APPENDIX X5
PROJECT RISK MANAGEMENT CONTROLS

X5.1 THE PURPOSE OF PROJECT RISK MANAGEMENT CONTROLS

The purpose of risk management within projects is to secure the optimal delivery of the unique product, service, or result for which the project was undertaken. Risk management controls help to achieve optimal delivery by seamlessly integrating risk practices into the project life cycle and within all of the Knowledge Areas. This approach ensures that risk management becomes a natural part of project management.

The selection, tailoring, implementation, and monitoring of particular controls in a given project are a part of the governance activities. In all cases where the term risk is used, both residual and secondary risks should be considered when appropriate. Sections X5.2 through X5.11 provide risk management controls for project risk management along with examples of factors to consider for some of the controls.

X5.2 RISK MANAGEMENT CONTROLS FOR PROJECT INTEGRATION MANAGEMENT

Table X5-1 provides risk management controls for Project Integration Management.

Table X5-1. Risk Management Controls for Project Integration Management

Control ID Control Objective
PR.INT.1 Overall project risks are identified when initiating the project and are taken into consideration when setting the project objectives and scope. This usually occurs as part of the business case analysis and includes analysis of the enterprise environmental factors and trends related to them. Lessons learned from past and current projects are also taken into consideration.
PR.INT.2 Organization of the planning processes is analyzed to identify potential risks resulting from inconsistent or incomplete project management planning and/or inaccurate or incomplete baselines.
PR.INT.3 Opportunities to continuously improve the delivery of project deliverables are regularly identified at all project levels.
PR.INT.4 When making decisions on change requests, risks related to implementing or rejecting a change are taken into consideration.
PR.INT.5 When making decisions on change requests, risks related to implementing certain sets of changes at the same time or implementing them separately are taken into consideration.
PR.INT.6 Whenever approval or denial of change requests introduces new risks into the project, these risks are handled in accordance with agreed processes for project risk management.
PR.INT.7 Before closing a project, risks related to the ability to realize the business case are reevaluated and their management is ensured to continue after project closure.

The following factors should be considered when identifying risks related to organization of the planning processes and opportunities to continuously improve the delivery of project deliverables (Controls PR.INT.2 and PR.INT.3):

  • Use of a continuous process improvement effort as part of an integrated quality program,
  • Reaction of stakeholders,
  • Experience level of team members,
  • Maturity of project teams,
  • Project life cycle approach (i.e., predictive, iterative, incremental, or agile), and
  • Ability to address project complexity.

The following factors should be considered when identifying risks related to implementing or rejecting a change (Control PR.INT.4):

  • Reaction of stakeholders,
  • Impact on further deliverable approvals,
  • Impact on other work,
  • Unexpected additional costs or possibilities of cost reduction,
  • Contractual consequences, and
  • Regulatory consequences.

The following factors should be considered when identifying risks related to implementing certain sets of changes at the same time or implementing them separately (Control PR.INT.5):

  • Interaction between changes,
  • Impact on project complexity,
  • Resource availability and capability, and
  • Ability to manage multiple changes at once.

X5.3 RISK MANAGEMENT CONTROLS FOR PROJECT SCOPE MANAGEMENT

Table X5-2 provides risk management controls for Project Scope Management.

Table X5-2. Risk Management Controls for Project Scope Management

Control ID Control Objective
PR.SCP.1 Risks related to the project life cycle are taken into consideration when planning Project Scope Management.
PR.SCP.2 Risks resulting from environmental factors are taken into consideration when planning Project Scope Management and developing the scope baseline.
PR.SCP.3 Risks related to the approach and methods used for collecting, documenting, and updating requirements are taken into consideration when planning requirements management.
PR.SCP.4 Risks related to the approach and method selected for product and project scope definition, decomposition, validation, and control are taken into consideration when planning Project Scope Management.
PR.SCP.5 Work performance information from scope control activities is regularly analyzed in order to identify potential new risks and detect materialization of previously identified risks.

