E N D
1. Effective Management of Project Risk Risk Management in the Public Sector
CIPFA London Division Meeting
29 November 2005
2. Agenda Introduction
Projects & Risks?
How do you know……?
What do you do about them?
So what?
3. The project A project is a temporary endeavour organised and undertaken to create a unique product or service
Examples:
Developing a new product or service;
Effecting a change in structure, staffing or style of an organisation;
Developing a new transportation vehicle;
Developing or acquiring a new or modified information system;
Constructing a building or facility;
Running a campaign for political office;
Implementing a new business procedure or process;
4. What is a project? “A journey into the unknown, fraught with risk.”
“ A non-routine commercial or industrial operation.”
“The deployment of scarce resources over a complex framework of tasks to achieve a goal.”
“Little chunks of change - some change is chunky and some change is soft and squidgy”
The journey and the destination
“Unique goal-oriented action required to realise an idea, a proposal or a step in a development.”
5. The Project Phases - as defined by Kepner Tregoe
6. Why do some projects succeed? Good fortune & law of averages
Because some of them have to succeed
Great stakeholder management
Excellent project management
An experienced, competent project manager
Strong, capable, motivated and well-managed project team
Crisp project design
Supportive, demanding, understanding and engaged customers
Appropriate budget and nearly enough time
Clear and shared vision and understanding of what is required and why
(Eventually) a clear definition of what the project will do and how it will do it
Adequate governance
A mature attitude to change
Excellent risk management
7. Why do some projects fail? Good fortune & law of averages
Because some of them don’t have to…..
Great stakeholder management
Excellent project management
An inexperienced, incompetent project manager
Strong, capable, motivated and well-managed project team
Crisp project design
Supportive, demanding, understanding and engaged customers
Inappropriate budget and enough time
Clear and shared vision and understanding of what is required and why
(Eventually) a clear definition of what the project will do and how it will do it
Inadequate governance
An immature attitude to change
Excellent risk management
8. What is P R O J E C T R I S K?
9. Typical effects of unmanaged risks on projects They cost more than we thought they would!
They take longer than we thought they would!
They don’t deliver what we expected them to deliver!
They don’t produce the effects we desired!
Reputation is weakened
Our customers aren’t delighted!
10. Project failures?
11. Common causes of project “deferred success” Optimism
Realism
Willing to please
Resources (£,People, Time)
Ignorance
Attitude
Capability
Governance
Visibility
Buy-in
12. How to avoid the common causes of project failure! Don’t do the project
unless or until you are convinced you know how it will succeed and you are prepared to invest what is necessary (time, energy & money);
Invest more up front to ensure understanding and to assure design;
Deploy project management professionals, challenge and listen to them;
Ask the difficult questions:
show me
how
why
what if…..
Do not tolerate mediocrity;
Operate a simple dashboard, be continually vigilant, watch the signs;
Don’t be afraid to say S T O P;
Don’t be afraid to say NO to that absolutely critical change request;
Operate PRAM;
13. Project Risk Analysis & Management Plan and check the plan and recheck the plan;
Look for the threats to success;
Beware the “GOD” jobs!
Size, analyse & understand the threats;
Select the threats that really worry you;
Work out what you could do about them;
Work out what you can afford to do about them;
Decide what you will do about them;
Timing
Budget
Indicators
Do what you said you will do;
Keep watching out!
14. How do you Identify RISKS? How do we identify risks? Any Ideas?
As early as possible and preferably long before they happen!
The earlier we identify them, the earlier we can do something about them
We can set expectation levels, we can modify contract terms, we can change plans, we can opt for alternative approaches, etc
MOSIC places great importance on checklists - these are prompts and reminders to allow us to benefit from past experiences, from past mistakes - as we make new mistakes we add them to the checklists to prevent a recurrence! How do we identify risks? Any Ideas?
As early as possible and preferably long before they happen!
The earlier we identify them, the earlier we can do something about them
We can set expectation levels, we can modify contract terms, we can change plans, we can opt for alternative approaches, etc
MOSIC places great importance on checklists - these are prompts and reminders to allow us to benefit from past experiences, from past mistakes - as we make new mistakes we add them to the checklists to prevent a recurrence!
