Ostroff Consulting has undertaken numerous risk management mandates. These mandates tend to fall into 2 categories:
Those mandates that fall into the second category can either by part of a broader Project Management mandate or are more focused on Risk Management.
- a specific system being developed or enhanced
- a project (both information technology and management consulting)
Risk Management is about anticipating problems before they occur and implementing mitigating strategies to prevent the risk from
occurring AND minimizing the impact of the risk if it does present itself.
In general the process
Regardless which of the two category the mandate falls into, the approach described above is used. All that differs is the project scope.
- identify potential risk scenarios
- assess the probability of the risk scenario occurring
- identify the impact on the project if the risk scenario occurs
- determine if you are prepared to live with the risk identified
- if the risk is to high for your tolerance
- identify additional control measure(s) (preventive, detective, and corrective) which can mitigate the outstanding risk
- determine the cost of implementing each potential control measure
- using cost benefit analysis techniques and consider the residual risk, determine which potential control measure(s) you want to adopt
- cycle back to step 2
- A few examples of risk scenarios, which may be identified for mandates that fit into the first category would be: the System is not available, a report is lost, and an unauthorized individual accesses
- A few examples of risk scenarios, which may be identified for mandates that fit into the second category would be: Skilled resources are not available
in a timely manner, office space is not available for project team members when needed, a new development methodology is being used which no one
on the team has used before