Improving Project Decision Making and Reducing Exposure Through Risk Management

Similar documents
Earned Value Management Best Practices

Is Poor Project Management a Crime?

Managing Overall Project Risk. Abstract

Project Risk Management. Presented by Stephen Smith

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK

WelcomRisk. For organizations looking to improve project performance through proactive risk management.

Integrated Risk Management As A Framework For Organisational Success. Abstract

A Risk Management Standard

Enterprise Risk Management

Project Risk Management

Operational Risk Management in a Debt Management Office

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Project Risk Management

RISK MANAGEMENT OVERVIEW - APM Project Pathway (Draft) RISK MANAGEMENT JUST A PART OF PROJECT MANAGEMENT

Issues in Information Systems

The Business Case in the 21 st Century. Jeff Jackson

Policy : Enterprise Risk Management Policy

Primavera Project Portfolio Management and Oracle P6

Understanding and articulating risk appetite

Portfolio Risk Management: aligning projects with business objectives to deliver value

A Common-Sense Approach to Information Management for Corporate Greenhouse Gas Inventory

IT Project Management Methodology. Project Risk Management Guide. Version 0.3

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

Asset Management Policy March 2014

Integrated Risk Management:

Risk Management Policy. Corporate Governance Risk Management Policy

ENTERPRISE RISK MANAGEMENT POLICY

Strategic Risk Management for School Board Trustees

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

SSgA CAPITAL INSIGHTS

PROJECT RISK MANAGEMENT

Project Management. [Student s Name] [Name of Institution]

The Asset Management Landscape

Monte Carlo Schedule Risk Analysis - a process for developing rational and realistic risk models. Martin Hopkinson

An Oracle White Paper September Managing Portfolios, Projects and Risk in the Steel Industry during an Economic Downturn

Developing Greater Professionalism in GIS Project Management

Enterprise Solutions for Engineering Consultancy Firms

IFAD Policy on Enterprise Risk Management

SALES AND OPERATIONS PLANNING BLUEPRINT BUSINESS VALUE GUIDE

The Future of Census Bureau Operations

Five steps to Enterprise Risk Management

Project Management: Back to Basics

ISO, CMMI and PMBOK Risk Management: a Comparative Analysis

FUNBIO PROJECT RISK MANAGEMENT GUIDELINES

FACULTY OF BUSINESS MANAGEMENT

Negative Risk. Risk Can Be Positive. The Importance of Project Risk Management

Making Every Project Business a Best-Run Business

Project Risk Management in Oman: A Survey of Risk Practices in the Construction Industry

Scenario Analysis Principles and Practices in the Insurance Industry

Project and Portfolio Management for the Innovative Enterprise

Motivations. spm adolfo villafiorita - introduction to software project management

Project Management Summary of Best Practices

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202)

IT Governance. What is it and how to audit it. 21 April 2009

Risk Management Policy

Getting things done How governments can deliver public infrastructure projects on time and within budget

Top 10 Key Attributes of a Successful Project

Palisade Risk Conference, 2014

Evaluation Guide. Sales and Operations Planning Performance Blueprint

Risk Methodology. Contents. Introduction The Risk Management Structure The Risk Management Cycle Methodology...

The ROI of Data Governance: Seven Ways Your Data Governance Program Can Help You Save Money

Much attention has been focused recently on enterprise risk management (ERM),

Generally Accepted Recordkeeping Principles

Risk Management approach for Cultural Heritage Projects Based on Project Management Body of Knowledge

How PRINCE2 Can Complement PMBOK and Your PMP Jay M. Siegelaub Impact Strategies LLC. Abstract. About PRINCE2

SharePoint as a Business Application, Not Just a Collaboration Tool

Risk Management. Sharif Project Management Session 10.1

Management. Model Risk. Nav Vaidhyanathan Director, Head of Model Risk Management Wintrust Financial Corporation

RISK MANAGEMENT STRATEGY

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator

INTRODUCTION TO PUBLIC-PRIVATE PARTNERSHIPS

Risk Workshop Overview. MOX Safety Fuels the Future

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

P3M3 Portfolio Management Self-Assessment

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

Incorporating Risk Assessment into Project Forecasting

The Total Economic Impact Of SAS Customer Intelligence Solutions Real-Time Decision Manager

It's time for Active Risk Manager. Successful Organizations have World-Class Risk Management

Deltek First Vision Essentials CRM

Frontier International

Risk Management Policy Adopted by:

Enterprise Solutions for IT Software Services and Development Companies

Developing an Effective Enterprise Risk Management Program

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

Deltek Vision 5.1 Analysis and Reporting

Beyond risk identification Evolving provider ERM programs

Make information work to your advantage. Help reduce operating costs, respond to competitive pressures, and improve collaboration.

Reflective Summary Project Risk Management. Anthony Bowen. Northcentral University

Relationship Manager (Banking) Assessment Plan

RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES

Basel Committee on Banking Supervision. Working Paper No. 17

Appendix V Risk Management Plan Template

The multisourcing approach to IT consolidation

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No June 2007

Business analytics for manufacturing

Measurement Information Model

Bid/No-Bid Decision-Making Tools and Techniques

PROJECT MANAGEMENT PLAN Outline VERSION 0.0 STATUS: OUTLINE DATE:

ENGINEERING COUNCIL. Guidance on Risk for the Engineering Profession.

Transcription:

WHITE PAPER Improving Project Decision Making and Reducing Exposure Through Risk Management Formalized risk management is an essential control tool for project management and an important aide to decision making. Background Formalized risk management is an under-utilized practice in project management where the focus is typically on schedule and budget. This affects most aspects of a project including evaluation, assessment, selection, planning, collaboration, execution, and control. And, it begs the question: How many project decisions are made without formally evaluating potential consequences? In an economic climate where budgets are tight, resources limited, and competition fierce, the case for implementing formalized risk management is stronger than ever. In an article focusing on the new challenges facing today s business leaders, The Economist magazine reports that CEOs need to implement a reliable risk management solution throughout their enterprise. Such a solution not only analyzes risk, but also alerts senior management of potential problems at an early stage. 1 The business challenges mentioned by The Economist are greatly affected by the need to meet strict reporting and real-time disclosure requirements of the Sarbanes-Oxley Act of 2002. The implementation of a formalized risk management process is increasingly being recognized as a means to help meet such requirements as well as improve project performance at the same time. Organizations such as the Project Management Institute (PMI) and the UK-based Association of Project Management (APM) have long advocated risk management. Risk management is so fundamental to good project management that it represents one of the nine main knowledge areas of the PMI Project Management Body of Knowledge (PMBOK) and the APM Body of Knowledge. Despite the increased emphasis given to risk management by organizations such as PMI, current practice of risk management on projects is low. In an academic study of project management tools and techniques published in R&D Management, the findings suggested, only a limited number of projects have used any kind of risk management practices and/or any of the available tools. 2 Overall complexity and lack of insightful software tools have, without doubt, discouraged many organizations from implementing formalized risk management processes. Nevertheless, these traditional barriers will eventually disappear as awareness for formalized risk management continues to grow and information technology advances. A disciplined approach to assessing operational risks makes good business sense. Beyond Sarbanes- Oxley compliance, developing a multi-step operational risk assessment process can save companies millions. AMR Research 3 www.deltek.com info@deltek.com 800.456.2009

If you don t succeed with risk management, you won t succeed with project portfolio management, says Raytheon CIO Rebecca Rhoads, who credits risk management with lowering her project failure rate and helping Raytheon IT achieve its cost-performance targets. The process, she says, is so much more important than the math rigor. Mature, consistent processes-you need that first. i Introduction This paper explains how the application of formalized risk management can improve the decision-making process within projects and help organizations to reduce risk exposure. It examines various risk management techniques and looks at how software tools can help to implement these techniques. The general techniques and methodologies described in the paper can be applied to any type of project in any industry. Project Decision Making and Risk Management Decisions made to initiate a project usually relate to specific business objectives that support the ongoing growth and endurance of an organization. If uncertainty is not managed closely throughout the life of the project, it can affect the project s ability to meet the original objectives. Minimizing the degree of uncertainty is the best way to make informed decisions for all aspects of project management. To minimize the degree of uncertainty it is first necessary to identify the areas of potential risk, the probability of the risk events occurring, and the impact the events could have on the project if this occurs. Even if the project events themselves cannot be changed, having a better understanding of the potential impact of those events on the project helps support more informed decision making. For example, an unexpected fault could be discovered in a key component of a turbine causing production to stop at an electricity plant. If this possible event is anticipated in advance, the planner can plan accordingly and consider response strategies. While the planner cannot necessarily reduce the likelihood of the event occurring, he can reduce the probability and impact of the risk by having an appropriate response plan in place. In daily risk management, project managers rely heavily on various information sources such as past productivity estimates, material specifications, and the opinions of other team members. All too often such sources are highly subjective and do not take into account the degree of uncertainty associated with risk events. Instead, they simply focus on the impact of those events.this creates an incomplete picture. To see the total picture, one must first understand the nature of risk. Risk is defined as the cumulative effect of the probability of uncertain occurrences that may positively or negatively affect project objectives. 4 In other words, the combined probability of all uncertainty associated with each part of the project. Using a technique that measures quantitative information (including probability) about the potential impact of an event provides the decision maker with better data for analysis. Better data analysis leads to healthier project decisions, which, in turn, reduces a project s exposure to risk. It is important to note that uncertain events can be either positive opportunities or negative risks. Additionally, every risk can generate potential opportunities. Conversely, by pursuing project opportunities, associated project risks can arise. In summary, risks and opportunities are closely associated and are capable of arising from one another. When studying project risk at the macro level, both risks and opportunities should be considered. As well as improving decision-making and project control, the risk management process is also fundamental to project portfolio management. Portfolio selection relies on various project factors (cost, resources, priority, and risk). Formalized risk management is essential in generating credible information on each project s risk exposure. WHITE PAPER: Using Project Management Portals to Integrate and Share Project Information

The Risk Management Process A risk has three primary attributes that should be identified and tracked: Event, Probability, and Impact. Event: The event is a description of the risk as it may occur, e.g. severe storms during the flighttesting phase of an aircraft production program. To assess risk probability, one must first understand the specific nature of the event. For example, a severe storm is a generic description that lacks specifics. However, severe storms occurring during the flight-testing phase is a specific event and would be assessed differently from a severe storm that occurred before or after testing. Once the event is specific enough, the probability can be accurately determined. Probability: The probability is the chance of the event occurring. Typically, probability is measured in quantitative terms. However, within project management, the probability of risk can be measured in both quantitative and qualitative terms. As a rule, risk management deals with events that fall within the probability range of 0% - 100%. In most cases, risk management does not contemplate events that fall on the boundaries of 0% or 100%. An event that has a 0% chance of occurring does not need to be considered. Likewise, an event that has a 100% chance of occurring does not need to be considered; rather, it can be planned for in the schedule with certainty, and managed using standard issue management techniques. Impact: The impact is the measurement of how much the event will affect the project if it occurs. To facilitate risk management analysis, impact is broken down into different impact types, e. g. cost, quality, and duration. A good example of this would be a highly skilled programmer leaving in the middle of the development phase of software project - this could affect all of the above impact types. The combination of probability and impact (usually by multiplying the two values together) creates a risk score (expected value) that can be used in the decision-making process and as a project control mechanism. Risk scores are a very useful project health indicator and can also be used in portfolio management tools and techniques. When evaluating risks, project managers typically use a gridlike tool known as a risk matrix. A risk matrix combines two axes (probability and impact) to provide a means of calculating the risk score. The tool may report risk information for an individual task or for a project as a whole. Most risk management software tools include the functionality for generating these matrices. In order to give risk scores a more meaningful context for individual organizations, the risk matrix often includes an underlying shaded background indicating bandwidths of tolerances. Tolerances indicate the project or organization s sensitivity to risk and help to highlight which risks require attention during the project management process. Tolerance definitions - such as those shown in Figure 1 - will vary from project to project and organization to organization. Impact Very Low Low Medium High Very High Probability Very High High Med. High Medium Low Tolerances Preferred Acceptable Neutral Undesirable Unacceptable Disasterous Very Low Figure 1 - Risk Matrix with corresponding tolerance bandwidths WHITE PAPER: Using Project Management Portals to Integrate and Share Project Information

Risk Management Risk Planning Risk Response Risk Management Process Risk Identification Risk Action Planning Risk Assessment When making decisions about events and evaluating their risks, it is also important to consider the corresponding opportunity as well as the negative impact. Why spend time making a decision about a high-risk event if the potential risk reduction and opportunity from executing the corresponding task is minimal? A task within a project may have multiple risk events associated with it and varying risk scores across multiple impact types. For example, a task s score for Schedule impact could be 2 and its score for Quality impact could be 4. Good risk management tools can provide an easy means of mapping such relationships between risks and tasks across different impact types. Formal Risk Management According to the PMBOK - 2000 Edition, risk management is the systematic process of identifying, analyzing, and responding to project risk. It includes maximizing the probability and consequence of positive events and minimizing the probability and consequence of adverse events to project objectives. 5 The above listed processes can be further broken down into: 1. 2. Risk Planning - deciding how to approach and plan the risk management activities for the project. Risk Identification - defining risk categories and risk acceptance levels, identifying individual risks, and identifying any risk triggers. 3. 4. 5. Risk Assessment - Risk assessment can be both qualitative and quantitative. Qualitative risk assessment is the process of assessing the impact and likelihood of identified risks and producing a probability-impact matrix. Quantitative risk assessment is the process of analyzing each risk probability and the overall impact on the project. Risk Response - the process of developing options and determining actions to enhance opportunities and reduce threats to the project s objectives. Mitigation steps are a common approach. Risk Management - continual monitoring and updating of project risks. Risk management should be viewed from both the short- and long-term perspective. From the short-term perspective, risk management deals with the immediate needs of the project such as the current week s work. The long-term perspective looks much further out. For example, examining the risk of ROI on a design, build, own, operate construction project, the project owner needs to take into account long-term events - such as interest rates and potential leasing demand - in order to determine the long-term risks. Additionally, steps carried out to mitigate or reduce the associated risks may have both longand short-term consequences.this point is often ignored during risk management. WHITE PAPER: Improving Project Decision Making and Reducing Exposure Through Risk Management

Effective risk management is a team sport. It requires the active participation of everyone in and around the project, from team members to executives to customers, with the project manager as moderator and documentarian.the organization must support risk management with clear processes, tools and resources. Projects@Work magazine, July/August issue 7 Risk Models Formal risk management is typically based on a particular risk model. Standard models of varying complexity are widely recognized and should be applied according to the level of risk management detail required by the project. All models provide a common framework including inputs, processes, and outputs that contribute to the management of project risk. The table below outlines some of the standard risk models. 6 Risk Reduction through Mitigation Steps Once project risks have been identified, risk events that have unacceptable risk scores need to be resolved or addressed. A common approach is the use of mitigation steps. Mitigation steps are assignments that once executed actually reduce the risk event score. Single steps or a series of steps can be applied to reduce the risk score down to an acceptable level (residual risk score). Mitigation steps can be closely tied to issue and action item management solutions. Who is Responsible for Risk Management? Formal risk management should be implemented throughout the lifecycle of a project. This includes the proposal phase before project permission is granted to the initiation stage. All involved including stakeholders, investors, and the proposed project manager should practice risk management at the project proposal phase. Assessment of project risks at this phase should be considered from all perspectives - such as ROI, environmental opposition, availability of resources, competition - and what if scenarios. This helps ensure that the decision to proceed or not to proceed with a project is properly validated. Real risk management involves the stakeholders and customers - the organization above and around the project, says Tim Lister, co-author of Waltzing with Bears: Managing Risk on Software Projects. They have to be willing to participate in identifying and talking about risks, and changing the plan or the definition of the product to accommodate the risks. 8 Risk Model Complexity Description Standard Simple Risk Model Medium Low A widely used model that distinguishes between event and impact probability. Risk events are the drivers behind the risk impact.these combined produce the Risk Total Loss. Risk event and impact are considered as a single entity. Most organizations not trained in risk management follow this model. Cascade Risk Model High Multi-stage model - modeling multiple events cascading from one to another. This model accurately represents interactions between risks. One issue with this model is that the resulting probability is often very low (due to the resultant event being very specific). Ishikawa/ Fishbone Risk Model High Allows multiple events and drivers to cause a single impact. An accurate model, but complex to use. WHITE PAPER: Improving Project Decision Making and Reducing Exposure Through Risk Management

Beyond the project proposal phase, the project stakeholders and project manager typically conduct risk planning. Considerations that should be addressed before the project is underway include deciding how and at what level of detail to track risks. Choosing the right level of detail is key to successful risk management. Requiring too much detail on a simple project will slow down the project and dilute focus; conversely, too little attention to risk identification, assessment, and reduction results in a risk management process with little or no real value. During the execution phase of a project, it is very important to get team member buy-in to the risk management process. Ensuring that team members genuinely understand the downstream benefit of risk management is key to their active participation in identifying risks and working on steps associated with mitigation. It is important to stress how risk management will help ensure the success of the project - to everyone s advantage. Risk management is an on-going process throughout the lifecycle of the project and should be practiced by all team members involved with the project. In order to make this as easy as possible and increase the chances of success, it is important to choose a risk management tool that can model your organization s processes and provide an easy means for team members to input and access data that is relevant to them. If an enterprise-wide risk management system is used, senior management can leverage the tool to obtain a high-level overview of risk exposure across all projects. Management can monitor the progress of high-risk areas while project managers and their teams work to mitigate identified risks. With the increased pressure placed on senior management by the Sarbanes-Oxley Act to rapidly report material changes in operations, 9 corporate officers should feel more comfortable if they can see a complete view of all risks to their projects operations in real-time. Conclusion Risk is inherent in all projects and organizations. Very few project decisions are made in absence of any uncertainty or risk. Uncertainty can result in a positive or negative outcome and generate opportunity and risk. Often, not all risks are identified and opportunities associated with risks are overlooked. Risk, if left unmanaged, can have a negative impact on project completion and prevent the project from meeting its overall objective. Formalized risk management is an essential control tool for project management and an important aide to decision making. When done correctly, with sufficient and accurate information, it can provide a very useful means of reducing uncertainty within a project.this subsequently improves the chances of project success. Historically, risk management techniques have often been dismissed or ignored because of the upfront effort required in identifying risks. Having a risk management software tool that makes this process easy and effective without bringing significant burden or overhead to the day-to-day execution of the project will allow downstream control and reduction of overall project risk. Risk management should be tied closely to the project model, usually in the form of a project schedule. This ensures that high-risk and opportunistic areas of a project can be easily identified and monitored. The processes of both risk identification and quantification are undertaken to provide a means of calculating risk scores. Risk scores are a very useful indicator of project health and a key component of project portfolio management. Practicing risk reduction steps in an organized manner is key to the true reduction of project risk. Formalized risk management is not a new concept; however, effective risk management tools are now just emerging. This new generation of Web-based tools provides the muchneeded flexibility to improve project decision-making and reduce risk exposure. At the end of the day, this increases the chance of a project s success and the opportunity for a better return on investment. WHITE PAPER: Improving Project Decision Making and Reducing Exposure Through Risk Management

References Footnotes 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. CCAi Consulting. Connect everyone to everything. http://www.ccaiconsulting.com/info.asp?pageid=10 Jeffrey Garten. A new year; a new agenda, The Economist. London, England:The Economist Group, Jan 2nd 2003 issue. Tzvi Raz,Aaron Shenhar and Dov Dir. Risk management, project success, and technological uncertainty, R&D Management. Malden, MA: Blackwell Publishers, 2002. Jill Feblowitz, John Hagerty. Basic Steps Now Can Mitigate Operational Risk Before Sarbanes-Oxley Forces the Issue, AMR Research Alert. Boston, MA: AMR Research Inc, November 10, 2003. Stephen Ward and Chris Chapman. Managing Project Risk and Uncertainty :A Constructively Simple Approach to Decision Making. John Wiley & Sons, 2002. A Guide to the Project Management Body of Knowledge (PMBOK Guide). Pennsylvania: Project Management Institute, Inc., 2000. Preston Smith and Guy Merritt. Proactive Risk Management : Controlling Uncertainty in Product Development. Productivity Press, 2002. Aaron Smith. Risk and Reward, Projects@Work. IIR Exhibitions US Publication, July/August issue. Tim Lister. Waltzing with Bears: Managing Risk on Software Projects. New York, New York: Dorset House Publishing, 2003. Sarbanes Oxley Act of 2002. Section 409. Real-time Issuer Disclosures. i. Extract from Risk and Reward article in Projects@ Work July/August issue. WHITE PAPER: Improving Project Decision Making and Reducing Exposure Through Risk Management

Contact Deltek www.deltek.com info@deltek.com 800.456.2009 Deltek is a global leader dedicated to delivering enterprise management software that meets the unique needs of project-focused organizations. With over two decades of experience, Deltek enables companies to maximize profitability and productivity, integrating all aspects of their businesses. More than 11,000 customers worldwide rely on Deltek to streamline operations, improve performance and win more business. Deltek 13880 Dulles Corner Lane, Herndon, VA 20171 US & Canada: 800.456.2009 or 703.734.8606 UK +44 (0) 20 7518-5010 2007 Deltek, Inc. All rights reserved. All referenced trademarks are the property of their respective owners.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information