Module 8 Risk PDF - PRINCE2 Past Paper

Module 8 | Risk mandag 9. desember 2024 10:05 The risk practice is one of the seven PRINCE2 practices. As projects are about doing something new, the planned change introduces uncertainty and risk. The project needs to know how to identify risk, how to assess this risk, and how to control this risk, as risk may affect the project objectives. Key message: The risk practice is one of the seven PRINCE2 practices. As projects are about doing something new, the planned change introduces uncertainty and risk. The project needs to know how to identify risk, how to assess this risk, and how to control this risk, as risk may affect the project objectives. Risk: The risk practice is one of the seven PRINCE2 practices. As projects are about doing something new, the planned change introduces uncertainty and risk. The project needs to know how to identify risk, how to assess this risk, and how to control this risk, as risk may affect the project objectives. ▪ Risk owner: the person who is assigned to take responsibility for responding to a risk. ▪ Risk action owner: the person who is the nominated owner of agreed actions to respond to a risk. This role is also known as the risk actionee. ▪ Risk probability: the estimated chance that a risk will occur. Probability is often estimated by considering the likelihood or frequency of occurrence of a risk. ▪ Risk impact: the estimated effect on objectives should a risk occur. ▪ Risk proximity: how near in time a risk might occur. ▪ Risk velocity: how quickly a risk would have an impact on objectives should it occur. ▪ Risk exposure: the degree to which a particular objective is ‘at risk’. Risk exposure is a neutral concept as exposure can be positive or negative. ▪ Risk appetite: the amount and type of risk that the business is willing to take in pursuit of its objectives. ▪ Risk budget: a sum of money to fund specific management responses to the project’s threats and opportunities (for example, to cover the costs of any contingent plans should a risk materialize). ▪ Risk tolerance: a measurable threshold to represent the tolerable range of outcomes for each objective ‘at risk’ using the same units as for measuring performance for that objective. RISK MATRIX PRINCE2 Page 1 ▪ risk response depends on the situation and type of risk ▪ risk response may lead to residual or secondary risks ▪ risk owners and risk action owners should be clearly identified ▪ an explicit risk budget should be ring-fenced within the project’s budget. Response Use options Avoid a threat This option is about making an uncertain situation certain by removing the risk. This can often be achieved by removing the cause of a threat, or by implementing a factor that leads to an opportunity. This option may be Exploit an adopted for no extra cost by changing the way the work is planned. However, often costs will be incurred to opportunity remove all residual risk for threats and opportunities. Where costs are incurred, they must be justified. For example, it is acceptable to discover the cost of a response to make the situation certain. Reduce a threat This option chooses to take definite action now to change the probability and/or impact of the risk. The term ‘mitigate’ is relevant when discussing reduction of a threat, which involves making the threat less likely to occur or Enhance an reducing the impact if it did. Enhancing an opportunity is the reverse process, which involves making the opportunity opportunity more likely to occur or increasing the impact if it did. Again, because this option commits the business to the costs for reduction or enhancement now, response costs must be justified in terms of the change to residual risk. Transfer the risk This option aims to impart part of the risk to a third party. Insurance is the most common form of transfer, where the insurer accepts the risk cost but the insured retains the impact on other objectives (for example, a time delay). The transfer can apply to opportunities, where a third party gains a cost benefit, and the primary risk taker gains another benefit. This is not a commonly used option, whereas transfer of threats is commonly used. Again, the cost of transfer must be justified in terms of the change to residual risk (for example, is the premium you pay worth it?). It is important to note that some elements of risk cannot be transferred, although the business may choose to delegate the management of the risks to a third party. Share the risk This option is different in nature from the transfer response, as it seeks for multiple parties, typically within a supply chain, to share the risk on a pain or gain share basis. Risks can rarely be entirely shared in this way. For example, the primary risk taker will always need to protect their brand and reputation, but this can be a successful way of encouraging collaboration on risk management activities, particularly in programmes and projects. Accept the risk This option means that the business ‘takes the chance’ that the risk will occur, managing its full impact if it did. There is no change to residual risk with the accept option, but neither are any costs incurred now, to manage the risk or to prepare to manage the risk in future. An example would be the risk to profitability because of currency fluctuations. The business may decide to take the chance and not engage in any hedging or other provisions to protect margins from wide variation in rates. This option would not be appropriate if the risk exposure exceeded the risk tolerance threshold for the activity in question. Note that in a case such as currency fluctuations, where the impact could be positive or negative, this counts as two risks because a risk is the relationship between the uncertain event and the impact of that event. There is a risk leading to loss and another leading to gain, so framing the uncertainty as two risks allows for different responses to each. Prepare This option involves preparing plans but waiting to take action. It is most usually associated with the ‘accept’ contingent option. The preparation of contingent plans suggests that the risks are accepted for now, but a plan will be made plans for what should be done if the situation changes. This option applies equally to other responses and is often referred to as a fallback plan, which is the plan if the original response does not work. Fallback plans apply to all other strategies, including avoiding a threat and exploiting an opportunity, because the plan to avoid or exploit may not be successful despite good intentions. Decision bias is the inherent tendency for people to adopt mental shortcuts or faulty thinking processes to process situations and make decisions. Decision bias is natural and largely positive, allowing the brain to efficiently make rapid decisions every day. Sometimes decision bias can result in less effective decision-making. There are many types of bias, for example: - optimism bias: a mindset that drives people to discount disadvantageous risk, on the assumption that things are likely to be successful for them. - loss aversion: a mindset that values the avoidance of loss rather than making a gain. - groupthink: a mindset that makes people value social cohesion in a group more than expressing an alternative point of view or reaching the right decision. - proximity: a mindset where situations that are closer in time are seen as riskier and more important than those in the future TECHNIQUE for risk management The recommended risk management procedure consists of the steps: identify, assess, plan and implement. PRINCE2 Page 2 The recommended risk management procedure consists of the steps: identify, assess, plan and implement. PRINCE2 Page 3 PRINCE2 Page 4 RECAP Module 8 The purpose of the risk practice is to identify, assess, and control uncertainties that would affect the project’s objectives, and, as a result, improve the ability of the project to succeed. Risk is an uncertain event or set of events that, should they occur, will affect the achievement of objectives. A risk is measured by a combination of the probability of a perceived threat or opportunity occurring and the magnitude of its impact on objectives. Risks that have a negative impact on objectives if they occur are threats, while risks with a positive impact are called opportunities. PRINCE2 includes a five-step risk management technique: identify, assess, plan, implement, and communicate. The communicate step operates throughout the project as the outputs of any of the other steps may need to be communicated. PRINCE2 describes a set of risk response categories:  avoid a threat  exploit an opportunity  reduce a threat  enhance an opportunity  transfer the risk  share the risk  accept the risk  prepare contingent plans. PRINCE2 Page 5

Module 8 Risk PDF - PRINCE2 Past Paper

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue