1 / 49

Risk Management

Risk Management. Part 1 – Risk Identification, Documentation and Classification. by Donald E. Shannon, PMP, CFCM, CPCM, DML The Contract Coach, Albuquerque, NM. Disclaimer.

napua
Download Presentation

Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Management Part 1 – Risk Identification, Documentation and Classification by Donald E. Shannon, PMP, CFCM, CPCM, DML The Contract Coach, Albuquerque, NM

  2. Disclaimer Information in this presentation makes reference to various software products. This should not be interpreted as a recommendation or endorsement by any of the sponsors of any one product. Individuals should conduct appropriate research to identify a product that best meets their specific needs. Where appropriate, credit has been given to the software OEM especially where screen shots of their products have been used. A listing of the products commonly used to accomplish the simulation and scheduling functions described herein is included at the end of this presentation

  3. Series Overview Roadmap to this series of four presentations

  4. Welcome • This will be a 4-part series of presentations concerning risk management • June 19 – 9am to 11am • July 8 – 9am to 11am • July 29 – 9am to noon • August 12 – 9am to noon • While primarily focused on risk we will also touch on • The Work Breakdown Structure • Project Schedules • Performance baselines • Risk adjusted estimates of cost to complete and cost at completion.

  5. Where I’m Coming From • Managing projects/programs/contracts requires expertise in many areas • Typical approach is “stove piping” expertise into silos of knowledge • Project Management – organizing, scheduling, directing and monitoring performance • Financial Management – accounting, project control and cash flow • Risk Management – identifying potential risks and planning actions to avoid them or minimize the impact • Contract Management – compliance with laws and contract terms and conditions, reporting, and deliverable management

  6. Where I’m Coming From • The silo approach permits the existence of multiple views of “reality”: where you stand depends on where you sit. • The preferred approach is via an integrated project team comprised of various specialists • Each is expert in their own area (PM, Contracts, Finance etc.) • Each understands the overall process and how they fit into the team • Boundaries are blurred; barriers torn down. • Improved communication, better decisions, and better support for team decisions

  7. Part 1:Risk Management Overview Establishing a firm foundation ….

  8. Types of Risk • Risk is event related – no event, no consequences. • Technical (Performance) Risk – the risk that the design or techniques selected will not work satisfactorily or cannot be sufficiently developed or employed to meet requirements. • Cost Risk – The risk that the cost of successfully completing the project will exceed the budgeted (or allotted) cost. • Schedule Risk – The risk that the time required to successfully complete the project will exceed the time allotted.

  9. Interrelationship of Risk Factors • Technical risk influences both project cost and project duration. • Cost risk can influence technical risk e.g., a less desirable technology or material must be used to stay within budget • Schedule risk is influenced by both cost and technical risks and can have significant impact on cost.

  10. Managing Risk • Classic (Qualitative Assessment) approach from PMI • Identify • Document • Characterize • Prioritize • Strategize • Monitor & Control • Few travel beyond this point – but we will! Project Risks

  11. Identify Risks • Team brainstorming session • Focus on eliciting as many risks as possible • No attempt to judge or narrow list at this point • All ideas are good • Record on whiteboard or easel • Stop when no one else can contribute to list.

  12. Filter Risks • Review brainstorming list and: • Eliminate or combine duplicates • Revise or restate questionable risks to make them more definite and actionable • Split complex risks into smaller, more manageable items • Obtain group consensus as to final form of risk

  13. Start Risk Register

  14. The Three Dimensions of Risk • Polarity • Is risk a positive (opportunity) or a negative (determent) to the program • Likelihood • What is the probability that the risk event will actually occur? • Can be stated adjectively (very low, low, medium, high, very likely) (Qualitative Analysis) • Can be stated as a number or probability (Quantitative Analysis) • Impacts • If this event happens what will be the consequence • Schedule Delay • Cost • Injury or death • Project failure • Ranked as very minor, minor, medium, serious, very serious (Qualitative Analysis) • Dollar cost and actual number of days/weeks delayed (Quantitative Analysis)

