Tag: risk management

GAPP & Project Management

Data privacy is an important concern in project management. The administration of a project may involve collecting, handling, or storing information from a wide variety of sources. For example, in the software consulting industry, performing a mainframe migration for a client might involve access to large quantities of data on that client’s customers and/or employees. Almost all projects will have some data elements that are considered private or confidential. This means part of the planning and administration for a project should concern how to keep data secure and ensure it is used only in appropriate ways.

What Standards Apply?

There are many standards that could be used as a framework or starting point for these policies and procedures. The Generally Accepted Privacy Principles (GAPP) developed by the AICPA is one set of standards to consider. The level of stringency with which these principles are applied should correlate to the sensitivity of the data being handled. Here is an overview of a few of these principles and how they might be applied to the project management sphere.

Privacy Management

This is the overarching strategy that is developed to safeguard sensitive data. It includes the creation of policies and procedures for the privacy program. These policies and procedures must be documented and communicated to all relevant parties. Adequate resources should be assigned to put infrastructure elements in place that help ensure the achievement of policy objectives. Accountability must be assigned to those responsible for implementing and maintaining privacy so that there are well defined consequences for program failure. The management policy must also include monitoring to identify evolving risks or any new regulations that might affect the privacy policy and practices. In project management, privacy should be discussed as it relates to both communications planning and risk management.

Collection & Use Notices

Whenever any personal identifying information or other confidential data is collected, it should be made clear why the data is being collected and how it will be used. This is typically done through the presentation of some type of notice. The notice includes the contact information for the group or individual responsible for answering questions or resolving issues regarding how private information is collected or used. For project management, the topic of confidential or proprietary information is often covered in an NDA or similar contractual document. This represents a formal agreement to follow ethical privacy practices in not disclosing a client’s confidential data to any third party without express, prior written consent. The use, retention, and eventual disposal of such data may also be addressed.

Security of Privacy

This aspect of privacy management concerns the physical, procedural, and electronic steps your organization takes to safeguard privileged project management data. It should take into consideration the potential for and consequences of accidental and deliberate destruction, unauthorized access, disclosure, or other misuse. Any administrative, physical, and technical controls put in place should include a backup plan in case the personnel authorized to access the confidential project management data become unavailable. Privacy security safeguards should be tested at least once a year to ensure they are functioning as intended.

Filed under: UncategorizedTagged with: , ,

Building A Qualitative Risk Analysis Matrix

The predictive skills required to carry out project management are nowhere more apparent than in the development of a probability and impact matrix. The inputs developed for use in creating this seemingly simple rating system require a great deal of expertise in qualitative risk analysis. Generally, a large number of team members (and some outside sources) must be tapped to generate a comprehensive and realistic list of risks. This is just the start since each risk event must also be evaluated to determine how likely it is to occur and how much damage it is likely to do.

Project Objectives and Risk Ratings

Each organization must determine its own standards and risk thresholds to develop a useful rating system. The probability of risk and the impact it may have on project objectives such as time, cost, and quality should be objectively determined and assigned a numeric or descriptive risk level. Some companies use a scale of one to ten; others use a ‘very low’ to ‘very high’ rating system. The simplest approach is often to assign a separate risk rating for each factor such as time, cost, and so forth as a first step. Determining the risk level of one factor (probability or impact) at a time on separate charts may also make things easier. The type of project management graph created at this stage is very straightforward to interpret since it can feature a simple x (column) vs. y (row) layout.

Probability & Impact Combined

Once a workable system has been developed for calculating risk ratings, these points can be plotted on a matrix. At this stage, it is possible to combine the ratings for probability and impact on the same graph to create an overall or “total” risk classification. This type of matrix may require the use of color coding or shading to offer a readily grasped visual for team members and other stakeholders. For example, probability may be plotted on one axis and impact on the other. Each point on the graph where these factors intersect may have an overall risk level represented by color. High probability/high risk areas on the matrix might be red, mid level risk areas yellow, etc.

A combined matrix is most useful in determining the amount of resources that should be directed at preventing a particular negative event from occurring. Events with a low probability may not require a large investment of time and funds to avoid even if they would have a fairly high impact. They may simply need to be monitored to see if the probability rating rises. On the other hand, events with a high probability and a low impact may be worth addressing immediately (if this can be done cost effectively) simply to keep things running smoothly.

Knowledge Preservation

The thought process used to arrive at an accurate rating assessment for each risk should be fully documented. So should a description of the anticipated outcome of each potentially negative event. This information is particularly important for the ongoing risk review process that should occur throughout the duration of the project. Having access to the data that was used to reach the initial set of conclusions helps reduce the time and effort required for re-evaluation later. With something as complex as risk analysis, it is very unlikely that the project management team will remember all the details without this documentation.

Filed under: UncategorizedTagged with: ,

Risk Management – Plan For The Best

A great deal of discussion surrounding project risk management focuses on reducing the occurrence of negative events. This is natural since we’ve all seen projects effectively destroyed by a foreseeable disaster for which a team failed to adequately prepare. The praise that accompanies a successful outcome also pales in comparison to the blame and career damage that results from failure. However, this doesn’t mean project managers should ignore the positive side of risk management.

Are You Prepared To Have Things Go Spectacularly Right?

Positive risks are generally referred to as opportunities in project management terms – and not in the feel good “all problems are opportunities in disguise” way. These events provide the potential to dramatically improve the outcome of a project by:

  1. Reducing length of time to completion and/or reducing required manpower
  2. Reducing total project costs
  3. Increasing the quality/quantity of the finished “product”

As part of your risk management planning, you should take the time to evaluate the chances that positive opportunities will arise. You should also determine to the best of your ability what form they may take. That way, you can recognize them when they come along and exploit them to your advantage.

Examples of fortunate circumstances that occur during project management might include:

  • The acquisition of a new resource that reduces labor – automation of a process that was formerly done manually or the introduction of software that makes analysis easier might greatly increase efficiency
  • A successful outcome of initial product testing with little or no need for revisions – this might cut an entire phase out of the project’s life cycle, truncating the time to completion
  • A total lack of absenteeism from employees for the duration of the project – this means you will need to be prepared to keep your full workforce on task
  • A drop in the price of necessary raw materials – monitoring of pricing trends in concert with Procurement may allow you to source these at a reduced cost

Give Good Luck a Helping Hand

If you have identified a positive risk, doing your best to make it a reality is a demonstration of good project management on your part. For example, having access to the brain power of an experienced employee in another department might be a boon. However the chances of that individual being freed up from other responsibilities are low. In that case, you might increase the chances of obtaining this person as a team member by sharing some of your labor resources with that department.

Or, if the arrival of parts required for a specific project phase well ahead of schedule would positively impact the overall timeline, it may be worthwhile to spring for expedited shipping. Sometimes, this action might also lower the likelihood of a negative event later in the project (such as weather delays that tend to occur during a specific time of year). So, it can represent a two-pronged approach to risk management that could help justify a slightly higher initial expenditure.

Filed under: UncategorizedTagged with: ,

Risk Management Expert Rita Mulcahy passed away

Renowned business expert Rita Mulcahy died May 15, 2010 following a long battle with breast cancer. She was the founder of RMC Project Management, starting that company in 1991. It was at this time that Rita discovered the need for additional training to be able to grow their career. The certification process was intense and without the proper guidance, many people would fail. Ms. Mulcahy subsequently wrote a PMP Exam Prep Study guide for those persons who wanted to become Certified Project Managers. It received national and international acclaim, with most experts this to be the industry standard.

She was also recognized around the world on such business topics as project management techniques, risk management and project management certification. With more than fifteen years of experience working directly with business leaders, Rita had over 2.5 billion dollars of experience to her credit. Her company became a leader in the business industry, renowned for the ability to both teach people and allow them to enjoy it as well.

Ms. Mulcahy was also a guest speaker at thousand of seminars and business conventions every year. Her firm continues to be involved with this type of risk management work, offering help and guidance to many people training in this field. This includes e-books, online courses, kits, and self-help books. It has continued to grow, even in her absence, with expansion into other areas, including publishing, internet technology and even real estate.

Rita Mulcahy was a true pioneer in this industry, helping thousands of people along the way. Her company continues with the vision she began almost 20 years ago of assisting those most in need.

The company continues to grow with divisions in publishing, warehousing, distribution, online books, and real estate. Rita had a love for the outdoors, the arts, theater, and skiing.

Filed under: UncategorizedTagged with:

A project plan is more than a MS Project Gantt Chart

A project plan not only outlines the specific goals and timelines for a project, it also breaks down the various tasks needed to accomplish the goal of the project. Project planning is an important part of making sure a project gets done right and within a specified time frame. There are many resources available to project managers that will help them in both planning and plan execution. Charts like the Gantt Chart (or Bar Chart in the PMI world) are helpful in establishing a deadline and marking progress toward that deadline. Most projects, however, need a more detailed project plan.

Planning methods such as The Project Management Life Cycle (by PMI) are more practical than Gantt Charts because they include important aspects of planning such as process groups which outline the tages of project development and knowledge areas which break down the process groups into areas of expertise. These methods allow project managers to better distribute their project to employees.

Risk management plans help project managers and the project team to anticipate various risks associated with their project and plan for them. Another planning necessity is a resource allocation plan. Resource allocation plans ensure that the appropriate resources are made available for each stage of the project, and are not overused in any of the beginning stages.

Filed under: UncategorizedTagged with: , , ,