comprehensive overview of risk management

(c) 2010 Valenti Partners All Rights Reserv(c) 2010 Valenti Partners All Rights Reserveded

11

Risk Management Risk Management

Andrew P. Valenti, Principal ConsultantValenti Partners


22

Risk Management and Product Risk Management and Product DevelopmentDevelopment

The list of Risks:The list of Risks:1.1. Risk management is Risk management is

an integral part of an integral part of project management project management

2.2. Product development Product development requires project requires project managementmanagement

3.3. Therefore, managing Therefore, managing risk should be as risk should be as natural as managing natural as managing the schedule (but it the schedule (but it isn’t)isn’t)

Key Idea

++

== Risk Management Methodology Risk Management Methodology


33

What is Risk?What is Risk?

Risk is the possibility:Risk is the possibility: Of being hurt. A lot of the time, Of being hurt. A lot of the time,

people say people say riskrisk, but are actually , but are actually talking about talking about probabilityprobability, which , which is how likely something is to is how likely something is to happen. To people who have happen. To people who have jobs in judging risks, "risk" is not jobs in judging risks, "risk" is not only how likely something bad is only how likely something bad is to happen, but also how bad it to happen, but also how bad it could be. (From Wikipedia).could be. (From Wikipedia).

That an undesired outcome (or That an undesired outcome (or lack of a desired outcome) lack of a desired outcome) disrupts your project. disrupts your project.

Risk management is the activity Risk management is the activity of identifying and controlling of identifying and controlling undesired project outcomesundesired project outcomes

Definition


44

What is Risk?What is Risk?

When you are dealing with When you are dealing with risk there are always risk there are always uncertaintiesuncertainties

You can narrow, but not You can narrow, but not eliminate, the uncertainty, eliminate, the uncertainty, by:by:

• Clarifying the probability Clarifying the probability • Understanding the Understanding the

consequences or consequences or alternativesalternatives

• Determining what drives the Determining what drives the risk risk

Risk management helps you Risk management helps you understand these factors understand these factors and consistently sway them and consistently sway them in your favorin your favor

The more precisely the position is determined, the less precisely the momentum is known in this instant, and vice versa. --Heisenberg, uncertainty paper, 1927


55

Risk vs. IssuesRisk vs. Issues

1.1. Events that are Events that are certain to occur are certain to occur are issuesissues

2.2. Issues arise while Issues arise while identifying risks, but identifying risks, but they proceed on a they proceed on a different action-different action-planning track.planning track.

Key Idea


66

Time componentTime component

1.1. For every project risk, For every project risk, there is a time when it no there is a time when it no longer existslonger exists

2.2. It is important to know It is important to know when this termination when this termination time arrives so the risk time arrives so the risk can be removedcan be removed

3.3. In some cases, In some cases, termination time is termination time is distinct, in others it is distinct, in others it is ongoing.ongoing.

4.4. Sometimes, the “time Sometimes, the “time component” is manifest as component” is manifest as a condition instead of a condition instead of time.time.

Risk always involves the Risk always involves the possibility of some kind of losspossibility of some kind of loss


77

Determining a Risk CandidateDetermining a Risk Candidate

Candidate Uncertain? Loss Possible? Time Component? Risk

Yes Yes Yes Yes

No No No

Issue No Impact Irresolvable

The three components of a risk, which determine our ability to manage it.


88

Why Companies Fail in Managing Why Companies Fail in Managing RiskRisk

Failure to address:Failure to address: Cross-Cross-

functionalityfunctionality Pro-activenessPro-activeness


99


Cross functionalityCross functionality• Unique, superior, Unique, superior,

differentiated productsdifferentiated products• Strong market Strong market

orientationorientation• Sharp, early fact-based Sharp, early fact-based

product definitionproduct definition• Solid market & Solid market &

technical researchtechnical research• Cross-functional teamsCross-functional teams• Built on core-strengthsBuilt on core-strengths• Market attractivenessMarket attractiveness• Quality launch Quality launch

processesprocesses• Technical competenceTechnical competence


1010


Proactiveness:Proactiveness:1.1. Wait until late in Wait until late in

the project when the project when many risks start many risks start occurringoccurring

2.2. Let risk Let risk management management lapselapse

“Eighty percent of success is showing up.”

