ; Hillson, David, Simon, Peter.; Practical Project Risk Management : The ATOM Methodology Account: strayer.main.ehost
insu cient discrimination due to the averaging e ect. Experience suggests that using 10 to 12 criteria is about right, giving a good compromise between detail and usability. Each organization should de ne those criteria that best describe the relative size and importance of a project within the business. One organization’s “small” will be another organization’s “large.”
Even where sizing criteria are well de ned, an organization may wish to allow shortcuts to describe circumstances in which project size can be determined without use of the project sizing tool. For example, projects of very low value or very short duration might always be deemed small, while business-critical projects might always be large.
Co py ri gh t 20 12 . Be rr et t- Ko eh le r Pu bl is he rs .
Al l ri gh ts r es er ve d. M ay n ot b e re pr od uc ed i n an y fo rm w it ho ut p er mi ss io n fr om t he p ub li sh er , ex ce pt f ai r us es p er mi tt ed u nd er U .S . or a pp li ca bl e co py ri gh t la w.
EBSCO Publishing : eBook Collection (EBSCOhost) - printed on 11/7/2019 7:51 PM via STRAYER UNIVERSITY AN: 1672297 ; Hillson, David, Simon, Peter.; Practical Project Risk Management : The ATOM Methodology Account: strayer.main.ehost
Figure 3-3 The Full ATOM Process
Figure 3-4 presents a sample project sizing tool to illustrate the approach that an organization might adopt in order to size a project. This example uses a Likert scale to translate qualitative descriptions of the sizing criteria into quantitative values that can be combined into a sizing score. Thresholds are then set to de ne small, medium, and
Co py ri gh t 20 12 . Be rr et t- Ko eh le r Pu bl is he rs .
Al l ri gh ts r es er ve d. M ay n ot b e re pr od uc ed i n an y fo rm w it ho ut p er mi ss io n fr om t he p ub li sh er , ex ce pt f ai r us es p er mi tt ed u nd er U .S . or a pp li ca bl e co py ri gh t la w.
EBSCO Publishing : eBook Collection (EBSCOhost) - printed on 11/7/2019 7:51 PM via STRAYER UNIVERSITY AN: 1672297 ; Hillson, David, Simon, Peter.; Practical Project Risk Management : The ATOM Methodology Account: strayer.main.ehost
large. Any given project can then be scored against the criteria in order to determine its size.
The example in Figure 3-4 is speci c to a particular business, but can be tailored by another organization to include those criteria that re ect the types of projects it undertakes, because the general principles should apply. Other criteria could include “relationship with other projects,” “exposure to the wider business,” or “political sensitivity.” Note that the numerical thresholds used in the example in Figure 3-4 are scaled to work with ten criteria and must be adjusted if more or fewer criteria are used.
Of course, there are exceptions to every rule, and it is important not to be process- driven when making important decisions on projects. There will always be projects that score as medium or small using a project sizing tool, but that are so strategically important or commercially sensitive that it would be foolhardy not to treat them as large. Such decisions to contradict the output of the project sizing tool should only be made by the project sponsor in consultation with the project manager.
Figure 3-4 Example Project Sizing Tool
Co py ri gh t 20 12 . Be rr et t- Ko eh le r Pu bl is he rs .
Al l ri gh ts r es er ve d. M ay n ot b e re pr od uc ed i n an y fo rm w it ho ut p er mi ss io n fr om t he p ub li sh er , ex ce pt f ai r us es p er mi tt ed u nd er U .S . or a pp li ca bl e co py ri gh t la w.
EBSCO Publishing : eBook Collection (EBSCOhost) - printed on 11/7/2019 7:51 PM via STRAYER UNIVERSITY AN: 1672297 ; Hillson, David, Simon, Peter.; Practical Project Risk Management : The ATOM Methodology Account: strayer.main.ehost
Most project-based organizations have a portfolio of projects of various sizes, including small, medium, and large ones, all of which require active management of risk, though at di erent levels. A reduced level of risk management attention is appropriate for small projects because they matter less to the business and the potential for variation is usually small. By contrast, large projects require a higher level of risk management attention because any variation is likely to be significant.
The typical ATOM process is designed for medium-size projects, though it is scalable for small and large ones. Taking the basic ATOM process as shown in Figure 3-3, the main differences for the three project sizes are as follows:
• Small projects require a reduced ATOM risk management process that is integrated into the normal day-to-day management of the project without using dedicated risk meetings.
• Medium projects require the application of the standard ATOM risk process with risk-speci c activities in addition to the normal project process. These are led by a risk champion who oversees the use of speci c risk meetings, including workshops, interviews, and ongoing reviews.
• Large projects require an extended ATOM process, which includes quantitative risk analysis and a more rigorous review cycle in addition to the elements applied for medium projects.
It is important for the depth of the risk process to match the risk challenge of the project. For example, applying a reduced risk process to a medium or large project is likely to result in the failure to properly resource the process and ine ective management of risk.
The ATOM process for a medium-size project is described in detail in Part II (Chapters 4 through 12) and is summarized below. Recommended variations in using ATOM for small and large projects are covered in Chapters 13 and 14, respectively.
Co py ri gh t 20 12 . Be rr et t- Ko eh le r Pu bl is he rs .
Al l ri gh ts r es er ve d. M ay n ot b e re pr od uc ed i n an y fo rm w it ho ut p er mi ss io n fr om t he p ub li sh er , ex ce pt f ai r us es p er mi tt ed u nd er U .S . or a pp li ca bl e co py ri gh t la w.
EBSCO Publishing : eBook Collection (EBSCOhost) - printed on 11/7/2019 7:51 PM via STRAYER UNIVERSITY AN: 1672297 ; Hillson, David, Simon, Peter.; Practical Project Risk Management : The ATOM Methodology Account: strayer.main.ehost