Risk Management Case

...

Technology risks arise from hardware and software technologies that are used in the system being developed. Process risks are as a result of some technology process and whether the members of an organization can actually follow the process. Tools risks, on the other hand, are similar to technology risks. They relate to the availability, reliability and use of technology tools by the development team such as Computer-Aided Software engineering (CASE) and development environments. Managerial and organizational risks arise from the technology and engineering environment. Examples include financial stability in the technology and engineering firms, loss of support by the management and threats to the reorganization in a company. People risks originate from the level of skill, availability of the people and retention. Estimation risk is also another risk experienced and occurs as a result of inaccuracies from estimating resources and time span needed to build a particular technology.

-

Analyze

After risks have been identified, the step involves analysis of risk. Risk analysis involves transformation of the risks involves into a decision making information. Then, each risk is considered and judged based on the probability and the seriousness of occurrence. For every risk identified, its probability must be assessed. There are risks that are less likely to occur while others are more likely to occur (Cooper, 1998). The next step is to assess the impact of the loss if the risk were to occur. The impact of the loss is measured in monetary terms.

-

Prioritize

After the risk has been analyzed, they are organized 9n a risk table and then prioritized through prioritizing them. Due to the high cost and time required to consider all risks, the risk management team determines the risks it will take action on. In most cases, organizations take action on high probability and high impact risks. Low impact and low probability risks are in most cases are their effect would be minimal to the project or organization (Cooper, 1998). In case the impact and probability of the risks were expressed in numeric values, the risk exposure can be calculated as:

Risk exposure= Probability of risk occurrence* impact of loss

-

Plan

After prioritization of the risks involved, a risk management plan should be developed so as to take proactive action. The actions in this case are found in the column table of the risk table. Some of the planning actions that can be adopted include: Buying information, contingency plans, risk acceptance and risk reduction. Risk acceptance involves choosing not to reduce or diversify a risk but live with it. Contingency plans outline what is to be done if a risk occurs (Cooper, 1998).

-

Mitigate

The risk management team mitigates risks through reducing the likelihood of risk or the impact of loss. Mitigation strategies are usually documented in the risk management plan, specifically in the action column of the risk table. Some of the risk mitigation strategies that can be adopted include risk avoidance and risk protection. Risk avoidance is implemented in case of a lose-lose strategy. Risk protection is implemented through purchasing an insurance cover. Also, organization can opt to use fault-tolerance strategies to provide reliability insurance.

- Monitor

After all the processes mentioned above have been undertaken, it is imperative that the organization team monitors the progress of the risk items and take corrective action where necessary. The monitoring process can be part of the risk management strategies or can be done through explicit risk management strategies ('Engineering project risk management', 2000). The risks need to be revisited frequently to identify whether new circumstances have arisen that change its probability and impact of loss in case it occurs. During the monitoring process, certain risks can be added to the list while others could be eliminated from the list. Risks are also reprioritized in the monitoring process to determine which risk has gained more priority and which has gained less priority ('Engineering project risk management', 2000).

- Communicate

Communication between the risk management team, the customer representatives, the marketing team and management about the risk is important for an efficient risk management. Communication helps in not only risk identification through sharing of information but also in measures that can help in risk avoidance ('Engineering project risk management', 2000).

-

The stakeholders of Risk Management

The three important stakeholders in risk management include customers, manager and developer. The customer should participate in the process of identifying risks. The manager is in charge of the risk management team. He leads the team to proactively manage the risks faced in the technology and engineering sector. The managers should also efficiently allocate resources to help in managing risks proactively ('Engineering project risk management', 2000).

-

Conclusion

Risk management is an important part of any project as it determines its success or failure. Having a risk management plan without proactive personnel does not guarantee a reduction of risk facing a project. Proactive measures have to be undertaken to ensure that there is swift response when it comes to risk mitigation. Risk identification should also be a continuous process and it should be carried out by experts and through other techniques such as brainstorming. Analysis should also not be based on probability and impact of loss. It should also be based on other factors, especially those that can be calculated numerically. Therefore, risk management is a continuous process that should involve all members of a project to ensure its success.

---------------------------------------------------------------

5.0. References

Cooper, W. (1998). Risk Assessment and Risk Management: An Essential Integration. Human And Ecological Risk Assessment: An International Journal, 4(4), 931-937. doi:10.1080/10807039891284884

...