Managing Project Risk Description: Learn how to develop a portfolio approach to identifying, analyzing, planning and controlling enterprise-wide risks. The portfolio includes tools and techniques for dealing with Internal Operations, External Factors, Relationships, and Marketplace risks. Identify relationships among risks, business processes, project development and project implementation. Objectives: The student will: Use the tools of project risk management Apply risk identification techniques to your projects Identity categories\portfolios of risk Use risk assessment/analysis techniques Make connections between enterprise-wide risk management and project plans and implementation Benefits: Learn how a comprehensive enterprise-wide risk management portfolio can enable your project team to proactively manage issues that could negatively affect the successful control and completion of your project. 1 What is Project Risk Management? DEFINITION OF A PROBLEM OR UNCERTAINTY: An uncommon state of nature, characterized by the absence of any information related to a desired outcome. DEFINITION OF A RISK OR RISK EVENT: A discrete occurrence that may affect the project for good or bad. RISK FACTORS: When looking at risk, one should determine: The probability that it will occur (what) The range of possible outcomes (impact or amount at stake) Expected timing (when) in the project life cycle Anticipated frequency of risk events from that source (how often) RISK AVERSE: Someone who does not want to take risks. RISK TOLERANCES: The amount of risk that is acceptable (tolerance level). For example, a risk that affects our reputation will not be tolerated, or a risk of a two-week delay is okay. DEFINITION OF RISK MANAGEMENT: The process involved with identifying, analyzing, and responding to risk. 2 Overview of Taxonomy Process * The sample risk taxonomy that follows is the exclusive property of XL Capital Insurance of Hamilton, Bermuda. Customers and insurance practitioners alike tend to describe risk according to that specific risk’s characteristics and source or origin. In keeping with this traditional naming protocol the following hierarchical risk taxonomy was developed to categorize to forms of risk. Using information drawn from multiple and overlapping sources, individual types of risk were identified, cataloged, and assessed for their meaning. Sources for this study included published industry literature, survey research, and personal interviews. As required, the risk descriptors were rephrased for clarity and consistency. When this aggregating process was completed for individual risk types, a combination of content analysis and affinity analysis was conducted to create meaningful groups. Based on the nature of individual risks comprising each group, descriptive names were assigned each category. As a result of this first level of analysis, 17 categories were identified. 1. Natural Catastrophes 2. Human Perils 3. Political and Legal Influences 4. Technology 5. Operations 6. Finance 7. General 8. Strategic 9. Stockholder Relationships 10. 11. 12. 13. 14. 15. 16. 17. 3 Channel Relationships Employee Relationships Customer Relationships Business Partner Relationships Image/Reputation Market Offering Competition Market Dynamics These 17 initial categories were further analyzed and grouped according to their common linkages and characteristics to establish overarching domains of business risk. In total, this process established four fundamental domains of business risk. These overarching domains and the risk categories comprising each domain are illustrated below: EXTERNAL FACTORS 1. Natural Catastrophes 2. Human Perils 3. Political and Legal Influences BUSINESS OPERATIONS 1. Technology 2. Operations 3. Finance 4. General 5. Strategic RELATIONSHIPS 1. Stockholder Relationships 2. Channel Relationships 3. Employee Relationships 4. Customer Relationships 5. Business Partner Relationships MARKET PLACE 1. Image/Reputation 2. Market Offering 3. Competition 4. Market Dynamics 4 EXTERNALITIES POLITICAL LEGAL/REG. Legislative change- interpret of regulations HUMAN NATURAL Theft Explosion Punitive damages fines and penalties Product/idea piracy Fire Currency conversion difficulty/non-conversion Piracy Economic Downturn New legislation Political terrorism Earthquake Shipment quarantine Terrorism (bomb explosions) Floods or mudslides Change in import/export regulations/laws Civil unrest war Hurricane, tornado, wind Foreign trade constraints boycotts/ embargoes Hijacking Volcanic eruption Difficulty/ inability to gain export license Kidnapping & ransom Loss of utilities Change in political leadership Water Change in reg. enforcement posture Lightning Environmental loss or damage Frost or freezing Antitrust fair trade issues Legislative/ regulatory slowdowns of market offering Inadequate copyright patent IP protection Change in Account code Non-compliance with legal relations Extension of taxing authority Change in tax laws Wage and Price controls (non-domestic) Expropriations Unexpected change in leadership 5 TECHNOLOGY Changing technology standards Not having access to/or properly using information Unreliable information systems Inadequate information on systems Unethical sharing of information-insider trading Technology vandalism OPERATIONS Inventory shrinkage Missed opportunities to upgrade technology Failure to keep pace (technology advances) Lack of viable technology substitute (over tie) Year 2000 Resource dependencies (availability supply) Business interruption Volatility in computer systems and storage devices Inventory obsolescence Mechanical breakdown Inadequate transportation Inadequate quality control Inadequate cycle time BUSINESS OPERATIONS FINANCE GENERAL Fluctuation in financial Automotive and truck liability markets Credit downgrade/credit Unfunded liabilities risks Currency fluctuations Special event liability (foreign) Exchange control Miscellaneous liability regulations Interest rate flux Public liability STRATEGIC Lack of vision, direction, focus Inadequate succession planning Misaligned organizational structure Inadequate capacity of meet market demands Too much capacity for market demands Inadequate facilities Inadequate asset write downs Losses due to merger and acquisitions Cost of capital Property loss or damage Wage and price control Owned and non-owned property Stock Elasticity Injury liability to nonemployees Retroactive liability Inadequate budgeting General liability Inadequate business recovery capability due to poor planning Premises liability Loss of freight or cargo Excessive risk to return ratios Low/lack of liquidity Inadequate risk financing Inadequate internal processes and controls Inadequate resources allocation and planning Inadequate financial information systems Poor financial management Incomplete inaccurate financial information Takeover targets/unfriendly hostile takeover Inadequate cash flow Misapplication of financial products Mishandling of funds Unrecognized deferred tax liability Improper reinvestment/rollover Undercapitalized Fiduciary duties Fluctuation in raw material prices 6 STOCKHOLDERS CHANNEL MEMBERS Insider holding liabilities Default on delivery by a supplier Unrealistic investor Losing confidentiality expectations within the channel Wrongful acts and Declining health/stability misstatements of resellers Gaining/losing access to distribution Wrongful acts and misstatements Shipment holdup/delays RELATIONSHIPS EMPLOYEES Unrealistic commitments, entitlements, or promises Employee defections to competition Inequitable employee benefits Inadequate compensation packages Misaligned employee-employer workforce skills Embezzlement Channel conflict Breaches in confidentiality External service dependencies Inadequate financial strength of business partners Poor/inadequate agreements within channel Low commitment from channel members to manufacturing Customer alienation due to partnerships Liabilities from alliances and partnership joint profiles Misalignment of business systems with partners Not meeting contractual commitments Loss of a key supplier Cultural mismatch and conflict Conflict of interests Loss of control to business partners Liability for business partner actions Implications of partnering Sexual harassment Choosing the wrong business partner for joint venture or strategic alliance Liabilities from at-will employment Poor/non-standard workplace safety practices Labor strikes and work slowdowns Employee dissatisfaction Employee dishonesty Inadequate employee compensation Employee injury on job Discrimination in employment practices Improper/wrongful