Professional Documents
Culture Documents
Nature of a Project
Types of Projects
Project Boundaries
Lifecycle of a Project – 5 Steps
When is a Project considered a Success
How to Implement a Project
How Project Management Software Help Manage Projects Better
Fundamental theory of project management. ...
First principles of project management. ...
Project planning. ...
Project work versus operations work. ...
Theory versus practice. ...
Project taxonomy or typology. ...
Project management complexity. ...
Project management language.
Projects are temporary structures which must be properly managed and controlled in order to meet their
stated objectives. All projects are a temporary effort to create value through a unique product, service or
result. All projects have a beginning and an end.
A project is a piece of work which is not a process or an operation. It has a start, an end, and
goals. Projects can be very simple, like organising a party, or very complex, like building a space
rocket.
Projects are common in the construction industry, the telecommunications industry and the IT
industry.The management of a project requires special skills.Project managers must ensure that
the project is delivered within the existing limitations. These limitations can be time, cost,
people, risk, and many more. Project managers must also ensure the best possible distribution of
resources.
Development is a process that creates growth, progress, positive change or the addition of physical,
economic, environmental, social and demographic components.
Todaro and Smith, Economic Development can be defined as process of a goal leading to a life of
dignity for people in relationship to the overall context of their community and the environment
that sustains them as a means of poverty alleviation.
People are the real wealth of nations, and the main goal of develop- ment is to create an enabling
environment for people to enjoy long, healthy, creative lives. This may appear to be a simple truth.
But for too long, development efforts have focused on creating financial wealth and improving material
well-being.
Project Management may be defined as the "the application of knowledge, skills, tools and
techniques to a broad range of activities in order to meet the requirements of a particular
project."
Project management is the way a person organizes and manages resources that are necessary to
complete a project. People that manage projects are known as Project Managers.
The objectives and goals of the organization can be achieved in an efficient manner through
proper project management. Project manager plays a key role in managing the project.
They forecast all the risks that might arise during the production process and ensure that all
the risks are addressed with a proper plan. By following a good project management
structure the employees will have a good understanding about their roles and
responsibilities, they will also be aware of the schedule of the deliverables and will have the
opportunity to plan their schedule accordingly. A good project management structure
ensures that the project is completed within specified time period and within budget.
Project management' provides structure and control of the project environment so that the agreed
activities will produce the right products or services to meet the customer's expectations.
A project manager works mainly with people. They need to have people management skills, a
good understanding of the tasks and skills needed on a project, an understanding of how long
tasks will take, good organising skills, good communication skills, and good efficiency skills.
Project managers do not need to know how to do all of the work that may be needed in a project.
For instance, a building project manager does not need to know how to pour concrete. However,
they need to know how to manage people that pour concrete, and they need to know how long
concrete takes to pour, how much it costs, what needs to happen before concrete is poured, and
what needs to happen after concrete is poured.
Characteristics of a project
A project is a set of interdependent tasks that have a common goal. Projects have the following
characteristics:
1. A clear start and end date – There are projects that last several years but a project cannot
go on forever. It needs to have a clear beginning, a definite end, and an overview of what
happens in between.
2. A project creates something new – Every project is unique, producing something that did
not previously exist. A project is a one-time, once-off activity, never to be repeated exactly the
same way again.
3. A project has boundaries – A project operates within certain constraints of time, money,
quality, and functionality. We’ll see more about this in later sections.
4. A project is not business as usual – Projects are often confused with processes. A Process
is a series of routine, predefined steps to perform a particular function, say, expense
reimbursement approvals. It’s not a one-off activity. It determines how a specific function is
performed every single time.
A project can:
Types of projects
Projects can be diverse in the ways in which they are implemented. Here are some examples of
projects:
Traditional projects: These are run sequentially in phases. These phases are typically
initiation, planning, execution, monitoring, and closure. Most high-cost infrastructure projects
make use of traditional project management.
Agile projects: These are used mainly in software development. They are people-focused
and adaptive. They also typically have short turnaround times.
