Want to manage risks? Super! It's always a good idea.
Everybody starts with the traditional four steps:
- Identify the risks .... are you thinking strategically or tactically? The list is different for each
- Prioritize among risks .... some don't need to be managed
- Evaluate probability and impact
- Set up a risk response or mitigation
- It's rare, bordering on "never", that you would know -- or could evaluate -- "probability" in a quantitative sense. [High, low, medium is not quantitative]
- Why? Because it's unlikely you would have enough historical quantitative and calibrated data to form an estimate. (Actually, to form an estimate of a distribution from which a estimate of probability can be determined) Thus, you're likely guessing
- Time matters, and time is not actually explicit in Step 3. Most risks are not static or stationary. And, most assessments are not stationary. Your evaluation will change with circumstances and facts revealed. It matters when you assess risks or have to deal with their possible impacts.
Intervals and their timeliness
- Substitute the concept of "confidence interval" for a specific probability: less than this, greater than that; or contained within a range of this to that.(*)
- Explicitly state the time frame during which the confidence interval applies. After all, this example oft cited is a good demonstration of the principle: your confidence it will rain today is a good deal different than your confidence it will rain this week, but the impact may be the same if you are doing project work in the weather.
- Strictly speaking, if the actual shape of the confidence "curve" within the interval is important, then yes there is an issue
- But, if you are, as most of us are, approximating the interval with some end points that are "very likely to contain the real outcome" then the shape of the curve is not so important. Thus: press on!
Read in the library at Square Peg Consulting about these books I've written
Buy them at any online book retailer!
Read my contribution to the Flashblog