The following factors should be considered when identifying risks related to the project life cycle (Control PR.SCP.1):

  • For predictive life cycles:
  • Level of expertise to specify scope,
  • Predictability of the scope,
  • Ability to anticipate future requirements,
  • Ability to predict or control enterprise environmental factors,
  • Impact on ability to react to new opportunities that might arise during project execution, and
  • Use of planning packages and “rolling wave” planning.
  • For iterative and incremental life cycles:
  • Stakeholders’ readiness to operate with limited scope definition,
  • Availability of decision makers to make scope decisions regularly,
  • Ability to react timely to the results and lessons learned from previous iterations,
  • Readiness of stakeholders to receive partial results,
  • Ability to decompose scope into work packages that could be executed within agreed cycles, and
  • Impact on ability to react to new opportunities that might arise during project execution.
  • For adaptive life cycles, in addition to those for iterative and incremental life cycles:
  • Ability to actively manage ongoing scope definition,
  • Readiness for accepting frequent major changes as the project progresses, and
  • Ability to deal with interdependencies in progressively developed scope.

The following factors should be considered when identifying risks resulting from environmental factors (Control PR.SCP.2):

  • Changing market conditions,
  • Changing political climate, and
  • Changing regulatory requirements.

The following factors should be considered when identifying risks related to the approach and method used for collecting, documenting, and updating requirements (Control PR.SCP.3):

  • Level of engagement of particular stakeholders,
  • Stakeholders’ availability and willingness to cooperate,
  • Stakeholders’ experience in the area,
  • Stakeholders’ ability to predict their future needs,
  • Stakeholders’ ability to express their needs,
  • Impact of the requirements collection process on stakeholders’ expectations,
  • Cognitive biases,
  • Limitations of the chosen form of documentation,
  • Ability to confirm the requirements by relevant stakeholders once they are documented,
  • Ability to understand the requirements by those planning and executing project work, and
  • Fundamental difference between high-level user or operational requirements and lower-level design or engineering requirements.

The following factors should be considered when identifying risks related to the approach and method selected for product and project scope definition, decomposition, validation, and control (Control PR.SCP.4):

  • Impact of the scope decomposition approach on the ability to accomplish the following:
  • Delegation work,
  • Aggregation work,
  • Cooperation,
  • Optimization of resource usage, and
  • Monitoring other aspects of the project, such as time and cost.
  • Impact of the documentation approach on the ability to accomplish the following:
  • Respond to changes,
  • Describe product and work in accurate and unambiguous way, and
  • Distribute up-to-date scope documents to relevant stakeholders.
  • Ability to understand the scope by those who will execute project work,
  • Ability to monitor progress objectively and unambiguously, and
  • Ability to prevent scope creep and gold plating.

The following factors should be considered when identifying risks related to work performance information from scope control activities (Control PR.SCP.5):

  • Report tailoring, and
  • Information and data delivery channels.

X5.4 RISK MANAGEMENT CONTROLS FOR PROJECT SCHEDULE MANAGEMENT

Table X5-3 provides risk management controls for Project Schedule Management.

Table X5-3. Risk Management Controls for Project Schedule Management

Control ID Control Objective
PR.SCH.1 Risks related to the project life cycle are taken into consideration when planning Project Schedule Management.
PR.SCH.2 Risks resulting from environmental factors are taken into consideration when planning Project Schedule Management and developing the project schedule baseline.
PR.SCH.3 Risks related to the approach and method selected for estimation of activities’ duration are taken into consideration when planning Project Schedule Management.
PR.SCH.4 The risks related to the approach and method selected for sequencing activities are taken into consideration when planning Project Schedule Management.
PR.SCH.5 The risks related to the approach and method selected for schedule development and control are taken into consideration when planning Project Schedule Management.
PR.SCH.6 Work performance information from the schedule control activities is regularly analyzed in order to identify potential new risks and detect materialization of previously identified risks.

The following factors should be considered when identifying risks related to the project life cycle (Control PR.SCH.1):

  • For predictive life cycles:
  • Predictability of the scope,
  • Ability to estimate duration and resource needs of the future activities,
  • Ability to predict availability and capability of resources,
  • Ability to predict and control enterprise environmental factors, and
  • Use of planning packages and “rolling wave” planning.
  • For iterative and incremental life cycles:
  • Stakeholders’ readiness to operate on the general milestone schedule,
  • Availability of decision makers to make decisions regularly and on time,
  • Ability to deliver meaningful increments within the agreed duration of the life cycle,
  • Ability to react in a timely manner to the results and lessons learned from previous iterations,
  • Ability of key stakeholders, including suppliers, to keep sustainable pace, and
  • Ability to handle tasks that, due to their nature, take longer than the agreed life cycle.
  • For adaptive life cycles, in addition to those for iterative and incremental life cycles:
  • Stakeholders’ readiness to operate within a changing environment, and
  • Ability to deal with interdependencies in a progressively developed schedule.

