1 / 19

Creating Risk Intelligence A High Level “How To” Guide for Program Managers

Creating Risk Intelligence A High Level “How To” Guide for Program Managers Nathan Houser & Sean Conlin, Deloitte November 2006 This presentation is incomplete without the accompanying discussion Agenda What’s in it for me!? A day-in-the-life…can we make this better? Making it happen…

bernad
Download Presentation

Creating Risk Intelligence A High Level “How To” Guide for Program Managers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Creating Risk IntelligenceA High Level “How To” Guide for Program Managers Nathan Houser & Sean Conlin, Deloitte November 2006 This presentation is incomplete without the accompanying discussion

  2. Agenda • What’s in it for me!? • A day-in-the-life…can we make this better? • Making it happen… • Critical success factors… • What can I do on Monday morning?

  3. What is a Risk? • RISK = potential loss from inability to achieve a program’s objectives • caused by people, process, system, or external factors • Impact can be positive or negative • Risks can result from any combination of factors • people, process, systems, technology, science, or external events

  4. Federal Project Directors Contractor Project Managers DoE’s World of Risk Management Program Managers

  5. What’s in it for me? Leaders, managers, and staff alike benefit from risk management. • Higher impact programs • Better control of the overall portfolio • Stronger focus on long-term rather than short-term • Time to focus on areas currently neglected • More predictable cost estimates • Less chaotic days, that are more productive • More visibility in project activities • Fewer and simpler legislative reporting requests • Better client relationships • More predictable quality of life • Mechanism to raise issues and have resolved • More follow-on work

  6. Risk Intelligence Differs by Program/Project Specific objectives dictate desired level of risk sophistication. Built into decision-making Risk interactions are managed with incentives Intelligent risk taking Sustainable “Risk management is everyone’s job” Integrated response to adverse events Performance linked metrics Rapid escalation Cultural transformation underway Bottom-up Proactive Tone set at the top Policies, procedures, risk authorities defined and communicated Business function Primarily qualitative Reactive Reaction to adverse events by specialists Discrete roles established for small set of risks Typically finance, insurance, compliance Ad-hoc / chaotic; depends primarily on individual heroics, capabilities and verbal wisdom 1: Tribal & Heroic 2: Specialist Silos 3: Top-Down 4: Systemic 5: Risk Intelligent

  7. The Life of the Tribe Daily life is chaotic, ad-hoc; heroics carry the day. • Negative surprises are the norm • Regular re-baselining • Difficult conversations with FPDs & Appropriators • Lots of stress, reacting to events • To do list grows not shrinks • Stay late, no kids, no gym • Less job satisfaction • Despite planning, seem to be reacting • Difficult client meetings • Long hours, stressful days • Muddled job satisfaction

  8. The Life of the Tribe Project assessments in a reactive culture. “The risk assessment performed does not adequately distinguish amount of contractor risk and government risk.” “The risk contingency is considered marginal at best.” “The potential for substantial changes in the project design as a consequence of external reviews is an unrecognized risk.”

  9. Life with Leadership Senior Leadership imposes top-down risk controls • On a mission to stop rampant re-baselining • Establish new risk policy/procedures • Many meetings to rigorously enforce policy/procedures • Reactive but feeling of progress • Increased OH due to PM pressure on cost re-baselining • Some additional risks factored into re-baselines • Still reactive • Increased OH • Numerous meetings to discuss risks & mitigation • Difficult contingency budget conversations with FPD • Concern risk conversations distracting from PM role

  10. The Good Life… Risk Intelligence proactively a part of all activities • FPDs proactively anticipate risk/mitigation plans • Stable baselines • DOE studied as best practice for Risk Intelligence • Seen as proactive/credible by Appropriators • Reduced OH • Proactively out ahead of mitigating prioritized risks • Recognized for excellence in PM • Recent crisis, executed plan, still home at normal time • Excellent client relationship • DOE business growing • Monthly reports include updates on top risks/mitigation • Strong job satisfaction/personal health up, working out

  11. Getting there from here… Structured methods, tools, and reporting provide predictable results. Methodology Tools Management Reporting

  12. Department Operations Programs IT Investments Procurement Legislature Strategic Planning Risk Management Human Capital Five-step Risk Management Lifecycle The risk lifecycle applies across all parts of a program or project. . ExecutionComponents Managing Risk 1. Identify Risks 2. Assess & Measure Risks 3. Respond to Risks 4. Design & Test Controls 5. Monitor, Assure & Escalate Governance Technology Strategic Operational Hazard People Process Compliance Financial FoundationalElements Risk Areas

  13. Step 1. Identify the Top (relevant) Risks Hundreds of insignificant risks can easily distract from a few critical.

  14. Step 2. Assess and Measure the Risks Evaluate each risk and its impact on cost, scope, and schedule. major weather event Natural Environ. dominate party change Political reduction in supplyavailability ↓ constituent priority shift External Risks Social Reduction in available funding ↑↓ technology innovation Technological reduction inavailable funding ↓ reorganization Inter-Dept/Agency Changes solution ↑↓ Objective: Complete entire Project by 2010 within budget Infr. not avail. ↓ changespriorities ↑↓ Union contract expires ↑↓ Inadequate projectmonitoring ↓ Infrastructure Improved constructionmethods ↑ Personnel Internal Risks Process Technology

  15. Step 3. Respond to Risks Choose the corrective actions, execute, and evaluate effectiveness. Identify corrective actions Monitor effectiveness of actions

  16. Step 4. Design & Test Controls Corrective actions result in mitigated risk, but come with a cost. Sample risk: Technology advances and innovation require design changes. Very High # 1 #2,3 High Incremental Mitigated Risk(Perform Cost/Benefit Analysis) #2,3,4 Corrective Actions Residual Risk Medium #2,3 Low #2,3,4 Actual Planned Very Low Q3 ‘08 Q1 ‘06 Q2 ‘08 Q2 ‘06 Q3 ‘06 Q4 ‘06 Q1 ‘07

  17. Corrective Action Status Risk reduced to an acceptable level Risk reduction occurring, not complete Further action required Step 5. Monitor, Assure, and Escalate Complete set of risks must be considered to understand the risk profile. Very 5 6 High 10 3 1 3 8 7 2 Inherent (Gross) Risk 4 • Example Risks: • Technology Innovation • Departmental Reorganization 9 Very Very Current Residual (Net) Risk Low High

  18. Critical success factors… Everyone has a role to play in making risk management part of the culture. • Seek and maintain senior leadership sponsorship • Establish common language for risk management • Integrate risk management across programs • Focus on changing the culture, not on executing the tactics • Assign ownership of risks as appropriate (gov’t, contr.) • Coordinate risk management across project • Focus on the value to all of managing risk, not the burden • Raise ALL risks identified “on the ground” • Designate operational accountability for corrective actions • Make risk management a priority

  19. For more information… • Sean Conlin • sconlin@deloitte.com • Nathan Houser • nhouser@deloitte.com

More Related