Remote projects: These projects are usually used by distributed teams that seldom meet
in person. Handling freelance contributors is an example of a remote project.
Agency projects: Agency projects are outsourced to an agency that is likely to have
projects with multiple clients. Marketing and design projects are commonly outsourced to
agencies.
The boundaries of a project
Project scope
Project schedule
People
Resources.
All of these project constraints depend on what the project aims to achieve and when. The outcome
of a project results in deliverables. Anything that’s produced during the project’s development such
as documents, plans, and reports are considered a deliverable. A deliverable may also be the result
of the project itself.
Often, projects are divided into five project phases each of which comes with a distinct set of tasks,
objectives and a particular deadline. Dividing a project into different phases enables teams to stay
on track throughout its entire life cycle.
1. Initiation
The first phase in a project’s life cycle is called initiation. Here, a project officially launches. It is
named, and a broad plan is defined. Goals are identified, along with the project’s constraints, risks,
and shareholders. At this point, shareholders decide if they want to commit to the project.
2. Planning
A roadmap that will guide teams from creating a project plan throughout the project’s execution and
closure phases is developed comprehensively during the planning stage. Deadlines must be set, and
resources must be allotted. Breaking down tasks into smaller, manageable activities makes it easier
to manage project risks, costs, quality, time, and so on.
3. Execution
The project plan is implemented during the execution phase. At this point, teams will work on the
deliverables to ensure that the project meets the necessary requirements.
Everyone usually gathers for a meeting to mark the official start of the project, where teams can get
acquainted with each other and discuss their roles in the success of the project. Modes of
communication and project management tools are identified before the project plan is executed.
Learn how kickoff meetings can help you steer your projects toward success right from the start.
In addition, team members familiarize themselves with the necessary status meetings and reports
that will be conducted throughout this phase to collect project metrics. The project execution
phase is a critical point in a project’s life cycle as it will help everyone determine if their efforts will
ultimately be fruitful or not.
4. Monitoring and Controlling
The monitoring and controlling phase happens at the same time as the execution phase. It’s the job
of the project manager to oversee operations and make sure that everything is headed in the right
direction, according to plan.
Aside from overseeing the project’s performance, project managers have to monitor resources,
manage risks, head status meetings, and reports, etc. If unforeseen issues arise, the project manager
may have to make adjustments to the plans, as well as the project schedule.
5. Closing
The final phase of the project management life cycle isn’t as simple as delivering the output itself.
Project managers have to record all deliverables, organize documents in a centralized location, and
hand over the project to the client or the team responsible for overseeing its operations during
the project closure phase.
Not only that, but teams come together for a final meeting to discuss the insights they’ve learned
and to reward the hard work of each member.
The short of it is that a project that is completed on time and on a budget can be considered a
success. However, a project can be evaluated on many criteria:
What defines a successful project is likely to change based on the type of project. This is why it is
important to define what project success means during the initiation and planning phases of a
project.
Implementing a project can vary based on the methodology used. In traditional project management,
implementation is done in 5 phases.
1. Initiation: This phase involves making the case for the project to convince stakeholders.
A Project Initiation Document (PID) is created with basic information about the project
including probable resource use and feasibility.
2. Planning: This phase occurs once a project has received approval from stakeholders. This
is a critical phase that involves a myriad of tasks including contingency planning, allocating
tasks, and planning resource sharing.
3. Execution: This is the phase when the actual work happens. Periodical reviews are
conducted to ensure that execution happens within schedule.
4. Monitoring: Monitoring happens in tandem with execution. Constant monitoring by the
project manager is required to ensure that work goes on minus hiccups.
5. Closure: This phase involves the important final tasks in the project including project
delivery to the client and documenting the learnings from the project.
Once these steps are complete, a project can be said to be implemented well.
1. Strategic Alignment
Project management is important because it ensures what is being delivered, is right, and
will deliver real value against the business opportunity.
