Risk Management gives the visibility on the future root causes, their consequences and ways to reduce the impact of the potential negative effects of these future root causes. The underlined words “Future” and “potential” here indicate, it is a futuristic strategy of the organization. Risk Management can be applied at all levels of the organization. It can be applied at project, level, unit level or at organization level.
Risk Management is not a mandatory process required for ISO 9001. However, this is a Mandatory process as per AS 9100 and, a Maturity level 2 (ML2) process area for CMMI. Even though the requirements of both AS 9100 and CMMI are similar, there are subtle differences between these two.
To discuss more on the Risk Management (RSKM) we will start with few definitions.
What is Risk?
Risk is an undesirable situation or circumstance that has both a likelihood of occurring and a potentially negative consequence.
This is possible at every stage of Production or Service Provision, right from the contract development stage till Post Sales. The potential negative consequence chiefly rely on the Quality, Schedule or Cost. Whatever effort you put in, the process at every stage has some possible slippage (Remember Murphy). The Organization shall look at identifying and mitigating the effects of these likely slippage, at all Levels.
What is risk management?. Why is it needed?
Risk Management is an iterative process to identify, assess, reduce, accept, and control risks in a systematic, proactive, comprehensive and cost-effective way, taking into account the business, costs, technical, quality and schedule programmatic constraints.
Risk Management is needed to reduce the chances of potential negative result of a likely event on the business. This involves a focus on the risks to meeting customer requirements, and preventing product non conformance escapes. The absence of a Risk Management program can result in known, unknown, and unknowable /unforeseen problems for the Customer and Stakeholders about the cost, schedule, and technical performance of programs and about the quality and on-delivery performance of products and services.
In the Second Part
, we will discuss the benefits of a Risk management program.
Please share this on Facebook. if you like this blog, like us on https://www.facebook.com/excellencementor
There are a total of 24 process areas to defined in the CMMI Service Model. This model is also called as CMMI-SVC. These are divided into 4 groups by Maturity Level. Even though there are 5 Maturity levels, there is none defined for Level 1. The maturity levels Start only from Level 2. For an organization to achieve a specific maturity level, it must be practicing all the practices defined for each of the process area defined for the specific Level. Level 4 & 5 are called as High Maturity Process Areas. I will discuss each of the process areas in my later posts. As the Maturity Level increases, the practices required to be implemented increases. Please note that a higher level includes all the process areas listed in the Previous level.
Now Let us list the process areas, along with their common acronym Used.
Level 1 – Initial
Level -2 – Managed
- Configuration Management (CM)
- Measurement and Analysis (MA)
- Process and Product Quality Assurance (PPQA)
- Requirements Management (REQM)
- Supplier Agreement Management (SAM) – This PA is optional
- Service Delivery (SD)
- Work Monitoring and Control (WMC)
- Work Planning (WP)
Level -3 -Defined
- Capacity and Availability Management (CAM)
- Decision Analysis and Resolution (DAR)
- Incident Resolution and Prevention (IRP)
- Integrated Work Management (IWM)
- Organizational Process Definition (OPD)
- Organizational Process Focus (OPF
- Organizational Training (OT)
- Risk Management (RSKM)
- Service Continuity (SCON)
- Service System Development (SSD)
- Service System Transition (SST)
- Strategic Service Management (STSM)
Level – 4- Quantitatively Managed
- Organizational Process Performance (OPP)
- Quantitative Work Management (QWM)
Level – 5 Optimizing
- Causal Analysis and Resolution (CAR)
- Organizational Performance Management (OPM)
We will discuss various components subsequently
Please share this on facebook. if you like this blog, like us on https://www.facebook.com/excellencementor
Capability and Maturity Model is initially developed for department of Defense. The main focus of CMMI is to make sure that constant integration of Systems and Software. According to Software Engineering Institute, there are 5 levels of maturity in the Capability and Maturity Model. There is a clear distinction between the Capability and Maturity. the method of assessment differs for Capability assessment and Maturity assessment
The Maturity levels are
1. initial – Process Ineffective, Poorly controlled and Highly Reactive.
2. Managed – Process Characterized for Projects and often Reactive
3. Defined – Process Characterized for organization and is proactive. (Projects tailor the organizational process to the project needs)
4. Quantitatively Managed – Process Measured and Controlled.
5. Optimizing – Focus on Process Improvement.
From Maturity Level 2 and above, there are a set of process Areas which the organization is expected to carry out. we will discuss these in the subsequent posts.
Level 4 and 5 are called as High maturity processes where data based decision-making plays a vital role