Sample Risk Management Plan: Part 6
Published: November 17, 2011
Section 6: Results, Conclusion, and Follow Up
The risk management process should follow a plan for closure similar to that of project management. Performing a lessons-learned review and risk management audit should lead the project team to formulate what went wrong and what went right while following the risk management plan. The results from such analysis will be made available to management and future project teams to aid in the risk management process of future projects.
The lessons-learned review would be conducted within one week of the project’s close so that team-members would retain a fresh perspective of the events leading to project success or failure. The review would be conducted using the Delphi technique and include the project manager, the key stakeholders identified in Table 2: RACI Matrix for the Internet Store Risk Management Plan, and key developers from Geneva. The lessons-learned review will permit team-members to analyze project documentation and the risk management plan to identify areas of concern in the risk management process and areas where the plan went exceedingly well. The documentation to be analyzed during the review will include the following:
- the WBS
- the project schedule
- the risk management plan
- the RBS
- the Risk Matrix
Participants of the review will be granted the opportunity to voice concerns without fear of repercussions; the purpose of the review is to maintain a state of continual process improvement and not to assign guilt.
Areas of review that require additional investigation will be identified for a risk management audit. The audit will be contracted to an organization capable of performing such a task and able to provide an unbiased opinion.
Continual process improvement is the goal of both the lessons-learned review and the risk management process audit. Corrective measures resulting from these processes would include the following:
- Modifications to standard operating procedures
- Changes to organizational policy
- Adjustment of risk management best practices documentation
Risk and opportunity go hand-in-hand so an effective risk management process does not necessarily isolate an organization from risk but rather identify the major risk factors that may eliminate or otherwise negatively affect opportunities and how to mitigate those risks to an acceptable level. This paper has analyzed the risk management process for The A&D High Tech Internet Store Project and the components of risk identification and mitigation.
The benefits of effective risk management strategies are to maintain an organization’s position in the market through an effective program of strategic project portfolio management. Effective risk management strategies help the organization choose which projects to pursue and which to table. Once projects are selected for development and implementation, the risk management process guides the team in identifying and mitigating project specific risks. Risks are documented and responsible parties are assigned.
A robust risk management plan should include all the following essential components:
- Roles and responsibilities
- Scoring and interpretations
- Reporting formats
(Barkley, 2004, P. 76)
Finalizing a project should not put an end to the risk management process. Follow-up from the completed project should lead to an iterative cycle of process improvement. The lessons learned and audit processes should lead to the beginning of the next iteration of a “Plan-Do-Check-Act” (Arveson, 1998) cycle, also known as the Deming Cycle. This cycle is made up of the following components:
- PLAN: Design or revise business process components to improve results
- DO: Implement the plan and measure its performance
- CHECK: Assess the measurements and report the results to decision makers
- ACT: Decide on changes needed to improve the process
Acting on the results from the lessons learned and audit processes should lead the team to decisions on how to incorporate necessary changes to future risk management processes or organizational strategy if so indicated.
Dumbledore's Sample Risk Management Plan Series
Review Section 5: Corrective Action and Monitoring
Arveson, P. (1998). The Deming Cycle. The Balanced Scorecard Institute. Available from http://www.balancedscorecard.org/TheDemingCycle/tabid/112/Default.aspx
Barkley, B., T. (2004). Chapter 4 – Demystifying risk: Using the PMI PMBOK. Project Risk Management. New York, NY: McGraw-Hill.