PMI_TW電子報第四期_專欄文章

Proving The Value of Risk Management(特別感謝范淼博士翻譯此專欄!)

Dear Risk Doctor, Risk management is considered by management to be a waste of time and money if nothing happens. How can project managers convince management and decision-makers that risk management is a good investment and necessary, even if an actual event does not occur? Yours hopefully, Project Manager Dear hopeful Project Manager, You raise an important and vexing question for risk practitioners – how do we prove we’re adding value?! I have a three-part answer: Firstly, in old-style implementations of risk management that focus only on threats, you’re right that successful risk management means “nothing happens” (or at least no unexpected problems happen). In line with Popper’s Falsifiability Principle, we know it’s impossible to prove a negative, even though absence of evidence is not evidence of absence. So we couldn’t say for certain that investing in risk management was positively correlated with lack of problems. However now we have a new view of risk which includes opportunities as well as threats. Now successful risk management results in avoiding problems as before, but we also create additional value through maximising and exploiting opportunities. And of course this can be measured. So perhaps we can create a demonstrable and measurable “Risk Management ROI” in this way. Secondly, while we cannot run a project twice so we have no control for proving risk management effectiveness, we can learn from experience over time. Organisations which have been tracking project performance over the years can demonstrate that as risk management maturity increases, so does project success. What gets measured gets improved. And nothing beats demonstrating success to get the attention of management! Thirdly, senior management will quickly realise and accept the value of risk management when they understand the close link between risk and objectives. They understand the need to “spend to save”, and will be looking for a payoff from risk management in terms of more successful achievement of project and business objectives. When they see those benefits then their commitment will be reinforced yet further. I hope that answers your question adequately and that you manage to persuade your management to invest in managing risk. With best wishes, The Risk Doctor -------------------------------------------------------------------------------- 親愛的風險醫師： 風險管理在什麼都沒發生的情況下，會被管理階層認為是浪費時間及金錢的。專案經理應如何說服管理與決策者，既使沒有實際發生什麼事件，風險管理也是個好投資而且是必要的？ 滿心期待的專案經理 親愛的滿心期待的專案經理： 你提出了一個對風險實務工作者而言重要且困擾的問題—我們如何證明我們是有附加價的？ 我對此的回答分為三部分： 首先，在舊式僅專注於威脅的風險管理執行上，你是對的，成功的風險管理意味著「沒有事發 生」（或至少是沒有不期盼的問題生）。根據帕伯(Popper)的可證否原則，我們知道對『沒有（其存在）的證據不能當作其不存在的證據』此一說法，是不可能做出否定的證明的，所以，我們當然不能說風險管理投資與不會有問題間是正相關的。然而，我們現在有一個新的風險管理觀點涵蓋了機會及威脅。現在成功的風險管理仍像過去一樣可導致問題的規避；但是，我們也經由對機會的開拓與極大化創造了額外的價值，同時這些當然是可以衡量。因此，也許我們可以用這種方式建立可展示及衡量的「風險管理投資報酬率」。 其次，因為我們不能對同一個專案執行兩次，所以我們不能在有對照控制下證明風險管理的效益，然而我們可以從時間中學到經驗。長年追蹤專案績效的組織可以顯示，當風險管理成熟度增加時，專案成功的機率也跟著增加。可以衡量了就可以改善，沒有東西比展現成功更能引起管理階層注意。 第三，資深的管理階層在瞭解到風險與目標間的密切關聯後，將會迅速理解並接受風險管理的價值。他們瞭解「支出以求得節省」的需要，並且尋求因風險管理使得專案及企業在目標的達成上獲致更大成功的報酬。當他們看到這些利益後，他們將更進一步強化其承諾。 我希望這些可以適切地回答你的問題，並且讓你可以有效地說服你的管理階層投資於風險管理 祝你好運 風險醫師