  15. Perform Qualitative Risk AnalysisDefine Risk Polarity

  16. Perform Qualitative Risk Analysis • Assess each risk for • Likelihood of occurring • Use 1 to 5 scale • 1 = unlikely to occur • 5 = very likely to occur • Impact of occurrence • 1 = low impact • 5 = very serious impact

  17. Perform Qualitative Risk AnalysisRecord Probability and Impact Values

  18. Perform Qualitative Risk AnalysisCalculate Score (Probability x Impact)

  19. Perform Qualitative Risk Analysis • Calculate Risk Score • Score = Probability x Impact • Record result in Risk Register • Plot results on Risk Matrix (optional)

  20. Perform Qualitative Risk AnalysisSort Scores High to Low

  21. Identify Risk Strategy • Strategy will depend on organization’s risk tolerance • Many organizations are ‘risk adverse’ and will want to control every risk • Other organizations are less adverse and will only seek to control significant risks • Everything has a cost • Most benefit for least cost

  22. Risk Strategies • Avoidance • Acceptance • Transference • Mitigation • Exploit

  23. Avoidance • If activity has risk that cannot be • Accepted • Transferred • Mitigated • Risky activity / process is not performed • Substitute another low risk activity in its place if possible

  24. Acceptance • Low impact / low likelihood risks might be acceptable • Cost or effort involved in planning strategy exceeds likely downside • May still have response plan

  25. Transference • Transfer activity or risk to another (third) party • Subcontractor • May be experts at the risky activity • Delta between make and buy is cost of mitigation • Insurance policy or bonds • Allow surety to absorb risk • Cost is bounded by premium costs • Currency contract • Similar to insurance except protects against exchange rate fluctuations

  26. Mitigation • Identify Risk • Analyze risks to determine likely cause • Evaluate process or procedures to isolate causation factor(s) • Insufficient training • Lack of inspection • Material Quality • Modify process to eliminate cause or reduce likelihood of event • Repeat as necessary

  27. Mitigation Example 1 • Robotic Containerization System Produced by ABB Inc. • 100 Systems (Phase 1) • Contract value $66M + add-ons = $84M • Installed at 65 US Locations • Install, test and accept in 2 weeks • Risk: Installation team would not be able to meet stringent schedule requirements • Risk: Robot kit as delivered to site could be incomplete • Risk: Install team spare parts kit lacking critical items. • Strategy • Simulate shipping and installation of three systems • Accomplish installation and testing under field conditions • Redeploy systems as production items following test • Estimated cost $200,000 • Results: All 100 systems deployed and accepted per schedule

  28. Mitigation Example 2 • Risk: Facility infeed conveyor system not ready to connect in time for acceptance testing • Site-specific hardware provided by 3rd party under a separate contract • Multiple controls typologies necessitated custom integration • Strategy: Obtain portable infeed capable of supporting test. • Ship to site as needed • Remove following acceptance and redeploy as needed • Strategy: Develop and promulgate 3rd party universal interface standard.

  29. Exploit • Maximize an opportunity to your advantage • New business opportunity • Add value to existing contract • Follow-on opportunity • Must analyze upside potential vs. additional risk • Don’t put too much on your plate • May compromise performance on existing project

  30. Exploit Example • Risk: Facility infeed conveyor system not ready to connect in time for acceptance testing • Strategy: Offer temporary infeed as permanent solution • Easily integrated into existing facility conveyor without additional programming • Standardized Modular product • Installation and integration accomplished simultaneously with robot • Result: Up-sales to facility, increased revenue, improved presence in automation market.

  31. Response Planning • Not an actual “strategy” • Adjunct to mitigation • Trigger event detection • What event or situation will initiate plan • Who has decision authority • “What do we do if?” • Preplanned response may reduce impact • May include materials or equipment

  32. Response Example • Risk: Facility closed due to inclement weather • Strategy: Enable telecommuting for project team • Replace desktop computers with laptops and docking stations at next replacement cycle • Enable secure log-in from off site using VPN • Enable video conferencing via FaceTime or Skype • Enable call forwarding from desk phone to company cell phones as required.

