Based on over 30 years’ experience with project risk management, the best way I found to monitor risk mitigation plans is to incorporate them into the Integrated Master Schedule (IMS). The reason is each month (or week) when the IMS is reviewed the risk mitigation plan is also reviewed. Since the IMS is linked, a slip in a mitigation plan step can readily be seen as well as the potential impact it may have on the project.
The question is How is the risk mitigation plan integrated into the IMS? This paper will explain how it tis done.
OVERVIEW
A IMS is based on work packages (tasks) and the activities that support each one. A project risk assessment focuses on potential risks for deliverable products. The output of the risk assessment is identification of the risks that are likely to happen and those that would have a serious impact on the project if realized. These require a risk mitigation plan.
The approach to incorporate the mitigation plan into a IMS is to identify key activities from the work packages and make them the basis of the plan. The number of activities selected is determined by the size and complexity of the project. As each activity is completed, a percentage of the risk can be retired. When all activities (steps) of the plan have been completed separately, then the risk is completely mitigated.
EXAMPLE
The following example shows you how to do it. Six activities have been selected for the example.
IMS
The figure below shows the IMS for a Gas Turbine System. The compressor/turbine is a major subassembly of the system. As shown in the figure, there are three work packages listed under the compressor/turbine subassembly. They are design, build, and test. A risk assessment identified the design of the compressor/turbine shaft speed which is critical to achieving the required electric power output efficiency as a risk to the project. The concern was the bearings would not provide the life required. It was decided to mitigate the risk to minimize the impact to the project. A risk mitigation plan was required.
Six activities under from the work packages have been chosen for the mitigation plan. The design risk is fully retired (or mitigated) once the six activities have been completed. The ultimate proof that the design meets specification is passing the final acceptance test.
RISK MITIGATION PLAN
The risk mitigation plan shown below lists the six activities selected from the IMS. It also presents the pre-determined risk retirement (mitigation) percentage for each activity. As each activity is completed, the risk is partially mitigated based on the percent assigned. If the design fails, a redesign and retest will be necessary. The budget and duration to accomplish the revised design and retest is estimated to be $160K and six weeks respectively.
The risk mitigation plan is usually reviewed monthly by the risk review board. As can be seen in the risk mitigation plan shown below, the analysis and drawings activities have been completed on schedule. As a result, 30 percent of the risk has been retired. There is no need to change or update the plan. If the mitigation plan was not on schedule, the risk review board in collaboration with the task owner would define why there is a schedule delay and what actions need to be taken. If additional budget or resources are needed, the risk review board would provide it and the task owner would update the mitigation plan accordingly.
SUMMARY
The best way to monitor risk mitigation plans is to incorporate them into the IMS. Managing the work packages within budget and schedule is a key for a successful project. Since the risk mitigation plans are based on work package activities, they should be successful as well. It is easy to see the status of the risk mitigation plans when the IMS is reviewed.
Some companies maintain a separate risk mitigation plans file. With this approach, it is more difficult to understand the status of the risk mitigation plan and the potential impact on the project. Incorporating the plan into the IMS makes this process much easier and more accurate.
Bio:
Currently John is an author, writer and consultant. He authored a book entitled Project Risk Management. It went on sale on Amazon in August 2019. He authored a second book titled How to Get A Project Management Job: Future of Work. It is on sale on Amazon. The first book is a text book that includes all of the technical information you will need to become a Project Manager. The second book shows you how to get a Project Manager job. Between the two, you have the secret sauce to succeed. There are links to both books on his website.
He has presented numerous Webinars on project risk management to PMI. He writes columns on project risk management for CERM (certified enterprise risk management). John also writes blogs for APM (association for project management) in the UK. He has conducted a podcast on project risk management. John has published numerous papers on project risk management and project management on LinkedIn.
John earned a BS in Mechanical Engineering and MS in Engineering Management from Northeastern University. He has extensive experience with commercial and DOD companies. He is a member of PMI (Project Management Institute). John has managed numerous large high technical development programs worth in excessive of $100M. He has extensive subcontract management experience domestically and foreign. John has held a number of positions over his career including: Director of Programs; Director of Operations; Program Manager; Project Engineer; Engineering Manager; and Design Engineer. He has experience with: design; manufacturing; test; integration; subcontract management; contracts; project management; risk management; and quality control. John is a certified six sigma specialist, and certified to level 2 EVM (earned value management). Go to his website to find links to his books on Amazon as well as numerous papers he has written. https://projectriskmanagement.info/