termination Contractual liabilities Lack of experienced employees Inadequate staffing Inadequate recruiting and hiring practices Wrongful acts and misstatements 7 CUSTOMERS BUSINESS PARTNERS Customer not paying bills Lack of performance by outsource vendor Wrongful acts and Vicarious liability from vendors misstatements and contractors Unmet customer Lack of control over outsource expectations vendor Customer going bankrupt Misalignment with business partners Contractual Wrongful acts and misstatements commitments/liabilities Tenant/neighbor liability Contractual liability MARKET PLACE MARKET DYNAMICS Single market dependence MARKET OFFERING Product liability Demands of multiple markets COMPETITIVE IMAGE Violations of Intellectual Property rights Product recall by others Copyright & patent infringement by Unkempt business promises others Competitor litigation Unethical business practices Capturing market share Competitor collision Lack of business integrity Inadequate/poor product support Inadequate/misaligned research and development Excess industry dominance "Goliath" Competitor products = higher quality False advertising Poor pricing practices Competitor price competition Poor eroding public image Unrealistic product business mixes Poor perceived corporate citizenship Decreasing brand equity Being ahead of the market Poor timing in distribution/transportation Competitor actions Advertising problems Competitive espionage Product misaligned with product needs/expectations Unplanned product/customer support Unexpected shifts in market Product development/market place complacency Buyer changes product order mix Easy entry into restricted markets Product life cycle Access to global markets Single product dependence Shifts in market demand factors Co-dependency of products Misaligned marketing strategies Sub-par product quality Market customer crisis Cannibalization of products in line Product deception on false advertising Errors & omissions Our firm: violation of copyright and patent Excessive product development time (time to market) Unrealistic promises Express & implied warranties 9 Definitions of Risk Categories EXTERNAL FACTORS: The business problems and exposures in this category are the result of phenomena that lie outside the immediate realm of the company’s direct influence or control. Although the analysis and management of these problems is the responsibility of the company, by definition they originate from sources that are removed from the specific activities and operations of the company. Nevertheless, exposure to these external factors effects how management makes decisions regarding internal operations. Additionally, the subcategories may establish constraints within which the company must operate. These external factors have been classified within three subcategories: 1. Political and Legal Regulations 2. Human Perils 3. Natural Catastrophes INTERNAL OPERATIONS: This category encompasses the uncertainties associated with a company’s functional business processes and systems. It manifests the risks and exposures related to the various functional activities comprising the business’s operations. These uncertainties reflect today’s intensely competitive market that expects innovative products, exceptional quality, and short cycle-times at the same time that it demands low costs. The functional business processes and systems are the vehicles through which the organization collects and uses information, conceptualizes customer needs and expectations, and generates relevant value-added solutions that it offers in the marketplace. These functional risks and uncertainties have been classified into five subcategories: 1. 2. 3. 4. 5. Technology Operations Finance General Strategic RELATIONSHIPS: Relationship risks pertain to the various stakeholders that organizations serve and/or maintain relationships with in the course of conducting business. While including the more traditional risks inherent in dealing with second and third parties, this category also embodies the uncertainties associated with the expanded business paradigms of supply chain management and strategic partnering. This extended perspective of organizational stakeholders reflects the diverse risks and uncertainties associated with the complex of multiple interrelationships between an enlarged set of network members. These uncertainties must be effectively addressed if the network is to perform and maximize the mutual benefits for all parties. Five subcategories of relationships with the inherent risks have been identified: 1. 2. 3. 4. 5. Stockholders Channel Members Employees Customers Business Partners MARKET PLACE: The Marketplace category comprises the set of potential business problems and exposures related to the firm competing in its chosen market(s). Key issues in this category pertain specifically to the process of managing the market offering(s) of the firm in the marketplace (including planning and positioning), competitive forces and marketplace activities, and the dynamics of continual change in customer expectations. This category of risks carries a high level of importance due to increasingly dynamic trends in markets, evolving business strategies, and intensifying competition. These risks directly affect the firm’s competitive position and performance outcomes (e.g., sales, market share, profitability, brand equity, and customer satisfaction). Marketplace risks have been further organized into the following four subcategories: 1. 2. 3. 4. Image/Reputation Market Offering Competition Market Dynamics Definitions Of Risk Sub-Categories 1. Natural Catastrophes. This subcategory addresses a variety of phenomena that produce a simultaneous occurrence of a peril affecting a large number of people. They can be violent disturbances or destruction by any means directly related to physical influences of the environment. 2. Human Perils. Human Perils are those exposures and problems that result from individual carelessness or intentional wrongdoing by people external to the organization (non-employees). The situation is dangerous when individuals 11 deliberately seek to endanger the well being of the organization or individuals within the organization. 3. Political and Legal Regulations. The risks in this subcategory pertain to laws or regulations that govern the conduct, behavior or actions of the company’s operations. Procedures or activities of the company may be modified based on the conditions set forth by these influences. 4. Technology. Several risks are associated with the use of technological equipment, support mechanisms, or information systems. Costs or risks may be associated with the failure to update or reconstruct obsolete equipment and/or systems. Technological systems can include developments in gene technology, artificial intelligence, telecommunications, medicine, manufacturing and production, global energy resources, environmental issues, military and defense systems, etc. Therefore, technological risks are those risks that comprise the man-made means used to fulfill human needs and desires in order to solve specific problems in a given setting. 5. Operations. Exposures to risk in the Operations subcategory are associated with the fundamental functional activities required for the production of goods and services. The Operations subcategory also includes the operational aspects of the organization. 6. Finance. This subcategory comprises the problems and losses associated with the acquisition, management, and utilization of organizational funds. One source of financial risk for companies pertains to volatility and fluctuations in financial markets and phenomena related to how financial markets operate. Another source of financial risks is associated with the process of managing the firm’s funds, capitalization, and cash flow. 7. General. Some exposures tend to be generic across different businesses and pervasive across the different functions within an organization. These uncertainties are related to how the company carries out its day to day operations, maintaining its existence, and running the organization. Examples of these General risks include fleet operations, general business liability and property loss or damage. 8. Strategic. Several risks are associated with problems that impact the performance of a firm and stem from the long-range and complex decisions about products, markets, processes, and facilities. Specifically, the risks in this 12 subcategory fall under inadequate strategic planning and structural and cultural mismatches and misalignment. 