PRINCE2 Themes

Prince 2 identifies 7 themes that the project must address continually.  By integrating these themes in its normative processes, PRINCE2 ensures that the themes are addressed.
The PRINCE2 themes are:

1. Business Case – why the project is being undertaken
2. Organization – for PRINCE2, the project is the project organisation. This theme describes the roles and responsibilities.
3. Quality – is about defining and refining the quality attributes of the product, and how the project will meet those attributes.
4. Plans – activities are planned for.  PRINCE2 defines the plans that need to be developed and the steps to undertake to prepare those plans.
5. Risk – PRINCE2 describes how project risks can be managed.
6. Change – assessment of the impact of change to the project
7. Progress – the monitoring and control of the project to ensure it remains viable and what steps to take if reality deviates from plans.

Risk - What Can Go Wrong

There are so many definitions of risk.

The newer versions include 'positive risk' and variations thereof. These definitions try to be very inclusive, to make sure they cover all possible perspectives and manifestations of risk. It can be a bit confusing. Some days

I am tempted to find a simple, clear, usable definition of risk.

I am not yet convinced that 'positive risk' should have the word 'risk' appended to it. On those days when I look at risk management as 'the management of uncertainty' I have no problem accepting that positive risks belong to this domain.

But for now, I will use as the most basic definition of risk:

Risk = what can go wrong.

Risk management = managing what can go wrong

The ‘wrong’ already implicitly includes a reference to our objectives.  If something can go wrong from our point of view, it means something going wrong in relation to our interests.  Something that doesn’t affect us is not something going wrong. So I don’t have to extend it to ‘something that can go wrong with regard to our objectives’  (in any case, I prefer to use ‘interests’ rather than objectives).

The ‘managing’ in ‘managing what can go wrong encompasses identification, assessment, and mitigation.

Let’s see how far these definitions will let me go.

Review of "The Failure of Risk Management: Why It's Broken and How to Fix It" Part 2

In Chapter two of his book, Douglas Hubbard's discusses where the risk management industry has been and where it currently thinks it is.

The chapter starts out with a very brief history of risk management ('800 words' according to the author), tracing the route from the discovery of mathematical probabilities, to its initial commercial application in insurance, and finally down to the modern day emerging 'new character' or risk management, incarnated in regulations like Basel II, and in applications like Enterprise Risk Management. His history is not very complimentary, comparing today's state of risk management as similar to the Old West gold rush towns, where things look brightly painted and pretty, but built on shaky foundations and filled with snake oil peddlers.

His history aligns quite well with Peter Bernstein's own summary, although at a very very high level and, I suspect, very much framed to support his thesis (which I suppose is what the rest of the book is about).

Hubbard then makes a brief discussion of the common risk assessment approaches (expert intuition, weighted scoring, probabilistic models, etc) and suggests that some of these are not up to par for the role risk management is playing (corporate growth survival, after all) and will probably need to be dispensed with.

The next section covers risk mitigation approaches. He has a brief treatment of the common approaches (what risk management book doesn't?): avoid, reduce, transfer, retain. The most interesting part of this section is his list of examples of concrete manifestations of risk mitigation approaches (in contrast to the abstract approaches of
avoid, reduce, etc. His list includes selection processes, contractual risk transfer, insurance, liquid asset position, etc.).

In the final section, Hubbard discusses 3 major surveys of enterprise risk management, conducted by Aon, The Economist, and Protiviti. The surveys show what the executives in these companies thought about what their top risks are (reputation, market, human capital, and regulatory environment figure very high). The surveys indicate that risk management is present in those companies primarily because they are being required to have it (a necessary evil). It also shows that risk
management is well represented and increasingly so at the board level.  The executives seem pretty confident that they are doing risk management well.

Hubbard suggests that that is not the case at all.