15. Some risk analysis techniques Three Point Estimating
Monte Carlo simulation
Multiple-criteria decision-making models
Project Evaluation & Review techniques
Controlled Interval & Memory Modelling
Utility theory
Assumptive
Predictive analytics
Ishikawa
16. How do you quantify Risk?
17. Ways of dealing with RISK? So what do we do about RISKS?
At the end of the day, there is a limit to what we can do!
So what do we do about RISKS?
At the end of the day, there is a limit to what we can do!
18. Summary - Effective management of project risk
19. Supporting Information What is a project
A typical project control system
Minimise the downside of risk
Ishikawa (fishbone/cause &effect)
Sensitivity analysis
Example dash boardBeware of statistics
Severity determination
Recommended reading –
APM’s Guide to Project Risk Management
APM’s Body of Knowledge
PMI’s Body of Knowledge
20. What is a project "A TEMPORARY ENDEAVOUR IN WHICH HUMAN, MATERIAL AND FINANCIAL RESOURCES ARE ORGANISED IN A NOVEL STRUCTURED WAY, TO UNDERTAKE A UNIQUE SCOPE OF WORK, OF GIVEN SPECIFICATION, WITHIN CONSTRAINTS OF COST AND TIME, SO AS TO ACHIEVE BENEFICIAL CHANGE DEFINED BY QUANTITATIVE AND QUALITATIVE OBJECTIVES."
21. A 'Typical' Project Control System
22. Minimise the downside risk Why bother? - A risk is an event that will affect the value of your business. By managing risk, you minimise loss, maximise opportunities, reduce the time wasted on dealing with adverse events and provide a more reliable platform for planning.
Identify, prioritise - The main problem is not being aware of a risk you face. Once you know about it, you can do something about it. Assess what risks you face in the following areas: strategic, operational, financial and environmental; then rank them in importance. In risk-mapping, the probability of the risk is plotted on one axis and its potential impact on the other; the top right hand corner shows the risks that should have the highest priority .
It ain’t just the money - People tend to think of the impact of risk purely in financial terms, but you should also consider r risk to reputation. Think of what happened to Arthur Anderson, all because it lost credibility.
Take it or leave it - for each risk identified, you mist decide on a course of action. You can accept it, transfer it, reduce it or avoid it altogether. Insurance, financial derivatives and outsourcing are all ways of transferring risk; you can reduce or avoid risk by downgrading your exposure or pulling out of a particular market. Nb. Ensure the cost of the action is not higher than the cost of the risk itself.
Look in the mirror - What is your appetite for risk as a company, bearing in mind that the greater the risk the greater the reward? Are you in a high risk sector, that should inform your strategy. Compare yourself to other companies in your sector. Decisions about which risks are to self-insured must be made at board level. The risk strategy has to come from the top.
If you accept risk - consider how you would finance a loss, You could maintain a contingency fund to cover losses. Establish that there is a comfort zone in the business, or a way to raise the money to tide you over. Build in controls - e.g. credit limits, security procedures - to counter retained risks, and budget for the cost of compliance with employment law and other regulations.
Get an outside view - Risk management cannot be outsourced, but there is always a danger of not seeing the wood for the trees. At the very least, use somebody independent like a non-exec or a mentor to bounce your conclusions off.
Keep up to date - Risk management isn’t something you can do once and put away in a drawer. It needs to be updated and communicated to all those who need to know.
Remember the upside - risk is about loss, but remember why you are managing the risk - what is the reward you are protecting?
Do say - We have carried out an in-depth risk analysis, insured against the biggest potential losses and introduced a system of controls to minimise the impact of other adverse events.
Don’t say - ‘Que sera, sera’.
24. Sensitivity Analysis
25. Example risk dashboard Supporting material
26. Statistics Your project’s next delivery depends on 4 tasks;
Each task has an 85% chance of being on time.
What is the likelihood of you delivering on time?
0.85 x 0.85 x 0.85 x 0.85 =
52%
please indulge me -
consider this little scenarioplease indulge me -
consider this little scenario
27. Severity Determination Show the next 3 slides if time permits!Show the next 3 slides if time permits!