x point international ltd © 2002 ‘managing risk, space invaders and your friendly, neighbourhood...
TRANSCRIPT
X Point International Ltd © 2002
‘Managing Risk, Space Invaders and your friendly, neighbourhood Burglar
an introduction to an assumptions-based approachto project Risk Management
presentation to Kingston and Croydon branch of the BCS
14-Jan-2003
David Galley
X Point International Ltd © 2002
Introduction
Basic approach to project risk management Proactive + Devolved + Simple to understand
Presentation Content Risk Risk Management (vs Project Management) Assumptions-based approach Identifying Assumptions Registers Risk Evaluation & Prioritisation Risk Plans Roles & Responsibilities Execution
Questions
X Point International Ltd © 2002
impact ifhazard occurs
likelihood ofhazard occurring
lowrisk
highrisk
Risk combines notions of hazard and uncertainty
contours of equalrisk exposure.
likelihoodof hazardoccurring
impact ofhazard
occurringrisk = *
X Point International Ltd © 2002
Relative risk exposure can be represented on a 4*4 ‘risk grid’
A B C D
A
B
C
D
impact if hazard occurs
likelihood ofhazard
occurring
high risk
low risk
intermediaterisk
X Point International Ltd © 2002
Risk Management is an integral part of Project Mgt…but different
(rest of) project mgt.•project definition•project structuring•planning•cost/schedule statusing•project control
…in what way is Risk Mgt different?
risk management
X Point International Ltd © 2002
Need for Risk Management arises from uncertainty
(rest of)project management
risk management
certain
impossible
obstaclelikelihood
X Point International Ltd © 2002
Assumptions based approach is proposed
Risk Evaluation& Prioritisation
Monitoring Risks & Assumptions
Risk Planning
Risk PlanExecution
Risk
Mgt
Roles
AssumptionsRegister
•Requirement•Issues•Hazard checklist•….
Risk Register
Risk Plans
•Work Plan & Budget•External threats•Internal weaknesses•….
X Point International Ltd © 2002
Projects are exposed to the risk of assumption failure
Decisions are made based on limited information
Working assumptions Conscious/Explicit Unconscious/Implicit (become evident later, or remain hidden)
Working assumptions proven to be: True – will not disturb the project False – will disturb the project
For every assumption the project makes there is an inherent risk that the assumption will not be true
X Point International Ltd © 2002
If hazard is project assumption failure, the risk grid axes become project sensitivity, assumption instability
A B C D
A
B
C
D
project sensitivityto assumption failure
assumptioninstability
X Point International Ltd © 2002
First catch your assumptions… ...then assess the associated risk
Broad search
What could go wrong?
Capture working assumptions
Assess associated risk exposure
Requirement Spec.
Open Issues
Hazard checklists
Workplan
Budget
External threats
Internal weaknesses
External dependencies
Stakeholders
Business Case
X Point International Ltd © 2002
Project Mgt.
Risk Mgt.
assumptions
risks
Project Assumptions and Project Risks need to be recorded in consolidated registers
X Point International Ltd © 2002
Document assumptions in an Assumptions Register
Assumption Identifier Project, Assumption Title & No.
Assumption Description Sufficient to explain the nature of
the assumption
Associations Key Dependents, Associated
Assumptions, References, Associated Risk No
Registration Registration Date, Registered By,
Project Mgr
Closure Closure Comment, Closure Date,
Closed By, Project Mgr
assumptiondescription
associations
closure
assumptionidentifier
registration
X Point International Ltd © 2002
Document risks in a Risk Register
Risk Identifier & associations Project, Risk No., Assumption Title &
No., Associated Risk Nos., Refs.
Project Sensitivity (initial registration & subsequent re-evaluation) Explanation of the project’s sensitivity
incl. the expected impact date, A-D score, Comment, Date, Risk Owner, Risk Mgr, Project Mgr.