Every client has strategic goals and the projects that we do for them advance those goals. Project
management is important because part of a PM’s duties is to ensure there’s rigor in architecting
projects properly so that they fit well within the broader context of our client’s strategic
frameworks.
Good project management ensures that the goals of projects closely align with the strategic goals
of the business.
In identifying a solid business case, and being methodical about calculating ROI, project
management is important because it can help to ensure the right thing is delivered, that’s going to
deliver real value.
Of course, as projects progress, it is possible that risks may emerge, that turn into issues, or even
the business strategy may change. But a project manager will ensure that the project is part of
that realignment. Project management really matters here because projects that veer off course,
or which fail to adapt to the business needs may end up being expensive and/or unnecessary.
2. Leadership
Project management is important because it brings leadership and direction to projects.
Without project management, a team can be like a ship without a rudder; moving but without
direction, control, or purpose. Leadership allows and enables team members to do their best
work. Project management provides leadership and vision, motivation, removing roadblocks,
coaching, and inspiring the team to do their best work.
Project managers serve the team but also ensure clear lines of accountability. With a project
manager in place, there’s no confusion about who’s in charge and in control of whatever’s going
on in a project (especially if you’re using a RACI chart or other similar tools). Project managers
enforce process and keep everyone on the team in line too because ultimately they carry
responsibility for whether the project fails or succeeds.
5. Quality Control
Project management is important because it ensures the quality of whatever is being
delivered, consistently hits the mark.
Projects are also usually under enormous pressure to be completed. Without a dedicated project
manager, who has the support and buy-in of executive management, tasks are underestimated,
schedules tightened and processes rushed. The result is bad quality output because there’s
no quality management in place.
Dedicated project management ensures that not only does a project have the time and resources
to deliver but also that the output is quality tested at every stage.
Good project management demands gated phases where teams can assess the output for quality,
applicability, and ROI. Project management is important to quality because it allows for a
staggered and phased process, creating time for teams to examine and test their outputs at every
step along the way.
6. Risk Management
Project management is important because it ensures risks are properly managed and
mitigated against to avoid becoming issues.
Risk management is critical to project success. The temptation is just to sweep them under the
carpet, never talk about them to the client, and hope for the best. But having a robust process
around the identification, management, and mitigation of risk is what helps prevent risks from
becoming issues. Especially in complex projects, dealing with risk is where the value of project
management really comes into play.
Good project management practice requires project managers to carefully analyze all potential
risks to the project, quantify them, develop a mitigation plan against them, and a contingency
plan should any of them materialize. It requires knowing the right questions to ask in order to
uncover risks early.
Naturally, risks should be prioritized according to the likelihood of them occurring, and
appropriate responses are allocated per risk (some PMs use a dedicate risk management
software for this). Good project management matters in this regard, because projects never go to
plan, and how we deal with change and adapt our project management plan is a key to delivering
projects successfully.
7. Orderly Process
Project management is important because it ensures the right people do the right things, at
the right time – it ensures proper project management process is followed throughout
the project life cycle.
Surprisingly, many large and well-known companies have reactive planning processes that aren’t
really based around any real project management strategies.
But reactivity – as opposed to proactivity – can often cause projects to go into survival mode.
This is when teams fracture, tasks duplicate, and planning becomes reactive creating inefficiency
and frustration in the team.
Proper planning and process can make a massive difference as the team knows who’s doing
what, when, and how. Proper process helps to clarify roles, streamline processes and inputs,
anticipate risks, and creates checks and balances to ensure the project is continually aligned with
the overall strategy. Project management matters here because without an orderly, easily
understood process, companies risk project failure, attrition of trust in their business
relationships, and resource wastage.
8. Continuous Oversight
Project management is important because it ensures a project’s progress is tracked and
reported properly.
Status reporting might sound boring and unnecessary – and if everything’s going to plan, it can
just feel like documentation for documentation’s sake. But continuous project oversight,
ensuring that a project is tracking properly against the original plan, is critical to ensuring that a
project stays on track.
