This is why we perform risk management…
这就是我们进行风险管理的原因。

“Effective and appropriate risk responses can minimize threats, maximize individual opportunities, and reduce overall project risk exposure.”
“有效和适当的风险应对措施可以最大程度地减少威胁,最大化个人机会并减少项目的总体风险敞口。”

The Biggest Problems With Risk Management 风险管理的最大问题

  • “It will never happen” attitude
    “永远不会发生” 的态度
  • Fear of being a non-conformist, or whistle blower, during risk identification
    在风险识别过程中担心自己不符合规定或吹口哨
  • Unknown-Unknowns
    未知 - 未知
  • Addressing risk, may add new risks to a project
    解决风险,可能会给项目增加新的风险
  • Some may view this as a waste of time
    有些人可能认为这是浪费时间
  • It costs time and money to manage risk
    花费时间和金钱来管理风险
  • The risk is so huge people don’t want to consider it
    风险是如此之大,人们不想考虑它

# Risk Defined 风险定义

“An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.” (PMBOK 6th ed., 2017, p. 720)
“不确定的事件或条件,如果发生,将对一个或多个项目目标产生正面或负面的影响。”

# A word on “positive” risk 关于 “正向” 风险

A great example of a positive risk is winning something out of a “claw” machine. That is, you pay for the risk, if the risk manifests itself; you win a prize!
积极风险的一个很好的例子是从 “利爪” 机器中赢取一些钱。也就是说,如果风险显现出来,则您要为风险付费;您中奖了!

The Risk Doctor of Introducing Risk

# Pure Risk Defined 定义纯风险

Only a risk of loss.
只有损失的风险。

# Risk return (in relationship to pure-risk) 风险收益(与纯风险有关)

如果将风险吸收到项目中,则可以实现的预期收益。

预期的危害与已知的风险相关,基于以下因素:1)风险表现出来的可能性,以及 2)预期的影响

# Gathering knowledge for Risk Management 收集风险管理知识

There are many ways to gather knowledge for risk identification.
有很多方法可以收集知识以进行风险识别。
My issue is that every component of risk management has a slightly different way of collecting information.
我的问题是,风险管理的每个组成部分在收集信息方面都有稍微不同的方式。
I think pooling all those methods into one area makes more sense.
我认为将所有这些方法集中到一个区域更有意义。

# Typical ways of generating knowledge 产生知识的典型方法

  • Expert Judgement and Knowledge (interview them)
    专家判断和知识(访谈)
  • Examine the project charter, assumptions, issue log, contracts, requirements, documentation, risk breakdown structure (RBS) etc.
    检查项目章程,假设,问题日志,合同,要求,文档,风险分解结构(RBS)等。
  • Stakeholder Engagement (Brain storming, facilitated meetings, etc.)
    利益相关者参与(头脑风暴,便利的会议等)
  • Estimates/Forecasts: Cost & Time
    估计 / 预测:成本和时间
  • Industry publications
    行业出版物
  • Examining similar projects; either completed or in progress
    审查类似的项目;已完成或进行中
  • Old lessons learned items
    以往的经验教训
  • SWOTT (PMI uses “SWOT” but some authors add an extra “T” for “Trends”)
    SWOTT(PMI 使用 “SWOT”,但是一些作者为 “趋势” 添加了额外的 “ T”)

# Identifying Risks 识别风险

PMBOK wisely points out that if you notice inconsistency between various project documents, this is an early indicator that risk due to miss-understandings, or lack of consistent understanding, may adversely impact your project outcomes.

PMBOK 明智地指出,如果您注意到各个项目文档之间存在不一致,则这是一个早期指标,表明因误解或缺乏一致的理解而带来的风险可能会对您的项目成果产生不利影响。

Risk Doctor: Sources of Risk
风险医生:风险来源

# “Unknown-Unknowns"

These risks manifest themselves without warning, and are not anticipated.
这些风险会在没有警告的情况下显现出来,并且是无法预料的。

# What are 'known' risks? 什么是 “已知” 风险?

'Known' risks are somewhat predictable & proactively managed.
“已知” 风险在某种程度上是可预测的并且可以主动管理。
'Known' indicates those risk that can be identified, analyzed & planned in advance.
“已知” 表示可以提前识别,分析和计划的风险。

