Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
CLAM
DA-IM
Giu
sepp
e Gh
erar
di Project Management
6. The Risk Management
Clip 982 Titanic and 983 Challenger
CLAM
DA-IM
Giu
sepp
e Gh
erar
di Risk Management
• Managing projects means taking risks• Every decision, every estimate, every plan is a potential risk driver• The most common way to manage risks is reaction…. When some
unexpected event happens, we react taking corrective actions• But very often, when risks happen, it is too late and we suffer a lack
of effectiveness/efficiency• Setting aside some money for risks management does not mean
we are managing the risks, it means we are hoping that whatever might happen will be covered by the fund we have stored
• We can also have a pro-active approach: we visualize every risk and we decide every possible corrective action we have to take. Then we define corrective action costs.
• At this point we decide what cost we can afford and want to afford: now we are managing risks
CLA
MD
A-I
M G
iuse
ppe
Ghe
rard
i
Risk Management
• Is it possible to overcome the reactive approach?
• Is it possible to increase the pro-active approach?
• …..
• A Standish Group research tells that on 9.000 IT projects developed in the USA, only the 19% was on time….
• We need a method to manage all the risks we might have
CLAM
DA-IM
Giu
sepp
e Gh
erar
di Risk Management
• What is the meaning of “Risk”?
• Risk is a event that has a defined probability to happen and can be a damage for the project…
• “Can” not “will be”…• Risk is, in fact, related to uncertainty. Uncertainty though,
could also be an opportunity if its results are good• “Both threats and opportunities are ‘uncertainties that
matter’, so both are type of risks”
CLAM
DA-IM
Giu
sepp
e Gh
erar
di Risk Management
Example:
• I went out with my new suede shoes but the weather forecast says it could rain….
• I am not sure about the rain, so there is a risk…• If it does not rain, I will have a light pair of shoes to walk
easier..• If rains, I will destroy my shoes…• If I see dark clouds, I’ll have to run for shelter because it will
rain!
We have all the elements to identify and manage the risk!
CLAM
DA-IM
Giu
sepp
e G
hera
rdi Risk Management
Ex:
TARGET WEARING MY NEW SHOES
RISK
ADVANTAGE
DAMAGE
TRIGGER (sentinel)
PROBABILITY OF RAIN
WALKING EASIER
RUINING MY SHOES
NOTICE BLACK CLOUDS
IF I SEE DARK CLOUDS, I START SEEKING SHELTERSTRATEGY
CLA
MD
A-I
M G
iuse
ppe
Ghe
rard
i
Risk Management
• Risks can mean threats or opportunities…. We have two kind of risks:
– PURE RISK – if it happens, we only have the probability to suffer a loss• Managing strategy: avoiding, transferring, mitigating
– SPECULATIVE RISK – if it happens, we can suffer a loss or we can have an advantage• Managing strategy: taking advantage, sharing, improving
• Ex: a decrease of a bond in stock exchange could be a threat or an opportunity. It depends on whether we need to sell or we want to buy!
CLA
MD
A-I
M G
iuse
pp
e G
he
rard
i
Risk Management
• If I have a planned risk managing system, I am able to know what to do in case of a negative event!!
• The Project Team, led by the Project Manager, has to define
risks, triggers, threats/opportunities, strategies…
• Risk strategies cost…
• Who defines the cost level vs risks?....
…. The Sponsor, by setting risk priority and a budget to manage it!