Assumption Instability Similar to ‘Project Sensitivity’
Closure Closure Comment, Closure Date,
Closed By, Project Mgr
projectsensitivity
assumptioninstability
closure
risk identifier& associations
X Point International Ltd © 2002
Having identified your risks, you need to manage them
too many risks......which one first?
risk plan...what’s that?
...what do I do?
...what do I do?
Risk Prioritisation
Risk Plans
Roles & Responsibilities
Execution & Monitoring
X Point International Ltd © 2002
Risk Management is a bit like playing ‘space invaders’ (Hugh Lake)
Threats of different size approach closer and closer
Aim is to defend your patch… but with limited ammo
Which one to attack next?
X Point International Ltd © 2002
Deciding which risks to ‘attack’ is a complex decision
So many risks… which should I attack? consider size, ie. risk exposure consider timing… when will it ‘hit’?
How effective would an attack be? how will I deal with each risk? what chance that it’ll work? how much residual risk exposure?
What about the cost? Will attacking a risk be worth the cost? Can I afford to attack a particular risk? Can I afford not to attack that risk?
How do we ‘attack’ risks?
X Point International Ltd © 2002
Risk Handling Techniques – four main categories
m odify objec tives orperform ance targetsm odify approach
risk avoidance
reduce likelihoodreduce im pact
risk m itigation
con trac tinsu rancepartnersh ips /join t ven tu res
risk transfer
con tingency fundscon tingency plansf ix-on -failc ris is m anagem en t
risk retention
R isk HandlingTechniques
proactiveRisk Plans
reactiveRisk Plans
X Point International Ltd © 2002
Risk mitigation is based on two basic strategies
• Basic strategies• stabilise the assumption• de-sensitise the project
• Recommend developing at least two candidate risk plans
• Risk plan might combine assumption stabilisation and project de-sensitisation
A B C D
A
B
C
D
project sensitivity
assumptioninstability
action requiredto de-sensitise
action requiredto stabilise
X Point International Ltd © 2002
Exercise: Risk Management applied to House Burglary
Background You’ve just moved to a new town and you’ve a 1001 things to sort out You learn that a number of burglaries have taken place in your new
neighbourhood.
Do you lock your self in, and refuse leave your house? – No. You’ve got a life to lead!
What is your working assumption?
X Point International Ltd © 2002
Exercise: Risk Management applied to House Burglary
Background You’ve just moved to a new town and you’ve a 1001 things to sort out You learn that a number of burglaries have taken place in your new
neighbourhood.
Do you lock your self in, and refuse leave your house? – No. You’ve got a life to lead!
The principal working assumption is an implicit assertion ‘We will not get burgled today’.
The assumption wasn’t ‘I might get burgled’ That isn’t an assumption, it’s an infallible truism.
But your working assumption might be wrong!
Failure of that working assumption constitutes the hazard. You’ve identified a risk.
How are you going to manage it?
X Point International Ltd © 2002
Here’s a heap of ‘risk plans’…assign each to a category of risk handling technique
Risk avoidance … …
Risk mitigation (stabilise the assumption) … …
Risk mitigation (de-sensitise impact) … …
Risk transfer … …
Risk retention … …
keep stock of glass, timber to repair windows store valuable items in a safe, or at bank adopt non-materialistic philosophy arrange house contents insurance install extra high-security locks take any burglary ‘on the chin’ move away to safer district install a burglar alarm buy a big, noisy dog buy a quiet crocodile
…what else?
