1 / 33

Risk Management

Risk Management. What is Risk?. Webster’s (Risk) – The possibility of suffering harm or loss; danger. The different types of risk Personal risk - How will this risk effect the individual i.e. loss of job, health, family life, and their ability to identify and address risk

tad-higgins
Download Presentation

Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Management

  2. What is Risk? • Webster’s (Risk) – The possibility of suffering harm or loss; danger. • The different types of risk • Personal risk - How will this risk effect the individual i.e. loss of job, health, family life, and their ability to identify and address risk • Professional risk – Will people have the courage to identify and response to risk i.e. peer and or management pressure. What is the culture of your team, program, company? • Program risk – Is the risk process so narrow that suboptimum program decisions are made to the detriment of business areas or company goals • Company risk – Do you think of things short term or long term, do you look at the impact across the business (car versus horse drawn carriage, great for my program but hurts other business areas) • Community risk – How do your decisions impact the community around you locally, regionally, nationally, planet earth (Enron, Mortgage crisis) Identification of the different types of risk may make the difference between success and failure for you, the team, the company, or even the nation in some cases

  3. Consequences of Risk • Positive • Personal • Increased opportunities • Promotions • Pay increases • Emotionally lifting (initiative, innovative, courage) • Company • Increased business • Higher profits • Stock price • Increased market share/new markets • Country (Canada – Oil tar sands, Dutch wind) • Vision • Long Term Focus • Negative • Personal • Loss of job • Lack of Promotion • Pay freezes • Emotionally destructive (fear, anxiety, passive) • Company • Loss of business • Lower profits • Lower stock price • Reduced company viability • Country (US – Oil no refiners, or alternate sources of energy) • Lack of vision • Short term focus

  4. You create a need for it!! If Risk Management is important, how do we sell Risk Management to management?

  5. Program Performance Assessment 198 Program Attributes Assessed from Pre-Proposal thru Contract Completion Database Established Survey Tool • Program Phases: • Pre-Proposal • Proposal • Pricing delegation • Contract requirements • Technical performance • Contract execution • Contract change Performance Assessment: 9 = excellence in addressing key characteristics 3 = fair performance in addressing key characteristics 1 = poor performance in addressing key characteristics

  6. Risk Management Key to Success What Was Done Well on Programs That Performed Well That Was Missing on Programs That Performed Poorly? • Good program identified risk, assessment performed, integrated into program plan & tracked throughout life of program • 2 areas • 3 areas • 5 areas Risk Management Area 2 Area 3 Area 4

  7. Consistently Do Poorly on Problem Programs Score of <4, Scale of 1-3-9 Perceived as Areas of General ATK Weakness • Contract Execution & • Technical Performance • 11 other areas • Risk analysis & mitigation plan • 4 other areas • Pre-Proposal • Risk & requirements understood • 4 other areas • Proposal • Risk mitigation plan in place • 3 other areas • Delegation • 1 other area • Risk mitigation plan in place • 1 other area • Contract Change • 4 other areas

  8. Program Management Survey Results • PMs that incorporate Risk Management Plan into their program – 78% • Regularly use or implement risk management (monthly or less) – 50% • PM’s that can find examples of previous program plans, risk analyses, schedules, etc.. to help me do my job – 44%

  9. Program Management Process Rating • Q11) Which of the following items have you incorporated into your program(s)? (Check all that apply.) Many key elements of a Design Plan and Program Plan not applied to programs

  10. Program Management Process Rating • Q12) How Regularly do you use or implement these items? (Check all that apply.)

  11. What is Risk Management? • Definition of Risk Management: • Risk management is concerned with the outcome of future events, whose exact outcome is unknown, and with how to deal with these uncertainties, i.e., a range of possible outcomes. In general, outcomes are categorized as favorable or unfavorable, and risk management is the art and science of planning, assessing, and handling future events to ensure favorable outcomes. The alternative to risk management is crisis management, a resource-intensive process that is normally constrained by a restricted set of available options. • “ Risk Management Guide for DoD Acquisition, fifth edition, version 2, June 2003”

  12. What is Risk Management? • Types of Risk Management: • Hardware • Feasible, stable, and well-understood user requirements and threat; • A close relationship with user, industry, and other appropriate participants; • A planned and structured risk management process, integral to the acquisition process; • An acquisition strategy consistent with risk level and risk-handling strategies; • Continual reassessment of program and associated risks; • A defined set of success criteria for all cost, schedule, and performance elements, e.g., • Acquisition Program Baseline (APB) thresholds; • Metrics to monitor effectiveness of risk handling strategies; • Effective Test and Evaluation Program; and • Formal documentation