CLAM
DA-IM
Giu
sepp
e Gh
erar
di Risk Management
Risk ManagementThe risk management method is a four steps process:
1. Risk identification – we define the risks that could have an impact on the project. We must define the risk characteristics:
1. Risk impacts (damages/advantages), 2. Risk probability3. Risk trigger/sentinel
The project team must start this analysis after the project planning and before the economic phase
CLA
MD
A-I
M G
iuse
ppe
Ghe
rard
i
Risk Management
2. Qualitative and quantitative analysis – we must define a risk priority list based on the probability to happen and the possible impact (see FMEA analysis). This is the phase when we define the risk management costs and the border between risks (and costs) we want to consider and risks (and costs) we decide to ignore
3. Defensive action plan against risks – we must define actions to minimize threats and maximize opportunities. In this phase we will add new activities (and costs) to the project plan, not directly related to the project target
4. Risk monitoring and controlling –
CLAM
DA-IM
Giu
sepp
e Gh
erar
di Risk Management
1 - Risk identification: the Standard Risk Model (SRM)• We define three variables:
1. RISK EVENT – the event that causes a loss/gaina. RISK EVENT DRIVER – is the sentinel, who says that the risk could happenb. RISK EVENT PROBABILITY – is the risk event probability (of occurring)
2. IMPACT – potential loss/gain if the risk happensa. IMPACT EVENT DRIVER – it is the sentinel, who says that the impact could happenb. IMPACT EVENT PROBABILITY – is the impact event probability (of occurring)
3. TOTAL LOSS – total loss (or gain) if the risk happens
CLAM
DA-IM
Giu
sepp
e G
hera
rdi Risk Management
SRM - The three variables are related as following:
IMPACT
RISK EVENT
TOTAL
LOSS
RISK EVENT PROBABILITY
RISK EVENT DRIVERS
IMPACT EVENT DRIVERS
IMPACT EVENT PROBABILITY
CLAM
DA-IM
Giu
sepp
e Gh
erar
di Risk Management
SRM• The Standard Risk Model (SRM) is important because it
separates risks from impacts
• We have two levels of probabilities: risk probability and impact probability
• That means we can operate on two variables…. If I am not able to decrease the probability of a risk occurring, I can operate to decrease any negative effect (impact) on our project!
CLA
MD
A-IM
Giu
se
pp
e G
he
ra
rd
i
Risk Management
SRM example:
DESIGN
CONTROL + APPROVAL
WK1 WK2 WK3 WK4
Freddy is
UNAVAILABLE
Marco+Joel
Freddy
1st of April 21st of April7st of April 14st of April
WK5
Let’s imagine a short part of a project, formed by 2 activities: 1-
mechanical sub-assembly drawning; 2-drawing check and approval
by a technical controller
Watching the project’s calendar, we can see that Freddy will be unavailable on week 4
(Freddie will be on holyday or busy in othe activity).
The activity sequence shows a risk: if the drawing activity or the control activity will
have a delay, the activities block will suffer a delay amplified due to Freddy
unvailability on week 4
CLA
MD
A-I
M G
iuse
pp
e G
he
rard
i
Risk Management
SRM example:
“Human resources working on the project are not enough…. We could delay the finish date”
• This sentence is completely inefficient because it doesn’t separate the time when I have the risk and time when I have the impact
• But, I can understand which activity I haven’t enough resources for…
• …Risk event 1 – the company HR write a mail to the project manager: “…from the 1st of April all the technicians will attend a course.”
CLA
MD
A-I
M G
iuse
ppe
Ghe
rard
i
Risk Management
SRM example:
• Risk event driver – HR wrote: “Starting from the 1st of April, the two technicians will attend a course”
• Impact – the “Design” activity, scheduled for 3wks (2wks design and 1wk approval) will delay of 2wks
• Impact driver – the person in charge of the design approval will be unavailable starting from the 21st of April for 1wk
The Risk driver gives a three weeks loss, but the impact driver defines the delay length
CLA
MD
A-I
M G
iuse
pp
e G
he
rard
i
Risk Management
SRM example:
Adopting the SRM, our target is working separately on the two
drivers to minimize the total impact
Risk driver action: I can negotiate with HR a new course date, so I can eliminate
the risk!
Impact driver action: if I cannot eliminate the risk, I can ask for a substitute
who will be in charge of design approval. In this way I can reduce the
impact of only 1wk
Thinking about different drivers with SRM allows us to define:
– Precautionary plans working on risks! – Reaction plans working on impacts!
CLAM
DA-IM
Giu
sepp
e Gh
erar
di
1 - Risk identification: the Standard Risk Model (SRM)
Risk Management
The Risk Breakdown Structure (RBS) is a list of standard risk cathegories
CLA
MD
A-I
M G
iuse
ppe
Ghe
rard
i
Risk Management
To identify risks, for each of them we have to define :• Risk (Risk event)• Risk event driver• Risk probability• Impact (impact event)• Impact event driver• Impact probability• Loss/gain • Total risk probability• Expected loss/gain• Priority
CLAM
DA-IM
Giu
sepp
e Gh
erar
di Risk Management2- Qualitative and quantitative analysis: the Failure Mode & Effect
Analysis (FMEA)
RISK (Failure mode)Is the risk mode, or the event.