# What are 'unknown' risks? 什么是 “未知” 风险?

Unknown risks are those unable to anticipate and describe.
未知风险是那些无法预期和描述的风险。
Unknown risks cannot be managed proactively.
无法主动管理未知风险。
These risks that result from the uniqueness of the work and they are difficult or impossible to anticipate.
这些风险源于工作的独特性,很难或无法预料。

# Dealing with unknown-unknowns 处理

6th ed. PMBOK p. 399

  • Management fund
    管理基金
    Management funds are for something that we just have no clue about (specifically “unknown-unknowns.”)
    Contingent funds are for specific risks.
    管理基金用于我们根本不知道的事情(特别是 “未知 - 未知”。)
    或有资金用于特定风险。
  • Room for error built into project schedule
    项目进度表中内置错误的空间
  • Postpone identifying a due date as long as possible
    尽可能推迟确定到期日期
  • Flexible methodology implementation
    灵活的方法实施
  • Empowered project team
    强大的项目团队
  • Monitoring for emergent issues
    监控紧急问题
  • Stakeholder involvement and support in altering project objectives if needed
    利益相关者的参与和支持,如果需要,可以更改项目目标

# Contributors to Risk Importance 风险重要性贡献者

(p. 400)

  • Project size
    项目规模
  • Project complexity
    项目复杂度
  • Project importance
    项目重要性

Addressing Risk is… 解决风险是……
… a team event. 团队活动。

When I say "when a risk manifests itself," here is what I mean…
当我说 “风险显现时”,我的意思是…

In Fukushima Japan, they built a nuclear power plant on the edge of a very large body of water, that connected to the ocean.  They knew there was always a possibility of a large wave striking the power plant. Up until the very moment a 4.5 meter tall tsunami wave hit this nuclear power plant, on 3/11/11, that event was only a possibility, or as we would say: a "risk."
在日本福岛,他们在与海洋相连的巨大水域的边缘建造了一座核电站。他们知道总有大浪袭击发电厂的可能性。直到 2011 年 3 月 11 日,有 4.5 米高的海啸袭击该核电站,该事件只是一种可能性,或者我们可以说:“风险”。

When the tall wave actually struck the nuclear power plant, it became an "issue." An issue is a known activity that a team must deal with to be successful. At the exact moment in time that the 4.5 meter wave hit the nuclear power plant, when the risk became an issue, this what I am referring to as the risk "manifesting itself."
当大浪实际上袭击了核电厂时,它变成了一个 “问题”。问题是团队为了成功而必须处理的已知活动。在 4.5 米波浪撞击核电站的确切时间,当风险成为问题时,我将其称为风险 “表现出来”。

注:
This phrase is for use in understanding risk. “Manifesting” is not a word used by PMI.
此短语用于理解风险。PMI 不使用 “显示” 一词。

# Main Idea

Identify Risks
识别风险
⬇️
Document Risks on the Risk Register
在风险登记簿上记录风险
⬇️
Add necessary detail to the Risk Register
向风险登记册添加必要的详细信息
⬇️
Manage Risks Using the Risk Register
使用风险登记簿管理风险

The process of identifying risks and managing them is a reoccurring process. If you do it once, and then never again; you will fail.
识别和管理风险的过程是重复发生的过程。如果您执行一次,然后再也不会执行一次;你会失败的。

# About Issues 关于问题

When a risk manifests itself, it turns into an issue.
当风险显现出来时,就会变成一个问题。

Issues sometimes are the result of risks manifesting themselves.
问题有时是风险显现的结果。

Issues on the issue log are part of the activities of the project team that the team must address to be successful. They are to have an owner assigned to them, and they are to be reviewed (approximately weekly) by the project team (as part of the regular status meeting) to ensure progress is being made on them.
问题日志中的问题是项目团队活动的一部分,团队必须解决该问题才能成功。他们将被分配一个所有者,项目团队(作为定期状态会议的一部分)将对其进行审核(大约每周一次),以确保他们取得进展。

”Show stopper” issues are those that must be resolved, or the project will fail.
“显示停止器” 问题是必须解决的问题,否则项目将失败。

# 2 More Types of Project Risk 2 种其他类型的项目风险

  • Individual Project Risk: Specific to 1 or more project objectives
    单个项目风险:特定于 1 个或多个项目目标

