Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
1
RISK MANAGEMENT:
Oh Oracle! … What are You Telling Me?
RISK MANAGEMENT AS A BUDGETING TOOL
Remember?..... Risk Characteristics
• A definable event
• Probability (Likelihood) of occurrence
• Impact (Consequence) of occurrence
A risk event that has materialized
i.e. ”became a reality”
is a
PROBLEM (an “ISSUE” for PMBOK®)
3
StartCompletion
Data History Current Experience Hindsight
Information GeneralUncertainty
SpecificUncertainty
TotalCertainty
RiskUnknown Unknowns
KnownsKnown Unknowns
What is Risk?
Remember?..... Characteristics of Risk Events
Risk Events are—
• Situational
– They have no textbook answer
– Team must relay on sound use of tools and methods/techniques
• Time based
– Risk is a future phenomenon only
– Time affects risk perceptions
• Interdependent
– One risk event (or mitigations) can affect others
– One risk can cause others
– Quantity of risks may affect perceptions
Remember?..... Characteristics of Risk Events (continued)
• Magnitude dependent– The greater the payoff, the more the risk is acceptable
– The higher the impact, the more significant the risk
• Value based– Personal and cultural values affect company risk taking
– Company values affect individual choices
– Everyone sees risk differently
6
Internal
External
Requirements CreepMacro-Management
Teamwork
ScheduleIntegration
Personnel
Technical
Constructive Change
CommunicationCosts
Policy Changes
Customers
Labor Force
Budget
Acts of Congress
Micro-Management
EconomyActs of God
Scope Changes
Regulatory
Industrial Base
Internal
Policy Changes
Customers
Micro-Management
Labor Force
Scope Changes
Budget
Regulatory
Seek to CONTROL the Internal and INFLUENCE the External
Remember?..... Sources of Risk
Do Not Forget!....The Nature of Risk
THREAT OPPORTUNITY
Probability of Failure (Pf)
Consequence of Failure (Cf)
Probability of success
Benefit of success(the Consequence)
Note: Failure to properly control the risk…
The “Balance” of Risk
Do Not Forget!.... The Nature of Risk
THREAT OPPORTUNITY
Probability of Failure (Pf)
Consequence of Failure (Cf)
Probability of Success
Benefit of success(the Consequence)
The “Balance” of RiskQuestion: Why should you take a risk?
Answer #1: To gain a specific reward!
Answer #2: Sometimes you don’t have a choice!
Probability and Impact (Matrix) Samples
5
4
3
2
1
1 2 3 4 5
HIGH
MODERATE
LOW
5
4
3
2
1
12345
HIGH
MODERATE
LOW
Risk vis – a – vis Opportunity
THREAT OPPORTUNITY
Probability of Failure (Pf)
Consequence of Failure (Cf)
Probability of Success
Benefit of success(the Consequence)
Key Messages on Risks
Conclusion Related to Risk Characteristics and Perceptions
R I S K D O C U M E N T A T I O N
11
Project Risk Management Overview
PerformQualitative
Risk AnalysisIdentify Risks
PerformQuantitative
Risk Analysis
PlanRisk
Responses
Monitor &
Control Risks
PlanRisk
Management
Risk Response Control Terms
• Problem (ISSUE): a negative risk event (known or unknown) that has materialized
• Windfall: a positive risk event (known or unknown) that has materialized
• Workaround: unplanned (not defined in advance) response to negative risk event
• Corrective action: performing the response to a negative risk event (either planned, as with contingency plans, or unplanned, as with workarounds)
Risk Response Control Terms
• ASSUME A RISK: A GAMBLE that the Risk Event is not going to occur.
– Program Manager DO NOT CONTINUE MESSING WITH IT!
• MITIGATE A RISK: To lessen the effects of event.
– Mitigations create own Risks!
