620 likes | 1.23k Views
Risk Management Essentials. Renee I. Robyor February 15, 2012. Overview. Benefits of Risk Management Risk Management Process Tools Common Pitfalls Summary References (e.g. PMBOK, DoD ). Benefits of Risk Management. It provides support for smarter decisions
E N D
Risk Management Essentials Renee I. Robyor February 15, 2012
Overview • Benefits of Risk Management • Risk Management Process • Tools • Common Pitfalls • Summary • References (e.g. PMBOK, DoD)
Benefits of Risk Management • It provides support for smarter decisions • It provides an assessment of what is ahead • Increased probability of meeting project objectives and business goals • It helps establish priorities • Make more efficient use of resources • It helps identify and understand potential risks • Avoid or mitigate the consequences • It reduces the probability and impact of undesirable events • Mitigate or eliminate negative consequences before they are realized • It provides more control on project outcomes • Invest in avoiding the problem, not cleaning up the mess
Risk Management Is… • The act or practice of dealing with risk. • Project Risk Management includes the process concerned with conducting risk management planning, identification, analysis, responses, and monitoring and control on a project. (PMBOK) • Integral to the overall program planning.
When Do We Do Risk Management? • Employ throughout the program’s life cycle. • Develop a strategy early in the program and address continually throughout the program. • Refine approach as the program progresses as “unknowns” become “knowns.”
What Is A Risk? Risk • An uncertain event, feature, activity, or situation that can have a positive or a negative effect on any objective; it will impact your chosen course if it is realized. Opportunity • A positive set of circumstances or events that may positively impact the objectives of the project. Threat • A negative set of circumstances or events that may negatively impact the objectives of the project. Risk = opportunities + threats
What Is Not A Risk? • If there is insufficient information to determine the likelihood of something happening, and you are unable to estimate the impact, then you have a Concern. • If something is certain to happen and you are confident that it will have a negative impact on the program, it is an Issue. • An event that has happened and has had a negative impact on the program is clearly not a risk, it is a Problem.
Risk Management Process • Risk Management Planning • Risk Identification • Risk Analysis • Qualitative Analysis • Quantitative Analysis • Risk Handling • Risk Monitoring and Control Risk Management Planning Risk Identification Risk Analysis Risk Handling Risk Monitoring and Control
Risk Management Planning • How to approach, plan, and execute the risk management activities for a project. • Very important! • Documented in a Risk Management Plan
Risk Management Planning Inputs Outputs The Project Risk Management Plan Project specific Risk Management Roles and Responsibilities Monitor and Control approach Reporting Requirements • Project Plan and Objectives • Project Scope • WBS • Resources • Budget • Schedule • Processes and Tools
Risk Identification • Risk Identification • Ascertains which risks have the potential of affecting the project and documenting the risks' characteristics. • Begins after the Risk Management Plan is constructed and continues iteratively throughout the project execution. • Naturally progresses into the analysis (Qualitative and/or Quantitative) phase. • The tools and techniques are designed to help the project manager gather information, analyze it, and identify risks to and opportunities for the project's objectives, scope, cost, and budget.
Risk Identification Inputs Outputs List of risks Root cause of risk Potential risk owners List of potential mitigation activities Risk triggers • Project Overview • Project Management Plan • Risk Management Plan
Risk Identification Tools and Techniques • Brainstorming • Affinity Diagrams • Expert Interviews • Questionnaires • Industry benchmarking • Scenario analysis • Risk assessment workshops • Incident investigation • Historical Information • Critical Path Templates • Auditing and inspection • Root Cause Analysis • SWOT Analysis • Cause and Effect Diagramming • Flow Charting • Delphi Technique • Working Groups • Experiential or Documented Knowledge • Lessons Learned
Safety Security Environmental Technical Export Control Cost Customer Relationship Schedule Personnel Internal organizational environmental Resources Infrastructure Operations Risk Sources What are some of your risk sources?
Risk Description • Clarity of the Risk description is key • Need to understand the ‘Cause’ and ‘Effect’ • Description needs to be clear and to the point Certain fact or condition Cause Drives Probability Uncertain event or set of circumstances Risk Drives impact Potential Impact Effect
Risk Analysis • The overall objective of the risk analysis process is to determine which risks warrant responses. • Evaluate each risk for the probability of occurrence, the impact on the project, and the time-frame (when action needs to be taken). • Classify and group with similar or related risks and prioritize. • Update the Risk Register. • Risk analysis can be either • Qualitative • Quantitative
Risk Analysis Inputs Outputs Updates to the risk register with probability and impact of the risks. • Outputs from Planning and Risk Identification processes • Risk Register • Project Management Plan
Risk Analysis Qualitative Quantitative Data gathering and representation techniques Quantitative risk analysis and modeling techniques Numeric 50% chance risk will occur 12 week slip in schedule, $15k material cost • Risk probability and impact assessment and matrix • Risk categorization • Narrative (Low-High) • Low - Small, less than 2 week slip in schedule • Very High – greater then 10% impact on budget
Risk Analysis • Performed after risks are identified • Each risk characterized in terms of its probability of occurrence and the severity of potential consequences • As in risk identification, risk analysis continues through the life cycle of the program • Impact / Consequence • The effect on the activity or project if the risk occurs • Probability / Likelihood • An estimate of the likelihood that a particular event will occur.