  • Overall Project Risk: Entire project can be exposed
    总体项目风险:整个项目都可以暴露

Risk can be positive or negative
风险可以是正向或负向

# The Approach to Dealing With Risk, for Each Project Will Be a Little Different (Tailoring) 每个项目的风险处理方法都将有所不同

  • Project Size
    项目规模
  • Project Complexity
    项目复杂度
  • Project Importance
    项目重要性
  • Development Approach (predictive, Scrum, hybrid)
    开发方法(预测,Scrum,混合)

# Risk & Iterative Environment Considerations (like Scrum) 风险和迭代环境注意事项

  • Frequent reviews of User Stories on the Backlog
    积压的用户故事的频繁评论
  • Demonstrations
    示威
  • Active process:
    活动过程:
    • Identify Risk
      识别风险
    • Analyze it
      分析一下
    • Plan for it
      计划一下
  • Have work product “approved” at completion by Product Owner, do not wait until the end of the iteration for approvals if possible.
    在产品负责人完成工作后,让工作产品 “获得批准”,如果可能的话,不要等到迭代结束后再进行批准。

# Planning Risk Management 规划风险管理

Plan risk management… 计划风险管理
…” is the process of defining how to conduct risk management activities for project.”
…” 是定义如何进行项目风险管理活动的过程。”

Value: “it ensures that the degree, type, an visibility of risk management is proportionate to both the risks and importance of the project to the organization and stakeholders.”
价值:“它确保风险管理的程度,类型和可见性与项目对组织和利益相关者的风险和重要性相称。”

# “Attitude” of stakeholders 利益相关者的 “态度”

p. 403

The PM must be aware of how much risk their significant stakeholders are willing to absorb. This is called “risk appetite.”
项目经理必须意识到其重要的利益相关者愿意承担多少风险。这就是所谓的 “风险偏好”。

Risk appetite is “the degree of uncertainty an organization or individual is willing to accept anticipation of reward.” (p. 720)
风险承受能力是 “组织或个人愿意接受预期报酬的不确定性程度。”

Also, significant stakeholders must be made aware as to what risks mean to them.
此外,必须使重要的利益相关者知道对他们意味着什么风险。

# Important Outputs of Plan Risk Management 计划风险管理的重要成果

p. 405

  • Risk strategy
    风险策略
  • Roles and responsibility
    角色和责任
  • Funding
    资金
  • Timing
    定时
  • Risk categories (varies by organization)
    风险类别(因组织而异)
  • Understanding stakeholder risk appetite
    了解利益相关者的风险偏好
  • Definitions of probability and impact (used in risk prioritization)
    概率和影响的定义(用于风险优先级划分)
    • Probability – how likely it is to take place (usually a number of 1-5)
      概率–发生的可能性(通常为 1-5)
    • Impact - How impactful to the project (usually a number of 1-5)
      影响 - 对项目有多大影响(通常为 1-5)

    Probability and impact are multiplied get a prioritization #; the higher the #, the more attention you should give a risk. This product is called a “risk score.”
    概率和影响相乘得到优先级#; #越高,您应该给予更大的注意风险。该产品称为 “风险评分”。

Risk Doctor:Beyond Probability and Impact
风险医生:超越概率和影响

# Example Risk Breakdown Structure (RBS) 风险分解结构示例

  • Technical Risk
    技术风险
    • Invalid assumptions
      无效的假设
    • Technology not available
      技术不可用
    • Faulty Requirements
      错误的要求
  • Management Risk
    管理风险
    • Project Management
      项目管理
    • Communication
      沟通
  • Commercial Risk
    商业风险
    • Suppliers
      供应商
  • External Risk
    外部风险
    • New legal mandates
      新的法律授权
    • Exchange rates
      汇率
    • Competition
      竞赛

# Some more potential RBS Categories 其他潜在的 RBS

  • Project phase
    项目阶段
  • Project budget
    项目预算
  • Roles
    角色
  • Responsibility
    责任
  • Etc.