When proper oversight and project reporting is in place it makes it easy to see when a project is
beginning to deviate from its intended course. The earlier you’re able to spot project deviation,
the easier it is to course correct.
Good project managers will regularly generate easily digestible progress or status reports as part
of their stakeholder management. This enables clients or project stakeholders to track the project
on their own. Typically these status reports will provide insights into the work that was
completed and planned, the hours utilized and how they track against those planned, how the
project is tracking against milestones, risks, assumptions, issues and dependencies, and any
outputs of the project as it proceeds.
This data is invaluable not only for tracking progress but helps clients gain the trust of other
stakeholders in their organization, giving them easy oversight of a project’s progress. It also
gives your team a simple, consistent way to maintain regular contact to build your client
relationships.
Without PM, teams and clients are exposed to chaotic management, unclear objectives, a lack of
resources, unrealistic planning, high risk, poor quality project deliverables, projects going over
budget and delivered late.
Great project management matters because project managers with great training deliver success.
Project management creates and enables happy, motivated teams who know their work matters,
so do their best work. And that project management enabled team ensures the right stuff is
delivered; stuff that delivers real return on investment, and that makes happy clients.
Projects can be very complex undertakings that require a huge amount of effort and resources. No
matter what the goal is, using the principles of project management will help the initiative run
smoothly. Without proper project management principles, projects will be handled haphazardly and
are at a much higher risk of project failure, delay, and being over budget.
Knowing the fundamentals of project management improves one’s chances of completing a project
successfully. No matter what industry or niche an organization is in, project management
methodologies and frameworks enable them to steer the project in the right direction.
1. Integration Management
2. Scope Management
3. Time Management
4. Cost Management
5. Quality Management
7. Communication Management
8. Risk Management
9. Procurement Management
Building an Efficient Team and Communication Mechanism
It is the responsibility of a project manager to select members for the project. The project
managers can pick team members according to their experience and also familiarity in
similar kind of projects.
Communication mechanism
One of the core quality of a good project management structure is building an efficient team
and designing a good mode of communication to ensure that all the team members and
stakeholders have complete information about the project. For this, the project manager has
to conduct regular meetings with the team members, stakeholders and top level
management.
Project Phases
To have a better control on the project, the project is divided into different phases. Each
phase defines the tasks and activities that have to be completed within specific time period.
It also outlines how many team members will be allocated in each phase so that all
resources are used to their full potential.
A project life-cycle refers to all phases of a project, from initiation to completion of the
project. When defining the project life-cycle, the first phase in the cycle is referred as zero.
According to PMI, there can be four to five phases in a project life-cycle. Some may even
contain more phases, it basically depends upon the complexity and size of the project. Most
of the companies across the globe make use of Agile or Waterfall life-cycle approach. You
can also incorporate user-centered design (UCD) best practices and methods. A user-
centered design process includes planning, collecting and analyzing data, writing content,
designing and developing and testing.
Project Plan
Project plan plays a crucial role for effective project management. When the project
manager designs a project plan, they have to ensure that they include all user-centered
design best practices and methodologies
A project plan consists of aspects such as objectives, scope, budget, and team roles and
responsibilities, schedule, assumptions, dependencies, risk assessment and management
plan, and change control plan.
Basically, a project plan outlines a complete set of activities that needs to be undertaken by
team members. It is also possible that the sponsor may request some new changes in the
final product, in that case, the project plan must be updated accordingly. Then project
manager may also include charter agreement in their project plan. This decision has to be
taken by the project manager depending upon the project requirements. A project charter is
a document which is signed by the project sponsor.
Scheduling
Scheduling is one of the key aspects of project management.If the project is not properly
scheduled then it might lead to a project failure. Scheduling basically defines what are the
activities that have to be carried, and also clarifying who is responsible for carrying out
these activities.
Projects and project management processes vary because of their size and complexities
involved in each project. It is advisable that the project managers gain a thorough
understanding of the project requirements and implement all the phases of project
management to smoothly execute the project.
