How do you go from someone high up in a position of authority saying it’s OK to begin the work through to the individual team member knowing that it is OK to start a task?
That’s where different levels of authorization come in. This is important for projects using earned value management, because there are often formal approaches that require formal approval and sign off in order to accurately track performance.
According to the Practice Standard for Earned Value (2nd edition, 2011) there are four steps that are typically used to authorize the work:
That seems like a lot of authorization, but it doesn’t need to become a bureaucratic of long-winded process. An efficient process wouldn’t take much time at all. You simply need to know who to inform and what to tell them, and the people responsible for doing the work need to have a clear brief of what to do so they can get on with it
The infographic below sets out the flow of authorization, and you’ll see that I’ve streamlined two of the bullets above to make it easier to follow.
How do you authorize work in your organization? Is it as structured as this? Let us know in the comments below!
This article is the tenth part of my look into project risk management, and today the topic is how to plan risk responses. Who knew there would be so much to say about risk?
What does it mean to plan risk responses?
When you plan risk responses, what it means is that you are working out what to do about the risks you have identified. As you are doing the analysis, you’re probably talking to the team about the different options for addressing the risk, making judgements and plans as you go. The thing with all the risk management processes is that they can all happen in quite a short period of time, and often within the same conversation – especially for smaller risks and smaller projects.
However, for the purposes of our discussion today, we’re looking at making sure the risk responses are considered, selected and agreed by the people who matter. You’ll also allocate people to do the work of implementing the risk responses so that you actually manage the risk and don’t simply talk about managing it.
The inputs to this process are:
What documents should you review?
The risk register and risk report are the most important documents because they give you information on what the risks actually are and how exposed the project (and/or business) is. That will inform your choices about how you respond to risk.
First, check the Lessons learned log – check to see if any past risk responses were particularly helpful or pointless so you can repeat/avoid the same things in the future.
The rest of the documents you may need to refer to are to do with the logistics of making sure the risks can be managed adequately.
The project schedule is helpful so you can fit in the risk response plans and make sure there is time to do the work. The team assignments and resource calendars will also help. The stakeholder register will give you clues about ownership if you don’t have volunteers to lead on risk response actions.
In practice, many experienced project managers won’t turn to those documents to find the answers – they’ll simply talk to the team and then update the schedule with any tasks that need to be added once the responses are agreed.
Tools and Techniques
Responding to risk is a lot to do with expert judgement, so in my experience, this is the technique you’ll use the most.
Rely on your subject matter experts and talk to them about how best to respond to threats, opportunities and how to manage contingent risk with the associated strategies and triggers in place.
Basically, you need information from the experts and you gain that through interviews and facilitation (data gathering and interpersonal and team skills).
Talk, talk, talk, and seek out the people with the answers.
You can also employ some data analysis techniques to back up what your experts are saying or to help you choose the best response if there are several options.
For example, alternatives analysis can help you compare the different options and select a course of action that will lead to an appropriate result.
Cost-benefit analysis is another tool. Some risks will cost more to mitigate than they would if they happened, so this type of calculation can help you decide how much budget to spend on risk responses and whether the benefit of that investment is going to be worth it.
Finally, you need to make a decision about what risk response plan to accept, so decision-making techniques for groups can be helpful. Consider the criteria for making the decision before you get to the actual decision-making part of the debate, as that will help give the team some structure.
Typical criteria for making a decision on risk response include:
And so on. If your team doesn’t have much formal experience of making this kind of decision, I find it helpful to have the criteria available for us to review as we are discussing the risks.
The outputs from this process are:
In other words, there are lots of admin jobs to do once you’ve made your risk response plan because you’ve got a lot of paperwork to update – admittedly all of it is now electronic so it’s not so difficult to do.
Review all the plans: update the schedule to reflect what you’ve just agreed to do, update the cost management plan to include any money now being spent on risk response, and review resource plans to ensure they are still accurate. Update your baselines if necessary. If your risks affected suppliers, make sure any changes to the procurement plan are incorporated.
As part of your discussions and approved response plans you might have uncovered new assumptions, new lessons and even new risks. Make sure team assignments accurately reflect the work you are expecting people to do and make sure the risk register and risk report are updated with your plans.
Next month I’ll be talking about 5 strategies for dealing with threats.
In case you missed them, and to save you a job digging through the archives, here are the quick links back to the previous instalments:
Read part 1 here: An introduction to risk management
Read part 2 here: Trends and Emerging Practices in Project Risk Management (Part A)
Read part 3 here: Trends and Emerging Practices in Project Risk Management (Part B)
Read part 4 here: Tailoring Risk Management
Read part 5 here: Planning Risk Management
Read part 6 here: The Risk Management Plan
Read part 7 here: Identify Risks Process
Read part 8 here: Qualitative Risk Analysis
Read part 9 here: Quantitative Risk Analysis
Pin for later reading:
Are you finding it hard to get governance working right on your project? Governance, in the widest sense of the topic, is everything that helps you manage and control the project, so strong processes are part of that.
And when your projects let you down, it’s impossible to provide the level of governance you need.
The infographic below shows reasons why project processes might not be robust enough to support good project control.
When processes are too informal, no one really knows what to do to get things done, or how to record that they happened.