9. Stockholder Relationships. Risks in this subcategory relate to difficulties in dealing with stockholders and the risks that can impact the organization’s bottom line and ability to raise funds. Examples include improper trading and investment practices and mismanaging investor communications. 10.Channel Member Relationships. This subcategory comprises inefficiencies and potential losses arising out of the organization’s role within a channel of distribution. Problems relate to the firm’s relationships with suppliers and down-line channel intermediaries (e.g., wholesalers, brokers, distributors, retailers) used to access end users of the firm’s products. 11.Employee Relationships. Risks associated with employee relationships include the direct and indirect exposures resulting from employing others. Direct risks include the traditional forms of employment practice exposures. Other uncertainties are more indirect and deal with issues such as selecting and hiring the right individuals in line with the company’s needs, influences on employee satisfaction, and even individual productivity issues. 12.Customer Relationships. This subcategory includes the risks and uncertainties associated with creating and nurturing effective business relationships with customers who buy the firm’s goods and services. These uncertainties center on selecting the right customers, understanding and responding to their expectations, and collecting funds related to the exchange of goods and services. 13.Business Partner Relationships. Effective partnering relationships with constituents (other than stockholders, direct channel members, employees, and customers) are important for maximal business performance. These relationships commonly take the form of partnerships, alliances, and outsource vendor relationships that expose the company to a different group of risks and uncertainties. 14.Image/Reputation. The Image/Reputation risk subcategory pertains to perceptions held about a firm or industry by various relevant constituent groups, especially customers and potential customers, shareholders, and employees. These risks effect how the firm interacts with its customers and society. 13 15.Market Offering. A number of problems, expenses, and potential losses constitute risks associated with the conception, design, support, life cycle, advertising, warranties, and recalls of goods and services by an organization to its customers. These risks are impacted by how the firm packages price, product/service, and non-product/service benefits to meet the customer's price, product/service, and non-product/service needs. 16.Competition. This subcategory addresses risks that stem from the competitive acts of other organizations vying for the same market and customers. The risks in this subcategory are the outcomes of competitor conduct and behavior to seek value-added relationships that drive value in such a way that a competitive market advantage is attained. The Competition subcategory contains eight specific risk types: 17.Market Dynamics. This subcategory addresses uncertainties associated with operating in a marketplace characterized by ever changing customer expectations and needs. Key issues in this subcategory that can create uncertainties include industry structure and size, fluctuations in demand and its determinants, and economic and policy issues that affect how markets function. BUSINESS PROCESS DEFINITIONS This section introduces a generic list and description of business processes. The classification system is intended to be comprehensive and general, reflecting the wide variety of business processes that are inherent in any organization. The business process classification presented below is rooted in a hierarchy that breaks down an organization in terms of its various functional areas and activities. This hierarchy is as follows: Functional Business Unit Business Processes Supporting Activities Supporting Tasks Supporting Steps. 14 Each level in the hierarchy is a subset of the level above it. Each level is defined below. Then definitions of the 27 business processes are provided. KEY HIERARCHICAL DEFINITIONS: A Function Business Unit represents a major group of business processes, which together completely support a stand-alone unit. A Functional Business Unit is static in nature, and has no definite beginning or ending points. Examples of Functional Business Units include Procurement, Asset Management, Human Resources and Finance Management. A Business Process is a description of a series of Supporting Activities or subprocesses that together produce a tangible result, usually in support of a function. It manipulates (transforms, controls or manages) information and/or physical things in the business. It is typically described in terms of its inputs, outputs, and/or controls and can be composed of additional processes. An example of a Business Process would be Procure Raw Materials, which supports the overall Business Function of Procurement. Another example would be Recruit & Hire Employees, which supports the overall Business Function of Human Resources. A Supporting Activity or sub-process is a breakdown of a Business Process and represents a specific activity within the process. An example of a Supporting Activity within Procure Raw Materials would be the creation of a Purchase Order. On the Recruit & Hire Employees side an example of a Supporting Activity would be to make a job offer and negotiate details. A Supporting Task is a step involved in performing a specific Supporting Activity and is a subset of an overall Business Process. An example of a Supporting Task would be the creation of a Purchase Order for a consumable versus stock item. Using a Payroll example for a Supporting Task would be paying employees by direct deposit versus generating a check. Steps in a Supporting Activity are defined to the transaction level, (which become business steps). A Supporting Step walks one through a Supporting Activity and identifies the decision points one will have to make to complete the task. This really defines the flow of how one will do a job. 15 BUSINESS PROCESS DEFINITIONS 1. Establish & Manage Information Systems – The selection of standards or protocols used for communicating knowledge from one person to another, such as by simple verbal communication, punched-card systems, optical coincidence systems based on coordinate indexing, and completely computerized methods of storing, searching, and retrieving information. 2. Gather & Evaluate Market Information - The gathering and evaluation of data concerned with the past, present, or future attributes of potential or existing consumers of a product or service. 3. Develop Market Communications - The organization's ability to share information internally as well as with its suppliers and customers. 4. Develop Business Strategy - The organizations commitment to routinely leveraging resources by: partnering, entering new markets, accessing global resources, developing, achieving, and protecting core competencies, streamlining supplier relations, reducing risks of innovation, and leveraging investment dollars. 5. Market & Sell Product &/or Services - To sell the organization's products or services, to enhance customer satisfaction by building long-term relationships, and to provide sales and market information to other internal departments within the organization. 6. Develop Product Requirements & Design – A document that specifies the requirements for a system or component. Typically included are functional requirements, performance requirements, interface requirements, design requirements, and development standards. 7. Develop Customer Relations - The communication mechanisms by which an organization interacts with its customers. Customers may be internal or external to the parent organization and may or may not be the end user of the product or service. A financial transaction is not necessarily implied. The individual or organization that specifies and accepts the project deliverables. 8. Price Products &/or Services - Pricing is the critical element in achieving a profit and is a factor that all firms can control. Before setting your prices, 16 you must understand your product's market, distribution costs, and competition. Every service has different costs. By analyzing the cost of each service, prices can be set to maximize profits and eliminate unprofitable services. Material, labor and overhead make up the total cost of any product or service. 9. Forecast Sales, Revenues, & Income – The procedures for extrapolation of future characteristics of organizational product or service sales in terms of expected or potential income. 