The following factors should be considered when identifying risks resulting from environmental factors (Control PR.SCH.2):

  • Natural environment conditions,
  • Availability of key resources,
  • Timeliness of external decision making,
  • Conflicts with other components of the program or portfolio, and
  • Conflicts with external events.

The following factors should be considered when identifying risks related to the approach and methods selected for estimation of activities’ duration (Control PR.SCH.3):

  • Selection and competence level of experts,
  • Availability and credibility of data sources,
  • Familiarity with selected tools and techniques of estimation,
  • Adequacy of estimation models,
  • Historical accuracy of similarly estimated durations, and
  • Estimating approach.

The following factors should be considered when identifying risks related to the approach and method selected for sequencing activities (Control PR.SCH.4):

  • Level of interdependencies,
  • Stakeholders’ risk appetite and attitude levels,
  • Likelihood of changes,
  • Impact of potential delays and accelerated deliveries,
  • Impact of the resource constraints,
  • Impact of increasing work backlogs, and
  • Impact of work in progress.

The following factors should be considered when identifying risks related to the approach and method selected for schedule development and control (Control PR.SCH.5):

  • Ability to cover relevant aspects of scheduling in the particular project such as:
  • Planning in time,
  • Managing interdependencies,
  • Managing resource allocation,
  • Managing logistics, and
  • Handling reserves.
  • Familiarity with the tools used, as measured by the following:
  • Ability to address project complexity,
  • Ability to use the tools to optimize the schedule,
  • Ability to integrate planning efforts with other key stakeholders,
  • Ability to deliver in a timely manner relevant performance data for key stakeholders, and
  • Ability to visualize schedule and progress.

X5.5 RISK MANAGEMENT CONTROLS FOR PROJECT COST MANAGEMENT

Table X5-4 provides risk management controls for Project Cost Management.

Table X5-4. Risk Management Controls for Project Cost Management

Control ID Control Objective
PR.CST.1 Risks related to project life cycle are taken into consideration when planning Project Cost Management.
PR.CST.2 Risks resulting from environmental factors are taken into consideration when planning Project Cost Management and developing the cost baseline.
PR.CST.3 Risks related to the approach and method selected for cost estimation are taken into consideration when planning Project Cost Management.
PR.CST.4 Risks related to the approach and method selected for determining budget and cost control are taken into consideration when planning Project Cost Management.
PR.CST.5 Work performance information from cost control activities is regularly analyzed in order to identify potential new risks and detect materialization of the previously identified risks.

The following factors should be considered when identifying risks related to the project life cycle (Control PR.CST.1):

  • For predictive life cycles:
  • Predictability of the scope,
  • Ability to estimate duration and resource needs of the future activities,
  • Stakeholders’ readiness to provide financing without immediate benefits,
  • Ability to predict and control enterprise environmental factors, and
  • Use of planning packages and “rolling wave” planning.
  • For iterative and incremental life cycles:
  • Stakeholders’ readiness to provide financing for partially met customer or user requirements during an incremental development,
  • Availability of decision makers to make decisions regularly and on time,
  • Unequal level of funding required in specific iterations or increments, and
  • Ability to react timely to the results and lessons learned from previous iterations or increments.
  • For adaptive life cycles, in addition to those for iterative and incremental life cycles:
  • Stakeholders’ readiness to provide financing within a changing environment, and
  • Ability to deal with unexpected expenses in a progressively developed budget.

The following factors should be considered when identifying risks resulting from environmental factors (Control PR.CST.2):

  • Partners’ and suppliers’ need for financing,
  • Market conditions,
  • Costs of materials and resources,
  • Currency rates,
  • Stakeholders’ ability to provide financing,
  • Policies of financing organizations, and
  • Contractual conditions.