-Woody Allen


1111


Wait until late in the project Wait until late in the project when many risks start when many risks start occurring:occurring:

Late attention to risks Late attention to risks often leads to expensive often leads to expensive workaroundsworkarounds

Late discovery of potential Late discovery of potential problems precludes problems precludes solutions that would have solutions that would have been available earlierbeen available earlier

Late surprises are more Late surprises are more disruptive to the scheduledisruptive to the schedule


1212


Let risk management Let risk management lapselapse

The team does The team does deliver a list of deliver a list of risks, but gets on risks, but gets on with the “real” with the “real” work of the projectwork of the project

When risks occur, When risks occur, they are just as they are just as unprepared, but unprepared, but more more embarrassed!embarrassed!


1313

The Antithesis of Risk The Antithesis of Risk Management: FirefightingManagement: Firefighting

A type of management A type of management behavior, often behavior, often reinforcedreinforced

A corporate firefighter A corporate firefighter is so involved in is so involved in fighting the last fire fighting the last fire that they let the next that they let the next one smolderone smolder

Then this person pulls Then this person pulls the new problem out the new problem out of the fire and is of the fire and is regarded as a heroregarded as a hero


1414

How Much Risk Management?How Much Risk Management? The more risks you The more risks you

identify, analyze, identify, analyze, and monitor, the and monitor, the more it will cost.more it will cost.

Good risk Good risk management management requires explicit requires explicit choices and choices and decisions that are decisions that are reviewed regularlyreviewed regularly

Consider each risk Consider each risk in terms of what it in terms of what it can do for you as can do for you as well as the harmwell as the harm

Remember: project Remember: project management is risk management is risk management!management!

Hurricane Katrina: Three men use makeshift oars to paddle a damaged boat.


1515

Using Project Risk Using Project Risk ModelsModels


1616

IntroductionIntroduction

The Risk Management The Risk Management methodology methodology depends on the depends on the model:model:

1.1. Helps quantify the Helps quantify the magnitude of a risk magnitude of a risk for comparison for comparison purposespurposes

2.2. Points to root causes Points to root causes for risk resolutionfor risk resolution

Credit Risk Model


1717

Risk ModelsRisk Models

Models:Models:1.1. Ground us in a Ground us in a

common viewpoint common viewpoint so that we can so that we can communicate with communicate with othersothers

2.2. Form a common Form a common basis for analyzing a basis for analyzing a risk situationrisk situation

3.3. Provides a Provides a systematic way of systematic way of dealing with riskdealing with risk

Key Idea


1818

Standard Risk ModelStandard Risk Model

Seven Components:Seven Components:1.1. Risk EventRisk Event: The state that : The state that

triggers a losstriggers a loss2.2. Risk event driverRisk event driver: Something in : Something in

the project environment can the project environment can cause a risk to occurcause a risk to occur

3.3. Probability of risk eventProbability of risk event: : Likelihood of a risk eventLikelihood of a risk event

4.4. ImpactImpact: Consequence or : Consequence or potential losspotential loss


1919

Standard Risk ModelStandard Risk Model

Seven Components cont.:Seven Components cont.:5.5. Impact driverImpact driver: Something in the : Something in the

project environment can cause an project environment can cause an impactimpact

6.6. Probability of impactProbability of impact: Likelihood of : Likelihood of an impact, given that the risk an impact, given that the risk occursoccurs

7.7. Total lossTotal loss: Magnitude of the actual : Magnitude of the actual loss accrued when a risk event loss accrued when a risk event occursoccurs


2020

The Standard Risk ModelThe Standard Risk Model

Probability of risk event (Pe)

Probability of impact (Pi)

Risk event driver(s)

Impact drivers

Risk Event Impact Total loss (Lt)


2121

Simple Risk ModelSimple Risk Model

Simple Risk Model. Combines the risk event and impact into a single entity along with the risk’s probability of occurrence.

