Project Management

Project Management Central

Please login or join to subscribe to this thread

Topics: Risk Management
Risk analysis with multiple impact vs singel impact
Could anybody point me to some research on this topic? I have been involved in a debate within a project about the benefits and cons of each method. In mind, a risk with a time and quality impact is more significant than a ris with only a time impact, and the risk score in the risk register should reflect this. The alternative proposed is to add the risk multiple times, but then, in my mind, you miss the aggregation of all the impact in the score.
Sort By:
Wayne,
have not seen research on this topic.
You might want to contact global experts like David Hillson https://risk-doctor.com

My personal view is to review the purpose of risk analysis and score: prioritising the 10 or so risks you should look at in more detail.
A risk event with significant schedule impact will always trigger impacts on cost, satisfaction, quality and other areas. And risks with small impacts on a multitude of areas will be less relevant for further analysis. In doubt, include both. And it is very specific to the project situation, I do not think a general rule is helpful.
I myself have not found any. However, I think there should be a few.
Wayne -

It always comes down to what stakeholders consider to be important on a project. If a particular project has time as its #1 constraint, then even a minor delay might be considered more important than one which has no time delay but results in a major cost overrun.

Kiron
I don't have any research to share, but I would say it is heavily dependent on the processes and tools for how you manage the risks.

If for example, your handling plans for the time and quality risks have very different impacts and management plans, then it may make more sense to log them separately because they can be worked and tracked separately.

Conversely, if you have a risk management tool where you could associate multiple attributes to a risk and link them to their respective mitigation plans, then it may be easier to have one risk. I see that frequently with vendor performance risks. We might track the risk by vendor, and internal to that risk there are separate plans to address schedule and quality.

Sometimes it is easier to combine data and track it as a single risk. Sometimes it makes more sense to separate very distinct uncertain outcomes because they're easier to manage independently and you don't muddy the waters by trying to somehow numerically combine them into some single value where one plus and one minus seem to cancel each other out.
I don't think you can separate risk identification and impact by time, quality and cost. A response due to an impact on one will without question impact on the others. As and example: mitigating a schedule impact will most likely cost more money and/or reduce quality; mitigating a cost impact may involve reduced quality and/or move the schedule; and an impact on quality may be mitigated by modifications to the schedule and/or increased costs.

The tolerance for impact on time, quality and cost come into play when you develop response/mitigation plans - you balance the tolerance.

Threat to schedule - spend more money
Threat to quality - spend more money
Threat to costs - modify schedule and quality (and scope which I include in quality).

Some could argue that every risk boils down to costs as this is the final measure of risk impact.
I'm with Peter on this one: trying to break the impact apart will just cause you unnecessary grief.

Let's take the scope, time and cost, as suggested by Peter. Assuming there is a risk that impacts the scope and you decide to spend more time and more money, either as a mitigation or as a contingency. Is more time going to affect your risk more than more money?

Now imagine weighing each portion of the impact for each risk. Ugh...
Thank you for all the views and input much appreciated.
It is not a matter of research. Is a matter of the organization strategy. Inside it, items like the step into the organization life cycle matters a lot. So, it has no sense to have a debate without a context and context depends on external and internal context. Just this is my personal experience along the years working on this topic. More, you will surprise about the comments and considerations depending on the person domain expertisse (finance, quality, etc)
...
1 reply by Wayne Ford
Jun 03, 2022 2:36 AM
Wayne Ford
...
This is great insight and I think really relevant in my situation.Some of the stakeholder have very specific views on how this should be handle and that is definitely drive by their experience with risk assessment techniques. I guess that wwa why I initially framed the question about rescher hoping to bring some credible external views to our discussion to provide some perspectives on it
Jun 02, 2022 3:57 PM
Replying to Sergio Luis Conte
...
It is not a matter of research. Is a matter of the organization strategy. Inside it, items like the step into the organization life cycle matters a lot. So, it has no sense to have a debate without a context and context depends on external and internal context. Just this is my personal experience along the years working on this topic. More, you will surprise about the comments and considerations depending on the person domain expertisse (finance, quality, etc)
This is great insight and I think really relevant in my situation.Some of the stakeholder have very specific views on how this should be handle and that is definitely drive by their experience with risk assessment techniques. I guess that wwa why I initially framed the question about rescher hoping to bring some credible external views to our discussion to provide some perspectives on it

Please login or join to reply

Content ID:
ADVERTISEMENTS

"If you think you can, you can. And if you think you can't, you're right."

- Mary Kay Ash

ADVERTISEMENT

Sponsors