What are the Four Cornerstones of Risk Management?
Guest Post by John Ayers (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
Based on my years of experience, the secret to effective Project Risk Management is what I call the four cornerstones: Project Management; Earned Value Management; Risk Management; and Subcontract Management. This paper explains why.
The four constraints of a project are: scope; cost; schedule; and quality. These are the known risk on a project and are the major reasons why projects fail. To mitigate these risks, it is essential to apply the basics elements of program management properly. To achieve this goal, you need to understand what Project Management is and how to implement it on a project. Sounds pretty simple, but in fact many project managers fail to do it well.
Earned Value Management (EVM)
Based on my experience, EVM is the best project performance measuring tool on the market. For it to be effective, it must be structured correctly and implemented properly. I have seen many projects that use EVM that are either a tailored version of it or not accomplished correctly. I have seen EVM effectively applied to $ billion dollar projects. The main benefit of EVM is that it can identified poorly performing Work Packages (WP) early in the project allowing maximum time to fix the problem and recover maximum cost overruns and schedule delays before they fester into a crisis.
The other types of risks are the unknown risks due to uncertainty and variations that surround every project. The Risk Management process is: identification; analysis; handling; and monitor/control. There are a number of ways to identify risks. For example, brainstorming, working groups, etc. The best way in my experience is for the WP manager to identify them because he/she is closer to the task. There are two basic methods of analysis of a risk. They are: qualitative and quantitative. The qualitative method is best to use on most projects. The qualitative method is usually used on very large project where a lot of data exists. There are four handling techniques: assume; mitigate; transfer; and avoid. Mitigation is the most common. EVM is a good tool to monitor/control risks.
The majority of work scope is subcontracted out for most large companies. Studies show as much as 60-70% is outsourced. Subcontractors account for a large percentage of risk issues for a project. A contractor has little control over a subcontractor after the subcontract award. Therefore, it is essential to select the best subcontractor possible and then manage them closely. Sounds easy but many project managers do not do this well.
There are two basic risk areas. They are the known (scope, cost, schedule, and subcontracts) and unknown risks. Sound Project Management techniques should take care of the known risks. Applying proper Risk Management methods ought to mitigate the unknown risks. Proper application of Project Management and Risk Management should control the subcontractor risks.
The discussions above also apply to opportunities. A negative risk is called a ‘risk’. A positive risk is called a ‘opportunity’. The goal on a project is to balance risks with opportunities to minimize risk exposure.
I authored a new book entitled ‘Project Risk Management’. The basis of the book is the four cornerstones. The book contains much more detail, examples, and risk stories. It is easy to read and understand. Visit my website-projectriskmanagement.info. It includes a link to Amazon and my book as well as the technical papers I have written over time.
John earned a BS in Mechanical Engineering and MS in Engineering Management from Northeastern University. He has a total of 44 years’ experience, 30 years with DOD Companies. He is a member of PMI (project Management Institute). John has managed numerous firm fixed price and cost plus large high technical development programs worth in excessive of $100M. He has extensive subcontract management experience domestically and foreign. John has held a number of positions over his career including: Director of Programs; Director of Operations; Program Manager; Project Engineer; Engineering Manager; and Design Engineer. His technical design areas of experience include: radar; mobile tactical communication systems; cryogenics; electronic packaging; material handling; antennas; x-ray technology; underwater vehicles; welding; structural analysis; and thermal analysis. He has experience in the following areas: design; manufacturing; test; integration; selloff; subcontract management; contracts; risk and opportunity management; and quality control. John is a certified six sigma specialist, certified level 2 EVM (earned value management) specialist; certified CAM (cost control manager).