What We Liked
Chapter 2, Risk Management Overview, lays important groundwork for the whole book. In particular it presents a process diagram which is virtually identical to the Risk Management Structure displayed in the Risk Management Guide for DOD Acquisition shown in Figure 1. Perhaps this is not surprising as Edmund's work played a significant role in developing the content of the DOD's Guide.
Figure 1: DOD Risk Management Structure
It must be remembered that Edmund's book is written from the perspective of acquisition of project management services, whether as owner-buyer or prime contractor-buyer who buys subcontract services to sell to the owner, although most of his experience is from the seller's perspective. The inference is that detailed project risk management activities take place within the seller organizations although both buyer
and seller have responsibilities. Still, it is worth pausing for a moment to compare this figure with the Project Management Institute's view shown in Figure 2.
Figure 2: PMI's Project Risk Management Overview
Differences worth noting between the two are that the PMI model is a linear progression, even with two types of analyses. In contrast, the DOD model (Figure 1) groups risk identification and analysis under the single heading of risk assessment. This is followed by risk handling which covers both planning, i.e. selecting options, and taking action. This is then followed by risk monitoring which is actually the monitoring of performance risk handling rather than the monitoring of the incidence of risk events themselves. Finally, the DOD model contemplates feedback from the last activity of risk monitoring back into each of the earlier activities as shown by the return arrows.
Edmund claims the following advantages of his approach:
- Recognition of technical risk
- Provision for organizational and behavioral considerations
- More approaches to risk identification
- A better guide to evaluating qualitative vs. quantitative risk analysis
- A structured approach to actual risk handling, and
- Suggestions for documentation of each process step
Another feature of the book is that risk handling options are reduced to four major headings namely: assumption, avoidance, control, and transfer. However, under the control option, also named "mitigation" in a narrower definition, a total of nineteen interesting possible approaches are offered. Under the heading of "Some Contractual Considerations", one particular risk caught our eye. Edmund states, no doubt with some feeling:
"However, just because risk management is required in the proposal, evaluated in source selection, and put on contract, there is no guarantee that it will be successfully implemented after the program phase is initiated. For example, many proposal writers are not involved with the project after the next program phase begins."
The many "considerations" described in the book are taken from the copious experience of Edmund and those around him. Since it is natural for "experiences" to dwell on what went wrong, these considerations tend to describe what not to do. However, for those who want to know what to do, there is the Risk Management Guide for DOD Acquisition referenced above. At the time of this writing (March 2004), this document is a free download from: http://www.dau.mil/pubs/gdbks/risk_management.asp. In fact, reading this document is almost a prerequisite if you want to get the full benefit from reading Edmund's book
18. Ibid. p22 – see Fig. 2.1 Risk Management Process Structure.
19. Risk Management Guide for DOD Acquisition, Fifth Edition (Version 2.0), Department of Defense, Defense Acquisition University, VA, 2003, Figure 2, p7.
20. A Guide to the Project Management Body of Knowledge, 2000 Edition, Project Management Institute, Figure 11-1, p128.
21. Conrow, E. H., Effective Risk Management, 2nd Edition, p29 & p64.
22. Ibid. p31.
23. Ibid. p157.