Project Management

Please login or join to subscribe to this thread

Metrics for risk management

linkedin twitter facebook  
avatar
Bala S Duvvuri Project Manager| Shell Bangalore, Karnataka, India
Hello All,

What are the metrics that can be used to define the effectiveness of risk management plan.

Thanks
Bala
Sort By:
avatar
Howard Lai PMP, CEng, CPEng, NER, IntPE(Aust), RPEQ, MIET, CSSBB, CISA, ISO9001 LA| QH Brisbane, Queensland, Australia
Maybe you can look at some common risk metrics in the market:

-Standard deviation
-Value at risk
-Expected shortfall
-Marginal VaR

Hope it is helpful to you

Thanks,
Howard
avatar
Khawaja Saif ur Rehman Project Management Trainer & Consultant Lahore, Pakistan
Effectiveness of risk management plan can be measured by the number of changes in performance baselines.
avatar
saurabh mahajan PMP, ITIL, PRINCE2| vodafone Pune, Maharashtra, India
Agree to above posts.
Also, better presentation on effectiveness can be to show how using the risk management plan, risk was avoided/mitigated and how it helped in saving cost/hours. This will also give chance to make the plan more effective if the metrics presented are project critical.
avatar
Fouad Ghoneem Electrical & Automation Manager| SPCC KSA Cairo, Cairo, Egypt
Risk metrics can be considered a key risk indicator, which help to determine the direction from where the risks are coming, so they are extremely useful in any enterprise.

Potential Risk Management Metrics:
1. Comparison metrics.
2. Return on investment metrics.
3. Efficiency and effectiveness metrics.
4. Staleness metrics.
5. Trending metrics.
avatar
Stéphane Parent Self Employed / Semi-retired| Leader Maker Prince Edward Island, Canada
Consider using a risk management index (RMI).

Its formula is:

RMI = (revenue increase due to risk management expenses reduction due to risk management) / SUM(risk management costs)

Risk management costs include risk management effort, risk mitigation costs, risk contingency costs.

Like it''s CPI and SPI counterparts, an RMI greater than 1 is a good thing, while an RMI less than 1 is not.

You can do the RMI at a global level like the whole project or even organization, or you can measure it at a more granular level, say risk category or even risk scenario.
avatar
Eduard Hernandez
Community Champion
Product Operations Program Manager Barcelona, Cataluña, Spain
Great comments so far.

I may just add that Decision Tree Risk Analysis (Expected Monetary Value) is very useful to quantify the monetary value of a specific risk. If risk response A was chosen and turned out to be the optimum choice, then its value may be compared against the least favourable option B.
avatar
Hari Pratap Founder| Altistech Innovations India Private Limited Hyderabad, Not In Regions Listed, India
Based on my past experiances - below are few that i came across in Data Driven IT Projects

1. Percent of business strategy objectives mapped to enterprise risk management strategy

2. Percent of business value drivers mapped to risk management value drivers

3. Number of times audit committee reviews risk management strategy.

4. Number of times board discusses risk management strategy in board meetings.

5. Number of times board reviews risk appetite of the organization.

6. Number of times CEO invites risk management teams to participate in business strategy formation and proactively identify business risks. On the negative side check out the number of times, risk functions were not invited for business strategy discussions.

7. Number of times business strategy implementation failed due to improper risk mitigation. Compare this with number of times timely intervention of risk managers resulted in faster implementation

8. Number of times improper risk mitigation delayed business strategy implementation. Judge this against number of times timely intervention of risk managers resulted in faster implementation

9. Number of times the organization received negative media coverage due to improper risk mitigation. Evaluate against number of times timely risk mitigation strategy prevented a media disaster.

10. Number of times the organization faced legal problems due to improper risk mitigation with number of times risk departments prevented legal problems

11. Number of times the actual risk level of the organization exceeded the risk appetite of the organization. Analyze this against number of times risk departments controlled risks from exceeding risk appetite of the organization.

12. Amount of financial losses incurred due to ineffective risk management. Balance this with amount of financial losses prevented due to effective risk management.
avatar
David Augusto Borja Padilla Consultant| Independent Quito, Pichincha, Ecuador
Hi everyone,

I propose this metric obtained from risk register:

Risk responses implemented on time divided to planned risk responses for report period

Please login or join to reply

Content ID:
ADVERTISEMENTS

"Very deep. You should send that into Reader's Digest, they've got a page for people like you."

- Douglas Adams

ADVERTISEMENT

Sponsors







Vendor Events

See all Vendor Events

Newsletters

Jun 3: The Career Problem Facing New PMs
May 20: Your PM Career as a Project Life Cycle
May 13: The Big Lie After Layoffs

See all newsletters