PMI Virtual Library© 2010 Teresa James

Easy Risk Analysis

I always knew I should be doing some sort of risk analysis, but I could not find a tool that worked for me. Because project managers usually suffer from information overload,

how can we select – from the mountains of published literature – a manageable number of books and articles on performing a documentation review? How can we find and choose the experts for a Delphi process? How can we get an entire group to participate in a brainstorming session?

I have found the Crawford Slip Method (CSM) a simple and powerful tool for analyzing risk that has the side benefit of supporting team building. I first heard about this method during a seminar presented by project management risk guru Carl Pritchard, founder and principal of Pritchard Management Associates. This method sounded like an easy way to identify risks with minimal amount of required time, equipment, and training. I decided to try it. And since then, I have become a believer in the value of using CSM. In my discussion below, I examine some of the aspects of CSM and some from the nominal group technique, which includes the group review and ranking of the answers.

For those of us who are skeptics about the value of assessing risk assessment, we should consider the alternative. I have worked in situations where the staff was always responding to the immediate crisis, and their response was often preempted by the next crisis. Managing a project with

By Teresa James, PMP

such a reactive approach is not as effective as a proactive approach, particularly when considering how this affects team morale and how it fatigues the team’s “firefighters.”

The Crawford Slip MethodCSM dates back to 1925, when

a professor in California, Dr. C. C. Crawford, invented

the method. It is an effective approach to facilitating brainstorming sessions for a variety of issues,

such as identifying risks. Although

brainstorming sessions can generate needless

problems, such as a few people monopolizing the entire

discussion, these sessions can help teams build upon existing ideas. The one shortcoming I see with

CSM is that participants cannot take other people’s ideas and build on them. One way I have addressed this with my teams is through using the nominal group technique, which encourages discussion and prioritization (as described in Step 8 below).

I have used CSM many times and it has helped my teams clearly identify a project’s risks and engage quieter team members in group discussions. Here is the process, as I apply it when leading project teams.

Requirements Before the MeetingBefore applying CSM in a brainstorming session, I suggest performing these five activities:

I have found the

Crawford Slip Method

(CSM) a simple and powerful tool for analyzing

risk and that has the side

benefit of supporting

team building. ”

PMI Virtual Library | www.PMI.org | © 2010 Teresa James2

Outline the question the team will explore•Identify the session’s participants •Schedule a one-to-two-hour meeting that all participant •can attendProvide each participant with ten sticky notes and one pen•Bring extra sticky notes and pens•

The key to an effective session begins with clearly defining the question explored. Here are two questions I have used: “What risk is associated with the new application going live in six months?” and “What risk is associated with completing the new employee training within two months?” Spend some time formulating the question. I have used some of the risks I have already identified as example answers to help me formulate my questions.

Those participating in the session can include team members and stakeholders. It is important to invite individuals who understand the session question and who are in a position to offer answers.

Ask the participants to provide ten answers to the question; ask that they write one answer on each piece of paper. By using sticky notes, you can expedite the process of putting the answers on the wall. Sticky notes also enable you to easily group and regroup the participants’ answers.

I once presumed that all participants would their own bring pen. How wrong I was. That is when I learned to provide all the materials needed – such as sticky notes and pens. Often I also bring colored felt-tip pens and colored sticky notes that are at least 4"x4"; these materials enable participants to easily read the answers from across the room. And the colors make the meeting a bit more festive and help create an environment of fun.

Steps to Follow During the Meeting

Step 1: Explain the process

You could use this white paper as a basis for the explanation.

Step 2: Define the terms

There are a few key terms that the group must define. I usually propose a definition and let the group come to a consensus. Here are the key terms and definitions I propose. The final definitions are not the critical part, a common understanding is.

Risk is a positive or negative unknown that will impact 1. the project’s objectives.

Qualitative risk analysis involves rating the probability of 2. risks using a scale, such as high/medium/low (H/M/L).

High probability: The risk usually always happens.•Medium probability: The risk occasionally happens.•Low probability: The risk will most likely not •happen.

3. Quantitative risk analysis involves assessing the impact of a risk on time, cost, scope, quality, or customer satisfaction.