The following factors should be considered when identifying risks related to the approach and methods selected for cost estimation (Control PR.CST.3):

  • Selection and competence level of experts,
  • Availability and credibility of data sources,
  • Familiarity with selected tools and techniques of estimation,
  • Adequacy of estimation models, and
  • Historical accuracy of similarly estimated costs.

The following factors should be considered when identifying risks related to the approach and methods selected for determining budget and cost control (Control PR.CST.4):

  • Ability to cover relevant aspects of financial management in the particular project, such as:
  • Planning for, monitoring of, and allocating costs to particular work packages or planning packages;
  • Planning, monitoring, and allocating expenses in time;
  • Planning, monitoring, and allocating of cash flow;
  • Handling settlements;
  • Handling multi-currency operations; and
  • Handling reserves.
  • Ability to match costs with scope and schedule performance,
  • Familiarity with the tools used,
  • Ability to address project complexity,
  • Ability to use the tools to optimize the budget,
  • Ability to integrate planning efforts with other key stakeholders,
  • Ability to deliver in a timely fashion the relevant performance data for key stakeholders, and
  • Ability to visualize the budget and its condition in key areas.

X5.6 RISK MANAGEMENT CONTROLS FOR PROJECT QUALITY MANAGEMENT

Table X5-5 provides risk management controls for Project Quality Management.

Table X5-5. Risk Management Controls for Project Quality Management

Control ID Control Objective
PR.QLT.1 Risks related to project life cycle are taken into consideration when planning Project Quality Management.
PR.QLT.2 Risks resulting from environmental factors are taken into consideration when planning Project Quality Management.
PR.QLT.3 Risks related to the approach and method selected for managing quality are taken into consideration when planning Project Quality Management.
PR.QLT.4 Risks related to the approach and method selected for quality control are taken into consideration when planning Project Quality Management.
PR.QLT.5 Opportunities for continuous process improvement are identified and actively managed throughout the entire project life cycle, including implementation of accessible and effective decision-making processes in this area.
PR.QLT.6 Work performance information from quality control activities is regularly analyzed in order to identify potential new risks and detect materialization of the previously identified risks.

The following factors should be considered when identifying risks related to the project life cycle (Control PR.QLT.1):

  • For predictive life cycles:
  • Predictability of the scope,
  • Ability to determine stakeholders’ quality requirements,
  • Ability of decision makers to make quality-related decisions supporting the project's change management system,
  • Ability to deliver within the agreed quality metrics,
  • Ability to determine or predict regulatory requirements on quality, and
  • Use of planning packages and “rolling wave” planning.
  • For iterative, incremental, and adaptive life cycles:
  • Ability to define quality requirements while having a limited predictability of the scope,
  • Availability of decision makers to make quality-related decisions regularly and on time,
  • Ability to deliver within the agreed quality metrics and delivery cycles,
  • Ability to timely determine regulatory requirements on quality of evolving deliverables,
  • Ability to ensure that regulatory requirements regarding results are met whenever deliverables are handed over for use, and
  • Ability to react timely to the results and lessons learned from previous iterations or increments.

The following factors should be considered when identifying risks resulting from environmental factors (Control PR.QLT.2):

  • Potential changes to regulations, norms, and standards;
  • Natural environment conditions potentially impacting quality (fitness for use);
  • Ability of third parties to deliver quality and adapt to potential changes; and
  • Availability of independent third parties to control quality.

The following factors should be considered when identifying risks related to the approach and methods selected for managing quality (Control PR.QLT.3):

  • Distribution of attention between prevention (assurance), detection (control), and corrective actions;
  • Extent to which stakeholders are involved in quality efforts;
  • Motivation or mobilization means used to drive quality efforts;
  • Availability and correctness of data for data-driven quality management; and
  • Availability of quality visualization tools and techniques.

The following factors should be considered when identifying risks related to the approach and methods selected for managing quality (Control PR.QLT.4):

  • Ability to select and measure key quality metrics,
  • Accuracy of measurements,
  • Effectiveness of sampling,
  • Ability to observe trends in quality metrics, and
  • Existence and effectiveness of root-cause identification methods.

