|
Previous: CM Contributions to Projects
Next: CM Procurement
Configuration Management Body of KnowledgeChapter 8: Configuration Management and RisksTable of Contents -14OverviewRisk Management, according to the PMBOK®, is "the systematic process of identifying, analyzing, and responding to risk." It includes maximizing the probability and consequences of positive events and minimizing the probability and consequences of adverse events to objectives. Risk management for a managed configuration has these processes. Risk Management Planning – deciding how to approach and plan the risk management activities. Risk Identification – determining which risks might affect the configuration and documenting their characteristics. Qualitative Risk Analysis – performing a qualitative analysis of risks and conditions to prioritize their effects on configuration management activities. Quantitative Risk Analysis – measuring the probability and consequences of risks and estimating their implications and reduce threats to the configuration effort’s objectives. Risk Response Planning – developing procedures and techniques to enhance opportunities and reduce threats to the configuration effort’s objectives. Risk Monitoring and Control – monitoring residual risks, identifying new risks, executing risk reduction plans, and evaluating their effectiveness throughout the life cycle. Quoting from the PMBOK®, “these processes interact with each other and with the processes in the other knowledge areas. Each process generally occurs at least once in every” configuration management effort. PMI in the PMBOK® says that “Risk is an uncertain event or condition that, if it occurs, has a cause and if it occurs, a consequence.” For example, a cause may be requiring the acquisition of a new tool or having limited personnel assigned to the configuration effort. The risk event is that the acquisition of the new tool may take longer than planned or the personnel may not be adequate for the task. If either of these uncertain events occur, there will be a consequence on the configuration cost, schedule, or quality. Risk conditions could include aspects of the configuration environment that may contribute to risk such as poor configuration management practices, or dependency on external participants that cannot be controlled. Configuration risk includes both threats to the objectives of the configuration effort and opportunities to improve on those objectives. It has its origins in the uncertainty that is present in all configuration efforts. Known risks are those that have been identified and analyzed, and it may be possible to plan for them. Unknown risks, according to the PMBOK®, “cannot be managed”, although configuration managers may address them by applying a general contingency based on past experience with similar configuration management efforts. The PMBOK® has great insight concerning risk and organizations that can be applied to configuration management efforts. It says, “organizations perceive risk as it relates to threats to …success. Risks that are threats to the [configuration management effort] may be accepted if they are in balance with the reward that may be gained by taking the risk. For example, adopting a fast-track schedule that may be overrun is a risk taken to achieve an earlier completion date. Risks that are opportunities may be pursued to benefit the [configuration effort’s] objectives.” For a very complete discussion, we recommend the excellent discussion provided by the PMBOK it’s chapter 11. In the subsections below we have provided some guidelines for CM using the PMBOK as a guide. -- SmKershaw? - 28 Feb 2003 {text mostly from PMBOK}8.1 RISK MANAGEMENT PLANNINGRisk management planning is the process of deciding how to approach and plan the risk management activities for a project. It is important to plan for the risk management processes to ensure that the level, type, and visibility of risk management are commensurate with both the risk and importance of the configuration effort. It is suggested that things like the project charters, CM charters, QA charters, organizational policies, the defined roles and responsibilities, information on risk tolerances, a template for the risk management plan, a work breakdown structure all be at hand when doing risk management planning. The outputs from risk planning should be a risk management plan that describes the methodology, roles and responsibilities, budgeting, timing, scoring and interpreation of risks, risk thresholds, reporting formats and tracking of risks. -- SmKershaw? - 28 Feb 2003 {Test mostly from PMBOK}8.2 RISK IDENTIFICATIONOne of the base duties in Configuration Management is that of identification. Identification of risks should not be all that different from identification of configured items. Just like the latter, risk identification involves determining which risks might affect the configuration and documenting their characteristics. Anyone on the team can be a participant in risk identification from the management to the developer/manufacturing employee. Risk identification is an iterative process. The first interaction, according to the PMBOK, "may be peformed by a part of the ...team or by the risk management team. The entire CM team and project management may make a second iteration. To achieve an unbiased analysis, persons who are not involved in the project may perform the final iteration." "Often simple and effective risk responses can be developed and even implemented as soon as the risk is identified." When we perform risk idnetification, some of the items which must be at our disposal include:
8.3 CM AND RISK AVOIDANCEMany times configuration managment and project management are at odds with one another. Configuration managers, by definition, need to act conservatively and carefully regarding the configuration effort. Therefore, we tend to avoid risk. Project managers, on the other hand are frequently put in positions of having to make adjustments in either schedule, funding, resources, or requirements to make deadlines. This is one of the primary reasons why the PMBOK is so frequently cited as a source reference in this effort. Configuration Managers must know and understand the environment (product and personnel) within and for whom they work. Project Management plays a significant roll in defining the scope of configuration management responsibilities. Therefore, configuration managers must know about risks, and understand the importance of them. -- SmKershaw? - 28 Feb 20038.4 QUALITIVATIVE VERSUS QUANTITATIVE RISKSThe PMBOK defines Qualitative risk analysis "as the process of assessing the impact and likelihood of identified risks." For our purpoese here, this process prioritizes risks according to their potential effect on configuration objectives. "Qualitative risks analysis is one way to determine the importance of addressing specific risks and guiding risk responses. The time-criticality of risk-related actions may magnify the importance of a risk. An evaluation of the quality of the available information also helps modify the assessment of the risk. Qualitative risk analysis requires that the probability and consequences of the risks be evaluated using established qualitative-analysis methods and tools." "_Quantitative Risk Analysis_ process aims to analyze numerically the probability of each risk and its consequence on project objectives, as well as the extent of overall risk to the" configuration management effort. "Quantitative risk analysis generally follows qualitative risk analysis. It requires risk identification. The qualitative and quantitative risk analysis processes can be used separately or together." -- SmKershaw? - 28 Feb 2003 {text mostly from PMBOK} See the PMBOK for more detail.8.5 CONTROLLING AND MONITORING RISK"Here's another professional 'overlap'. Both configuration managers and project managers must control and monitor risk. This is the process of keeping track of the identified risks, monitoring residual risks and idnetifying new risks, ensuring the execution of the plans, and evaluating their effectiveness in reducing risk. Risk monitoring and control records risk metrics that are associated with implementing contingency plans. Risk monitoring and control is an ongoing process for the life of the project. The risks change as the project matures, new risks develop, or anticipated risks disappear." --PMBOK {-- SmKershaw? - 28 Feb 2003 } -- SmKershaw? - 14 Feb 2003 (split and edited) -- CarildaAThomas? - 18 Feb 2003Previous: CM Contributions to Projects Next: CM Procurement Edit • Attach • Print version • History: r8 < r7 < r6 < r5 < r4 • Backlinks • Raw View • Raw edit • More topic actions |
|
CM Web
Create New Topic
Index
Search
Changes
Notifications
Statistics
Preferences
CM