Project planning
discipline for stating how to complete a project within a certain timeframe, usually with
defined stages, and with designated resources. One view of project planning divides the activity
into: Setting objectives (these should be measurable) ... Planning the schedule
A project plan,
according to the Project Management Body of Knowledge (PMBOK), is: "...a formal, approved
document used to guide both project execution and project control. The primary uses of the
project plan are to document planning assumptions and decisions, facilitate communication
among project stakeholders, and document approved scope, cost, and schedule baselines. A
project plan may be summarized or detailed."[1][full citation needed]
The latest edition of the PMBOK (v6) uses the term project charter to refer to the contract that
the project sponsor and project manager use to agree on the initial vision of the project (scope,
baseline, resources, objectives, etc.) at a high level. In the PMI methodology described in the
PMBOK v5, the project charter and the project management plan are the two most important
documents for describing a project during the initiation and planning phases.
A statement of how and when a project's objectives are to be achieved, by showing the
major products, milestones, activities and resources required on the project."
The project manager creates the project management plan following input from the project team
and key project stakeholders. The plan should be agreed and approved by at least the project
team and its key stakeholders.
Project plan
defines project goals and objectives, specifies tasks and how goals will be achieved, identifies
what resources will be needed and associated budgets and timelines for completion. A project
plan defines all work in a project and identifies who will do it. A typical project plan consists of: A
statement of work, a resource list, work breakdown structure, a project schedule and a risk
plan.
AProject plan contain all of the planning documents that are part of the entire process. Components of the
project plan include baselines, baseline management plans, risk management, quality,
procurement, resourcing and communications. The project plan identifies the roles and
responsibilities of stakeholders.
Purpose
1) Executive Summary
This section will define the purpose of the project, the objectives express as success
criteria, which as a minimum would include time, cost and quality. This would set out
the main phases and stages of the project. The executive summary of the project
management plan would describe the overall procurement strategy, how the project
is being broken into
This section will describe the procedures that will be used to control the project. These will
vary from project to project (and organisation to organisation). Typically they will refer to
standard approaches in an organisation method. Typically these could include:
1. A quality management plan; which describes how we will make sure the products are
fit for propose.
2. A health and safety policy which will describe how safety risks are managed.
3. Project control policy which sets out how the project reports will be generated.
Often this section will just refer to organisational procedures, but the PM has the opportunity
to vary these to fit the needs of the project. Maybe increasing the requirements for
configuration management, for example.
3) Schedules
This section describes in detail the schedules and logs that define the detailed plans
for the project. Again these can be references to external documents or files held in
tools such as Microsoft Project.
Included will be a high-level schedule, which highlights the key deliverables in the form of a
milestone schedule. Should also include estimates of cost and resource requirements.
Specific contents include
1. Project lifecycle which sets out the overall phases of the project.
2. Precedence diagrams which describe the dependencies between the different work
packages.
3. Resource histograms which set our the resources required to deliver the project
against the resource availability.
4. Gantt chart which sets out the timeline the project showing when each activity is
scheduled to start and finish.
4) Resource Plans
As a minimum, each project should have a project sponsor and a project manager!
Is the estimating of costs and the setting of an agreed budget, and the management of
actual and forecast costs against that budget. Being able to predict with some certainty the
rate at which the project is spending its funds is crucial to know whether the project is on
track. This includes
1. A cost plan showing the planned expenditure, with time, for each work package.
2. A reference to the accounting system to show how these costs will be recorded.
3. Often a cost and commitment tracker so the PM can keep a track of the overall costs.
Often this is separate from the corporate finance systems.
Critical Path
Critical path analysis or critical path method is a project management technique used to
predict project duration and, therefore, is useful for both project scheduling and resource
planning. The Critical path represents the sequence of tasks or events that directly impact
project completing. Project managers can shorten or at the least control a project’s schedule
by focusing on critical path tasks. This is referred to as critical path management.
