Please login or join to subscribe to this thread
have not seen research on this topic.
You might want to contact global experts like David Hillson https://risk-doctor.com
My personal view is to review the purpose of risk analysis and score: prioritising the 10 or so risks you should look at in more detail.
A risk event with significant schedule impact will always trigger impacts on cost, satisfaction, quality and other areas. And risks with small impacts on a multitude of areas will be less relevant for further analysis. In doubt, include both. And it is very specific to the project situation, I do not think a general rule is helpful.
I myself have not found any. However, I think there should be a few.
It always comes down to what stakeholders consider to be important on a project. If a particular project has time as its #1 constraint, then even a minor delay might be considered more important than one which has no time delay but results in a major cost overrun.
I don't have any research to share, but I would say it is heavily dependent on the processes and tools for how you manage the risks.
If for example, your handling plans for the time and quality risks have very different impacts and management plans, then it may make more sense to log them separately because they can be worked and tracked separately.
Conversely, if you have a risk management tool where you could associate multiple attributes to a risk and link them to their respective mitigation plans, then it may be easier to have one risk. I see that frequently with vendor performance risks. We might track the risk by vendor, and internal to that risk there are separate plans to address schedule and quality.
Sometimes it is easier to combine data and track it as a single risk. Sometimes it makes more sense to separate very distinct uncertain outcomes because they're easier to manage independently and you don't muddy the waters by trying to somehow numerically combine them into some single value where one plus and one minus seem to cancel each other out.
I don't think you can separate risk identification and impact by time, quality and cost. A response due to an impact on one will without question impact on the others. As and example: mitigating a schedule impact will most likely cost more money and/or reduce quality; mitigating a cost impact may involve reduced quality and/or move the schedule; and an impact on quality may be mitigated by modifications to the schedule and/or increased costs.
The tolerance for impact on time, quality and cost come into play when you develop response/mitigation plans - you balance the tolerance.
Threat to schedule - spend more money
Threat to quality - spend more money
Threat to costs - modify schedule and quality (and scope which I include in quality).
Some could argue that every risk boils down to costs as this is the final measure of risk impact.
I'm with Peter on this one: trying to break the impact apart will just cause you unnecessary grief.
Let's take the scope, time and cost, as suggested by Peter. Assuming there is a risk that impacts the scope and you decide to spend more time and more money, either as a mitigation or as a contingency. Is more time going to affect your risk more than more money?
Now imagine weighing each portion of the impact for each risk. Ugh...
Thank you for all the views and input much appreciated.
It is not a matter of research. Is a matter of the organization strategy. Inside it, items like the step into the organization life cycle matters a lot. So, it has no sense to have a debate without a context and context depends on external and internal context. Just this is my personal experience along the years working on this topic. More, you will surprise about the comments and considerations depending on the person domain expertisse (finance, quality, etc)
Please login or join to reply