The following techniques should be used for identifying opportunities for process improvement (Control PR.QLT.5):

  • Plan-Do-Check-Act (PDCA) cycle,
  • Quality circles,
  • Regular project retrospectives,
  • Lessons learned,
  • Lean management, and
  • Theory of constraints.

X5.7 RISK MANAGEMENT CONTROLS FOR PROJECT RESOURCE MANAGEMENT

Table X5-6 provides risk management controls for Project Resource Management.

Table X5-6. Risk Management Controls for Project Resource Management

Control ID Control Objective
PR.RES.1 Risks related to project life cycle are taken into consideration when planning Project Resource Management and resource needs.
PR.RES.2 Risks resulting from environmental factors are taken into consideration when planning Project Resource Management and resource needs.
PR.RES.3 Risks related to the approach and method selected for resource estimation are taken into consideration when planning Project Resource Management and resource needs.
PR.RES.4 Risks related to the approach and method selected for resource acquisition are taken into consideration when planning Project Resource Management and resource needs.
PR.RES.5 Risks related to the approach and method selected for team development and management are taken into consideration when planning Project Resource Management and are managed throughout the entire project life cycle.
PR.RES.6 Work performance information from resource control activities is regularly analyzed in order to identify potential new risks and detect materialization of previously identified risks.

The following factors should be considered when identifying risks related to the project life cycle (Control PR.RES.1):

  • For predictive life cycles:
  • Predictability of the scope,
  • Ability to predict resource needs,
  • Ability to predict resource availability,
  • Ability to predict resource capability,
  • Ability to change resource ability or capability in response to potential changes, and
  • Use of planning packages and “rolling wave” planning.
  • For iterative, incremental, and adaptive life cycles:
  • Stakeholders’ readiness to engage resources flexibly,
  • Availability of decision makers to make resource decisions regularly,
  • Readiness of the project team to operate in a changing environment, and
  • Ability of the project team to maintain a sustainable pace.

The following factors should be considered when identifying risks resulting from environmental factors (Control PR.RES.2):

  • General availability of resources needed,
  • Historical resource availability cycles,
  • Other initiatives that might impact resource availability,
  • Market conditions for key resources such as talent, materials, and equipment, and
  • Competition over key resources.

The following factors should be considered when identifying risks related to the approach and method selected for resource estimation (Control PR.RES.3):

  • Selection and competence level of experts,
  • Availability and credibility of data sources,
  • Familiarity with selected tools and techniques of estimation,
  • Adequacy of estimation models, and
  • Historical accuracy of similarly estimated durations.

The following factors should be considered when identifying risks related to the approach and method selected for resource acquisition (Control PR.RES.4):

  • Effectiveness of the acquisition techniques under given conditions,
  • Impact of project's acquisition efforts on resource costs,
  • Ability to verify key resource characteristics,
  • Project information security in the context of acquisition communications,
  • Ability to sustain knowledge and intellectual property in the context of contractual conditions, and
  • Acquisition lead times.

The following factors should be considered when identifying risks related to the approach and method selected for team development (Control PR.RES.5):

  • Degree to which team members already know each other,
  • Existing relations in the team,
  • Psychological characteristics of the team members,
  • Management style of the project manager and organization stakeholders,
  • Corporate climate and organizational process assets,
  • Natural motivators of the team members,
  • Mobilization systems in the organization,
  • Time and resources available for team building,
  • Geographical distribution of the team,
  • Amount of time the team will spend together,
  • Available communications technologies,
  • Ability to effectively deal with conflicts, and
  • Cultural differences.

X5.8 RISK MANAGEMENT CONTROLS FOR PROJECT COMMUNICATIONS MANAGEMENT

Table X5-7 provides risk management controls for Project Communications Management.

Table X5-7. Risk Management Controls for Project Communications Management

Control ID Control Objective
PR.COM.1 Risks related to the project life cycle are taken into consideration when planning Project Communications Management.
PR.COM.2 Risks resulting from environmental factors are considered when planning Project Communications Management.
PR.COM.3 Risks resulting from the potential impact of certain information or data being delivered or withheld from certain stakeholders are taken into consideration when planning Project Communications Management.
PR.COM.4 Risks related to approach and method selected for communications management and monitoring are taken into consideration when planning Project Communications Management.
PR.COM.5 Work performance data from communications monitoring activities are regularly analyzed in order to identify potential new risks and detect materialization of previously identified risks.