# Risk Appetite 风险偏好

What the key stakeholders and/or the organization are willing to accept as a risk worth accepting
关键利益相关者和 / 或组织愿意接受什么作为值得接受的风险

Important: When prioritizing risk, this is used as input to determine the “impact” (or definition) of a risk.
重要提示:在确定风险的优先级时,将其用作确定风险的 “影响”(或定义)的输入。

# Risk “Impact” and “Probability” Defined 风险的 “影响” 和 “概率” 定义

Impact 影响
If this risk happens, with respect to pure risk, this is how damaging to the project (or organization) if this risk could be if it manifests itself.
如果发生这种风险,那么就纯粹的风险而言,如果这种风险表现出来,那就会对项目(或组织)造成多大的破坏。
> Understanding stakeholder risk appetite and level of aversion to risk is a great basis for this.
> 了解利益相关者的风险偏好和对风险的厌恶程度是实现此目标的重要基础。
Probability 概率
How likely this risk is to manifest itself.
这种风险显现出来的可能性有多大。
  • Typically whole numbers, 1 through 5; where 5 is the highest importance.
    通常为 1 到 5 的整数;其中 5 是最高的重要性。
  • Some projects can create and follow very specific definitions for Probability and Impact
    一些项目可以创建并遵循关于概率和影响的非常具体的定义

    Just like how IT people have specific definitions for production Defect Severity level (e.g. Sev 1= Company in peril, fix now!, Sev 2= Users Very annoyed, but work around has been identified, Etc)
    就像 IT 人员如何为生产缺陷严重性级别定义特定的定义(例如,Sev 1 = 处于危险中的公司,立即修复!,Sev 2 = 用户非常烦恼,但是已经确定了解决方法,等等)

# Risk Score 风险评分

  • “Risk Score” = “Probability” * “Impact”
    “风险分数” =“概率” *“影响力”

  • This is used to prioritize which risks need the most attention
    这用于确定需要最关注的风险的优先级

# Identify Risks 确定风险

# Identify Risks Defined 确定已定义的风险

“The process of identifying individual project risks as well as sources of overall project risk, and documenting their characteristics.”
“确定单个项目风险以及整个项目风险的来源并记录其特征的过程。”

Value: Documentation of existing (known) risks, both individual and project level
价值:现有(已知)风险的文档,包括个人和项目级别

Comment: this is an ongoing process. (p. 411)
评论:这是一个持续的过程。

# The Risk Register (huge!) 风险登记簿

p. 417

  • List of identified risks
    识别出的风险清单
  • Risk owners
    风险所有者
  • Potential risk responses
    潜在风险应对
    • Escalate
      升级
    • Mitigate
      缓解
    • Accept
      接受
    • Transference
      调动
    • Avoid
      避免
    • Etc.

As you learn more about Risks, you may want to update the…(p. 418)
当您了解有关风险的更多信息时,您可能希望更新……

  • Assumptions log
    假设记录
  • Issues log (especially after a risk “manifests” itself)
    问题日志(尤其是在风险 “表明” 自身之后)
    Lessons learned register
    经验教训注册

# Perform Qualitative risk analysis 进行定性风险分析

p. 419

Perform Risk Qualitative Analysis
执行风险定性分析
“… the process of prioritizing individual project risks for further analysis or action by assessing their probability of occurrence and impact as well as other characteristics.”
“…… 通过评估单个项目风险的发生和影响的可能性以及其他特征,对各个项目风险进行优先级排序以进行进一步分析或采取行动的过程。”

Value: focuses efforts on high priority risks.
价值:将重点放在高优先级风险上。

# The immediate future of “qualitative” risk process is

“定性” 风险过程的近期是

  • Impact
    影响
  • Probability
    可能性
  • Risk score (Risk Score = Probability * Impact)
    风险评分(风险评分 = 概率 * 影响)

This seems rather odd because these are numbers, but PMBOK identifies them as “qualitative” rather than “quantitative.” This is probably because the numbers are not scientifically created…there is a lot of art-work involved with creating “impact” and “probability” numbers.
这似乎很奇怪,因为它们是数字,但 PMBOK 将其标识为 “定性” 而不是 “定量”。这可能是因为数字不是科学创建的…… 创建 “影响” 和 “概率” 数字涉及很多艺术品。

# Considerations 注意事项

p. 420

  • Bias needs to be accounted for
    偏差需要考虑
  • Even if something the team thinks is a risk sounds stupid to the project manager, or, the idea will not be popular with management, take it seriously
    即使团队认为风险对项目经理来说是愚蠢的,或者这个想法在管理人员中不受欢迎,也要认真对待
  • Risk attitudes need to be considered
    需要考虑风险态度

