The results of project risk analysis are statistical distributions of project duration and cost. Essentially there is a chance, that the project will be completed on time and on budget. For example, there can be a 70% chance that the project will be completed in 30 months, while the original project duration (determined without risk analysis) is 25 months. The difference between these numbers (5 month) can be a project buffer. The question is: “what percentile of the project duration can be used to determine a buffer?” It depends on the risk profile of the organization. Some organizations can accept higher risks, while others are more risk averse. Actual percentiles can be determined either by analysis of historical data or by asking project managers and executives certain questions, such as: “would you accept a 10% chance that the project will be delayed?” or “can you tolerant a 10 day project delay as a worst case scenario?” The process of asking such questions is called judgment elicitation.
Since the buffer can be reduced as a result of project risks, it must be controlled in each phase of the project. In other words, quantitative project risk analysis needs to be performed at each project milestone based on actual project performance. A new buffer will be calculated, for example, the original buffer was 10 weeks and over a course of the project the buffer can be gradually reduced. The black line on the chart below (actual buffer) should be above the red line (planned buffer). After 8 weeks the new actual buffer will be 3.5 weeks. However the planned buffer was 3.8 weeks.
If the buffer is reducing too fast, certain risk response plans should be executed. The risks can be accepted if, for example: there is a delay of a couple of days with the delivery of a component. This could be acceptable if there is a sufficient buffer and will still meet a deadline. Conversely, there should be some risk response, for example a new supplier needs to be found. Essentially controlling the buffer size is a critical part of an overall project control routine.