High impact: A50 percent increase or decrease in one •or more areas.Medium impact: A 20-50 percent increase or •decrease in one or more areas.Low impact: A 20 percent increase or decrease in one •or more areas.

Step 3: Ground rules

I use the following short list of ground rules for the meeting.1. No idea is a stupid one.2. No personal attacks, just an open discussion of ideas.3. Everyone must participate.4. Put yourself in another stakeholder’s shoes and

imagine what that person would say.5. Let’s have some fun.

Step 4: Pass out the sticky notes before asking the question

Step 5: Ask the question

One of the keys to CSM is the repetition of the question at one-minute intervals. The facilitator asks the question and gives participants one minute to write one answer. The process is repeated until everyone has written ten answers. By requiring the participants to write ten answers, I encourage them to dig a little deeper. The first five answers often come easily to almost everyone; but those last few usually take a little longer.

I always explain to my session’s participants that the format for the answer is, “X may happen and will result in Y.” For example, “We may lose subcontractor support and this will result in being unable to finish the programming.” A one- or two-word answer is not sufficient.

Step 6: Evaluate your answers

This step was not part of the original CSM, but I find it useful for participants to rate their answers. I use the H/M/L

PMI Virtual Library | www.PMI.org | © 2010 Teresa James3

rating scale described above; I instruct participants to place – on each stick note – a rating for probability in the upper left corner and a rating for impact in the upper right corner.

Step 7: Stick the answers on the wall and arrange these responses into categories

I ask each person to place one sticky note on the wall. I then read the notes already on the wall so the participants can either add their notes to the proper group or start a new group. I do this until all notes are on the wall. Any note that duplicates another note is placed over the existing note.

Step 8: Go through the categories

When all the notes are on the wall, I evaluate the categories with the group and move any notes as needed. I work with the group to name the categories, such as “Financial Risks” or “Hardware Risks.” In looking at each risk category, the group finds the high probability/high impact risks and then identifies those risks that have a high probability or a high impact. I verify that the group agrees with the rating. The group then reviews all the risks in the category to ensure that a high risk has not been overlooked. Although the low probability items are often silly things, like key personnel winning the lottery and leaving the project, these often point to real risks. That is why a review of all the risks is essential.

Step 9: Next steps

The highest risks go on a risk register and the others are put on a watch list. For some of the higher risks, the group may decide to perform a further quantitative risk analysis. All of the risks on the risk register are assigned risk owners and the risk owners develop risk response plans.

At the end of a project phase, and after a risk event has occurred, the group reviews the risk register and the watch list.

Develop the Risk PlanThese simple steps, which require only a couple of hours to perform, are the basis of forming a very simple risk plan. According to the Project Management Institute’s A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Fourth Edition, a risk plan contains these components:

Methodology•Roles and responsibilities•

Budgeting•Timing•Risk categories•Definitions of risk probability and impact•Probability and impact matrix•Stakeholder tolerances•Reporting formats•Tracking•

Each of these components is included in my proposed approach:

Methodology is contained in this white paper. •Roles and responsibilities are defined in the meeting and •in the risk register.Budgeting, including a contingency reserve, occurs •outside the meeting, but estimates can be developed using the risk responses on the risk register. Timing includes the time of the meeting and the interval •for reviewing the risks. Risk categories are defined during the brainstorming •meeting. Definitions of risk probability and impact are also •outlined during the meeting. Probability and impact matrix is easily created outside the •meeting using the ratings listing on the sticky notes. Stakeholder tolerances are often adjusted based on the •results of risk identification. Reporting formats and tracking are defined during the •meeting.

So there you have it, a simple risk plan. Try it and see for yourself if it is as easy – and effective – a as I suggest it is.

About the AuthorTeresa James, PMP, is a program and project manager at Bechtel Jacobs Company, LLC (Oak Ridge, TN, USA). She has 15 years of experience in managing information technology projects for colleges, manufacturing plants, hospitals, and government agencies conducting environmental monitoring. For five of her 15 years of professional experience, Ms. James provided her services as an independent consultant. Along with her Project Management Professional (PMP) credential, she is also a Six Sigma Yellow Belt and holds a Master of Science degree in Planning (University of Tennessee). You may contact her via e-mail at tljames@comcast.net.