10.Build Prototype Products – The processing, fabrication, assembly, and production of a model suitable for use to evaluate a products form, design, and performance. 11.Develop Supplier Relationships - An integrative approach for planning and controlling the flow of goods and information through a distribution channel from suppliers to end-users. Generally, several independent firms are involved in the activities from manufacturing a product to placing it in the hands of the end users. The network through which these firms pass goods and simultaneous information can be referred to as a supply chain or network. Supply chain members can include customers, suppliers, carriers, vendors, distribution centers, and other third parties. 12.Procure Raw Materials - to obtain or secure a crude, or unprocessed or partially processed material used as feedstock for a processing operation; for example, crude petroleum is the raw material from which Naphtha is obtained; naphtha is the raw material from which benzene-toluene-xylene aromatics are obtained. 13.Procure and Support Capital Equipment – Obtain, secure, and provide for the maintenance of equipment spent for long-term additions or improvements and charged to a capital asset account. 14.Plan Production Systems and Controls – The procedure for planning, routing, scheduling, dispatching, and expanding the flow of materials, parts, subassemblies, and assemblies within a plant, from the raw state to the finished product, in an orderly and efficient manner. 15.Manage Incoming Materials - A material inventory system is designed to provide management with information for making managerial decisions 17 regarding production, sales, and demand trends. By maintaining a current, up-to-date plant material inventory, problems arising from overselling or unsold products can be minimized. 16.Assemble Products - A unit containing the component parts of a mechanism, machine, or similar device. A mass-production arrangement whereby the work in process is progressively transferred from one operation to the next until the product is assembled. The technique used to assemble a manufactured product, such as hand assembly, progressive line assembly, and automatic assembly. 17.Fabricate Materials – The manufacture of parts, usually structural or electromechanical in nature. The assembly of parts into a structure. 18.Manage Inventories - The systematic management of the balance on hand of inventory items, involving the supply, storage, distribution, and recording of items. 19.Ship Products - The activities involved in transferring products to other members of the distribution channel or to the end user. These include the acquisition of an outsource shipping vendor or scheduling a company owned fleet, handling logistics associated with moving products from inventory/holding to the loading area, loading, and actual transportation. 20.Resolve Customer Complaints - The organization's ability to listen to its customers, to analyze their complaints, and take corrective action. 21.Perform Field Service - Activities related to routine and non-routine maintenance, upgrades and repair of products in a field setting. These activities involve technical and support personnel and include the actual service work as well as scheduling, record keeping, and follow-up. 22.Repair Field Returns - Routine and non-routine service, maintenance, and repairs performed in-house for products returned form customers. Activities include the actual repair work. 23. Manage Cash Flow - The organization's ability to effectively regulate cash flow. The four key measures are forecasting and planning, money mobilization, investment of surplus cash, and the use of banks and other short-term sources of cash. 18 24.Evaluate and Report Performance - Entails acquiring regular customer feedback by tracking actual performance along the measurement dimensions described in your organizational goals. Feeding back performance data to relevant subsystems, taking corrective action if performance is off target, and resetting goals so that the organization is continually changing to internal and external reality. 25.Recruit & Hire Employees - Activities in the Human Resource/Personnel business function focusing on the acquisition of new hires. These activities include writing job descriptions, assessing appropriate communications media, screening applicants, conducting interviews, and making job offers. 26.Develop Employees - An ongoing procedure related to the education and training of employees. 27.Manage and Support Facilities - Activities analogous to upkeep, maintenance and remodeling of physical facilities and property. Includes planning and staffing. Inputs To Risk Management What is needed in order to begin the risk management process? Project background information Historical information Past lessons learned Project charter Scope statement Team Stakeholders WBS Network diagram Detailed enough information about the project, what other companies are doing, articles and other such information will help you identify more risks Depicts or illustrates risks from past projects Will tell you what past teams would do if they could do their projects again Will help you identify, mitigate and manage risks on your project Helps you see if the overall project objectives are generally risky or not Helps identify risks based in what is and what is not included Tells you the complexity of the project and helps you compare your team’s knowledge and experience to what is required The project manager cannot identify all the risks alone. A group approach and the ability to split up risk management activities make the risk management process more accurate and timely. They will be able to see risks that the team cannot. Their involvement helps continue proper stakeholder management Risks are identified by task as well as by project Shows path convergence (where paths converge) and thus helps to better analyze the risks of each task 19 Cost and time estimates Staffing plan Organizational policies and templates High-level time and cost requirements help identify time and cost risk. They are an input to risk management planning and an output of risk management planning at the detail or operational level. Helps you understand what resources are available Provides a foundation or standardization for your risk activities There is a strong connection between contracts (or procurement) and risk. One of the ways to mitigate risk may be to have certain terms and Procurement plan conditions added to a contract or to have the entire risky work outsourced. You would give it to someone for whom it is less risky, and thus less costly Knowing where and how much risk tolerance stakeholders have helps Stakeholder risk identify the impact of risks and which risk mitigation techniques you tolerances would use The Risk Management Process This is an important topic. The risk management process includes six steps: 1. Risk Management Planning 2. Risk Identification 3. Qualitative Risk Analysis 4. Quantitative Risk Analysis 5. Risk Response Planning 6. Risk Monitoring and Control STEP 1: RISK MANAGEMENT PLANNING Defined as “deciding how to approach and plan the risk management activities for a project.” The project manager, team, customer, stakeholders, experts and others will review any templates and procedures that exist for risk management, determine how risk management will be handled on the current project and develop the risk management plan. Therefore, risk management should be adjusted to the size, complexity, experience, skill level, etc., of the project and not done with just a standardized checklist. 