Project monitoring and risk management

30’ duration: (Trainer) - (support: slides & video & web)

→ Project monitoring and risk management

Monitoring is a continuous assessment that aims at providing all stakeholders with early detailed information on the progress or delay of the ongoing assessed activities. It is an oversight of the activity's implementation stage. Its purpose is to determine if the outputs, deliveries and schedules planned have been reached so that action can be taken to correct the deficiencies as quickly as possible.

Good planning, combined with effective monitoring and evaluation, can play a major role in enhancing the effectiveness of development programs and projects. Good planning helps focus on the results that matter, while monitoring and evaluation help us learn from past successes and challenges and inform decision making so that current and future initiatives are better able to improve people's lives and expand their choices. Monitoring and controlling includes:

• Measuring the ongoing project activities ('where we are');

• Monitoring the project variables (cost, effort, scope, etc.) against the project management plan and the project performance baseline (where we should be);

• Identifying corrective actions to address issues and risks properly (How can we get on track again);

• Influencing the factors that could circumvent integrated change control so only approved changes are implemented.

Risk management is the identification, evaluation, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.

The risk management plan should propose applicable and effective security controls for managing the risks. For example, an observed high risk of computer viruses could be mitigated by acquiring and implementing antivirus software. A good risk management plan should contain a schedule for control implementation and responsible persons for those actions. In order to design an effective risk management plan, we propose the following steps:

• Identify the threats

• Assess the vulnerability of critical assets to specific threats

• Determine the risk (i.e. the expected likelihood and consequences of specific types of attacks on specific assets)

• Identify ways to reduce those risks

• Prioritize risk reduction measures

By using template 7c, the trainer asks the teams to identify the potential risks of their project and plan counteractions. What can you do if an unexpected risk arises?