Probability of risk event & impact

(Pe and Pi)

Driver(s)

Risk event and impact

Total loss


2222

The Risk Management The Risk Management ProcessProcess


2323

The Risk Management ProcessThe Risk Management Process

Overview of the process:Overview of the process:1.1. Identify risks that Identify risks that

you could encounteryou could encounter2.2. Analyze risks to Analyze risks to

determine drivers, determine drivers, impact, and impact, and probabilityprobability

3.3. Prioritize and map Prioritize and map the risks to a short the risks to a short listlist

4.4. Plan how you will Plan how you will take actiontake action

5.5. Monitor progress on Monitor progress on a regular basisa regular basis

The Old Mill


2424

Risk events and impact

Drivers, probabilities and total loss

Subset of risks to be managed

Types of action plans: avoidance, transfer, redundancy and mitigation (prevention, contingency, reserves)

Assess status and closure of targeted risks; identify new risks

Step 1:Identify risks

Step 2:Analyze risks

Step 3: Prioritize and map risks

Step 4:Resolve risks

Step 5:Monitor risks

Reg

ula

r ch

eck f

or

new

pro

ject

risks

Reg

ula

r ch

eck f

or

new

pro

ject

risks

StepsSteps Critical informationCritical information

The Five-step Risk Management ProcessThe Five-step Risk Management Process


2525

Step1: Identifying Project RisksStep1: Identifying Project Risks

Criteria:Criteria:1.1. Need a facilitator Need a facilitator

without a stake in without a stake in the outcomethe outcome

2.2. A brainstorming A brainstorming activity: strive for activity: strive for quantityquantity

3.3. Define happening Define happening that could occur that could occur along with a time along with a time componentcomponent

4.4. Describe the impactDescribe the impact

Line up


2626

Step 2: Analyzing RisksStep 2: Analyzing Risks

Criteria:Criteria:1.1. Identify drivers for Identify drivers for

each risk eventeach risk event

2.2. Be as factual as Be as factual as possiblepossible

3.3. Identify probabilities Identify probabilities for risk and for its for risk and for its impactimpact

4.4. Use historical data Use historical data whenever possiblewhenever possible


2727

Step 2: Analyzing Risks cont.Step 2: Analyzing Risks cont.

Calculating expected Calculating expected loss:loss:

1.1. Decide on a small Decide on a small set of values for set of values for probabilities, e.g. probabilities, e.g. 10, 30, 50, 70, 10, 30, 50, 70, 90%90%

2.2. Expected loss is Expected loss is the mean loss the mean loss associated with associated with the riskthe risk


2828


Probability of risk impact (Pi)

Total loss (Lt) Expected loss (Le)

Risk likelihoodRisk likelihood Total amount of Total amount of loss if risk occursloss if risk occurs

Answers question, Answers question, “How risky is it?”“How risky is it?”

Formula for calculating expected loss from its componentsFormula for calculating expected loss from its components


2929

Step 3: Prioritizing and Mapping Step 3: Prioritizing and Mapping RisksRisks

Techniques for Techniques for developing a developing a short list:short list:

1.1. Top 10 ListTop 10 List2.2. Risk map: total Risk map: total

loss vs. risk loss vs. risk likelihood (Plikelihood (Pee XX P Pii))

3.3. Consider Consider catastrophic risks catastrophic risks with low with low probabilityprobability


303055 1010 1515 2020 2525

1010

3030

5050

7070

9090

Ris

k lik

elih

ood

(P

Ris

k lik

elih

ood

(P

e

e X

PX

Pii) -

perc

en

t)

- p

erc

en

t

Total loss - workdaysTotal loss - workdays

Threshold line

Threshold line

Risk Risk 22

Risk Risk 11

Risk Risk 55

Risk Risk 1616

Risk Risk 1313

Risk Risk 44

Risk Risk 99

Risk Risk 1818

Risk Risk 77

Risk Risk 1010

Risk Map showing risks 1, 2, 5, 13, & 16 under active management and five more monitored candidates


3131

Step 4: Planning Resolution of Step 4: Planning Resolution of Targeted RisksTargeted Risks

An action plan has:An action plan has: An objectiveAn objective Means of measuring Means of measuring

when the objective when the objective has been achievedhas been achieved

A completion dateA completion date A responsible A responsible

individualindividual Adequate resources Adequate resources

allocated to allocated to complete the taskcomplete the task


3232

Step 5: Monitoring Project RisksStep 5: Monitoring Project Risks

Monitoring metrics:Monitoring metrics: Expected loss Expected loss

(should be (should be declining)declining)

Number of risks Number of risks preventedprevented

Number of Number of impacts mitigatedimpacts mitigated

New risks New risks appearingappearing


3333


Probability of risk impact (Pi)

Total loss (Lt) Expected loss (Le)

Risk likelihoodRisk likelihood Total amount of Total amount of loss if risk occursloss if risk occurs

Answers question, Answers question, “How risky is it?”“How risky is it?”