20 A RISK MANAGEMENT PLAN: Defines how the risk process will be structured and performed during the project life cycle. A risk management plan includes the following: Methodology Roles and responsibilities- non-team members may be included Budgeting for the risk management process Timing- how often the risk process will be performed throughout the project Scoring and interpretation Thresholds – a method to determine which risks will and will not be acted upon Reporting formats Tracking Because a risk management plan contains budget and schedules, it is an input to schedule development and cost budgeting STEP 2: RISK IDENTIFICATION Defined as determining which risks might affect the project and documenting their characteristics. All stakeholders as well as experts from other parts of the company or outside the company may be involved in identifying risks. Sometimes, the core team will begin the process and then the other members will become involved, making risk identification a highly repetitive or iterative process. Smart project managers begin looking for risks as soon as a project is first discussed. However, the major risk identification effort occurs during planning. Risk identification cannot be completed until a WBS has been created and the project team knows “what is the project.” Risks may be identified at the beginning of the project, during each project phase and before approval of a major scope 21 change. Risks may also be identified during all phases of the project including initiating, planning, executing, controlling and closing. In other words, although the major risk identification effort occurs at the onset of the project, risks should continue to be identified throughout the project. RISK CATEGORIES: Risk categories are lists of common categories of risk (sources of risk) experienced by the company or on similar projects. Such a list may be an input to risk identification, but using such a list of categories is not the entire risk identification process. The categories help analyze and identify risks on each project. A prior version of the PMBOK included another way to classify risks. External - regulatory, environmental, government, market shifts Internal - time, cost, unforeseen conditions, scope changes, inexperience, poor planning, people, staffing, materials, equipment Technical - changes in technology Unforeseeable - only a small portion of risks (some say about 10%) are actually unforeseeable If you look at categories of risks as “where do risks come from,” sources of risks might be different then the list above. Below are some examples of risk. Schedule risk – “The hardware will arrive later than planned causing a delay in task XYZ of three days.” Cost risk – “Because the hardware will arrive later than planned, we may need to extend our lease on the staging area at a cost of $20,000.” Quality risk – “The concrete may not dry before winter weather sets in causing us to not meet our quality standard for concrete strength.” Performance or scope of work risk – “We might not have correctly defined the scope of work for the computer installation. If that proves true we will have to add tasks at a cost of $20,000.” 22 Resource risk – “Dan is such an excellent designer that he may be called away to work on another higher priority project. This will cause our schedule will slip between 100 to 275 hours.” Customer satisfaction (stakeholder satisfaction) risk – “There is a chance that our customer will not be happy with the XYZ deliverable and not tell us, causing at least a 20% increase in communication problems. INFORMATION-GATHERING TECHNIQUES Below are several methods to identify risk: Brainstorming: Usually done in a meeting where one idea helps generate another Delphi technique: A multi-session data gathering technique Interviewing: Also called expert interviewing. Consists of the team or project manager interviewing an expert to identify risks on the project or a specific element of work Strengths, weaknesses, opportunities and threats analysis: An analysis that looks at the project to identify its strengths, etc. and thereby identify risks. TYPES OF RISK: Risks can be classified under two main types: Business – Risk of a gain or loss Pure (insurable) Risk – Only a risk of loss (e.g. fire, theft, personal injury) OUTPUTS FROM RISK IDENTIFICATION List of individual risks your organization is susceptible to. Risk Triggers – warnings signs or alerts. A project manager should determine what are the early warning signs (indirect manifestations of 23 actual risk events) for each risk on a project so that they will understand when to take action. STEP 3: QUALITATIVE RISK ANALYSIS Is a subjective analysis of risks to: Determine which risk events warrant a response Determine the probability and impact of all risks identified in step 2, in a subjective manner Determine which risks to analyze more fully in risk quantification or to skip risk quantification in favor of going directly to risk response planning. (This decision depends on many factors, including the importance of the project and the potential effect of the project on the performing organization.) Document non-critical, or non-top risks Determine the overall ranking of the project PROBABILITY AND IMPACT: One of the ways to help rank risks is to analyze the probability of a risk occurring and the effect (or impact or consequences) of the risk on the project. Determine the probability of each risk occurring – usually in the form of taking an educated guess (e.g. Low, Medium, High or 1 to 10) Determine the consequences (amount at stake, or impact) of each risk occurring –in the form of taking an educated guess (e.g., Low, Medium, High, or 1 to 10) ASSUMPTION TESTING: What assumptions have been made? Before the project manager can use the risk information collected, assumptions made must be identified and tested. Too many unknown guesses make the data unreliable. DATA PRECISIONS RANKING: How well is the risk understood? What is our extent or level of understanding regarding the risk? Data available about the risk Quality of the data Reliability and integrity of the data 24 RISK RATING MATRIX: In order to sort or rate risks so determination can be made as to which risks will move on through the risk process, a risk rating matrix may be used. Such a matrix results in a consistent evaluation of low, medium, or high (or some other scale) for the project and for all projects, an improvement in the quality of the data and the risk process being more repeatable between projects. OUTPUTS FROM QUALITATIVE RISK ANALYSIS: The results of qualitative analysis of the risk of a project may include: Risk rating for the project List of prioritized risks List of risks created for additional analysis in risk quantification or risk response planning Non-critical or non-top risks are documented now for the purpose of being revisited later during risk monitoring and control Risk Qualification also assists with the following: The project can be compared to the overall risks of other projects The project could be selected, continued or terminated Resources could be moved between projects A full benefit/cost analysis of the project may be able to be completed Trends in project risk identified if risk qualification is repeated STEP 4: QUANTITATIVE RISK ANALYSIS Is a numerical analysis of the probability and consequences (amount at stake or impacts) of the highest risks on the project to: Determine which risk events warrant a response Determine overall project risk (risk exposure) 25 Determine the quantified probability of meeting project objectives – e.g. “We only have an 80% change of completing the project within the six months required by the customer: to “We only have 75% chance of completing the project within the $80,000 budget.” Determine cost and schedule reserves Identify risks requiring the most attention Create realistic and achievable cost, schedule or scope targets Risk quantification involves the following activities: Further investigation into the highest risks on the project Determine the type of probability distribution that will be used – e.g. triangular, normal, beta, uniform, or log normal distributions Interviewing experts Sensitivity analysis – determining which risks have the most impact on the project Monte Carlo simulation (simulation) – described later Decision tree analysis – described later EXPECTED MONETARY VALUE (OR ECPECTED VALUE): Is the product of two numbers, probability and consequences (impact or the amount at stake). Questions can ask, “What is expected value of a task or of a series of tasks?” Expected value questions can also be asked in conjunction with decision trees. EXERCISE: Test yourself! Complete the following chart. Task A Probability 20% Consequences US $200,000 B 30% US $90,000 C 68% US $100,000 Expected Value US $40,000 US $27,000 US $68,000 26 DECISION TREE: Know the following: A decision tree takes into account future events in trying to make a decision today. It calculated the expected value (probability times consequences) in more complex situations than the expected value previously presented It involves mutual exclusively EXERCISE: A company is trying to determine if prototyping is worthwhile on the project. They have come up with the following consequences of whether the equipment works or fails when it is used. Based on the information provided below, what is the expected value of your decision? Prototype: Setup cost $200,000 Failure: 35% probability and $120,000 impact Pass: no impact Failure: 70% probability and $450,000 impact Do Not Prototype: Setup cost $0 Pass: no impact Answer: if one just looks at the setup cost of prototyping is would seem like an unwise decision to spend money on prototyping. However, the analysis proves differently. Taking into account only one failure, the decision is that it would be cheaper to do the prototyping. The answer is US $242,000, or to prototype. 