Project Management Central

Please login or join to subscribe to this thread

Topics: Risk Management
Question: In developing your Risk Breakdown Structure (RBS), what is your logic for decomposing your hierarchy? How do you use your RBS?
Network:0



RBS: “A hierarchically organized depiction of the identified project risks arranged by risk category and subcategory that identifies the various areas and causes of potential risks.” 2009 PS for PRM.

Discussion: Many RBS seem to be a mixture of causes, effects, WBS elements, and areas that seem inconsistent in their logic and it often seems that the most important use is to create easily named risk categories such as Quality, Stakeholders, Big Hairy Activity #42, or Technology. If we are not consistent in our logical approach to developing the RBS, we can introduce gaps or overlaps in our hierarchy that will challenge us later when we try and use it.

For example: ‘Quality’ is almost always somewhere on an RBS. However, it is almost always some sort of effect, perhaps caused by issues with defining standards, communications, quality of materials, etc. However, each one of those potential causes is perhaps its own category or risks, so how do you know whether to make it a quality of materials risk?

Even more important is that the RBS isn’t just a categorization tool as implied by the PMI definition. A well-developed RBS is a powerful tool in identifying risks, analyzing related risks, and developing response plans to address risky areas in a project.

Thank you!
Sort By:
Page: 1 2 next>
Network:235



Most of times i think risk statement confused the definition of risk it self, so trick of the trade is exactly to how risk management team would separate causes and effects from probability(risk) in the risk statement.
...
1 reply by Eric Harter
May 21, 2018 1:04 PM
Eric Harter
...
Salman,
Yes, lots of problems with risk statement! We strive to use the risk metalanguage to keep folks straight: “As a result of [existing cause], [opportunity/threat] may occur, leading to [contingent effect] to our project. To reduce confusing initial cause, primary and secondary risks, we try and anchor the cause to something that exists now (fact, assumption, plan, condition). We find this generates a lot more secondary risks than normal.
Could you give some examples of how you include probability in the risk statement, sounds like a good technique?
Thanks!
Network:814



Eric -

A good RBS will adhere to the MECE principle. So long as it does that, and it is a couple of levels deep at least, it can help the team involved in risk identification avoid tunnel-vision on the most obvious types or categories of risk.

I like an RBS that starts at the top with opportunities & threats as that starts to get folks thinking from the get go about positive risks...

Kiron
...
1 reply by Eric Harter
May 21, 2018 12:54 PM
Eric Harter
...
Kiron, I concur that MECE (Mutually Exclusive – Collectively Exhaustive) is a fundamental principle for a hierarchical decomposition. It sounds like you use the RBS to organize identified risks, starting with threats and opportunities, and then look for gaps and overlaps? Do you use something else in your initial identification efforts?
Thanks!
Network:11423



Like any RBS you will need a good team and involve some experts to populate it. MECE is god an Kiron says, but sometimes people spend way too much time "exhaustively" identifying very single risk imaginable. Remember, always ask yourself, does the cost of the risk process outway the benefit of handling that risk?
Network:0



May 18, 2018 5:07 PM
Replying to Kiron Bondale
...
Eric -

A good RBS will adhere to the MECE principle. So long as it does that, and it is a couple of levels deep at least, it can help the team involved in risk identification avoid tunnel-vision on the most obvious types or categories of risk.

I like an RBS that starts at the top with opportunities & threats as that starts to get folks thinking from the get go about positive risks...

Kiron
Kiron, I concur that MECE (Mutually Exclusive – Collectively Exhaustive) is a fundamental principle for a hierarchical decomposition. It sounds like you use the RBS to organize identified risks, starting with threats and opportunities, and then look for gaps and overlaps? Do you use something else in your initial identification efforts?
Thanks!
...
2 replies by Eric Harter and Kiron Bondale
May 21, 2018 2:26 PM
Kiron Bondale
...
Eric -

The four inputs I find useful other than an RBS are:

- Risk checklists
- The WBS
- Expert judgment
- Lessons learned & issue logs from past similar projects

Kiron
May 23, 2018 3:15 PM
Eric Harter
...
Kiron, that is a good list for identifying risks, but what do you use to develop your RBS? Are your projects sufficiently standardized to use an RBS template? Or perhaps do you develop an RBS for each project?
Network:0