Understanding the critical path sequence provides you with information on where you have
flexibility and where you do not. On every project there are activities or tasks that have
flexibility. The task can start earlier or later without jeopardizing the completion date. The
flexibility between the earliest time that an activity can be completed and the latest time that it
must be completed is referred to as float. By definition if an activity has float it is not on the
critical path.
Project Risk Management
Managing project risk refers to the steps you take to identify, analyse and deal with problems or
issues that might arise during the project. The reason why project risk management is important
is that risks can throw a project off course. If you had planned a large, outdoor networking event
for dozens of notable clients and it rained, you’d have a lot of unhappy – and damp – clients (if
they decided to show up at all). It’s good practice to stay on top of the things that might cause
problems and have a plan to deal with them before they create problems. risk in project
management is anything that might have an impact on your ability to get the project completed in
line with the business case or project charter. Often, you’ll see teams define risks as being
negative: situations that might cause problems on projects. There are some examples of typical
project risks below.
However, during your risk identification, you should also look to define positive risk. These are
situations that, if they happened, would present an opportunity too good to miss. For instance, if
you launched a new website, you might get more traffic than you were expecting, which would
be an opportunity worth capitalising on.
Considering positive risk as well as the negative in a thought-out plan can help
you achieve more from your projects and could lead to new, untapped
opportunities.
Developing a Project Risk Management Plan
Risk planning will provide structure to a project, ensuring you mitigate risk at every corner.
Looking at risks don't just happen during project initiation or on a reactive basis. You should be
reviewing risk throughout the project, and a plan will help with that.
A solid plan usually includes a review of the environment in which the risks will take place. In
other words, the business context. This provides direction for all those involved in the project
and sets the scene for how short and long-term term risks are managed. For example, the risks
inherent in managing software development projects are different from those that you would find
on a construction project.
Developing a project risk management plan
Risk planning will provide structure to a project, ensuring you mitigate risk at every corner. Looking at risks don't
just happen during project initiation or on a reactive basis. You should be reviewing risk throughout the project, and
a plan will help with that.
A solid plan usually includes a review of the environment in which the risks will take place. In other words, the
business context. This provides direction for all those involved in the project and sets the scene for how short and
long-term term risks are managed. For example, the risks inherent in managing software development projects are
different from those that you would find on a construction project.
The role of risk management in the project planning process is to ensure that risks are given adequate visibility
during the early stages of the project. It also helps to embed a culture for risk mitigation from the very beginning of
a project.
As project risk is highest during the initiation and design phases – because you don’t yet know exactly how the work
will be done or what’s required – you should carry out a thorough planning process as early as practical during the
project, supporting your activities from the very beginning.
Seven Risk Management Steps in a Sound Risk Management Process
As a project manager or team member, you manage risk on a daily basis; it’s one of the most important
things you do. If you learn how to apply a systematic risk management process, and put into action the
core 7 risk management process steps, then your projects will run more smoothly and be a positive
experience for everyone involved.
A common definition of risk is an uncertain event that if it occurs, can have a positive or negative effect
on a project’s goals. The potential for a risk to have a positive or negative effect is an important
concept.It is natural to fall into the trap of thinking that risks have inherently negative effects. If you are
also open to those risks that create positive opportunities, you can make your project smarter,
streamlined and more profitable. Think of the adage –“Accept the inevitable and turn it to your
advantage.” That is what you do when you mine project risks to create opportunities.
Uncertainty is at the heart of risk. You may be unsure if an event is likely to occur or not. Also, you may
be uncertain what its consequences would be if it did occur. Likelihood – the probability of an event
occurring, and consequence – the impact or outcome of an event, are the two components that
Risk is about uncertainty. If you put a framework around that uncertainty, then you effectively
de-risk your project. And that means you can move much more confidently to achieve
your project goals. By identifying and managing a comprehensive list of project risks, unpleasant
surprises and barriers can be reduced and golden opportunities discovered. The risk management
process also helps to resolve problems when they occur, because those problems have been
envisaged, and plans to treat them have already been developed and agreed. You avoid impulsive
reactions and going into “fire-fighting” mode to rectify problems that could have been
anticipated. This makes for happier, less stressed project teams and stakeholders. The end result
is that you minimize the impacts of project threats and capture the opportunities that occur.