27 Prototype Do not prototype 35% x US $120,00 = US $42,000 plus $200,000 = $242,000 70% x US $450,000 = US $315,000 MONTE CARLO SIMULATION: this simulation “performs” the project many times, uses the network diagram, and estimates to simulate the cost or schedule results of the project. Monte Carlo Simulation: Evaluates the project, not the tasks Provides the probability of completing the project on any specific day, for any specific amount of cost Provides the probability of any task actually being on the critical path Provides a percent probability that each task will be on the critical path Takes into account path convergence (places in the network diagram where many paths converge into one task) Translates uncertainties into impacts to the total project Can be used to assess cost and schedule impacts Is usually done with a computer-based Monte Carlo program because of the intricacies the calculations Results in a probability distribution OUTPUTS FROM QUANTITATIVE RISK ANALYSIS: When completed, quantitative risk analysis results in: Prioritized list of quantified risks Forecasts of potential project costs or schedule 28 Listing of the possible project completion dates and costs with their confidence levels Probability of achieving the required project cost or schedule objectives Trends in risk as risk qualification is repeated through the project Documented list of non-critical, non-top risks STEP 5: RISK RESPONSE PLANNING This step involves figuring out - What are we going to do about it? It involves finding ways to make the negative risk smaller or eliminate it entirely, as well as finding ways to make positive risks more likely or greater in impact. All risk on a project cannot be eliminated. During this step: Strategies are agreed upon in advance by all parties Primary and backup strategies are selected Risks are assigned to individuals or groups to take responsibility Strategies are reviewed over the life of the project for appropriateness as more information about the project becomes known RISK OWNER: Each risk must be assigned to someone who will help develop the risk response and who will be assigned to carry it out or “own” the risk. The risk owner is then free to take predetermined action when risks occur, resulting in faster action and less cost, time and other impacts on the project. RISK RESPONSE STRATEGIES: developing options and determining actions to enhance opportunities and reduce threats. This may involve changing the planned approach to completing the project – e.g. changing to the WBS, quality plan, schedule and budget. These strategies cannot eliminate all risk. In each case, communication of risks and strategies is necessary as apart of the strategy. 29 The choices include: AVOIDANCE – eliminate the threat by eliminating the cause MITIGATION - reduce the probability or the consequences of an adverse risk and increase the probability or consequences of an opportunity ACCEPTANCE – Do nothing and say “if it happens, it happens” Active acceptance may involve the creation of contingency plans and passive acceptance may leave actions to be determined as needed. A decision to accept a risk must be communicated to stakeholders. TRANSFERENCE (DEFLECTION, ALLOCATION): Make another party responsible for the risk though purchasing of insurance, performance bonds, warranties, and guarantees or outsourcing the work. Here is where the strong connection between risk and procedure (or contracts) begins. One must complete risk assessment before a contract can be signed! Transference of risk is included in the terms and conditions of the contract. When selecting risk strategies, it is important to remember: Strategies must be timely The effort selected must be appropriate to the severity of the risk – avoid spending more money preventing the risk than the impact of the risk would cost if it occurred One response can be used to address more than one risk Involve the team, stakeholders and experts in selecting a strategy Description of strategy Remove a task from the project Assign a team member to visit the seller’s manufacturing facilities frequently to learn about a problem with delivery as early as possible Notify management that there would be a major 30 Name of risk response strategy Avoidance Mitigation of the impact Acceptance increase if a risk occurs because no action is being taken to prevent the risk Remove a troublesome resource from the project Provide a team member who is less experienced with additional training Train the team on conflict resolution strategies Outsource difficult work to a more experienced company Ask the client to handle some of the work Decide to prototype a risky piece of equipment Avoidance Mitigation of the probability Mitigation of the impact Transference Transference Mitigation of the probability OUTPUTS FROM RISK RESPONSE PLANNING INSURANCE: a response to certain risks such as fire, property, or personal injury (e.g. pure risks) is to purchase insurance. Insurance exchanges an unknown risk for a known risk because the consequences of the risk are known. CONTRACTING: hiring someone outside your company to complete the work when it would decrease project risk. NOTE: you cannot remove all the risk from a project by contracting. For example, if there is a risk of damage in transport for a project component, hiring someone else to do the transportation will not make the move risk-free. RESIDUAL RISK: Some risks will remain after risk mitigation or risk response planning. Through these risks may have been accepted, they should be properly documented and revised through the project. What was thought of as an acceptable risk during planning may not have the same ranking during executing. SECONDARY RISKS: Included in risk response planning should be an analysis of the new risks created by the risk response strategies selected. Frequently, what is done to mitigate one risk will cause other risks to occur. For example, a risk of fire can be allocated to an insurance company but also cause risk of cash flow problems. Cash flow should then be analyzed. CONTINGENCY PLANNING: Planning the specific actions that will be taken if a risk event occurs or planned response. These plans can be put in 31 place later, if needed, without meetings or increased impact to the project caused by a delayed action. FALLBACK PLANNING: Specific actions that will be taken if the contingency plan is not effective. RISK RESPONSE PLAN: Is a written document that captures the risks you identified and what you plan to do about them. The project manager should also record non-critical risks so that they can easily be revisited during the Execution phase. REVISED PROJECT PLAN: The efforts spent in risk management will result in changes to the project plan. Tasks could be added, removed, or assigned to different resources. This, planning is an iterative process. RESERVES: Formulating the amount of time or cost that need to be added to the project to account for risk. These are sometimes called management reserves (to account for “unknown unknowns” items you did not or could not identify in risk management) and contingency reserves (to account for “known unknowns” items you did identify in risk management). Reserves should be managed and guarded throughout the project life cycle. Exercise: You are planning the manufacture of an existing products modification. Your analysis has come up with the following. What is the cost reserve that you would use? 30% probability of a delay in the receipt of parts with a cost to the project of US $9,000 20% probability that the parts will be US $10,000 cheaper than expected 25% probability that two parts will not fit together when installed, costing an extra US $3,500 30% probability that the manufacture may be simpler than expected, saving US $2,500 5% probability of a design defect causing US $5,000 of rework 32 30% x US $9,000 20% x US $10,000 25% x US $3,500 30% x US $2,500 5% x US $5,000 TOTAL Add US $2,700 Subtract US $2,000 Add US $875 Subtract US $750 Add US $250 US $1,075 Important Concepts or Questions to ask: What do you do with non-critical risks? Answer: Document and revisit periodically. Would you select only one risk