Factors entering into calculating expected loss, which is the prime criterion for prioritizing risks.

Calculate Expected LossCalculate Expected Loss


3434

Calculate Expected LossCalculate Expected Loss

ExampleExample Assume 50% chance (probability of risk event) that a Assume 50% chance (probability of risk event) that a

tool will be two weeks late (risk event)tool will be two weeks late (risk event) It will delay the next product build by two weeks which It will delay the next product build by two weeks which

has a 70% (probability of impact) chance of delaying has a 70% (probability of impact) chance of delaying the projectthe project

This results in a $500,000 (total loss) lost profit This results in a $500,000 (total loss) lost profit (impact)(impact)

PPee = 50%, P = 50%, Pii = 70%, L = 70%, Ltt = $500,000 = $500,000

.5 X .7 X $500,000 = $175,000 (expected loss).5 X .7 X $500,000 = $175,000 (expected loss)

Note: Expected loss is your primary means going forward of Note: Expected loss is your primary means going forward of comparing and prioritizing various identified risks.comparing and prioritizing various identified risks.


3535

Working with Differing Units and Working with Differing Units and Qualitative ScalesQualitative Scales

If the total loss cannot be If the total loss cannot be expressed numerically:expressed numerically:

Define labels such as Define labels such as “medium”, as specifically as “medium”, as specifically as possible by calibrating thempossible by calibrating them

Construct a calibration tableConstruct a calibration table Be sure to perform some Be sure to perform some

cross checkscross checks Alternative approach is to Alternative approach is to

use consequence factorsuse consequence factors


3636

Total Loss Schedule slip (workdays)

Target product cost overrun

Project budget overrun

Product performance (throughput, units/minute)

None 0 0 0 220

Low 1-5 <0.50 <150,000 205

Medium 6-15 0.50-1.20 150,000-500,000 190

High >15 >1.20 >500,000 180

Calibration values for total loss when using qualitative scales


3737

SummarySummary

Risk has many meanings, but we Risk has many meanings, but we define it in terms of:define it in terms of:

1.1. UncertaintyUncertainty

2.2. LossLoss

3.3. Time componentTime component Good project risk management Good project risk management

places an emphasis on being both places an emphasis on being both cross functional and proactivecross functional and proactive


3838

SummarySummary

It is the opposite of fire fighting It is the opposite of fire fighting which poses an organizational which poses an organizational challengechallenge

You cannot make risk management You cannot make risk management perfect; you can reach a point of perfect; you can reach a point of diminishing returnsdiminishing returns

Risks can be positive as well as Risks can be positive as well as negativenegative


3939

SummarySummary

The Standard Risk Model provides The Standard Risk Model provides the most effective risk management the most effective risk management for the effort expended in using itfor the effort expended in using it

Risk models provide a powerful tool Risk models provide a powerful tool to help visualize and understand riskto help visualize and understand risk

““All models are wrong. Some are All models are wrong. Some are useful.” – George Box, Statisticianuseful.” – George Box, Statistician


4040

SummarySummary

A five step program:A five step program:

1.1. Structured brainstormingStructured brainstorming

2.2. Analyze each risk according to a Analyze each risk according to a process to clarify the risks’ threatprocess to clarify the risks’ threat

3.3. Choose a risk set that you will Choose a risk set that you will managemanage

4.4. Create an action planCreate an action plan

5.5. Ongoing monitoring of risk pictureOngoing monitoring of risk picture

comprehensive overview of risk management

Documents

risk risk management

risk situation

risk managementandrew

risk management methodology

risk management lapse

good risk management

antithesis of risk management

project risk models