Profit to the PeopleTM

Drive Away the Skeletons in the Closet: Risk Management Will Set You Apart!

October 2015

Profit to the PeopleTM

[Background Slide]

2

Profit to the PeopleTM

The Predicament

• Difficult to transition from risk management theory to practice

• Hard to find tried and true approaches to managing risk

• Sometimes it seems project managers are the only ones who

think about risk

• And sometimes we don’t think about it enough

3

Profit to the PeopleTM

The Solution

• Use a common risk language

• Apply risk management approach

within your Project Lifecycle

• Consider the Risk Management Plan

template

4

Profit to the PeopleTM

Common Risk Language

5

Term DefinitionAssumption Expectation that one situation will occur over another

Constraint A limit the project must operate within and relaxing these could facilitate achieving the objectives or enhancing

project outputs

Critical Success Factor A mandatory project accomplishment

Issue A situation that arises from a risk being realized; issues are not project risks as they have already occurred and

uncertainty no longer exists

Known Risks Risks that have been identified and analyzed, making it possible to plan responses for those risks

Overall Project Risk The effect of uncertainty on the project as a whole; it is more than the sum of the known risks

Risk An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives

Risk Appetite The degree, amount, or volume of risk than an organization or individual will withstand

Risk Cause A situation that creates the possibility of negative or positive outcomes; causes can be grouped into risk categories

that are referred to as the “risk model” or “risk breakdown structure”. This helps the project team look at many

sources from which project risk may arise.

Risk Conditions Aspects of the project’s or organization’s environment that contribute to project risks, such as immature project

management practices, lack of integrated management systems, concurrent multiple projects, or dependency on

external participants who are outside the project’s direct control

Risk Impact The result of a risk occurring; risks can impact scope, cost, schedule, quality or performance

Risk Tolerance Limits to monitor that actual risk exposure so that it stays within an organization’s risk appetite. Exceeding risk

limits will typically act as a trigger for management action.

Profit to the PeopleTM

Standard Risk Management Approach

6

Project Phase Risk Management Inputs Risk Mgmt Tools

& Techniques

Risk Mgmt

Outputs

Initiation • Business Case

• Other project deliverables as available

• Templates

• Expert Judgment

• Meetings

• Risk Assessment

Planning • Client-Signed SOW or Project Charter

• Risk Assessment

• Stakeholder Register

• Risk Appetite Statements

• Other project deliverables as available

• Templates

• Expert Judgment

• Meetings

• Risk Management

Plan

Execution • Client-Signed SOW or Project Charter

• Risk Management Plan

• Risk Model

• Risk Assessment

• Stakeholder Register

• Risk Appetite Statements

• Other project deliverables as available

• Risk Model Review

• Facilitated Sessions

• Regular Risk

Management Meetings

• Periodic Risk

Assessments

• Expert Judgment

• Risk Register

Monitoring and

Control

• Risk Register

• Risk Likelihood and Impact Matrix (Risk

Management Plan)

• Risk Model

• Risk Categorization

• Risk Probability and

Impact Assessment

• Sponsor Review

• Updated Risk

Register

• Updated Project

Plan

Profit to the PeopleTM

Risk Management Plan

• Which objectives will be assessed for risk exposure?

• Who will participate in the risk management process? What are

the roles and responsibilities?

• Which approaches, tools, and data sources will be used for risk

identification and assessment?

• How will we report and monitor project risks?

7

Profit to the PeopleTM

Establishing Risk Management Roles &

Responsibilities

8

Role ResponsibilitiesProject Sponsor

or Project Owner• Facilitate Risk Assessment in the project initiation phase and assist team with proper interpretation

• Formally or informally, establish risk appetite within the project team

• Provide guidance to project team, as needed, related to risk management

• Act as escalation point, as needed, related to risk management

Project Manager • Ensure Risk Management Plan is consistent and integrates appropriately with other PM plans

• Analyze the Risk Assessment, determine how the known risks affect how risk should be managed on the project

• Build risk plans into project plans, as appropriate

• Own formal risk communications with project sponsor/owner and other team members, leveraging Risk Manager

as appropriate

• Assign risks to team members

Risk Manager • (Functional role that may be assigned to any project team member, including but not limited to the PM)