# Contributing factors to Impact and Probability 影响和概率的影响因素

p. 424

  • Urgency
    紧急程度
  • Correlation to other risks
    与其他风险的相关性
  • Dormancy (sometimes is not obvious right was that a risk manifested itself)
    休眠(有时并不明显,因为风险本身就显现出来了)
  • Manageability
    可管理性
  • Controllability
    可控性
  • Detectability
    可检测性
  • Perception (sometimes stakeholders focus most on what they understand, not what is important)
    感知力(有时利益相关者最关注他们所了解的内容,而不是重要内容)

Good advice from the PMBOK
Do not ignore the items with a low “risk score” on your risk log. As your project continues, conditions will change, and this could change a risk’s priority or impact. Set up periodic reviews of your risk log (bi-weekly/monthly/etc.)
不要忽略风险日志中 “风险得分” 低的项目。随着项目的继续,条件将发生变化,这可能会改变风险的优先级或影响。设置对风险日志的定期检查(每两周 / 每月 / 等等)

# Perform Quantitative Risk Analysis 进行定量风险分析

p. 428

Perform Quantitative Risk Analysis
执行定量风险分析
“… the process of numerical analyzing the combined effect of identified individual project risks and other sources of uncertainty on overall project objectives.”
“…… 对确定的单个项目风险和其他不确定性来源对总体项目目标的综合影响进行数值分析的过程。”

Value: “quantifies overall project risk exposure, and it can also provide additional quantitative risk information to support risk response planning.”
价值:“量化总体项目风险敞口,还可以提供其他定量风险信息以支持风险应对计划。”

Before you do this, make sure it is a value-adding process 在执行此操作之前,请确保它是一个增值过程

# When you’ll want to take the time to do this

如果您想花时间去做

  • Contractual projects
    合同项目
  • Key stakeholders are very interested in the outcome
    关键利益相关者对结果非常感兴趣
  • Strategically important efforts
    具有战略意义的努力

# Quantitative Risk Analysis 定量风险分析

“… uses information on individual project risks that have been assessed by the the “Perform Qualitative Risk Analysis” process as having ‘significant’ potential to affect project outcomes (objectives).”
“…… 使用 “执行定性风险分析” 过程评估的有关单个项目风险的信息,认为该信息具有 “显着” 的潜力来影响项目成果(目标)。”

May be used to understand if proposed risk responses actually work.
可用于了解建议的风险应对措施是否真正起作用。

# What those expensive experts can do for you

这些昂贵的专家可以为您做什么 (p. 431)

  • Convert risk ideas into dollars $ (or other useful numbers)
    将风险想法转换为美元 $(或其他有用的数字)
  • Identify the right software to assess the situation
    确定正确的软件以评估情况
  • Pick and then use “modeling techniques” to assess the situation
    选择然后使用 “建模技术” 来评估情况
  • Interpret the results
    解释结果
  • Make recommendations
    提出建议
  • Contribute (heavily) to facilitated workshops
    (大量)为便利的讲习班做贡献

Basically, you need a expert on your team that is an expert in what you are doing who is comfortable with practical statistics.
基本上,您需要团队中的专家,您的工作是专家,并且对实际统计数据感到满意。

# Four types of quantitative risk analysis 四种类型的定量风险分析

(see the PMBOK for details) (pp.433-436)

Simulation 模拟
Look at the combined effects of many variables
查看许多变量的综合影响
Sensitivity Analysis 敏感性分析
What is going to impact your project the most
对您的项目影响最大的是什么
Influence diagrams 影响图
A visual way to correlate risk contributors
关联风险因素的直观方法
Decision Tree Analysis 决策树分析
A tree structure is created. It uses expected outcomes and probability to determine what the most valuable paths of action are
创建树形结构。它使用预期的结果和概率来确定最有价值的行动途径是什么

Risk Doctor: How do we choose the best risk response strategy?
风险医生:我们如何选择最佳的风险应对策略?