  33. Document and Implement Your Strategy • Document • Update risk register • Produce, edit, and publish formal response plans • Implement • Obtain official review and approval • Obtain or authorize program funds • Promulgate guidance to the team via program directives

  34. Update the Risk Register(Excel Example)

  35. Update the Risk Register(Risk Software Example)

  36. Quantitative Assessment • Using mathematic or statistical techniques to: • Quantify the likelihood of risk events (Probability) • Quantify the impact of risk events • Expected Value $$$ • Schedule delay • Perform sensitivity analysis • Risk impact(s) on entire project • Risks considered apart from other risks for their unique contribution to overall risk Image from Careercast.com

  37. Assign Values to Risks • Historical Data • Preferred method • Extract impact data from historical data • Cost • Schedule delay • Litigation • Injury • Identify frequency of occurrence (i.e., probability) • Identify trigger events or precursors

  38. Separating Wheat from the Chaff • Historical data often combines inputs from multiple sources • The true cost / duration of the work • Cost of the various risk events • Separating these data is necessary to identify the true cost of the work and the impact of the risk • The cost of the work, if repetitive, can be easily approximated and subtracted to leave the risk cost behind. • If necessary some approximation may be done to segregate the two cost sources

  39. Assign Values to Risks • Expert Opinion to identify likelihood and impact • Acceptable method but may be less precise than historical data • Must control optimism bias • Use Delphi technique if possible (next slide) • Obtain consensus • Express estimate as value plus/minus a range

  40. Delphi Technique • Named for the Oracle of Delphi • Relies on a group of experts • Iteratively come to a consensus through following process • Facilitator asks each expert to estimate some parameter or value • Results are anonymized and then shared with the group for a second round of estimates • Process continues until some consensus is reached

  41. Assign Values to Risks • Use pre-established values to translate words to values • Least Preferred (also least precise) Method • Values based on organization’s risk tolerance • May be subjective and skew results • Only use if no other data available

  42. Determine Cost of Mitigation Strategy • Gross cost of mitigation strategy estimated using normal procedures • Labor Hours • Material Costs • Other direct costs • May still have some residual risk • If less than cost of additional mitigation efforts the best strategy may be to accept

  43. Compare Mitigation Cost to Risk Impacts • Estimate the cost for each risk • First determine the full value of labor and material associated with the risk • Then calculate the weighted value = full value x probability of risk…. This is the likely impact to the program. • Compute weighted cost of risk if mitigated (reduced likelihood, reduced impact, or both) … this is the likely cost to the program post mitigation • Compare net reduction to cost of mitigation effort • Is cost reduction more than the estimated cost of the mitigation effort? • Is there a social or other reason for mitigating beyond this point?

  44. Conduct Sensitivity Analysis Sensitivity Analysis of Cost Risk Factors – Tornado Diagram • Identifies cost factors that will pay biggest rewards for controlling • Recompute cost model • Vary each factor through its possible range • Monitor the total value for change • Note which factor(s) induce the largest change in the total cost • Display results in ‘tornado’ diagram • Rank order results with largest contributor at top

  45. Document and Implement Your Revised Strategy • Document • Update risk register • Produce, edit, and publish formal response plans • Implement • Obtain official review and approval • Obtain or authorize program funds • Promulgate guidance to the team via program directives

  46. Periodically Review and Update • Schedule periodic reviews of risks and strategies • Recommend monthly for initial reviews • Quarterly once program is established • During review look for • New or emerging risks • Risks that have passed and may be dropped • Currency of plans or strategies • Update risk register and plans as required.

  47. Summary • Risk effects both cost and schedule • Increased performance time uses more labor and increases the lease period for rented equipment • Risk events can have associated costs (material, equipment, etc.) • Delays may incur liquidated damages • Cost overruns damaging to the company • Risks can be managed using appropriate strategies

  48. Produced by: The Contract Coach The Contract Coach 5338 La Colonia Dr NW Albuquerque, NM 87120 (505) 259-8485 http://www.contract-coach.com

  49. Monte Carlo Simulation Software • MS Excel Add-in • @Risk • Oracle Crystal Ball • Risk Solver • General Purpose Products • Analytica • GoldSim • Reno • Oracle Crystal Ball • SPSS • MS Project Add-in • Full Monty • Risky Project (also supports Primavera P6) • Enterprise Systems • Risk+ (Deltek) • Primavera EPPM & Primavera Risk (Oracle)

More Related