Comparing project risk management methodologies: ATOM framework analysis

Project Risk Management Methodology

Methodology Comparison

From the e-Activity, choose one project risk management methodology (not ATOM), compare and contrast the steps of the methodology you chose with ATOM. Provide an example of how each methodology is clearly used.

Regardless of the methods used for project risk management, the fundamental steps are the same, and they are roughly as listed below and used in this order:

Identify, characterize threats

Assess the vulnerability of critical assets to specific threats

Determine the risk (i.e. The expected likelihood and consequences of specific types of attacks on specific assets)

Identify ways to reduce those risks

Prioritize risk reduction measures based on a strategy

Taxonomy-Based Risk Identification

Taxonomy-based risk identification is a very approach to project risk management that utilizes a breakdown of possible risk sources that is synthesized with best practices knowledge to create a questionnaire. The answers to the questions can facilitate the systematic and repeatable identification of risks. This evidence-based method has undergone testing in active government-funded defense and civilian projects, and has been shown to be useful for risk assessment and for continuous improvement of the method processes. Results of the field tests encouraged the claim that the described method is useful, usable, and efficient.

An issue with a taxonomy-based risk management method is that the construction of the questionnaire is based on pre-conceived constructs in a scenario-like manner that can overlook important sources of risk. A typical risk management process for a multi-month project tends to identify and manage about six to 10 project risks. Beyond these general and easy to recognize risks, however, a risk management plan should consider a higher number of risks. A broader swath of considered risks will heighten the awareness of the team, making the identification of potential problems more efficient and effective.

B. Determine if you would choose ATOM as the most significant methodology for all of your project risk management. Justify whether or not you would replace the one you researched with ATOM. Support your response.

The Active Threat and Opportunity Management (ATOM) method makes the underlying theory transparent and is scalable for a range of projects from simple to complex. Indeed, ATOM can be tailored from its generic risk process to meet the challenges of specific risks and fit with the larger overall project. ATOM is superior to the taxonomy risk management approach, particularly as it provides intensive training for those responsible for implementing the method.

C. We have had teams that have used a hybrid of SCRUM but the daily meetings are called PODs or Plan of the Day meetings. Most of our projects are large and quite complex and go on for durations of about 3 to 4 years. One of our primary problems is the lack of formal training in the methodology and the tendency to fall back on methodologies of which we are more familiar, particularly in times of crisis.

A strong benefit of SCRUM is that self-organized teams that are co-located and can use verbal communication across all members enable a developmental rather than sequential approach to risk management. Because the approach is non-traditional, provision must be made for training workers and for promoting the approach within the context of the organizational culture.

"Course Lessons Learned" Please respond to the following:

D. Identify three concepts that you have learned in this course that will be useful for project work in your current organization.

1. Risk management planning is most effectively when it is embedded in the company culture, and when employee performance is linked to the implementation of the risk management plan.

2. Many risks can be controlled, and they should be analyzed for the potential business impact as well as cost of mitigating the risks.

3. Risk analysis should address the linkages across risks that may seem separate when not considered in relation to one another.

E. Explain how you would justify the use of the three concepts identified to other members of your organization.

1. When employees are empowered to identify the risks they face -- and that only they may be aware of -- their own projects and those of other employees will be viewed with greater clarity, and more obscure risks that are of low probability but could have high impact are made more salient.