# Plan Risk Responses 计划风险应对

p. 437

# Defined

“The process of defining how to construct risk management activities for a project”
“定义如何构建项目风险管理活动的过程”

# About Positive and Negative Risks 关于正风险和负风险

  • Positive
    积极的
    • Make it more likely
      使其更有可能
    • Make result even more positive!
      使结果更加积极!
  • Negative;
    消极的;
    • Eliminate it or make it less likely
      消除它或减少它的可能性
    • Reduce adverse impact
      减少不利影响

# Trigger Definitions 触发定义

(PMBOK 6th ed., 2017, p. 725)

Trigger Condition: ”An event or situation that indicates that a risk is about to occur.”
触发条件:“表明即将发生风险的事件或情况。”

To be successful when dealing with known risk events, the project manager needs to set up a process to monitor for both Trigger Events, and favorable conditions for a risk to manifest itself. Monitoring for this is very boring work, that can easily be overlooked. So, the PM must confirm regularly that this activity is actually taking place. (trust-but-verify)
为了成功处理已知的风险事件,项目经理需要建立一个流程,以监控触发事件和风险表现出来的有利条件。对此进行监视是非常无聊的工作,很容易被忽略。因此,PM 必须定期确认该活动实际上正在发生。(信任但验证)

# Contingency Reserves vs. Management Reserves 应急储备金与管理储备金

Management Reserves 管理储备金
“An amount of the project budget or project schedule held outside of the performance measurement baseline for management control purposes that is reserved for unforeseen work that is within the scope of the project.” (PMBOK 6th ed., 2017, p. 710)
“出于管理控制目的,在绩效度量基准之外保留的项目预算或项目进度计划的数量,预留给项目范围内的不可预见的工作。”
This is a way to address an unknown-unknown, a risk that you do not anticipate during planning.
这是一种解决未知未知问题的方法,这是您在计划期间无法预期的风险。
You set up a fund, full of money. The amount you put into the fund is typically a percentage of the cost of the project. The money is to be used if something un-expected happens.
您建立了一个资金充裕的基金。您投入基金的金额通常是项目成本的百分比。如果发生意外情况,将使用这笔钱。
You get your key stakeholders to agree in advance to add time to your project’s due date if something unexpected happens.
如果发生意外情况,您需要关键利益相关者事先达成协议,以增加项目截止日期的时间。
Contingency Reserves 应急储备金
“Time and money allocated in the schedule or cost baseline for known risks with active response strategies” (PMBOK 6th ed., 2017, p. 702)
“在时间表或成本基准中为具有主动响应策略的已知风险分配的时间和金钱”
Contingency Reserves: You have a known risk, and a pretty good idea how much money to set aside to deal with it if the risk manifests itself.
您有一个已知的风险,并且一个很好的主意是,如果风险显现出来,可以拨出多少钱来应对它。
You actually put money into a fund in case the documented risk manifests itself.
您实际上是在将资金存入基金,以防已记录的风险显现出来。
You have your key stakeholders agree in advance that if this known risk manifests itself, a pre-determined amount of time will be added to your due date.
您已让主要利益相关者事先同意,如果这种已知风险显现出来,则将在您的到期日之前添加预定的时间。

# Risk Register 风险登记册

“A repository in which outputs of risk management processes are recorded” (PMBOK 6th ed., 2017, p. 721)
“记录了风险管理流程的输出结果的存储库”

A list of all know risks, and related critical information. This will form the basis of capturing known risks, identifying how each risk will be managed, and to whom the various roles of monitoring and controlling each risk belongs to.
所有已知风险的列表以及相关的关键信息。这将成为捕获已知风险,确定如何管理每种风险以及监视和控制每种风险的各种角色属于谁的基础。

# Risk Register Example Contents 风险登记册示例内容

  • All known risks are identified as a line item
    所有已知风险都被识别为订单项
  • Impact to Project if risk manifests itself
    风险本身对项目的影响
  • How the risk will be dealt with:
    如何处理风险:
    • Acceptance, Mitigation, Transference, Avoidance, Escalation
      接受,缓解,转移,避免,升级
    • Plan Specifics
      计划细节
  • Positive (opportunity) or negative risk (threat)
    正向(机会)或负向风险(威胁)
    • If ”Positive”: If possible, how to increase the probability and impact
      如果为 “积极”:如果可能,如何增加可能性和影响
    • If “Negative”: If possible, how to decrease the probability and the impact
      如果为 “否定”:如果可能,如何降低概率和影响
  • What to watch
    看什么
    • Hints risk is about to manifest itself
      提示风险即将显现
    • Indicators that risk has manifested itself.
      风险已经显现的指标。
    • Conditions that can make the risk manifesting itself more likely
      使风险更容易表现出来的条件
  • Probability/Impact/Risk Score
    概率 / 影响 / 风险评分
  • Will dealing with this risk event cause any more risks?
    处理此风险事件会引起更多风险吗?