– Use Experimentation
– Requires Plans, Schedule, and $$$
Risk Response Control Overview
Risk response control
Updatedrisk
responsedevelopment
Project executionand
control processes
Riskreassessment
Execute
Evaluate
Document
RiskManagementPlan
Updatedrisk
management plan
Planned responses,evaluations, additionalresponses
Updated prioritizedrisk list
Progress,deviations,variances
Risk Response Control – A Closer Look
Risk ResponseControl
Contingency Plans Workarounds
Additional RiskResponse Development Acceptance
RiskEvents
AdditionalRisk Identification
CorrectiveAction
LessonsLearned
Updated Risk Management Plan
Risk Response Control Guidelines
• For risk response control to work, project managers must
– Closely monitor project progress
– Timely execute risk responses when problems (issues) or windfalls occur
– Thoroughly evaluate effectiveness of risk responses
– Continuously follow up
• The only way to do this effectively is as part of the overall project management plan and process
– The Risk Management Plan is a critical component of the project plan
• Carry out risk management plan as part of project execution although it is done throughout the project
• Carry out risk strategies as risk becomes actual events
• Communicate plan status to project team members
Risk Management
Planning
Identify
Analyze
Prioritize
Document
Evaluate
Execute
Plan
Communicate
Execute Risk Strategies
InputEstablish an
early warning system (Trigger
Events)
Input• Project plan• Risk management plan• Actual risk events• Additional risk identification
Tools• Risk response strategies• Personal management tools
• Communication• Time management
• Project management tools• Network • Cost and schedule reporting process• Team Meetings and status reports
• Decision-making tools• Decision trees• Lifecycle cost analysis• Financial measures• Probability functions
Assignresponsibility
forrisk control
Executeproject plan
ExecuteRisk
ManagementPlan
Monitorproject status
Carry outcontingency
plans
Carry outwork-arounds
Communicate Risk
Response Control
Results of corrective
action
Establish Early Warning System
Establish an early warning system to detect deviations from plan that may be or may cause risk triggers
– Exposure increases as cost and schedule variances increase
– Example of an early warning system include –
• Earned value (EVM)
• Cost variance
• Schedule variance
• Change in forecasted project end date
• Change in float
• Change in stakeholder attitude
Risk Quantification and Expected Monetary Value
• Involves numerically assessing probability and impact
• Expected Monetary Value (EMV) is a statistical assessment of risk value, not a prediction of final cost should the risk occur or not occur
• EMV = (probability of occurrence) amount at stake)
• Assess –
– Best case (all good things happen and no bad)
– Worst case (all bad things happen and no good)
• Final actual value will probably fall between best case and worst case
Based on Analysis – Decide
Strategies for Threats (Negative Risks)
Strategies for Opportunities (Positive Risks)
Avoid Exploit
Transfer Share
Mitigate Enhance
Accept Accept
Based on Analysis –What Do You Decide
Handling Strategy is decided– Mitigate
• Experimentation• Transferring of Risk
– Sub-Contractor– Hiring Expert Consultants
– Accept (Higher Authority can Effect)• Passive Acceptance
– Team deals with risk when it occurs (i.e.- when it becomes a problem)
• Active Acceptance-– A Contingency Plan is in place in case risk event occurs.– No Action taken until risk event occurs.
» Most common strategy-set up Contingency Reserve for time, money and resources
Based on Analysis –What Do You Decide
• Contingency response strategies can include:
– Contingency Plans• Includes actions taken if:
– An identified risk occurs
– A risk trigger is detected that identifies when the contingency plan should be implemented.
• Fallback Plan:– A fallback plan is developed when a selected risk strategy is
» not fully effective, or
» Risk has high impact.
Example Changing project scope, developing alternatives, or allocating a contingency amount
Contingency vs. Management Reserves
• Contingency Reserves are set within the project/program to deal with Known Risks.
– Project Manager controls this reserve.
– Part of project budget
– Part of EVM calculations.
• Managements Reserves Work are set within the sponsor portfolio/senior executive management to deal with Unknown Risks.
– Project Manager does not control this reserves.
– Not part of project budget
– Not part of EVM calculations.
Decision Tree – The Rules
• Represent decisions by boxes (decision nodes); represent outcomes or events by circles
• Enter the primary decision on the left side of the tree and work from left to right
• Represent all possible scenarios by paths
• Assign probabilities to all path segments leading from events
• Determine expected value for each segment
• Work from right to left, adding expected values of all path segments leading to a decision node
• Work until the most advantageous path is established
Decision Tree Example
Should we build a prototype of the new flight simulator product? Project requirements were poorly defined. As a result, there is a risk that the final product will not pass the customer acceptance test. A prototype also would substantially reduce the cost of rework for failures at customer acceptance test.
Cost to build prototype $98,000Probability of passing customer acceptance test
with prototype 90%without prototype 20%
Cost of rework after customer acceptance testwith prototype $20,000without prototype $250,000
Decision Tree Example with Probability
Build prototype
Do not build prototype
90%
10%
80%
20%
Pass customer acceptance test
Fail customer acceptance test
Pass customer acceptance test
Fail customer acceptance test
Decision Tree Scenario with Expected Value
Build prototype
Do not build prototype
Pass customer acceptance test
Fail customer acceptance test
Pass customer acceptance test
Fail customer acceptance test
Expected Value with prototype$98,000 + $2,000 = $100,000
Expected Value without prototype$0 + $0 + $200,000 = $200,000
29
Purchase or Code Software
Purchase Software-$50,000
Code Software
-$120,000
Fills Need
Does Not Fill Need
40%
No Added Impact
60%
- 50,000 X .40 = - $20,000
- $250,000 X .60 = - $150,000-$200,000
-$170,000
Works
Does Not Work
80%
No Added Impact
20%
- 120,000 X .80 = - $96,000
- $120,000 X .20 = - $30,000-$30,000
-$126,000
DecisionDefinition Decision Node Chance Node Net Path Value
Expected Monetary Value
(EMV)
Cost Reserve Allocated
• What cost reserve should I allocate for these risks?
– Say on a risk you have…..
• 25% Probability that a key Design Engineer will be reassigned to project with a extra cost of $6000,
• 40% probability that the new technology inserted/used will require additional training at an extra $4,000 cost to budget
• and 20% probability of using existing computer applications saving project $8,000.
<.25 X $6000> +<.40 X $4,000> + (.20 X $8,000)=
<threat (negative risk)> + <threat (negative risk)> + (opportunity (positive risk)) =
<-$1,500> + <-$1,600> + ($1,600) = -$1,500
Build Your Planned Costs
• As part of Project Cost Mgt-Knowledge Area under Planning Process Group
– Estimate Costs
– Determine Budget
• Build Mitigation plans
– Determine Schedules, Resources and associated Costs
• Each Risk Event (perhaps combination thereof) has a Mitigation “packet”
• Stack these Mitigation Packets
– Update Project Plan
– Inform Stakeholders
Build Your Planned Costs
• As part of Risk Analysis (Qualitative and Quantitative)
– Prioritize Risks
• Propose Responses (Handling Strategies)
• Schedule responses based of the strategy
• Effect mitigations
• Acceptance risks (Active) upon decisions from PM
– Whatever can be scheduled into future-Mitigation Packet becomes an input into new budgeting process.
33
Risk Management As Budget Summary
• Risk Management provides a glimpse into the future of Project
• Risk Management is a tool that assists
– the preparation of budgets,
– cost controls,
– and stakeholder expectation management
• Reduce the impact of less desirable outcomes
• Decrease the probability of the risk event itself
• Assist bottom line by surfacing Opportunities and leveraging them into cost savings.
• Help out-year budgeting, leveling “burn rate”, historical files
34
QUESTIONS?
35