X Point International Ltd © 2002
Categorised Risk Plans
Risk avoidance move away to safer district adopt non-materialistic philosophy
Risk mitigation (stabilise the assumption) install extra high-security locks install a burglar alarm buy a big, noisy dog
Risk mitigation (de-sensitise impact) store valuable items in a safe, or at bank buy a quiet crocodile
Risk transfer arrange house contents insurance
Risk retention keep stock of glass, timber to repair
windows take any burglary ‘on the chin’
X Point International Ltd © 2002
Risk Management places extra responsibilities on the Steering Committee and Project Mgr
Steering Committee/senior management
Project Manager
•Approve plans & allocate resources•Monitor progress•Approve closure
•Ensure risks identified/captured•Assumption & risk registers
•Agree monitoring
•Reports critical risks•Reports results
•Accounts for risk budget •Risk budget
X Point International Ltd © 2002
•Draw up plans•Run the plan•Close plan
RM places responsibilities on the Steering Committee and Project Mgr and introduces two new roles: Risk Managers and Risk Owners
Steering Committee/senior management
Project Manager
Risk Owner Risk Manager
•Approve plans & allocate resources•Monitor progress•Approve closure•Appoint & empower Risk Mgrs
•Ensure risks identified/captured•Assumption & risk registers
•Agree monitoring•Appoint Risk Owners
•Confirm/review risks•Agree the aim•Monitor plans
•Stop plans
•Reports critical risks•Reports results
•Accounts for risk budget
delegation&
empowerment
reportreport
•Risk budget
•Identify & appoint external Risk Owners & Risk Mgrs
agree
X Point International Ltd © 2002
What happens after you have prioritised the risks and selected the risk plans?
MonitoringAssumptions
& Risks
Kicking-offRisk Plans
ClosingRisk Plans
Developing& SelectingRisk Plans
PrioritisingRisks
Runningthe
Risk Plan
X Point International Ltd © 2002
Summary
Risk as a product of hazard likelihood and hazard impact
Risk Management relative to Project Management
Proactive, Assumptions-based approach Assumption-failure as the source of project risk Integrated assumption & risk registers Complexity of deciding what risks to attack Risk handling: avoidance, mitigation, transfer, retention Devolved Risk Management organisation - responsibility and
ownership devolved throughout, and outside, the project team
Questions
X Point International Ltd © 2002
Projects have many stakeholders… …with interlinked objectives
Many stakeholders interdependent network of objectives failure doesn’t stay put
Know your stakeholders identify them understand their objectives what is success/failure for
them?
Employees
Community
Vendors
Customers
Finance
Users
Executives
project
X Point International Ltd © 2002
What happens after you have prioritised the risks and selected the risk plans
MonitoringAssumptions
& Risks
Kicking-offRisk Plans
ClosingRisk Plans
Developing& SelectingRisk Plans
Runningthe
Risk Plan
PrioritisingRisks
Project Manager has to ensure that:•Budget is agreed with the Risk Manager•Success and closure criteria are agreed in advance with the Risk Owner and Risk Manager•Roles & Responsibilities are agreed and published for all personnel involved in the risk plan•Commitment of external owners, points of contact and champions, is agreed in advance.
X Point International Ltd © 2002
What happens after you have prioritised the risks and selected the risk plans
MonitoringAssumptions
& Risks
Kicking-offRisk Plans
ClosingRisk Plans
Developing& SelectingRisk Plans
Runningthe
Risk Plan
PrioritisingRisks
Nominated Risk Manager: •Manages execution of the risk plan
•Agrees with the Risk Owner progress against the plan
•Reports progress using the monitoring system agreed with the Project Manager
X Point International Ltd © 2002
What happens after you have prioritised the risks and selected the risk plans
MonitoringAssumptions
& Risks
Kicking-offRisk Plans
ClosingRisk Plans
Developing& SelectingRisk Plans
Runningthe
Risk Plan
PrioritisingRisks•A risk plan must be stopped & closed when:
- it has achieved its objectives- it is seen to be failing, or it has failed- it is no longer necessary
•Closing is relatively easy if, when launched, the plan has clear objectives and clear success criteria
X Point International Ltd © 2002
What happens after you have prioritised the risks and selected the risk plans
MonitoringAssumptions
& Risks
Kicking-offRisk Plans
ClosingRisk Plans
Developing& SelectingRisk Plans
Runningthe
Risk Plan
PrioritisingRisks
The lists of assumptions and risks need to be reviewed regularly. Are any changes occurring • internally, or• externally to the projectwhich could alter• project’s sensitivity to the assumption• stability of the assumption• expected hazard impact date