program portfolio risk management solutions
DESCRIPTION
Proactive Risk Management Environment(RME) for Project and Program Managers.TRANSCRIPT
Risk Management Environment (RME)for Program and Portfolio
MCL Management GroupCheryl Wilson, PMP, RMP, CCEP & Paul Lohnes, PMP
2
Paul H. LohnesPMP, Managing Partner
Over 28 years Project Management experience
Own company for 24 years before starting MCLMG with Cheryl
Risk management, project rescuer, and project management consultant
Has delivered over 500 seminars to over 10,000 attendees worldwide
Cheryl A. WilsonPMP, PMI-RMP, CCEPSVP, Risk Management Division
Over 26 years project and risk management experience
Government, commercial, and non-profit organizations
Established two complete RME at the portfolio level in past 2 years
Compliance & ethics officer (SME)
MCLMG, LLC Alexandria, VA
3
IntroductionRisk Management Environment (RME) Solutions for P/PM
Questions1. What is a mature RME?2. How do you assess RME maturity?3. How do you determine organizational risk tolerance?4. How do you escalate risks between aggregates?5. What are some of the effective RME solutions?
Outcomes1. Understand RME solutions for your program/portfolio2. Place a value on your RME activities3. Take away short-term implementation solutions
4
Q1: What is a mature RME?
• Risk proactive: mitigate first, respond second• Proactive risk mitigation mindset: reduce impact
First and foremost:
PROACTIVE• Accountable means taking ownership• Accountable means being active not passiveBe accountable
• Responsible means taking positive actions• Responsible means being focused on solutionsBe responsible
• Transparent means accepting risk as part of PM• Transparent means identifying & managing risksBe transparent
• Ignoring risks, hoping they will go away• Thinking risks are bad and should NOT be
discussedMaturity is NOT
5
Risk Maturity Model (RMM™)
Assessing maturity of your RME
5 States of an RME’s maturity• State 1: Adolescence (lowest)• State 2: Transparent• State 3: Responsible• State 4: Accountable• State 5: Proactive (highest)
Similar to the SEI’s CMMI structure• Covers most project management activities – risk is project
invasive!• Does not require annual fees or membership
™ MCLMG, 2010
6
RMM™ Maturity States
• Risk ignorant, dismissive, ineffective• No risk perspective or mindset in organizationAdolescence
• Risk accepting, acknowledging, and progressive• Risk discovery, tracking, and monitoringTransparent
• Taking actions towards the risks before triggering• Beginning to instill a risk-friendly mindset in the PM activities
Responsible
• Taking ownership of risk mitigation actions• Seeking and obtaining Sr. Management supportAccountable
• Active and effective risk mitigation strategies : REV reductions!
• Tracking and costing risk program to a Return on Investment perspective
Proactive
REV = risk equivalent value; defined as REV = RCI * RPO (Slide 51)
7
MITIGATECharacteristics of a Proactive RME
M MatureI InquisitiveT ThoroughI Investment-Oriented
G Goal-seekingA ArticulatedT TransitionalE Effective
8
Q2: How do I Assess my RME?
Begin with understanding your As-Is• Where is the RME today?• Do we have an active RME in our
projects/programs/portfolios (aggregate levels)?
Be honest and up front• Everyone starts somewhere• Don’t over rate your own program
Be objective – use a definitive model (RMM™)
Use a checklist to ensure consistency
9
RME Maturity Assessment Checklist• Purpose
• Perform a self-assessment of the As-Is status• Provides a baseline for comparison
•Outcomes• Shows areas of strengths & weaknesses• Provides starting line for maturity planning• Starts RME maturity discussions• Begins risk maturity mindset changes
10
Determine the Status of Your RME
Where are the commonalities, differences?
What are the strengths & weaknesses at each aggregate level?
Which state is your RME at?Portfolio level Program level Project level
Using outcome of RMM State Checklist
11
Q3: How do you determine risk tolerance?Organizational Risk Tolerance (ORT™) Model
• Organizational Risk Tolerance• Risk characteristic or appetite of organization• Purpose: drives project management risk tolerance
ORT ™
• Mitigation: use of risk mitigation strategies• Maturity: level of risk understanding and acceptance
Based on two (2) independent
variables
• Risk Seeking High maturity High mitigation
• Risk Accepting High maturity Low mitigation• Risk Avoiding Low maturity High mitigation• Risk Rejecters Low maturity Low mitigation
Four types of organizationalrisk tolerance
12
ORT ™ States I
The ORT™ defines four very simple states of risk tolerance based on the intersection of two independent variables:1. Maturity (level from RMM)2. Mitigation (usage)
The ORT will impact the project’s risk tolerance in that a project can never be more risk tolerant than the organization that funds it.
13
ORT ™ States II
• High maturity, high mitigation
• Understands value of risk versus reward concept
Risk Seeker
• High maturity, low mitigation
• Accepts risk as normal, deals with issues instead
Risk Accepter
• Low maturity, low mitigation
• Ignores risks until issues, reactive
Risk Rejecter
• Low maturity, high mitigation
• Avoids risks as normal, proactive in transfer or converting risks
Risk Avoider
Mit
igati
on
Maturity
14
ORT Model Parameters
Participants• Several senior management (C-level)• Several senior PM managers (program/portfolio)• Any certified risk professionals• Sampling of project team members
Resources• Online survey• Off-line scoring
Created using two independent variables
• Maturity• Mitigation
15
What is your ORT?
Perform the ORT assessmentDo the assessment on your organizationBe objective, comprehensive, and focused
Perform the ORT
Do the assessment on
your organization Be objective
16
The ORT™ Solution Review
Which ORT state
describes your
organization?
No single organization
is characterized
in a single state
Organizations exhibit characteristics of several• Internal state• External state
Parameters can alter ORT State• Size of project/program
• Complexity of project/program
• Visibility of project/program
17
Q4: How do I Escalate Risks?
Risks should only be owned on single aggregate level
Risks can escalate across aggregate levels• Begin at project, grow into program level risk• Start as program risk, mitigated down to project
Escalation is a change in risk ownership• Need process/procedure to transfer ownership• Must be managed to prevent chaos
Portfolio level usually plays role of arbiter
18
Escalation Model
19
Upward Escalation
Normal escalation• From lower levels to higher• Growth of risk beyond
budget or schedule of lower level
Transfer of ownership• Project manager to
program manager• Project risk owner to
program risk owner
20
Downward Escalation
Abnormal escalation• Less frequent than upward• Requires more effort
Done for aged risks• Older risks less powerful• Older risks have lower
REVs
21
Escalation Hand-off Process
Begins with a risk review
Risk parameters have changed•REV growth•Risk impact zone growth
•Complexity of mitigation strategy
Agreement between transferring parties
Risk register data transfer
Re-assignment of ownership resources
22
Escalation Process Management
The oversight is done by non-involved party
• Project to program: oversight by portfolio
• Program to portfolio: oversight by director
• Risk manager always involved
Arbitration for escalation disputes
• Risk manager determines parameters of dispute
• Assigns a non-involved party as arbiter
• Arbitration is binding on transferring parties
Constraints should be reviewed
• Scope, time, cost, and quality constraints analysis
• Adjustments may be needed to handle REV / mitigation values upon transfer
23
Paul Lohnes, PMPManaging [email protected]
Cheryl Wilson, PMP, PMI-RMP, CCEPVP, Risk [email protected]
MCLMG, LLC