The project management body of knowledge generally focuses on scope management, time management and cost management. Risk management generally comes in at about 8th place out of the ten.
However risk management is potentially the biggest part of the project management planning process. Continue reading
In today’s food and beverage industry, everyone has a supply chain that they rely on. And with that comes risk. You may be staking your brand reputation on the quality and safety of products or ingredients you are sourcing from somewhere that is not under your direct control. In short, you are relying on someone else to do things right, and inheriting risk if they don’t. Congress recognized that sometimes you rely on suppliers to control risk, which puts supplier management into the bucket of a “preventive control” and thus part of the Food Safety Modernization Act. Continue reading
Sometimes, it seems that every newspaper edition, news broadcast or news website carries yet another story about a disaster – an event that might have been avoided by better decision making.
But do we ask whether such decisions were informed by risk assessments? And if so, how effective were those risk assessments for informing the decision makers about the risks? Which techniques were used in the risk assessments? Were the results presented in a way that made sense to the decision makers? Do risk assessors follow a good process and so achieve some consistency in results, or do they just get lucky? Continue reading
I had an interesting conversation this week on the topic of risk. As you may know, risk is the combination of consequence (what happens) and likelihood (chance of it happening). The concept of consequence is generally easy to understand, but likelihood is sometimes a source of contention.
This particular conversation was concerning the determination of the criticality of a piece of equipment and centered around whether likelihood should be based on the history of the circumstances you are considering. My colleague was arguing that the chances of this particular piece of equipment to fail was directly tied to the failure rate of this piece of equipment at this point in time (Historic). I asserted that the chances of failure is more of a statistical or general probability (Experiential). Continue reading
The folks over at the NIST Information Technology Labs (ITL) have been busy. One complaint about the recently released Risk Management Framework (RMF) [1], developed in response the President’s Executive Order 13636 on Improving Critical Infrastructure Cybersecurity, was that it did not address application security (the coding practices that allow for SQL injection, buffer overflow, etc). [2]. Continue reading