response strategy? Answer: no, you can choose a combination of choices. What risk management activities are done during the execution phase of the project? Answer: watching out for non-critical risks that become more important. What is the most important item to address in project team meetings: Answer: Risk. How would risks be addressed in project meetings? Answer: By asking, “what is the status of risks? Any new risks? Any change to the order of importance? STEP 6: RISK MONITORING AND CONTROL This step involves managing the project according to the risk response plan and may include the following activities: Keeping track of who is responsible for identifying risks Implementing a risk response plan Looking for the occurrence of risk triggers Monitoring residual risks Identifying new risks Ensuring the execution of risk plans Evaluating the effectiveness of risk plans Developing new risk responses Communicating risk status and collecting risk status 33 Communicating with stakeholders about risks Determining if assumptions are still valid Revisiting low ranking or non-critical risks to see if risk responses need to be determined Taking corrective action to adjust to the severity of actual risk events Looking for any unexpected effects or consequences of risk events Re-evaluating risk identification, qualification and quantification when the project deviated from the baseline Updating risk plans Making changes to the project plan when new risk Reponses are developed Creating a database of risk data that may be used throughout the organization on other projects CONTINGENCY PLANS: Planned responses to risks, or putting in place the contingency plans set up during risk response planning. RISK RESPONSE AUDITS: Examining and documenting the effectiveness of the risk response and the person managing (owning) the risk. This is an important step in order to see if the plans put in place are effective and if changes are needed. RISK REVIEWS: Risk should be a major topic at team meetings to keep focus on risks and make sure plans remain appropriate. Remember that a result of such reviews may be additional risk analysis or qualification and quantification. OUTPUTS FROM RISK MONITORING AND CONTROL WORKAROUNDS: Unplanned responses to risks, or dealing with risks that you could not or did not anticipate. Which do you think are more frequent, contingency plans or workarounds? Most project managers will say workarounds because that has been the projects manager’s experience. In fact, with proper risk management, workarounds become less frequent than contingency plans. 34 Corrective action Changes to the project – it is important to realize that the risk management process will change the project plan during planning and during executing. Updates to the risk response plan – it is wise to always re-evaluate whether the plans need any correcting or adjusting after each unidentified or identified risk occurs Other updates to risk database, checklists, etc. Prioritizing Risks First calculate an expected loss value for each risk. Indicates overall risk severity. Rank all risks in descending order. Seek expert judgment to determine probability/frequency and total dollar loss potential Sorting Risks by Expected Loss Quantify both the total loss and likelihood of the risk occurring. Steps for Prioritizing Risks 1. Sort Risks by Expected Loss 2. Develop Risk Maps 3. Develop Prioritized Lists 4. Communicate Prioritized List to Project Team and Management 35 Risk Data Table Priority 1 2 3 4 5 6 7 8 9 10 Risk ID R18 R3 R34 R9 R12 R72 R8 R123 R159 R98 Probability or Frequency (Pe) .9 .7 .9 .5 .7 .7 .3 .3 .1 .3 Probability of Impact (Pi) Likelihood 1 .9 .9 .9 .7 .9 .9 .7 .5 .5 43 = P e X Pi Total Loss in Lt .9 .63 .81 .45 .49 .63 .27 .21 .05 .15 22 25 17 22 15 5 10 13 25 4 Expected Loss Workdays = Pe X Pi X Lt 19.8 15.8 13.8 9.9 7.4 3.2 2.7 2.7 1.3 0.6 Developing a Risk Map A risk map displays individual risks plotted against total loss on the X-axis and likelihood of occurrence on the Y-axis. $100,000,000 R128 R72 $50,000,000 R134 $25,000,000 $10,000,000 R13 $5,000,000 R19 R62 $1,000,000 0 1 5 10 20 50 100 150 200 250 300 250 300 This Risk map illustrates that risks R128, R134, and R72 are under active management and that risks R13, R19, and R62 are being monitored. $100,000,000 R128 R72 $50,000,000 R134 $25,000,000 R13 $10,000,000 $5,000,000 R19 R62 $1,000,000 0 1 5 10 20 44 50 100 150 200 Risks R128, R134, and R72 are considered to be catastrophic risks where some level of insurance is most likely purchased to protect the organization. Risks R13, R19, and R62 in most cases may be risks that the organization selfinsurers. Remember the risk map is a visualization tool for senior management and project team members. It quickly illustrates potential problems and uncertainties and their impact on the organization if they actually occur. How to Plan for Resolution of Targeted Risks The purpose of this section is to develop risk action plans to reduce the probability of a risk occurring and the potential loss if it does occur. We need to be able to eliminate or reduce as many of the risk drivers (opportunities where the risk may occur) as possible. The following figure illustrates the risk resolution process. Risk Resolution Process Defer action until more data is received Avoid the risk Develop action plans Transfer risk to a third party Prevention of the risk event Provide redundancy (other alternatives) Contingency plan if the risk event should occur 45 Take no action (realize that the risk may occur) Mitigate the risk Financial and/or time reserves The Standard Model for a Risk Action Plan Probability Risk Event Risk Event Drivers Prevention and avoidance of risk event drivers Probability of Impact Risk Impact Impact Drivers Contingencies and reserves address impact drivers Total Loss 46 As a Project Manager What Actions Can You Take? Risk Avoidance – Anytime you make a decision you implicitly or explicitly introduce risks into a project. Many times you can avoid a risk by simply reversing a previous decision. If we are going to introduce risk into a project there better be an obvious positive advantage. Know your organizations level of risk tolerance. Risk Transfer – Transferring the risk to a third party such as a subcontractor. Move the risk to someone else that has the expertise to deal with it. A legal department representative typically initiates a legal documents or contract. Remember you can only transfer the risk event not the impact. Redundancy – Any time you employ parallel paths to improve the chances of achieving a projects goals and deliverables. Mitigation – means to reduce the impact or severity of the risk if it does occur. Mitigation of risks targets the source or origin of the risk in your organization. Typical mitigation actions include: Define specific actions Define trigger points that initiate corrective actions Plan for additional resource and time needs How will the project benefit if the plan is successful – did the expected loss values decrease sufficiently? Assign ownership to the plan Determine how to monitor the plan Monitoring Project Risks This is the last step in the risk management process. Develop a spreadsheet to track risks. 47 Below is an example of the types of information that could be included in a risk tracking spreadsheet. First Worksheet: Top 10 List of Risks Include Risk Map Second Worksheet: Risk Dashboard Third Worksheet: Active Risks with Their Respective Action Plans Fourth Worksheet: Inactive Risks 48 Sample Spreadsheet to Track an Individual Risk Risk ID Priority Risk Owner Date Opened Date Closed Risk Status 1 Ron Meier 8/1/03 10/31/03 Closed Risk Event Impact Monitor Dates A city building inspector will not grant compliance with the new footings causing the footings to be redone Framing will be delayed 10 days R3 Actual Loss 0 Pe Pi Workdays Lt Le August 2 .5 .9 30 13.5 August 15 .3 .9 30 8.1 September 1 .3 .9 30 8.1 September 15 .1 .5 30 1.5 Risk Event Drivers Prevention Plan Impact Drivers 1.Previous attempts 25% successful 1.Contact inspector to discuss past problems and corrective actions. Inspector will need to verify the research and field test results for the new footings. We need to engage the inspector and discuss our desire to change to the new footings. If we have to revert back to the old style footings the project will delayed at least four weeks. Have an alternate plan to have the materials available in case we cannot receive approval to proceed with the new footings 2.Footing design is 2. Allow extra significantly different review time to meet with the city inspector. 