  13. What is Risk Management? • Types of Risk Management: • Software Risk Management • Identify software risk. • Estimate the time and resources required to develop new software, resulting in potential risks in cost and schedule. • Test software completely because of the number of paths that can be followed in the logic of the software. • Develop new programs because of the rapid changes in information technology and an • ever-increasing demand for quality software personnel. • People • Needs/Desires • Determine relationships • Relative power/influence • Trust

  14. What is the Risk Management Process

  15. Defenses are Never Perfect Potential losses (people and assets) What we don’t Know or don’t Believe Can and Will Hurt Us We perceive our ideal system of defenses like this. Mishap But the reality is more like this. Source: James Reason, Managing the Risks of Organizational Accidents, 1997, p. 9

  16. When Events Line Up, the Consequences Can Be Devastating A Hole is a Risk – A Weakness In a Plan – Any Plan People Events Facilities Materials Process Design Defenses in depth Product Design Program Plan Requirements (unspoken & spoken) Mishap Adapted from : James Reason, Managing the Risks of Organizational Accidents, 1997, p. 12

  17. Engineering and Process Design Close Holes Engineering and Process Design Have High Leverage Ham and Swiss on Rye • Voice of Customer (VOC) • Requirements Definition • Product Design • Process Design • Design FMEA / FTA • Manufacturing Process FMEA • Systems Engineering • Process Control • Peer Review To Close a Hole REQUIRES a Change – The Right Change at the Right Time Defensive Barrier Requirements Manufacturing Design Product Inspections Only Close Small Holes “Process” = ALL Processes, not just Hardware/Manufacturing

  18. The Essence of Mission Assurance Eliminate the Holes Shrink the Holes Make sure the Holes don’t Line up The Essence of Risk Management Find/Define the Holes So That We Can … Eliminate, Shrink, etc… Where are the Holes? The Result is Mission Success

  19. Risk Management Model Incident Management Manage Incidents Plan Plan Manage Risk Manage Risk Target Condition Current Condition

  20. Risk Management • If I know the risks I face, I can make betterdecisions • If I know the risks up front, I can apply my resources in a planned manner rather than just reacting to problems with scarce resources • A Key Role of a Leader is to Apply Resources at the DECISIVE Point and Time to Achieve Victory • If I know the risks & appropriately mitigate the risks, I have more confidence that I will achieve Mission Success – I plug the holes in the Swiss Cheese

  21. What Happened • We found many Risk ManagementTools • We found no inclusive and defined Process • “How to Identify the Risks” was Missing • Applies @ All Levels, All People, Simple & Complex • We defined the Principles • We defined the Process • Based on and consistent with the Principles • We designed a simple tool to support the process

  22. Emerging Risk Management Principles • Have a Plan • IMP/IMS, Product/Process Design, Material Plan, etc. • Actions to Mitigate Risks get Rolled Back into the Plan • Understand the Plan/Process • Look at each step/item in a methodical fashion • Include the Right People • Can be Very Difficult, but is Critical to Success • Thorough Discussion and Review • Risk Management is an Individual Behavior • Control Change – Make Changes Proactively • There is a Cost for every Mitigation – Plan The Resources • Solid Cost/Benefit Decisions are Necessary • Planned Use of Resources vs. Ad Hoc “Head in the Sand” • Take Planned Action – Plan And Make Change • Plan the work, work the plan • Follow up • Hold teams and individuals accountable