The following factors should be considered when identifying risks related to the project life cycle (Control PR.COM.1):

  • For predictive life cycles:
  • Ability to predict communications needs of the stakeholders,
  • Ability to respond to unexpected events and changes, and
  • Stakeholders’ readiness to receive and respond to communications as agreed.
  • For iterative, incremental, and adaptive life cycles:
  • Ability to continuously adapt communications to the changing project environment, and
  • Stakeholders’ readiness to regularly receive and respond to communications in line with the dynamics of the delivery cycle.

The following factors should be considered when identifying risks resulting from environmental factors (Control PR.COM.2):

  • Communication of other key stakeholders, including:
  • Competition,
  • Government,
  • Nongovernment organizations, and
  • Local community leaders.
  • Background information and noise, and
  • Impact of media.

The following factors should be considered when identifying risks resulting from the potential impact of certain information or data being delivered to or withheld from certain stakeholders (Control PR.COM.3):

  • Importance of provided information or data from the stakeholders’ perspectives,
  • Scope of information or data necessary for stakeholders to engage in a desired way,
  • Importance to deliver a given piece of information or data from the project's perspective,
  • Consequences of withholding information or data and immediate delivery of information,
  • Consequences of hiding and communicating information or data, and
  • Regulatory and contractual requirements and consequences.

The following factors should be considered when identifying risks related to the approach and methods selected for communications management and monitoring (Control PR.COM.4):

  • Scope of information or data necessary for the stakeholder to engage in a desired way;
  • Cultural differences and preferences to use certain styles and methods of communication;
  • Available communication technologies and expected technological advancement;
  • Advantages and limitations of certain communication channels, techniques, and tools;
  • Communication competencies of key project stakeholders;
  • Availability of information or data when needed by stakeholders; and
  • Possibility of information or data overload, taking into consideration communications from other simultaneous projects.

X5.9 RISK MANAGEMENT CONTROLS FOR PROJECT RISK MANAGEMENT

Table X5-8 provides risk management controls for Project Risk Management.

Table X5-8. Risk Management Controls for Project Risk Management

Control ID Control Objective
PR.RSK.1 Risks related to project life cycle are taken into consideration when planning Project Risk Management.
PR.RSK.2 Risks related to the ability to determine the level of key stakeholders’ risk appetite or attitude and the levels of their appetite or attitude are taken into consideration when planning Project Risk Management.
PR.RSK.3 Risks related to approach and methods selected for risk identification, analysis, and monitoring are taken into consideration when planning Project Risk Management.
PR.RSK.4 Lessons learned from past and current projects are taken into consideration when identifying project risks and ways to respond to them.
PR.RSK.5 Work performance reports are used continuously to identify potential new risks and reevaluate risks identified previously.
PR.RSK.6 Secondary and residual risks are identified, analyzed, and addressed when planning risk responses.
PR.RSK.7 Risk responses are reflected in all relevant project management plans and baselines.
PR.RSK.8 Work performance information from risk monitoring activities is regularly analyzed in order to evaluate effectiveness of the risk management, identify potential new risks, and reevaluate or detect the materialization of previously identified risks.
PR.RSK.9 Outputs from risk monitoring activities are used to continuously improve the project's approach and methods used for risk management.
PR.RSK.10 Risk information and data for effective decision making are available and adequate to the complexity of the project.

The following factors should be considered when identifying risks related to the project life cycle (Control PR.RSK.1):

  • For predictive life cycles:
  • Predictability of scope,
  • Ability to predict and control enterprise environmental factors,
  • Ability to identify and manage risks in key project areas,
  • Stakeholders’ willingness to invest in uncertain elements of the project that are expected to be predictable, and
  • The use of planning packages and “rolling wave” planning.
  • For iterative and incremental life cycles:
  • Availability of decision makers to make risk-related decisions regularly and on time,
  • Stakeholders’ readiness to provide financing for risks identified as the project progresses, and
  • Ability to react in a timely manner to the results and lessons learned from previous iterations.
  • For adaptive life cycles, in addition to those for iterative and incremental life cycles:
  • Stakeholders’ readiness to deal with largely unpredictable risks, and
  • Stakeholders’ readiness to operate without detailed, long-term risk analysis.