May 18, 2018 1:59 PM
Replying to Salman Morris
...
Most of times i think risk statement confused the definition of risk it self, so trick of the trade is exactly to how risk management team would separate causes and effects from probability(risk) in the risk statement.
Salman,
Yes, lots of problems with risk statement! We strive to use the risk metalanguage to keep folks straight: “As a result of [existing cause], [opportunity/threat] may occur, leading to [contingent effect] to our project. To reduce confusing initial cause, primary and secondary risks, we try and anchor the cause to something that exists now (fact, assumption, plan, condition). We find this generates a lot more secondary risks than normal.
Could you give some examples of how you include probability in the risk statement, sounds like a good technique?
Thanks!
...
1 reply by Salman Morris
May 21, 2018 3:49 PM
Salman Morris
...
we all know one way to clearly separate risks from their causes and effects is to use a description with required elements to provide a three?part structure.
risk statement, As a result of definite cause uncertain event may occur, which would lead to effect on objective(s).
for instance As a result of using a new technology (a definite requirement),unexpected design problems may occur (an uncertain risk), which would lead to overspending on the project (an effect on the budget objective).

correct me if any..
Network:814



May 21, 2018 12:54 PM
Replying to Eric Harter
...
Kiron, I concur that MECE (Mutually Exclusive – Collectively Exhaustive) is a fundamental principle for a hierarchical decomposition. It sounds like you use the RBS to organize identified risks, starting with threats and opportunities, and then look for gaps and overlaps? Do you use something else in your initial identification efforts?
Thanks!
Eric -

The four inputs I find useful other than an RBS are:

- Risk checklists
- The WBS
- Expert judgment
- Lessons learned & issue logs from past similar projects

Kiron
...
1 reply by Salman Morris
May 21, 2018 3:37 PM
Salman Morris
...
why even we need to categorize risks when there is prioritized list after multi-stage analysis?
does it make sense because its not possible to plan responses for all those categorized risk, but for those who's PxI is highest

correct me if any..
Network:235



May 21, 2018 2:26 PM
Replying to Kiron Bondale
...
Eric -

The four inputs I find useful other than an RBS are:

- Risk checklists
- The WBS
- Expert judgment
- Lessons learned & issue logs from past similar projects

Kiron
why even we need to categorize risks when there is prioritized list after multi-stage analysis?
does it make sense because its not possible to plan responses for all those categorized risk, but for those who's PxI is highest

correct me if any..
...
1 reply by Kiron Bondale
May 21, 2018 7:05 PM
Kiron Bondale
...
Risk categorization is useful to understand where the greatest level of uncertainty lies and to simplify the effort of risk owners by enabling them to filter based on specific categories.

Kiron
Network:235



May 21, 2018 1:04 PM
Replying to Eric Harter
...
Salman,
Yes, lots of problems with risk statement! We strive to use the risk metalanguage to keep folks straight: “As a result of [existing cause], [opportunity/threat] may occur, leading to [contingent effect] to our project. To reduce confusing initial cause, primary and secondary risks, we try and anchor the cause to something that exists now (fact, assumption, plan, condition). We find this generates a lot more secondary risks than normal.
Could you give some examples of how you include probability in the risk statement, sounds like a good technique?
Thanks!
we all know one way to clearly separate risks from their causes and effects is to use a description with required elements to provide a three?part structure.
risk statement, As a result of definite cause uncertain event may occur, which would lead to effect on objective(s).
for instance As a result of using a new technology (a definite requirement),unexpected design problems may occur (an uncertain risk), which would lead to overspending on the project (an effect on the budget objective).

correct me if any..
Network:814



May 21, 2018 3:37 PM
Replying to Salman Morris
...
why even we need to categorize risks when there is prioritized list after multi-stage analysis?
does it make sense because its not possible to plan responses for all those categorized risk, but for those who's PxI is highest

correct me if any..
Risk categorization is useful to understand where the greatest level of uncertainty lies and to simplify the effort of risk owners by enabling them to filter based on specific categories.

Kiron
...
1 reply by Salman Morris
May 22, 2018 2:58 AM
Salman Morris
...
Thanks Mr. Bondale for your reply
Network:235



May 21, 2018 7:05 PM
Replying to Kiron Bondale
...
Risk categorization is useful to understand where the greatest level of uncertainty lies and to simplify the effort of risk owners by enabling them to filter based on specific categories.

Kiron
Thanks Mr. Bondale for your reply
Page: 1 2 next>  

Please login or join to reply

Content ID:
ADVERTISEMENTS

"When angry, count to four; when very angry, swear."

- Mark Twain

ADVERTISEMENT

Sponsors