• Analyze the Risk Assessment, determine how the known risks affect how risk should be managed on the project

• Develop Risk Management Plan

• Facilitate sessions to identify risk, if appropriate

• Create and manage the Risk Register; monitor risks

• Regularly review risks with project team

• Ensure project team effectively and efficiently uses risk tools

• Assist Project Manager with building significant risk plans into the project plan

Project Team

Members• (Includes those filling roles described above)

• Identify and analyze risks

• Volunteer to own risks in accordance with project role and skills/knowledge

• Own and manage assigned risks

• Keep Risk Manager informed of risk status

Profit to the PeopleTM

Defining Risk Scope & AppetiteWhat are the types of risks (cost, time, quality, scope) to be managed

and the organization’s sensitivity to the impacts associated with the risk?

9

Project

Objective

Risk Appetite Risk Tolerance

Cost If cost variances will exceed 5%, must notify

project sponsor

Time

Quality

Scope

Profit to the PeopleTM

Stating Risks

• Risk Meta-Language Technique (Hillson, 2004, p.73)

• State risks as follows to ensure the cause, risk and impact is

clearly identified

• As a result of <definite cause>, an <uncertain event> may occur,

which would lead to <effect on the project objectives>.

• Example: As a result of not being able to control the availability of

our project resources, we may have to develop the critical data

interfaces with less experienced staff, which would affect our

ability to deliver the complete interface solution for the project

• Sometimes you can address one cause and eliminate multiple

risks. This language helps group by cause to see the

opportunities to do this.

10

Profit to the PeopleTM

Identifying Risks – Risk Model

• Provides categories and sources of risk that may relate to the

project

• Assists in identifying risks that might otherwise by overlooked

• Helps categorize risks in the Risk Register

• Not only should individual risks be assessed and evaluated, but

any categories with a high number of risks should be considered

as red flags that need more analysis

11

Profit to the PeopleTM

Identifying Risks – Facilitated Session

• Approach like a Joint Application Design (JAD) session

• Determine which objectives will be assessed for risk exposure

(cost, time, quality, scope)

• Review inputs

– Project scope statement

– Review assumptions and constraints

– Review critical success factors

– Review Risk Assessment

• Risk analysis can be iterative; later in project:

– Review business and technical requirements

– Review work breakdown structure (can create a risk breakdown

structure)

12

Profit to the PeopleTM

Identifying Risks – Other

• Recurring Risk Management meetings

• Periodic Risk Assessments, tailored to current project lifecycle

phase if desired

• Review Assumptions

– Instability: How likely are they to be false?

– Sensitivity: If false, what is the impact to project objectives?

• Review Constraints

– Instability: How likely are they to be removed or relaxed?

– Sensitivity: What will the impact be?

• Review Critical Success Factors

– Instability: How likely is it they will not be met?

– Sensitivity: What will the impact be?

13

Profit to the PeopleTM

Assessing Risks

14

Customize the probability and impact scales for the client/project as needed

• Probability

– Timeframe should be based on the project, such as “What is the

probability of the risk occurring within a one-year timeframe?”

• Impact

– If the risk occurs, what is the impact?

Profit to the PeopleTM

Assessing Risks (continued)

15

• Heat Map

– Impact and Probability are multiplied to obtain a risk score that can be

mapped

Warning: This heat map makes (qualitative) risk management appear

more scientific than it is!!

Profit to the PeopleTM

Treating and Managing Risks

• First, check to see if risk is within appetite

• If it is not, determine the treatment for the risk

16

Negative Risks Positive Risks

• Avoid – Eliminate the risk • Exploit – Make the risk happen

• Transfer – Make another party

responsible

• Share – Involve others to own

opportunity

• Mitigate – Reduce probability

and/or impact

• Enhance – Increase probability

and/or impact

• Passively Accept – Do nothing,

handle only if risk occurs

• Accept – Do nothing, enjoy if risk

occurs

• Actively Accept – Create

contingency plans (can include

cost reserve)

Profit to the PeopleTM

All this….for what???

• More positive risks have been realized

• Fewer negative risks have been realized

• The project was delivered successfully!

17

Profit to the PeopleTM

[Contact Information]

18