The following factors should be considered when identifying risks related to the approach and method selected for risk identification, analysis, and monitoring (Control PR.RSK.3):

  • Ability to identify risks in all key areas;
  • Ability to focus on the right risks;
  • Accuracy of risk information or data from the perspective of the ability to plan precise risk responses;
  • Expertise needed to effectively identify, analyze, and monitor risks in certain areas;
  • Accountability for managing risks in key areas of the project; and
  • Continuity and regularity of the identification, analysis, and monitoring processes.

X5.10 RISK MANAGEMENT CONTROLS FOR PROJECT PROCUREMENT MANAGEMENT

Table X5-9 provides risk management controls for Project Procurement Management.

Table X5-9. Risk Management Controls for Project Procurement Management

Control ID Control Objective
PR.PRO.1 Risks related to the project life cycle are taken into consideration when planning Project Procurement Management.
PR.PRO.2 Risks resulting from environmental factors are taken into consideration when planning Project Procurement Management.
PR.PRO.3 Make-or-buy decisions include risk identification and analysis. The risks resulting from these decisions are managed according to the risk management plan.
PR.PRO.4 Risks related to the proposed supplier selection criteria are taken into consideration when planning Project Procurement Management.
PR.PRO.5 Risks related to the proposed contract types are taken into consideration when planning Project Procurement Management. The risks resulting from the final agreements are managed according to the risk management plan.
PR.PRO.6 Risks related to the approach and method selected for conducting procurements are taken into consideration when planning Project Procurement Management.
PR.PRO.7 Risks related to approach and method selected for controlling procurements and nature of proposed potential follow-up strategies are taken into consideration when planning Project Procurement Management.
PR.PRO.8 Work performance information from procurement control activities, especially the suppliers’ performance and the nature of claims, is regularly analyzed in order to identify potential new risks and detect materialization of previously identified risks.

The following factors should be considered when identifying risks related to the project life cycle (Control PR.PRO.1):

  • For predictive life cycles:
  • Predictability of the scope,
  • Use of planning packages and “rolling wave” planning, and
  • Ability to predict and control enterprise environmental factors, especially market conditions, availability of the suppliers when needed, and availability of goods and services when needed.
  • For iterative, incremental, and adaptive life cycles:
  • Ability to purchase long-lead-time goods and services,
  • Ability to purchase goods and services while having limited scope information in advance,
  • Availability of decision makers to make procurement-related decisions regularly and on time,
  • Ability to evaluate and use new suppliers on short notice,
  • Ability to conduct procurements in a timely manner to ensure the execution of the project is not slowed by the process,
  • Flexibility of the supplier contracts, and
  • Ability to react in a timely manner to the results and lessons learned from previous iterations.

The following factors should be considered when identifying risks resulting from environmental factors (Control PR.PRO.2):

  • General availability of goods and services needed,
  • Availability of sellers,
  • Historical goods and services availability cycles,
  • Other initiatives that might impact goods and services availability,
  • Market conditions for key goods and services to acquire,
  • Competition over key goods and services, and
  • Regulatory requirements when purchasing certain goods and services.

The following factors should be considered when identifying risks related to and resulting from make-or-buy decisions (Control PR.PRO.3):

  • Competence and intellectual property needs,
  • Availability of capability and capacity,
  • Degree of control over delivery,
  • Impact on other project activities and deliverables, and
  • Risks related to specific third parties considered in the process.

The following factors should be considered when identifying risks related to the proposed supplier selection criteria (Control PR.PRO.4):

  • Ability to balance cost and quality requirements,
  • Ability to address supplier's willingness and ability to tighten cooperation,
  • Ability to recognize historical performance of the supplier,
  • Ability to integrate into team-level actions to support small team work in near real time,
  • Ability to recognize supplier's culture, and
  • Degree to which criteria cover risk areas that are planned to be transferred to the supplier.