# Characteristics to assess risk impact 评估风险影响的特征

  • Urgency
    紧急程度
  • When is the earliest time the risk can manifest itself
    最早的时候风险会显现出来
  • The time it will take to notice the risk manifested itself
    注意风险显现所需的时间
  • Manageability/Controllability
    可管理性 / 可控制性
  • Detectability
    可检测性
  • Strategic/tactical impact
    战略 / 战术影响
  • Stakeholder attention
    利益相关者的注意

    I have two observations here:

    1. Many stakeholders over estimate the impact of a specific risk on the overall project because of their limited view of the overall scope.
    2. Some stakeholders love to identify new risks right before just before deployment. They get rewarded with a lot of attention by behaving this way. Be sure to include people with this propensity early in your effort, and, keep them engaged throughout your entire project to avoid needless escalations.
      我在这里有两个观察结果:
    3. 许多利益相关者由于对总体范围的看法有限,因此高估了特定风险对整个项目的影响。
    4. 一些利益相关者喜欢在部署之前就发现新的风险。通过这种方式,他们会得到很多关注的回报。确保尽早将具有这种倾向的人员包括在内,并在整个项目中让他们参与进来,以避免不必要的升级。

# Strategies for Dealing With Risks as Threats (Pure Risk) 应对风险威胁的策略(纯风险)

  • Mitigate
  • Avoid
  • Accept
  • Escalate
  • Transfer

# Mitigate 缓解

  • Alter the project to “reduce the probability of occurrence and/or impact of a threat (risk)”
    改变项目 “减少的概率发生和 / 或冲击的威胁(风险)”
  • You enact a backup plan to address the risk; maybe a separate but parallel effort with the same desired functional outcome
    您制定了应对风险的备份计划;可能是单独的但并行的工作,具有相同的期望功能结果
  • Warning: You may inadvertently add risk to your project when using this technique
    警告:使用此技术时,您可能会无意中给项目增加风险
  • It is often wise to have multiple backup plans, incase 1 or more backup plans fail (this is referred to as redundancy)
    最好有多个备份计划,以防 1 个或多个备份计划失败(这称为冗余)
    redundancy: the provision of additional or duplicate systems, equipment, etc., that function in case an operating part or system fails, as in a spacecraft.
    提供额外或重复的系统,设备等,以防万一操作部件或系统发生故障(例如在航天器中)。

# Avoid 避免

  • Take action to cut the risk out of the project: alter scope, alter some other key aspect of the project, or don’t do the project.
    采取措施降低项目风险:更改范围,更改项目的其他一些关键方面或不执行该项目。
  • This will often upset at least some stakeholders
    这通常会使至少一些利益相关者感到不安

# Accept 接受

  • Ignore the threat (risk)
    忽略威胁(风险)
  • Why?
    为什么?
    • Low priority
      低优先级
    • Too cost prohibitive, or just not-possible, to address
      成本太高或根本不可能解决
  • Contingency reserve can be set up
    可以设置应急储备
  • Concerns and considerations:
    关注和注意事项:
    • Be sure to have buy in from key stakeholders before you do this.
      在执行此操作之前,请务必先从主要利益相关者那里买入。
    • Clearly express in a standalone document the result if the associated risk manifests itself
      如果相关风险已证明其本身,则在独立文件中清楚地表达结果
    • Get approval of all key stakeholders, in writing, before implementing this technique.
      实施此技术之前,请获得所有主要利益相关者的书面批准。

# Escalate 升级

  • Use this when there is “a threat (that) is outside the scope of the project or that the proposed response would exceed the project manager’s authority”
    当存在 “威胁超出项目范围或建议的应对措施将超出项目经理的权限时”,请使用此选项
  • Important: Whoever you escalate to must “accept” responsibility for the risk. (per PMBOK)
    重要提示:无论您升级为谁,都必须 “承担” 风险责任。

The PMBOK says to ignore the risk, after it is escalated (maybe record it in the risk register). But, if you do this, how will you ever know if the project, or project objectives are still in danger? I recommend keeping up informed about the status of the risk, and how the risk is being dealt with.
PMBOK 表示在风险升级后将其忽略(也许将其记录在风险记录中)。但是,如果您这样做,您将如何知道该项目或项目目标是否仍然处于危险之中?我建议及时了解风险状态以及如何处理风险。
Executives are busy, high-level-thinking people. They don’t have time for detail, and, they don’t understand your project as well as you do. When you escalate, identify:
高管们是忙碌的,有高层思维的人。他们没有时间去了解细节,而且他们不了解您的项目。升级时,请确定:

