1 / 43

Introduction to Risk Management

Introduction to Risk Management. November 2010 Technology, Engineering and Management Department of Chemical Engineering. Sue Lounsbury, PEng, MBA, PMP. Queens University – Mech Eng 82 University of Ottawa – MBA Member of PEO and PMI 28 years of experience

karif
Download Presentation

Introduction to Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Introduction to Risk Management November 2010 Technology, Engineering and Management Department of Chemical Engineering

  2. Sue Lounsbury, PEng, MBA, PMP • Queens University – MechEng 82 • University of Ottawa – MBA • Member of PEO and PMI • 28 years of experience • Professional field – Strategic planning and project management with focus on risk management • Professional career includes: • Multiple construction projects in the Oil and Gas sector • Project management for Training facilities for CATSA • Project management for Long term care centres and hospitals • Strategic planning and risk management for Chanceries in Moscow, London and Paris for DFAIT • Currently working on the renovations of Parliament Hill and on the City of Ottawa Light rail project

  3. What would Project Management be without Dilbert?

  4. Why do so many avoid dealing withProject Risk Management? • Perceived as difficult to do • Tends to be the “bad news” part of projects • Results are not always tangible • Often not a priority for senior management • Often done once on a project and then “shelved” in a nice binder and forgotten about • Projects are not often supplied with the resources to deal with Risk

  5. Risk • Rarely does everything happen as planned • Uncertain events or conditions can have either a positive or negative effect on the project • Risks are things that are in the future and have < 100% chance of occurring while Issues are in the present and have a 100% chance of occurring • Generally are expressed in terms of impact/ probability and cost • Risk tolerance is the degree of risk that an organization can withstand in terms of financial impact and or damage to reputation Failure to understand the risks of a project generally leads to project failure

  6. Example of a Project Lacking in Risk Planning

  7. A result of a poor risk assessment program

  8. Risks and Project life cycle

  9. Risk Management throughout the Project Life Cycle • Risk management is not something that is bolted on at the end of a project – need to avoid a silo mentality • It is critical at all stages and requires continuous monitoring and control • Needs to be scaled to the size of the project • Needs to be fully integrated into the project • Should be a standing agenda item on at project meetings No surprises leads to a successful project!

  10. What is on the Web about Risk? • There is an unlimited supply of information on risk management on the web and can be a real challenge to wade your way through it. (Google results –75 million hits for the words “risk management”) • There are a few key guidelines and standards that stick out: • PMI PMBOK Guide (US and Canada) • PMI Practise Standard for Project Risk Management • Prince 2 (British) • AS NZS 4360: 2004 risk management standard • ISO 31000 (very new!) • Project Risk Analysis and Management Guide (PRAM) • RiskIT (targeted at IT projects) • BABok (targeted at accounting)

  11. PMI® PMBok® Guide - 6 processes • Inputs • Risk Identification • Risk Qualification • Risk Quantitative Analysis • Risk response development • Risk response control • Outputs • Risk Identification and prioritization • Risk management plan • Corrective action • PMI’s approach is the generally accepted with in the profession in Canada and the US • Globally applicable

  12. Risk IT® • Risk IT is an excellent tool focused on IT risk • Uses 3 domains with goals and metrics • Risk governance • Risk evaluation • Risk response • Very detailed tool

  13. ISO 31000 • Introduced in 2009 • International risk management standard • Seen as a replacement for the AS NZS 4360 • Adapted by CSA Canada

  14. ISO 31000 www.irr-neram.ca/pdf_files/ISO%2031000.pdf

  15. Risk Management Plan • Detail how risk management will be structured and executed for the project • Use to provide management with an overview of how risks addressed • Can be a simple one page document or can be very detailed– usually scaled to the projectand the level of risks • The lower the risk tolerance of the organization the greater the need for a detailed plan Failure to plan is planning for failure!

  16. Example Contents for a Plan • Methodology: • What approach will be used • What tools will be used • Roles and Responsibilities • Ensure you have the right people at the table with the right levels of authority • Governance • Budgeting • How will risk be funded – mitigation or occurrence • Risk Contingency – what are the authority levels for spending it • Scheduling • At what milestones will risks be identified • How often will risk reviews be completed • Risk Identification • What approach will be used for risk identification (Brainstorm, interview SAE, checklists) • Risk register format • Qualitative • How risks will be prioritized • What the assessment levels will be set at • Quantitative • What approach will be used • What assessment tools will be utilized • Risk Response • What will be the response strategies • Monitoring and Control • Risk reviews, communications • Lessons learned

  17. Paying for Risk • Well run projects usually identify part of the budget to cover risk • This is over and above the normal contingency that is carried on projects for site conditions, client direction, design issues etc. • The funds are for either reducing the impact of a risk by taking some action (like hiring an additional inspector) or they are to cover the cost of a residual risk if it occurs • Access to this money is usually at a higher level within the management team. • The amounts of this budget can range depending on the risk tolerance level of the organization • PWGSC right now carries a large level of risk because there is very little risk tolerance within its culture