The following factors should be considered when identifying risks related to the contract types (Control PR.PRO.5):

  • Willingness and ability of customer and supplier to manage certain types of risks,
  • Level of risk balance between parties,
  • Adequacy of the contract scope to the project needs,
  • Secondary risks of transferring certain risks contractually,
  • Residual risk on the customer side after transferring some part of the risk contractually, and
  • Adequacy of the contract to the project life cycle, especially considering responsibilities, approach to scope management, and performance metrics.

The following factors should be considered when identifying risks related to the approach and methods for conducting procurements (Control PR.PRO.6):

  • Ability to create a level playing field between suppliers,
  • Ability to finalize procurements on time,
  • Ability to attract the right suppliers,
  • Flexibility to address opportunities and threats arising during the process,
  • Opportunity to use suppliers’ expertise to provide optimal solution,
  • Ability to recognize actual quality of purchased goods or services, and
  • Ability to meet regulatory requirements when purchasing given goods or services.

The following factors should be considered when identifying risks related to the approach and methods selected for controlling procurements and nature of proposed potential follow-up strategies (Control PR.PRO.7):

  • Criticality of goods or services from the project perspective;
  • Experience and competence level of the supplier;
  • Nature of control with a focus on the balance between preventive, detective, and corrective actions;
  • Adequacy of the performance metrics to the selected project life cycle;
  • Level of trust; and
  • Impact on relations.

X5.11 RISK MANAGEMENT CONTROLS FOR PROJECT STAKEHOLDER MANAGEMENT

Table X5-10 provides risk management controls for Project Stakeholder Management.

Table X5-10. Risk Management Controls for Project Stakeholder Management

Control ID Control Objective
PR.STK.1 Risks related to project life cycle are taken into consideration when planning Project Stakeholder Management.
PR.STK.2 Risks resulting from environmental factors are taken into consideration when planning Project Stakeholder Management.
PR.STK.3 Risks related to the approach and method selected for monitoring and managing stakeholder engagement are taken into consideration when planning Project Stakeholder Management.
PR.STK.4 Information from Project Stakeholder Management control activities is regularly analyzed in order to identify potential new risks and detect materialization of previously identified risks.

The following factors should be considered when identifying risks related to the project life cycle (Control PR.STK.1):

  • For predictive life cycles:
  • Ability to identify and engage key stakeholders early,
  • Stakeholders’ ability and willingness to predict their future requirements,
  • Stakeholders’ readiness to invest time in planning efforts,
  • Stakeholders’ ability and willingness to deal with potential mistakes in the planning stage of the project, and
  • Stakeholders’ understanding and willingness to deal with potential risks that could disturb predictability.
  • For iterative and incremental life cycles:
  • Stakeholders’ willingness to accept an incomplete definition of product scope,
  • Stakeholders’ readiness to work with partially defined and incomplete deliverables, and
  • Stakeholders’ ability to react to the results and lessons learned from previous iterations in a timely manner.
  • For adaptive life cycles, in addition to those for iterative and incremental life cycles:
  • Ability to deal with unexpected new stakeholders appearing as the project evolves,
  • Stakeholders’ readiness to work with largely undefined deliverables, and
  • Stakeholders’ readiness to operate without a predictive long-term budget and schedule tied to specific deliverables.

The following factors should be considered when identifying risks resulting from environmental factors (Control PR.STK.2):

  • Potential mutual impact of key external stakeholders, including:
  • Suppliers,
  • Competition,
  • Government,
  • Nongovernment organizations,
  • Local community leaders, and
  • Media.
  • Organizational structures;
  • Organizational risk tolerance, capacity, and appetite;
  • Trends in market conditions;
  • Trends in political climate; and
  • Trends in regulatory requirements.

The following factors should be considered when identifying risks related to the approach and methods selected for monitoring and managing stakeholder engagement (Control PR.STK.3):

  • Stakeholders’ willingness to engage in a desired manner,
  • Impact on stakeholders’ ability to deliver,
  • Cooperation culture,
  • Impact on overall relations,
  • Level of trust,
  • Maturity of individuals,
  • Team maturity,
  • Risk attitude and appetite of individuals,
  • Cultural differences,
  • Advantages and limitations of certain engagement methods, and
  • Availability of personnel to manage stakeholder engagement.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset