Upload
amy-robbins
View
216
Download
0
Embed Size (px)
Citation preview
Faculty of Applied Sciences,
Dept of Computing, Engineering and Technology
ATF 202 – Project Risk Management
Alan Stafford
Project Manager, AMAP/Digital Factory project
Learning outcomes:
• What is meant by the term risk in the context of projects
• Be aware of the significance of risk and its role in project management
• Understand the meaning of Hazard, Risk & Importance
• Understand the elements and intent of Risk Analysis and purpose of a risk register
• Understand the elements and intent of Risk Management
• Cultural nature of risk management
Faculty of Applied Sciences,
Dept of Computing, Engineering and Technology
ATF 202 – Project Risk Management
We live with RISK every day
How do you assess risk? 80 mph on motorway? 40 mph past a primary school?
Aren’t you making a mental sum of the likelihood of an incident and the consequences?
Do you think differently for something new as opposed to a regular activity? Do you reflect before action, during and after?
Introduction & reflection
Introduction & reflection
Are we rational about risk?
Which is the greater risk, MMR vaccine, Nuclear Power,
Flight or everyday Driving ?What about
cycling in traffic?
If you were managing a project would the everyday way you deal with risk be good enough?
What if something went fatally wrong?
What if an occurrence adversely affected the project delivery and you incurred a penalty?
What if you left part way through the project?
Introduction & reflection
Risk in Projects
What is different about Risk in projects and everyday life?
Why are project managers particularly concerned with risk?
Risk in Projects
Projects are one off undertakings as opposed to operations where things are tried and tested.
Therefore greater likelihood of things going wrong
Consequences (magnitude) can be serious
Need to have a robust approach
Basic concepts of Risk
Terminology and concepts
Basic concepts of Risk
Risk = “The possibility of suffering harm or loss” (as a result of exposure to the hazard)
Importance = Likelihood x Magnitude
A Hazard = something that has potential to cause harm or loss e.g. delays, cost, failure
What are the hazards, risks & importance for
The turkey?
The cooks “project”?
Risk in Projects
What kinds of risk affect projects?
Technical failure
Project Risks (internal)
Human error
Acts of nature
Business failure due to Political, Economic,
Technological, Social, Legal, Environmental
changes
Consequence:
Project becomes invalid
Responsibility of
Senior management
Part of the Business CaseConsequence:
Deviation from the project
PhysicalfinancialSchedule
Business Risks (external)
Risk in Projects
What kinds of risk affect projects?
Technical failure
Project Risks (internal)
Human error
Acts of nature
Responsibility of the
Project ManagerConsequence:
Deviation from the project
PhysicalfinancialSchedule
Methodologies
To ensure consistency and quality of approach it is normal to follow a recognised methodology
There are various frameworks and models to help deal with risk and they are all very similar
Project Management Institute
Methodologies
Methodology
All methods can be broken down into :
“Risk Analysis” & “Risk Management”
We will follow the Project Management Institute model
Methodology
1) Risk Identification 2) Risk Quantification
Two key concepts – Hazard and risk
What is a hazard?
A Hazard- something that has potential to cause harm to a project e.g. delays, cost, failure
What is a Risk?
Risk = “The possibility of suffering harm or loss from exposure to a hazard”.
Risk Analysis
1) Risk Identification 2) Risk Quantification
Two key concepts, Hazard and risk
Risk Analysis
Hazard?
Risk (magnitude x likelihood)?
What would be the consequences?
•For the individuals concerned?
•For you & the firm?
•For the delivery of the project?
1) Risk Identification 2) Risk Quantification
Two key concepts, Hazard and risk
Risk Analysis
Hazard?
Risk (magnitude x likelihood)?
Generic hazards, e.g. People factors
experience and appropriateness of experience skills, turn-over rate, level of absenteeism cultural differences
Risk Analysis
1) Risk Identification 2) Risk QuantificationWhat is a hazard?
Project specific hazards, e.g. Application specific factors
the nature of the application complexity of the project the size and cost of the project
Two main approaches
Use of checklists
BrainstormingWhen would you
use each method?
Knowledge based software is also available to help with the task of hazard identification
Risk Analysis
1) Risk Identification 2) Risk QuantificationHazard & Risk?
Generic hazards
Project specific hazards
Risk Analysis
1) Risk Identification 2) Risk Quantification
Once identified risks should be assessed for their possible affect on the project
The level of importance or priority of a risk must also be established.
This is often done by assessing the risk value
Possible to use qualitative/quantitative methods
Risk Analysis
1) Risk Identification 2) Risk QuantificationRISK ESTIMATE MATRIX
Highly Likely
Low Moderate High High
Likely
Negligible Low High High
Unlikely
Negligible Low Moderate High
LIK
EL
IHO
OD
Highly Unlikely
Negligible Negligible Low Moderate
Marginal
Minor Intermediate Major
CONSEQUENCES
Marginal - Minimal effect on project e.g. project approval delays
Minor – Some effect on project e.g. delay, change in personnel/suppliers
Intermediate – Significant effect on project e.g. cost overrun > 10% , equipment not fit for purpose
Major - Severe effect on project e.g. project failure, major injury to personnel,
Qualitative method of displaying risk
Risk Analysis
1) Risk Identification 2) Risk QuantificationAdvantage of qualitative methods is that they are easily understood from an overall point of view – showing those risks which need attention.
Doesn’t show the “value” of the risk, i.e. the expected cost
Risk Analysis
1) Risk Identification 2) Risk Quantification
Hazard Likelihood Impact Exposure
1 Changes to the requirements 1 8 8
specification during coding
2 Specification take longer than 3 7 21
expected
3 Staff sickness affecting 5 7 35
critical path activities
4 Staff sickness affecting 10 3 30
non-critical activities
Quantitative method of displaying risk
Risk Analysis
1) Risk Identification 2) Risk Quantification
Hazard Likelihood Impact Exposure
1 Changes to the requirements 10% £8k £800
specification during coding
2 Specification take longer than 10% £6k £600
expected
3 Staff sickness affecting 30% £20k £6,000
critical path activities
4 Staff sickness affecting 60% £3k £1,800
non-critical activities
Quantitative method of displaying risk, can be shown in monetary terms
Risk Analysis
1) Risk Identification 2) Risk QuantificationOutput from this process is a Risk Register
Methodology
So we have covered the two elements of Risk Analysis using the PMI methodology
And have a Risk Register
Methodology
Having identified & quantified the risk what are we going to do about it?
That’s where Risk Management
comes in
Risk Management
Having identified the major risks and allocated priorities, the next task is to decide how to deal with them and there are 3 main options
3) Response Development 4) response Control
Risk Management
3 options
3) Response Development 4) response Control
Risk acceptanceRisk avoidanceMitigation
Risk reduction Risk transfer Contingency
Risk Management
Risk acceptance Risk avoidance Mitigation
Risk reduction Risk transfer Contingency
Unlikely occurrences Things you can’t do anything about “Acts of God” Could also be something where the
fix costs more than the problem!
3) Response Development 4) response Control
Risk Management
Risk acceptance
Risk avoidance Mitigation
Risk reduction Risk transfer Contingency
Attempts to “Design Out” the risk Avoid the activity or issue, but by doing so may introduce another
3) Response Development 4) response Control
Risk Management
3) Response Development 4) response Control
Risk acceptance Risk avoidance
Mitigation Risk reduction Risk transfer Contingency
Reduce either likelihood and/or the impact so that it is acceptable, e.g. ensure expert is used to reduce risk of
failure
Risk Management
3) Response Development 4) response Control
Risk acceptance Risk avoidance
Mitigation Risk reduction Risk transfer Contingency
Transfer the impact, e.g. Insurance policy – known cost v impact Particularly lends itself to physical risks
Your own car or house insurance
Penalty clause with supplier Benefit: reduce likelihood & impact
Risk Management
3) Response Development 4) response Control
Risk acceptance Risk avoidance
Mitigation Risk reduction Risk transfer Contingency
Holding something in reserve – should the worst happen, e.g. Reserve funds Playing safe
Add additional time to uncertain process
Backup supplier/plan
Activated when a trigger takes
place, i.e. Response Control
Risk Management
3) Response Development 4) response Control
Risk management plan is a response to, and an extension of, the Risk Register
Details of responses are recorded
and the trigger points that bring
them into action
Risk Management
3) Response Development 4) Response Control
Ongoing activity throughout the project, part of the plan-action-monitor-control cycle No matter how thorough the Risk Analysis unforeseen events will arise. Control can be broken down into
Passive & Active responses
Risk Management
3) Response Development 4) Response Control
Passive control Ensuring steps in Response Development
are implemented at triggers
Active control Constant monitoring of triggers
May be part of a risk calendar for example.
Work arounds for unseen occurrences Last resort/necessary evil – to be avoided.
Summary
Projects are one off undertakings-therefore more risk than normal operations
Terminology – Hazard, Risk, Importance
Methodology – Various standards
Typically consist of elements that can be broken down into:
An example is:
Summary
Risk management is a culture not a paper exercise or bolt on has strategic implications, e.g. damage to reputation, loss of future business
Generally more successful if team based Risk owned by individuals but all contribute Contributes to “ownership” and “buy-in”
No-Fear culture, i.e. don’t shoot the messenger
Encourage a “learning organisation”
Not a cost but a saving
Faculty of Applied Sciences,
Dept of Computing, Engineering and Technology
ATF 202 – Project Risk Management
Q & A