  23. Risk Management Process Flow voc • Risk Levels • Likelihood • Severity • Control • Alternatives • Identify options • Identify resources • Assess costs, benefits and impacts • Plan actions • Impacts • Cost • Schedule • Performance Risk – An event that could happen to prevent me from reaching my *** The “ Map/Define ” step can use a number of goal. tools such as process flow charts, program plans, Condition – The reason this risk makes you uncomfortable. Integrated Master Plans, Design Trees, etc, to Consequence – The result if the risk event happens. guide the risk identification effort. Given a current Severity – The measure of the magnitude of the effect of the risk event condition and (consequence) on Cost, Schedule, Technical Performance, AUPC, & desired end state Safety. Risk Identification Likelihood – The subjective measure of probability that the risk event will occur. FMEA, PFMEA, FMECA - type methodology Risk Assessment Brainstorm For each step - Evaluate risks potential risks Map/Define No feature, define for probability Risk for each step - the process – 6 M ’ s, 3 W ’ s of occurrence Risk Tracker Requires feature with ID critical & Success and severity of Action? multi - features *** Criteria consequence disciplinary team Yes EAC Reviews Periodic Risk Tracker Program Risk Review • Update the Plan • IMP/IMS • Design • Process • Budget Plan actions to reduce probability, Determine root Identify and Communicate the Risks Update reduce severity, Perform Actions causes of the Assess Risks (Reviews, Boards, Process or plan contingencies (Work the Plan) risk to the Plan Change Control, etc.) Plan or further understand risk Risk Handling 10/16/06

  24. 8/30/06

  25. Planning & Resource Allocation • Have a Plan, Work the Plan, Follow-up on the Plan • Risk Management is Dependent on having a Plan • The “Plan” is the “IMP/IMS” for a Program, the “Design” for a Product or Process, the “BOM” for Materials, etc. • The process looks at each step in the plan to Identify Risks • All Risk “Handling” Actions must be worked back into the Original Plan for application of Resources and Follow-up (IMP/IMS, Design, etc.) • Planned Use of Resources is Critical to Effective Management of the Process • Resources are Always Limited so Planning is necessary to Assure that Risk “Handling” Actions will actually be Implemented • Leaders Allocate Resources – It is Inappropriate to merely bully subordinate and supporting organizations to implement Change without Allocating Sufficient Resources

  26. The Process is Universal and Necessary Risk Management is universally applicable to and necessary in all parts of our processes. Too often it is only used at the Program level. People Events Facilities Materials Process Design Defenses in depth Product Design Program Plan Requirements (unspoken & spoken) Mishap Adapted from : James Reason, Managing the Risks of Organizational Accidents, 1997, p. 12

  27. Accountability From Bottom to Top Executive Management ATK Customer Pull Program Manager Customer Functional Leadership Supporting Organizations Teams IPT’s Functional Teams Individuals Designers Builders Given a sound process and training, Risk Management is an individual behavior. The process linked with the right behavior = Success. This individual behavior is the foundation of Risk Management.

  28. View from the Top How Leadership Views, Discusses and Responds to Identified Risks will Determine the Effectiveness of Handling Plans and will Determine Future Willingness to Identify Risks.

  29. Risk Management Process Focus • Risk Management Process • Implement a thorough risk management process • Keep reporting simple • Focus on reducing or eliminating risk through proactive risk management and initiating risk mitigation activities • Minimize the temptation to “accept” risk

  30. Risk Management Process & Responsibilities RM, TD IPT Leads Any Stakeholder RM, TD IPT Leads TD, RM IPT Leads TD, RM IPT Leads RMB, RM IPT Leads

  31. Weekly Inputs to Risk Assessment Design, Manufacturing Capability Assessment Risk Management Board Lessons Learned Trade Studies Inclusion into Risk Tracker • RMB Co-chaired by xxx • RMB Members: • RMB Advisors: • RMB Facilitators: Requirements Walkthrough Analysis DFM/DFA’s Opportunity Data Base Risk Clarification & Clean up GN&C / Aero / SW / GPS Integration Test & Evaluation Systems Engineering Program Office Systems Design Mechanical Electrical Program Office (continued) Contracts Finance Quality Materials Production Transition Alliant Techsystems Proprietary

  32. The Benefits of a robust Risk Management Process • How can you make risk work for you • It is a common trait of management to award people who put out fires more then they do the people who do things the right way such that you do not have fires. • Unfortunately it is also true that the people who put out fires may have gathered the kindling and lit the match that started the fire in the first place through poor risk management or no risk management • Good risk management helps give you visibility for doing the right things • It highlights the risks • It identifies the consequences • It enables healthy discussion on strategies and actions for addressing risk • It enables the individual to get the credit for doing the right things the first time

  33. The Benefits of a robust Risk Management Process • Actual Benefits from following “Good Risk Management Practices” • Schedule • It highlights the critical path • Identifies what is driving the critical path • Gets people talking and addressing the risk • It gives you time to address the risk • Money • It gives you a forum to discuss money in a non threatening manner • It provides reasons for making money available • It gives you time to address the risk • Reference viewgraph 3

More Related