Working as a project manager (or as a coach for project managers) I always feel very uncomfortable how risk management is done:
Finding out how big the uncertainness of results, quality and costs is, digging for all factors which could harm the project, looking in depth for all sorts of impediments and calculating their probability multiplicated by their impact in € or $ ...
Then defining and planning actions to avoid, reduce or transfer those risks ...
And then, during the project, keeping a sharp view on all those risks....
Oh dear - for me all this is soooooooooooo boring problem focused!!!!!!!!
If I would practise that e.g. for my ski- or snowshoe-tours in the Alps I never would feel disposed to leave the mountain shelter...
So, since many years I had in my mind the question how to find a way to ask for opportunities in the same intensity as for harmful risks (= threads) and to use methods and tools for digging out and evaluating such opportunities as they are used for risk management.
How can it be done, to ask at the begin and during a project SF-questions like:
=> What are the best unexpected things which maybe could happen?
=> What of those things have happened in the past sometimes and maybe in a tiny way?
=> How can we manage it to enhance the probability for such "positive surprises"?
And so on ....
I found no good answer..... until today:
By chance I became aware of Dr. David Hillson from http://www.risk-doctor.com/
He published some very useful articles about "opportunity management", for example:
Effective Strategies for Exploiting Opportunities
Risk management, Maslow and memetics
In the article "Effective Strategies for Exploiting Opportunities" he did what I looked for: How to map the methods and tools for risk management to dig out and evaluate opportunities.
In contrast to managing threads he calls opportunities the "upside equivalent" of threads. Here a short part out of his paper:
((Managing opportunities is)) Generalizing and extending the four common threat strategies results in the following concepts:
•Avoidance strategies that seek to remove threats are actually aiming to eliminate uncertainty.The upside equivalent is to exploit identified opportunities — removing the uncertainty by seeking to make the opportunity definitely happen.
•Risk transfer is about allocating ownership to enable effective management of a threat.This can be mirrored by sharing opportunities — passing ownership to a third party best able to manage the opportunity and maximize the chance of it happening.
•Mitigation seeks to modify the degree of risk exposure, and for threats this involves making the probability and/or impact smaller. The opportunity equivalent is to enhance the opportunity — increasing its probability and/or impact to maximize the benefit to the project.
•The accept response to threats includes the residual risk in the baseline without special measures. Opportunities included in the baseline can similarly be ignored — adopting a reactive approach without taking explicit actions.
And in his paper "Risk management, Maslow and metrics" he reflects upon a question which is very important for SF also:
Current risk management theory and standards agree that not all risk is bad. Most of these include opportunities alongside threats within the definition of risk, and they expect the risk process to address both opportunities and threats equitably, proactively and effectively. However current risk management practice still focuses on threats. Managing opportunity through the risk process is often seen either as an optional extra, or as only for advanced practitioners, or as just plain wrong. Why is this?
You are interested in his answers? Well, here you find it: http://www.risk-doctor.com/pdf-files/TRN02.pdf