It could be the way a component or a process fails
IMPACT (Effect)It is the impact we will have if the risk was not correctly
estimated
REASON (Cause)Is the actual cause of the risk
CLAM
DA-IM
Giu
sepp
e G
hera
rdi Project Risk Management
•After the FMEA analysis, we have to define responsibilities and time for corrective/precautionary actions
• We have to verify the action’s effectiveness after being issued, evaluating the real risk priority index
•We have to update the FMEA according to project changes
2- Qualitative and quantitative analysis: the Failure Mode & Effect Analysis (FMEA)
CLAM
DA-IM
Giu
sepp
e Gh
erar
di Risk Management
The failure mode is how the risk appears in the process/project, the impact is the consequence of the risk
For each risk (mode), the project team has to define: •all the possible related impacts (effects), •all the possible related causes, • risk probability (p)• impacts (effects) importance (g)•risk driver “difficult to see” grade (r)
For each risk/impact/cause, we can calculate the
RISK PRIORITY INDEX = p x g x r
2- Qualitative and quantitative analysis: the Failure Mode & Effect Analysis (FMEA)
CLAM
DA-IM
Giu
sepp
e Gh
erar
di Project Risk Management2- Qualitative and quantitative analysis: the Failure Mode & Effect
Analysis (FMEA)
CLA
MD
A-IM
Giu
sepp
e G
hera
rdi
Company FMEA FMEA N°
Date:Group: Last rev
date:
Component Failure mode As Is Situation Corrective actions Final Situation
PN Description Mode Cause Effects ControlsP
(1-5)G
(1-5)R
(1-5)RPI
Actions planned
Resp. TimeActions
doneP
(1-5)G
(1-5)R
(1-5)RPI
100.34555.3Filter for ABS brake system
Net detaching
Net not well attached to support
Filter doesn’t run, brake system block, fatal acc
Statistic control by QS-IS-2345
2 5 4 40 0
100.34555.3Filter for ABS brake system
Filter is not complete
Wrong injection pressure
Filter doesn’t run, brake system block, fatal acc
Statistic control by QS-IS-2345
2 5 3 30 0
100.34555.3Filter for ABS brake system
Mode…. Cause… Effect…
Statistic control by QS-IS-2345
3 1 5 15 0
i
Project Risk Management
2- Qualitative and quantitative analysis: the Failure Mode & Effect Analysis (FMEA)
CLAM
DA-IM
Giu
sepp
e Gh
erar
di
i
Project Risk Management2- Qualitative and quantitative analysis: the RISK ASSESSMENT
MATRIX
CLAM
DA-IM
Giu
sepp
e G
hera
rdi
i
Project Risk Management3- Risk Contingency Plan
EVENT
DAMAGE
LOSS
ELUSION
PROTECTION
ASSURANCE
PREVENTION
RISK TRANSFER
RISK RETENTION
Risk Structure Risk Tools
PHYS
ICAL
CO
NTR
OL
FIN
ANCI
NG
CO
NTR
OL
CLA
MD
A-I
M G
iuse
ppe
Ghe
rard
i
Project Risk Management
3- Risk Contingency Plan
Elusion – has the objective to exclude the possibility of risk occurrence by renouncing to carry out the project activities connected with this riskPrevention – set of measures aimed at reducing the probability of occurrence of risky events, while not renouncing to carry out the activities connected to themProtection – set of security measures aimed at limiting the economic impact of the damage connected to the risk, intervening only to verified damage. It intervenes that is when the prevention failsAssurance – insurance policy to transfer the risk to a specialized company
CLA
MD
A-I
M G
iuse
ppe
Ghe
rard
i
Project Risk Management
3- Risk Contingency Plan
Transfer (non insurance) – consists of the transfer of risk to other subjects other than an insurance company (eg subcontracting)Retention – consists of another form of non-risk-based transfer, where the same organization that manages the project takes on the risk, providing for its financing with its own resources. In this regard it is necessary that the Project Manager reaches the complete knowledge of all the risks that could threaten the project, so that does not remain an unconscious area of retention. This prudence does not only apply to the identification of a risk, but also to the correct evaluation of its effect
CLAM
DA-IM
Giu
sepp
e Gh
erar
di Project Risk Management4- Risk control