  1. What the project is
    什么是项目
  2. What the issue is
    问题是什么
  3. What some potential corrective actions are
    什么是一些潜在的纠正措施
  4. An honest assessment of each proposed solution (pros/cons)
    对每个提议的解决方案进行诚实评估(优点 / 缺点)
  5. A recommended solution that is selected from step 3 &4 above, and why
    从上面的步骤 3&4 中选择的推荐解决方案,以及原因
  6. When you need feedback by and why this date is critical
    什么时候需要反馈以及为什么这个日期很重要

# Transfer 转移

  • “shift ownership of threat to a third party”
    “将威胁的所有权转移给第三方”
  • Typically insurance
    通常是保险
  • May be done via contracting work out to 3rd party (bv)
    可以通过将工作外包给第三方(bv)来完成
  • It would be very difficult to properly word an insurance contract to address a project risk
    正确地写一份保险合同以解决项目风险将非常困难
  • Insurance companies will try not to pay claims
    保险公司将尽量不支付索赔
    • Premium not paid up
      保费未缴
    • Contract as originally written and agreed to does not cover exact loss
      原始签订并同意的合同不包含确切的损失
    • Deductibles
      免赔额
    • Difference between what is in the insurance contract, and what the insurance agent told you
      保险合同中的内容与保险代理人告诉您的内容之间的区别

# Strategies for Dealing with Opportunities 应对机会的策略

Escalate 升级
this is done if the opportunity is discovered outside of the project team
如果在项目团队之外发现了机会,就可以这样做
Exploit 漏洞利用
Make sure it happens, like putting your best technology people on the task
确保它能够实现,就像将最优秀的技术人员放在任务上一样
Share 分享
figure out how to have the goodness seep into other parts of your organization.
找出如何使善良渗透到组织的其他部分。
Enhance 增强
Actively identify and take steps to increase the probability of the opportunity (positive risk) taking place, and/or the impact, to the greatest extent
积极确定并采取措施,最大程度地增加机会(积极风险)和 / 或影响的可能性
Accept 接受
Just let it happen. (At the very least, always let your boss know!! IF you don’t let your boss know, they will likely never find out how wonderful you are – always best to forward great things others are saying about you)
让它发生。(至少,总是让您的老板知道!!如果您不让您的老板知道,他们很可能永远不会发现您有多棒 - 总是最好转发别人对您说的好话)

# Implement Risk Responses 实施风险应对措施

“the process of implementing agreed-upon risk response plans”(p. 449)
“实施商定的风险应对计划的过程”

Value: ”ensures that agreed-upon risk responses are executed as planned in order to address project risk exposure, minimize individual project threats, and maximize individual project opportunities.”
价值:“确保按计划执行商定的风险应对措施,以解决项目风险敞口,最大程度地减少单个项目的威胁,并最大程度地提高单个项目的机会。”

# How to Implement Risk Responses 如何实施风险应对

Change requests to baselined work products may be needed to implement risk strategies, or react to a risk manifesting itself (based loosely on p. 451)
实施风险策略或对表现出来的风险可能需要对基准工作产品进行变更请求

# Monitor Risks 监控风险

p. 453

“the implementation of agreed-upon response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project.”
“在整个项目中实施商定的应对计划,跟踪已识别的风险,识别和分析新风险以及评估风险流程的有效性。”

Value: “…it enables project decisions to be based on current information about overall project risk exposure and individual risks. “
价值:“…… 使项目决策能够基于有关总体项目风险敞口和单个风险的当前信息。”

# Data Analysis 数据分析

p. 456

# Technical performance 技术性能

  • Expected technical achievement vs. actual
    预期技术成就与实际
  • Expectations must be quantifiable and pre-existing (in writing)
    期望必须是可量化的并且预先存在(书面形式)
  • Deviation from expectations can indicate threats or opportunities
    偏离预期可能表示威胁或机遇

# Reserve analysis 储量分析

  • Contingency reserves will change as the project progresses
    应急储备金将随着项目的进展而变化

  • The PM needs to ensure these money amounts remain sufficient.
    项目经理需要确保这些金额仍然足够。

# TED Talk

Risk vs. Reward: Climbing Mt. Everest
风险与回报:攀登珠穆朗玛峰