  18. Risk Identification • Done as early as possible in a project • Done often in a project • Usually starts out at a high level and then moves to a more detailed approach once more project information is available • Bring in as many perspectives as you can • Identify opportunities as well as threats • Be careful to describe the risk carefully – it needs to focus on causeand impact • schedule slippage is not a risk – it is an outcome • Evaluate the impact that it would have on your projects objectives • For easier identification and management of risks divide them into categories. As examples: • Technical • External • Project Management ( internal team) • Organizational • Make sure all assumptions are clearly stated

  19. Risk Breakdown Structure – (looks like a WBS!)

  20. Industry specific: Pharmaceutical Development

  21. Oil and Gas project example

  22. Wellington Renovation Project

  23. Risk Register • Tool used to capture the identified risks, their impacts and probability and the steps that need to be taken • Used as an interactive tool to monitor progress of risk responses • Assigns responsibility for risk actions

  24. Example risk sheet

  25. Example risk register

  26. Qualitative Risk Analysis • Ranking of the risks relative to each other and based on the impact on the project • Most simply: • High • Medium • Low • Should be agreed upon prior to assessing risks • Needs to be assessed prior to taking any risk response and again after to help determine any residual • Should also be reassessed throughout the project as the project evolves and external conditions change • Risks are typically defined by their Probability of Occurrence and the impact they would have on the project if they occurred. Note that they are independent of each other. • A very simple easy approach that most understand but consistency in applying the concepts is key in identifying the critical risks

  27. Risk Qualification

  28. Project Risk based on objective relative weighting Project objectives weighted independently from the risks Risk score calculated by multiplying probability by impact Total score is the sum of the risk score x the objective relative weight

  29. Alternate ways of communicating Risks

  30. Quantitative Risk Analysis • A more sophisticated approach to risk analysis • Provides numerical analysis of the impact of all risk simultaneously on top project objectives • Provide what if scenario opportunities • Helps to more accurately identify risk that are high priority and where risk response can have the greatest impact • Often is used to help determine contingency • Software is used for this approach • Pertmaster (Primavera) • @ Risk • Crystal Ball ( now owned by Oracle) • Monte Carlo simulation approach • Based on optimistic, realistic and pessimistic views and can be set under a number of different distribution models including triangular, Beta, uniform or Normal distribution • Can provide correlation between schedule elements that are impacted by the same forces

  31. Outputs • Outputs provide histograms showing the certainty of the project objective (schedule or budget) and the likelihood of delivery the project at the expected levels • Schedule models help define what items critical even if they are not on the critical path • Allows contingencies to be established • Tornado diagrams help to illustrate the items with the highest level or correlation and therefore what is driving project uncertainty

  32. Output example: Histogram

  33. Example of output: Tornado

  34. Other Tools • Probability Analysis • Delphi Method • Monte Carlo • Decision Tree Analysis • Utility Theory • Decision Theory

  35. Risk Response • Determine root cause • Avoid, mitigate or transfer where possible • Develop contingency plans for significant risks • Document and review regularly

  36. Risk Triggers • Events or actions that move a risk from a probability of <100% • Important to be able to identify what the triggers are for risks where possible • Once triggered they are no longer a risk – they now are issues that will need to be addressed

  37. Monitoring and Controlling • Ongoing risk monitoring is one of the hardest parts of managing risks • Involve as many stakeholder and SME as possible • Have separate reviews for risk on large projects or incorporate in team meetings on smaller ones • Timing for reviews: • Key milestones • At least once per year • After trigger points occur on top risks • Report risks • Report top 10 risks monthly • Create a risk dashboard or one pager • Lever Lessons Learned • Run lesson learned sessions after key milestones or phases in the project

  38. Do it all over again! • Repeat the cycle • Meaningful times in the project • Key milestones • Not less than once per year • At times of significant change in the project – between end of design and start of constructions • Can do mini risk reviews on specific project element during the project to assist in decision making

  39. Conclusion • Make Risk a part of your project just like cost and schedule • Make sure you understand the risk tolerance of your organization • Get the appropriate level of resources you need to match • Tailor the risk plan to fit the project • Make use of the appropriate tools that are available • Communicate, communicate, communicate! • Get it on as a standing item on the team meetings agenda

  40. Reading opportunities • Enterprise Risk Management – Integrated framework • www.theiia.org/iia/download.cfm?file=9229 • Project and Program Risk Management – A guide to managing project risks and opportunities • Max Wideman, Editor, Project Management Instit • A Guide to project Management Body of Knowledge – PMBOK 4th Edition • Identifying and Managing Project Risk – Essential Tools for failure proofing Your project • Tom Kendrick • Risk and Decision Analysis in Projects • ( 2nded) – John Schuyler

  41. Project Scenario • Queens Golden Gaels have made it to the Vanier Cup one more time! • Your project is to organize a road trip from Queens to Quebec city for 50 people to cheer on the team • Build a Risk Breakdown Structure • Brainstorm risks • Rank risks ( Probability of occurrence, impact cost, schedule) • Develop risk response for High risks

More Related