I have glided on Susan de Sousa’ blog, following a chain of links. My interest has been drawn by the section dedicated to Risk Management. A lot of efforts have been spent by this site for divulging this extremely important argument. The used approach is very friendly and involving. This could help the avid reader, looking for the right recipe, to identify him/herself in the hectic process of dealing with unexpected requests, for example: a “contingency plan” [1]. However, it seems to me that an unstructured approach makes much more difficult to deal with planning projects. Especially when they should be framed into a governance.
From a Risk Management viewpoint, before preparing a “contingency plan” (perhaps together with the “fall back plan”) it is essential to establish and allocate the correct amount for risk budgeting (as explained in previous posts).
A oxymoron to be pondered
Contingency: something liable to happen as an adjunct or result of something else. [2].
Plan: an orderly arrangement of parts of an overall design or objective [2].
In essence, the idea of spending energy for reducing the effects of an uncertain event could seem a waste of resources.
“Contingency / workaround plans”, or “Exception plan” [3] should be viewed as a stem of the Risk Plan. A bud, which can sprout quickly and strongly, because it has all the information (DNA, if you have a boy who loves biology) is contained in the trunk.
For post reasons, the PID[4] (Project Initiation Document) is reduced to the Master Plan. Therefore, any reference to Quality, Acceptance Criteria etc. are included in this document.
Using Gantt for preparing the Risk Plan
As described in the previous posts, it is insane to think Risk Management as a marginal activity of Project Management.
The Main Plan[3], which includes all work-packages without details, should be used as blue-print for entering all structured information produced during the Risk Analysis (this requires that all risks – excluding the Critical Path – have been identified). Obviously, this process shall be repeated for each work-package, which could be deemed worth it (especially if it is on the CP).
MS Project offers all the features for setting a good Risk Tracking system and then attaching all necessary documents for preparing the various “contingency plans”.
The “resources” named beside each task could be the natural “monitor” for checking the triggers’ status. Therefore, for each point that can touch off the event, then a threshold value shall be assigned alongside the method to verify it. All these items will be taken as notes and attached documents, to become integral part of the whole plan.
Contingency Plan is not enough
Hospitals are indispensable institutions. This is not a valid reason for a reckless behavior.
The Risk Analysis shall include the Risk Quantification and the Control / Response.
The forms of response are:
- Avoidance. When the root of the potential problem can be eliminated.
- Acceptance (it is not about ignoring the event, just keep it monitored for controlling the if the impact is within the set tolerances)
- Transference. Any form of hedging, including the outsourcing of the item.
- Mitigation. When the magnitude of the impact can be reduced within tolerances.
This means that the first issue of the Main Plan shall be reviewed on the basis of the information produced by the Risk Analysis.
This is the first action classifiable as “Mitigation”; others will be implemented during the review of the Gantt chart (e.g. “Leveling resources”).
“The budget evolved from a management tool into an obstacle to management.
Conclusion
I suppose it is in the blog’s nature leapfrogging from one topic to another that should be placed ten chapters later. For me is a wonderful discover, the chance for tackling issues on the spur of the thread.
More readings – References
- PMBook Guide
- Merriam Webster
- Prince2 – 2005 Edition
- Prince2 – 2005 Edition (see link)
![[Valid RSS]](/wp-content/uploads/2009/05/valid-rss.png "Validate my RSS feed"){kind=small}
Eugenio,
Here’s my comments
The core problem is Susan does not have a risk management framework from which to launch her solutions. Pick one – PMBOK is OK, maybe a C+, OGC has a nice one in the UK, even Prince 2 has good risk management processes. My favorite of course is the US DoD Risk Management Guidebook.
But Susan has an approach that is not consistent with language and processes. A contingency plan is what? The plan when the risk appears? Many of her risks are actually issues. There are specific responses – risk handling – Ignore, Transfer, Control, Assumption.
The Software Engineering Institute’s Continuous Risk Management process is another A+ approach. But Susan missed the core processes of risk management.
Planning
Assessment
Identification
Analysis
Handling
Monitoring
Documentaton
No context in which place this contingency. No wonder the business leaders are confused.
Dear Glen,
Susan does a good job as it is limited to small projects. The danger would be in the self-satisfaction, when luck is mistaken as ability.
My post was focused on two aspects:
1) The importance of a Risk Management framework
2) How to improve the awareness that hard working with the weak or wrong concepts.
In the US DoD (8.2) the “contingency” plan should be placed between:
Risk Mitigation Planning
Risk Mitigation Implementation
I am working on the US DoD for both for professional reasons and preparing further exams.
Thanks for your comments,
Best regards
Eugenio