The purpose of risk management is to identify potential problems before they occur, or,
in the case of opportunities, to try to leverage them to cause them to occur. Risk-handling
activities may be invoked throughout the life of the project.
The risk management system has seven(7) steps which are actually is a cycle.
2. Identification
After establishing the context, the next step in the process of managing risk is to identify
potential risks. Risks are about events that, when triggered, will cause problems.
Hence, risk identification can start with the source of problems, or with the problem itself.
Risk identification requires knowledge of the organization, the market in which it operates,
the legal, social, economic, political, and climatic environment in which it does its business,
its financial strengths and weaknesses, its vulnerability to unplanned losses, the
manufacturing processes, and the management systems and business mechanism by which
it operates.
Any failure at this stage to identify risk may cause a major loss for the organization.
The identification methods are formed by templates or the development of templates for
identifying source, problem or event. The various methods of risk identification methods
are.
3. Assessment
Once risks have been identified, they must then be assessed as to their potential severity of
loss and to the probability of occurrence.
These quantities can be either simple to measure, in the case of the value of a lost building,
or impossible to know for sure in the case of the probability of an unlikely event occurring.
Therefore;
The fundamental difficulty in risk assessment is determining the rate of occurrence since
statistical information is not available on all kinds of past incidents.
Furthermore;
Evaluating the severity of the consequences (impact) is often quite difficult for immaterial
assets. Asset valuation is another question that needs to be addressed.
Thus, best educated opinions and available statistics are the primary sources of information.
Nevertheless, a risk assessment should produce such information for the management of
the organization that the primary risks are easy to understand and that the risk
management decisions may be prioritized.
Thus, there have been several theories and attempts to quantify risks.
Numerous different risk formula exists but perhaps the most widely accepted formula for
risk quantification is the rate of occurrence multiplied by the impact of the event.
The Courtney formula was accepted as the official risk analysis method of the US
governmental agencies.
The formula proposes the calculation of ALE (Annualized Loss Expectancy) and compares
the expected loss value to the security control implementation costs (Cost-Benefit Analysis).
1. Risk Transfer
Risk Transfer means that the expected party transfers whole or part of the losses
consequential o risk exposure to another party for a cost. Insurance contracts fundamentally
involve risk transfers.
Apart from the insurance device, there are certain other techniques by which the risk may be
transferred.
2. Risk Avoidance
Avoid the risk or the circumstances which may lead to losses in another way, Includes not
performing an activity that could carry risk.
Avoidance may seem the answer to all risks, but avoiding risks also means losing out on the
potential gain that accepting (retaining) the risk may have allowed. Not entering a business
to avoid the risk of loss also avoids the possibility of earning the profits.
3. Risk Retention
Risk-retention implies that the losses arising due to a risk exposure shall be retained or
assumed by the party or the organization.
Risk-retention is generally a deliberate decision for business organizations inherited with the
following characteristics. Self-insurance and Captive insurance are the two methods of
retention.
4. Risk Control
Risk can be controlled either by avoidance or by controlling losses. Avoidance implies that
either a certain loss exposure is not acquired or an existing one is abandoned. Loss control
can be exercised in two ways.
For example,
A risk (concerning the image of the organization should have a top management decision
behind it whereas IT management would have the authority to decide on computer virus
risks.The risk management plan should propose applicable and effective security controls
for managing the risks.
A good risk management plan should contain a schedule for control implementation and
responsible persons for those actions.
The risk management concept is old but is still net very effectively measured. Example: An
observed high risk of computer viruses could be mitigated by acquiring and implementing
antivirus software.
6. Implementation
Follow all of the planned methods for mitigating the effect of the risks.
Purchase insurance policies for the risks that have been decided to be transferred to an
insurer, avoid all risks that can be avoided without sacrificing the entity’s goals, reduce
others, and retain the rest.