一旦项目经理识别并排列好风险,那么接下来的工作就是处理它们。我们知道作为风险,存在的价值就是让你能够通过预先制定好的计划把它们的后果控制到最小,这也是风险管理的根本。你要做的就是在风险管理的第二步--风险控制这一环节尽量降低风险的影响。概括地说,这一环节主要包括:计划,计划的执行,风险的监控。
1、风险管理计划
一旦风险被认知并排定了优先级,它们就基本处于项目经理的掌控中了。为了管理好这些风险,合适的计划是不可或缺的。作为主要的任务,首先需要找出那些行之有效的措施以尽量降低风险所带来的不良后果,通常我们把它们叫做“风险缓解步骤”。在那些被发现的风险旁边,你可以列出一些通用的风险缓解步骤,并从中选取合适的步骤。在Infosys中使用如下表所示的风险列表形式。这个表格并不只是用来识别风险,同时也起到选择合适的风险缓解步骤地作用。当然,表格的形式并不是唯一的,你可以使用数据库作为辅助手段协助你的工作。
下表中的大多数风险缓解步骤的表述都是直接和明确的。正如你所看到的,处于顶端的几个风险涉及人力和需求。选择风险缓解步骤并不仅仅是想一想就可以的。风险缓解步骤必须被实践才行。为了确保那些必要的步骤被确确实实的并且有效的执行了,你必须把它们穿插到项目日程中。换句话说,你必须不停的更新项目日程,在这个日程当中,需要列出很多的项目活动,特别重要的是列出这些活动在何时何地发生--包括你的项目缓解步骤中包含的那些活动。
风险监控和跟踪
风险的优先级列表以及之后的计划都是基于在进行风险分析时对风险的感知。第一次风险分析发生在项目的计划阶段,而最初的风险管理则反映了在那个时刻对于项目形势的整体预估。因为风险是或然事件,它总会依附于客观情况,所以对于风险的处理手段也需要随着时局发生变化。并且,众所周知,对于风险的感知也会随着时间而变化。此外,风险的缓解步骤的执行也会对风险的感知有所影响。
基于上面的观点,不要把风险当成静态存在的,而是要阶段性的评估它们。因此除了要监控风险缓解步骤的执行,你还要站在整个项目的角度重新分析一下这些风险。把你的分析结果体现在你项目的里程碑分析报告中,在报告中你需要把握三点:风险缓解步骤的执行、当前风险状况、策略。作为这个报告的前期工作,你还需要分析一下风险的优先级顺序是否发生了变化。
| Table 6.3. Top Ten Risks and Their Risk Mitigation Steps |
| Sequence Number | Risk Category | Risk Mitigation Steps |
| 1 | Shortage of technically trained manpower | · Make estimates with a little allowance for initial learning time. · Maintain buffers of extra resources. · Define a project-specific training program. · Conduct cross-training sessions. |
| 2 | Too many requirement changes | · Obtain sign-off for the initial requirements specification from the client. · Convince the client that changes in requirements will affect the schedule. · Define a procedure to handle requirement changes. · Negotiate payment on actual effort. |
| 3 | Unclear requirements | · Use experience and logic to make some assumptions and keep the client informed; obtain sign-off. · Develop a prototype and have the requirements reviewed by the client. |
| 4 | Manpower attrition | · Ensure that multiple resources are assigned on key project areas. · Have team-building sessions. · Rotate jobs among team members. · Keep extra resources in the project as backup. · Maintain proper documentation of each individual's work. · Follow the configuration management process and guidelines strictly. |
| 5 | Externally driven decisions forced on the project | · Outline disadvantages with supporting facts and data and negotiate with the personnel responsible for forcing the decisions. · If inevitable, identify the actual risk and follow its mitigation plan. |
| 6 | Not meeting performance requirements | · Define the performance criteria clearly and have them reviewed by the client. · Define standards to be followed to meet the performance criteria. · Prepare the design to meet performance criteria and review it. · Simulate or prototype performance of critical transactions. · Test with a representative volume of data where possible. · Conduct stress tests where possible. |
| 7 | Unrealistic schedules | · Negotiate for a better schedule. · Identify parallel tasks. · Have resources ready early. · Identify areas that can be automated. · If the critical path is not within the schedule, negotiate with the client. · Negotiate payment on actual effort. |
| 8 | Working on new technology (hardware and software) | · Consider a phased delivery. · Begin with the delivery of critical modules. · Include time in the schedule for a learning curve. · Provide training in the new technology. · Develop a proof-of-concept application. |
| 9 | Insufficient business knowledge | · Increase interaction with the client and ensure adequate knowledge transfer. · Organize domain knowledge training. · Simulate or prototype the business transaction for the client and get it approved. |
| 10 | Link failure or slow performance | · Set proper expectations with the client. · Plan ahead for the link load. · Plan for optimal link usage. |
posted on 2007-09-04 22:09
littlegai 阅读(263)
评论(0) 编辑 收藏 引用