3. Architect has limited 3. Provide experience additional training for the architect. 49 Contingency Plans Developing a Risk Management Tool Kit Typical Project Management Tools to Help Support Your Risk Management Process Sticky Density – used to pinpoint potential problem areas in a process or project. Spreadsheets – used to organize, sort, and present risk data Decision Analysis – aides in helping project team members and senior management to visualize and understand various situations Risk Simulations – what are the effects of individual or risk portfolios on your organization Design Structure Matrix – a technique for carefully examining iterative processes whereby the team may not receive important data and information until after they need it Sticky Density The intent is to develop a visual aid to examine problematic areas of their schedule. The value of this tool is to highlight potential problem areas and their interdependencies. This is a takeoff on the Hoshin brainstorming activity! Pick Team members who have contributed in developing the WBS, network diagram, and draft schedule. Pass out a predetermined number of 3 X 5 sticky notes [five for this example] and have your team answer the following question five times. What could go wrong at this point in the schedule? Wait until each participant has written down a response. Place the responses on a whiteboard or table. 50 Now ask the participants to discuss ways to make sure these risks do not occur or if they do occur to minimize the impact on the project Repeat the question at FOUR other points or milestones in the schedule. One last step is to seek the team’s input to see if they can determine the root causes for each of these problems. If we can ID the root cause we should be able to design the risk out of the process. Spreadsheets The risk tracking spreadsheet discussed earlier is an example of this type of tool. It captures relevant process or project information that can be used to communicate risk status to your project team. You should develop spreadsheets that can be used to: depict quick analyses, organize personal and project team action items, track test results Decision Analysis A graphical technique used by the project manager to help your project team organize their thoughts and to achieve consensus on complex situations dealing with project risks and uncertainties. Decision analysis is usually shown as a decision tree that is carefully mapped to the project network diagram and schedule. In Class Exercise Scenario. Your project team has just received a product review report from senior management. The report includes a summary statement from senior management granting approval for this project. The report includes a crude foam model of the part. A representative from your organizations marketing and sales department is on your project team. She is having a fit about the poor quality of the foam model provided by senior management Your marketing representative says the model is insufficient for 51 determining the attributes of the product [specifically – shape, feel, looks, and ergonomics]. Your marketing rep says that the project needs to be delayed until a better model can be built. Your project team determines that there is an 80% probability that the foam model is adequate. Senior management has already spent $50,000 building the foam model. However, if the foam model is found to be inadequate someone will have to manufacture either a plastic or solid metal part to satisfy the marketing and sales department. The marketing staff believes that a metal part will have a 30% chance of being approved and the plastic part has a 70% chance of being accepted. Your team does their research and determines that to manufacture the part in plastic will cost $300,000 while the metal part will cost $500,000. This will also cause a 1-month delay in the project that will cost $1,000,000. What is the expected loss from this risk? Build a tree diagram to illustrate the decision process. Answer Designed Better Model From The Start .3 Metal Model $500,000 - .7 Plastic Model $300,000 $360,000 Foam Inadequate Add $1,000,000 .2 Initial Foam Model Total is $1,360,000 $272,000 .8 Foam Model is Adequate Cost is $50,00 Already Spent At his point in time with the Foam Model already built the team should accept the risk and proceed with just the foam model. 52 The cost of avoiding the risk outweighs the expected loss of the risk. This example illustrates that avoiding a known risk is not always the best choice. The team should also consider what would have happened if they built the better model initially. Risk Simulation Risk Simulation Tools can increase the confidence level on your project completion date. Risk simulation tools are used to better estimate project completion dates based upon running thousands of simulations with what-if scenarios. Example ID Task Name Start Finish Duration 1 2 3 4 5 6 Test ID Defects Correct Defects Build Load Integration Test Validate Oct 1 Oct 1 Oct 6 Oct 13 Oct 14 Oct 21 Nov 3 Oct 5 Oct 12 Oct 13 Oct 20 Nov 3 24 days 3 days 5 days 1 day 5 days 10 days Probability o = 3, m = 5, p = 10 o = 3, m = 5, p = 7 o = 5, m = 10, p = 15 Note that ID #’s 3, 5, & 6 have estimates for optimistic, means, and pessimistic completion durations Design Structure Matrix How do we deal with the lack of information and data? This information might come from a previous activity or task that has yet to be completed. 53 Example To illustrate how Design Structure Matrix works we will examine a conventional hair dryer found in residences or hotel rooms. The hair dryer has 7 design variables. 1. 2. 3. 4. 5. 6. 7. Wattage rating Footprint on the bathroom counter Height Weight Maximum electrical current drawn Length of time to fully heat Air displacement – blower or fan rating Develop a matrix Wattage Wattage Footprint Height Weight Current Time to Heat Air Displacement Footprint Height Weight Current ---------X X X X -------- ---------- X X X X X --------- Air Displacement X ---------X X X Time to Heat X X -------------X X X --------------- All X’s above the diagonal represent information that is not yet available. Developing Risk Management Strategies Always avoid risk when it does not add value!!!!!!!! For example reuse proven components and design techniques. Reuse software subroutines. In manufacturing a common way of eliminating risk is a concept called poka-yoke or mistake proofing. This involves configuring assembly parts so that they only fit together one way. If the parts don’t fit then a previous step had to have been done wrong. 54 An organization cannot afford to be totally risk averse. If they are they will drive away innovation and profitability. Important Items to Remember When Developing a Risk Strategy Stay flexible on unresolved issues Maintain contact with customers Always address the risky activities first Apportion risk carefully Test at a low level Use failure to your advantage Implementing A Risk Management Program for Your Projects Risk management requires project team members to change their behaviors. Project team members must become: Proactive in identifying and resolving project risks Team oriented – really team oriented and not just pretending Non firefighters – you will never get anything done Willing to invest time and money proactively to reduce or eliminate risks Optimistic regarding how to identify and remove project risks Averse to the paperwork required to do it right the first time 55 How Can We Fit Risk Management Into Project Management? Develop Product Description Develop Business Case and Feasibility Study Develop Project Plans, Estimates, and Schedules Develop System Requirements Conduct Risk ID Session Conduct Risk Analysis Session Prioritize and Map Risks Plan Risk Resolution Project Initiation Finalize Project Plans, Estimates, and Schedules Create Risk Plan for On-going Monitoring 56 What Comprises A Risk Management Program? Integration of Risk Management into All Five Phases of Project Management Initiation Planning Execution Controlling Closing Development of Data Management Tools for Your Teams and Senior Management Remembering to Strategize the Upside or Opportunity of Project Related Risks TRAINING Your Teams Forcing Senior Management to Consider Risks Taking All Potential Problems Seriously Sparing the Messenger – Learn to Appreciate Honesty Regarding How the Organization Is Really Performing NOT LETTING ENGINEERS RUN PROJECT RISK MANAGEMENT Collecting and Disseminating Risk Measurement Tools Not Overselling Project Risk Management LEARNING from Each Project 57