Linking Risk Management with Lessons Learned

M

Matrix45

#1
I am trying to link Risk management with Lessons learnt i.e.
- What comes first in project management?
- If Risk comes first then you analyse from lessons learnt?
- After risk management then the risks identified should be put into lessons learnt
- The loop i.e. keep updating both?
- Can lessons learnt contain open actions and then closed when they have been analysed and implemented?
 
Elsmar Forum Sponsor
L

lk2012

#2
Re: Linking Risk Management wiith Lessons Learnt

Hi, that's quite a complex question you've got there:

1. What comes first in project management? I'd say they are two sides of the same coin. For a new project, you've got to take a fresh look for any risks while also taking into account lessons learned from similar / previous projects. I'd personally do the fresh risk assessment first and then look at the lessons learned, just for the sake of starting on a clean slate.

- After risk management then the risks identified should be put into lessons learnt?
With a new project, I'd update the lessons learnt after each project phase. This is my view only, you might want to update them as you go along.

- Can lessons learnt contain open actions and then closed when they have been analysed and implemented?
I'd probably link the lessons learned to internal corrective actions.

Sorry this is not very comprehensive. Hope it helps.
Lil
 
P

pldey42

#3
Re: Linking Risk Management wiith Lessons Learnt

Interesting question.

One lesson I learned from a few poor projects was to do risk management early in a (software) project - we called it "addressing technical uncertainty first." Our lesson learned, if you will, was that when a project went badly wrong it was more often than not that we had taken a bad bet on a new idea - a new algorithm, some new technology, even a client who didn't quite know what they wanted. So at the start of the project we'd ask, of what are we uncertain?

We learned to address risks early so that we had as much time as possible to get them mitigated and, with luck, some contingency time in case the preferred mitigation failed. (One lesson learned as a result was to plan projects assuming a normal working day, reserving overtime as something to be used if early risk mitigations failed. While senior managers often balked, we never allowed them to reduce time and budget for a job by including overtime in the project budget: it was our contingency time.)

In some cases we had, not so much a lesson learned, but more a mistake made and not to be repeated - somehow. In risk management we listed it as something that would likely go wrong again, and put mitigations and fall-back plans in place. We didn't know if they'd work or not so in a sense, yes, we had open actions. At that time we weren't doing ISO 9001 (we were a small company and it was the mid-seventies) so the formalities didn't concern us.

For ISO 9001, yes, under ISO 9001:2008 one could identify the mitigations as preventive actions and close them when and if they worked, perhaps folding the good ones into defined processes. This is one area where the 2015 version of the standard will certainly sit better, I think.

I don't think risks identified are lessons learned. The two concepts are in my experience different. If the risk is identified, and the mitigation plan works, that might be a lesson learned for the next time around. For me, risk management looks forward into uncertainty, while lessons learned look back to evaluate what worked, and what didn't. I think both are essential to sound project management.

One other thing: I'd be careful to separate lessons learned from risk management somehow, to avoid risk management being completely conditioned by what went before. I think there should be an element of free thinking about this project and its risks so that risk management can help avoid lessons we don't want to learn.

Hope this helps,
Pat
 

bramanta

Starting to get Involved
#5
I think simultaneously. We conduct risk analysis while we learn from any available resources such as our or others experiences, expert, etc. Documenting past risk analysis and taking into account in new project development are example of the 'learning organization' application..I think.
 
Thread starter Similar threads Forum Replies Date
F Linking an ISO 31000 Risk management SOP to ISO 17025 ISO 17025 related Discussions 2
R Linking the Processes of Continual Improvement, Change Management, Risk Management, Action Planning, etc? Preventive Action and Continuous Improvement 5
F Linking customer claims to FMEA IATF 16949 - Automotive Quality Systems Standard 3
T Software for linking Process Flow Diagram, Process FMEA and Control Plan APQP and PPAP 9
V Linking the FMEA Causes & Action Plan with DOE Experiments or Experimentation Design FMEA and Control Plans 1
S Linking CARS (Corrective Action System) with the rest of our system Nonconformance and Corrective Action 4
A FMEA - Linking Customers Complaints to an FMEA and Update ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
S Linking Procedures to ISO 17020 Clauses General Measurement Device and Calibration Topics 3
R Linking a Gage Manufacturer by Serial Number Quality Manager and Management Related Issues 5
B Control of Documents in several languages and Document Linking ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
B Linking Quality Plan Objectives to the Business Plan? IATF 16949 - Automotive Quality Systems Standard 7
N Linking Business Process Map with Sub-Process Process Map Process Maps, Process Mapping and Turtle Diagrams 39
N Linking BSC (Balanced Score Card) with Six Sigma Six Sigma 18
B Linking: Process Flow - 'Common' Process FMEAs - Control Plan FMEA and Control Plans 11
M Linking Process Flow Charts, FMEAS and Control Plans for TS 16949 FMEA and Control Plans 4
E Linking of Process Control Plans To Process Documentation FMEA and Control Plans 6
C Linking Acceptable Quality Levels (AQL) and Average Output Quality AQL - Acceptable Quality Level 7
D Hyperlinks in Microsoft Excel and Word - Linking Documents Excel .xls Spreadsheet Templates and Tools 12
A Linking ISO 9000 to Economic Value Added ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
S Rationalising the level of effort and depth of software validation based on risk ISO 13485:2016 - Medical Device Quality Management Systems 10
R Risk assessment on IT containers and the information they contain IEC 27001 - Information Security Management Systems (ISMS) 4
B Threat/Vulnerability Catalogue for risk assessment IEC 27001 - Information Security Management Systems (ISMS) 4
R Opportunity For Improvement vs Opportunity (Positive Risk) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
R FOD Risk Assessment - What tools would you recommend for assessing FOD risk? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
A ISO 14971 PFMEA Manufacturing Risk ISO 14971 - Medical Device Risk Management 2
Q Example of the Risk Template Document Control Systems, Procedures, Forms and Templates 1
K Overall residual risk according to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 5
A Risk Number for each software requirement IEC 62304 - Medical Device Software Life Cycle Processes 7
A IEC 60601 11.2.2.1 Risk of Fire in an Oxygen Rich Environment, Source of Ignition IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
D Importing a general wellness low risk product Other US Medical Device Regulations 3
C Quantifying risk in choosing the number of parts, operators and replicates in a GR&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
R AQL, Consumer Risk and MA Statistical Analysis Tools, Techniques and SPC 2
M Risk managment report of Surgical Mask Example ISO 14971 - Medical Device Risk Management 14
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R ECG Risk Analysis Standards ISO 14971 - Medical Device Risk Management 2
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
A 5 x 5 Risk Matrix - Looking for a good example Manufacturing and Related Processes 2
F Risk for Quality Assurance Department in a Hospital - Hospital Incident Reporting ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Should volume of sales be factored into risk probability assessments? ISO 14971 - Medical Device Risk Management 33
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 Documenting Risk Control Option Analysis ISO 14971 - Medical Device Risk Management 8
B Risk Assessment Checklist for Non product Software IEC 62304 - Medical Device Software Life Cycle Processes 1
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
K Identification of hazards and Risk file IEC 62366 - Medical Device Usability Engineering 7
S Risk based internal auditing Internal Auditing 6
Robert Stanley I'm @ RISK of not showing my RISKS! ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
M Estimating the benefit-risk ration under MDR EU Medical Device Regulations 1
adir88 Information of safety can reduce risk now? ISO 14971 - Medical Device Risk Management 12
G Any good examples of CAPA forms that include a risk based approach? ISO 13485:2016 - Medical Device Quality Management Systems 8

Similar threads

Top Bottom