Consequences and Probabilities Consequences Probabilities
5 M M H H H 4 L M M H H 3 L L M M H 2 L L L M M 1 L L L L L 1 2 3 4 5 Risk Assessment Matrix CONSEQUENCE PROBABILITY
Qualitative Risk Analysis Examples
Quantitative Risk Analysis Examples
Risk Handling • Also known as Risk Response Planning • Risk handling helps to decrease the probability or impact of identified risks. This can be accomplished by inserting resources into the budget, schedule or plan. • Assign responsibility • Determine approach (research, accept, mitigate, or monitor); • If risk will be mitigated, define mitigation level (e.g., action item list or more detailed task plan) and goal • Execute plan.
Risk Handling Inputs Outputs Updated Risk Register Mitigation approach Risk Triggers Mitigation plans Contingency Plan Update to Project Management Plan Schedule of mitigation activities • Project Management Plan • Risk Register (Risks)
Options For Handling Risks • Risk Avoidance: Changing or lowering requirements while still meeting the user’s needs. • Risk Control: Taking active steps to minimize risks. • Risk Monitoring: Watching and periodically evaluating the risk for changes to the assigned risk parameters. • Risk Acceptance: Acknowledgement of risk but not taking any action.
Risk Monitoring and Control • The process of watching and evaluating risks, planning for newly discovered risks, and managing identified risks. • Track identified risks • Reveal new risks • Implement risk mitigation plans: Respond to triggers, Implement contingency plans • Verify and validate the risk mitigation plan effectiveness and document the consequences and results of the activities • Report monitoring results • Constant monitoring and due diligence is key to success.
Monitoring and Control Inputs Outputs Updates to: Risk Register Project Management Plan Lessons Learned • Risk Register (Risks) • Project activities and events
Risk Monitoring and Control • Monitoring and Control Activities • Monitor • Ensure compliance • Measure • Take corrective action • Evaluate effectiveness • Reassess • Refine Communicate!
Best Practices • Identify Early • Identify Continuously • Analyze • Reprioritize • Define and Plan • Communicate • Update • Educate • Plan Contingencies
Common Pitfalls • Risk management perceived as administrative burden rather than a way to underpin business performance. • Risk management being seen as being handled by ‘someone else’ not as an integral part of everyone’s job. • A weak and unstructured risk management process • Tools and techniques that may not be well matched to the project • An inordinate focus on risk analysis • Insufficient emphasis on the technical (performance) dimension of risk management • Insufficient emphasis on organizational and behavioral issues • Risk data being stored in multiple places and in different formats often resulting in information ‘falling through the cracks’ and decision makers ‘missing the bigger picture’. • Not communicating; not listening.
Risk Tools • Risk Management Process • Risk Management Plan • Risk Register • Risk Management Checklist • Risk Reports • Risk Response Plan • Work Breakdown Structure
Summary • Risk Management can provide valuable insights to address issues long before the issues surface. • A single averted risk can pay for many, if not all, risk management activities. • Risk Management helps us focus on what is important. • Many tools are available. Risk Management itself is a structured tool for day to day decision making. • Take the time. Communicate. Just Do It!
Resources and References Books • A Guide to the Project Management Body of Knowledge (PMBOK Guide), "Third Edition, Project Management Institute, 2004, Chpt. 11 • Risk Management Tricks of the trade for Project Managers, Second Edition, Rita Mulcahy • Project and Program Risk Management (Project Management Institute), R. Max Wideman, editor Articles by • Project Risk Management 101 - Why Project Managers should Worry about Risk, Carla Crepin-Swift • Project Risk Management - Elyse, PMP, CPHIMS Web pagesRISK MANAGEMENT GUIDE FOR DOD ACQUISITION Sixth Edition (Version 1.0) August, 2006 (http://www.dau.mil/pubs/gdbks/docs/RMG%206Ed%20Aug06.pdf) • DOD Risk Management Webpage (https://acc.dau.mil/CommunityBrowser.aspx?id=17607&lang=en-US) • Risk Management Toolkit – MITRE (http://www.mitre.org/work/sepo/toolkits/risk/) • ISO/IEC Guide 73:2002
Contact Information Renee I. Robyor Sr. Principal Systems Engineer, LSS Black Belt (802) 662-6347 W (802) 238-9504 Cell rrobyor@gdatp.com rrobyor@gmail.com