• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Risk and Response-APMP 2011-Brenda Crist 6-2-11
 

Risk and Response-APMP 2011-Brenda Crist 6-2-11

on

  • 1,626 views

If you read between the lines of Sun Tzu’s classic The Art of War, you will find much of the book is dedicated to risk identification and mitigation. Sun Tzu explains “Now the general who wins a ...

If you read between the lines of Sun Tzu’s classic The Art of War, you will find much of the book is dedicated to risk identification and mitigation. Sun Tzu explains “Now the general who wins a battle makes many calculations in his temple before the battle is fought. The general who loses a battle makes but few calculations beforehand.” This session will present a model for rapidly forecasting risk and assessing your risk exposure. To facilitate the assessment of a bid’s risk exposure, attendees will receive risk symptom checklists. They can use the checklists to detect the early warning signs risks are approaching or test their overall risk awareness. The session will also present case studies explaining how you can rebound from risks including limited information about the client or competition, tight schedules, moving deadlines, scarce resources, and delusional colleagues.

Statistics

Views

Total Views
1,626
Views on SlideShare
1,626
Embed Views
0

Actions

Likes
0
Downloads
86
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Risk management is the identification, assessment, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives, whether positive or negative) followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events. Reference:Hubbard, Douglas (2009). The Failure of Risk Management: Why It's Broken and How to Fix It. John Wiley & Sons. p. 46.Also see the Shipley Associates Proposal Guide Third Edition, pages 229-230, entitled Risk Management.
  • What you don’t address upstream comes downstream
  • This list came from a LinkedIn discussion I initiated about common risks that affect your proposal; however, the list is infinite, and I will invite the class to identify their most common proposal risks.
  • One of the foundations of the Project Management Institute (PMI) Project Management Body of Knowledge (PMBoK®) is risk management. The PMBoK covers how to identify risks, create a risk register, apply quantitative/qualitative risk analyses, plan for the risk response, implementing and completing risk monitoring and control, and examining the results of risk control. PMI has also created a Risk Management Professional certification.In their 800-30 Special Publication, the U.S. National Institute of Standards and Technology published the Risk Management Guide for Information Technology Systems by Gary Stoneburner, Alice Goguen, and Alexis Feringa, July 2002. Presents a practical guide for mitigating risk related to system development. The special publication describes how to conduct risk migration by: Step 1 System Characterization;Step 2 Threat Identification; Step 3 Vulnerability Identification; Step 4 Control Analysis;Step 5 Likelihood Determination; Step 6 Impact Analysis; Step 7 Risk Determination;Step 8 Control Recommendations; and Step 9 Results Documentation. Many of these practices can be applied to mitigation or risks associated with a specific solution or proposal.ISO 31000:2009 provides generic guidelines for the design, implementation and maintenance of risk management processes throughout an organization. The standard focuses on The focus of identifying and mitigating accountability gaps in enterprise risk management, developing risk reporting systems, and implementing uniform risk criteria and metrics.Other ResourcesLarry Newman (2006). Shipley Associates Proposal Guide Third Edition, pages 229-230, entitled Risk Management. (Note: This book discusses how to recognize risks, develop a risk management strategy, how to mitigate solution risk and discuss risk in each proposal section.)Michel Crouhy, Dan Galai, and Robert Mark (2005). The Essentials of Risk Management. McGraw-Hill Companies. Hubbard, Douglas (2009). The Failure of Risk Management: Why It's Broken and How to Fix It. John Wiley & Sons.
  • A risk management approach should deliver a quantitative and realistic assessment of risk impact, provides targeted solutions that resolve the risk from the customer’s point of view, and keep all parties informed of the risk mitigation status.Encourage proposal team members to identify and report risks to designated Risk Manager or Capture/Proposal ManagerTo assist staff members in the proactive risk identification, distribute a Risk Symptom Checklist that describes indicators for cost, schedule, technical, and resource risks. Routinely update the checklist with new risk indicators and lessons learned.Document the risk is a Risk RegisterOnce documented, categorize and prioritize the risk and analyze the risk in terms of its likelihood of occurrence and impact, and assign it a score. Determine the root cause of the risk and if it is a single incident or recurring problemDevelop risk mitigation strategies and backup or contingency plans in case our original solution does not work as plannedImplement the solutionMonitor the solution to ensure it accomplishes its intended result
  • Here is an example scorecard format for making pursuit decisions. Note that each factor is weighted differently for each company/opportunity. Strategic fit may be more important that financial objectives to one company, but the least important to another company. Set thresholds below which you will not bid.Develop a scale to measure progress that is easily understood within the company.1. Make sure you have a strategic fit with corporate goals2. Ensure you understand the customer’s requirements, if the customer wants a help desk for $100k don’t sell them a network operating center for $1M3. Deliver a solution that fits the requirements, budget, and culture.4. If you don’t know you are delivering the solution don’t send them a proposal to introduce yourself5. Understand the competitive landscape and your competitors strengths, weaknesses, opportunities, and strengths6. Ensure the bid meets your financial objectives. Some bids may take up to a year to win, so ensure you can wait that long to return profits. 7. Ensure you can afford to pursue the bid some bids like IDIQs, can be expensive to bid and do not provide immediate returns.
  • Create a Risk Register in the earliest stages of bid identification.There are may categories of application enabling you to manage risk. Select the one that matches your organization’s needs:Many large companies have access to enterprise databases with sophisticated risk management toolsTicket management systems ranging from complex to simple also allow you to create a ticket, assign risk, and escalate the ticket Most companies have access to automated collaboration tools enabling you to create a risk register and automate/escalate workflowThere are a limited number of free/shareware risk management tools; however, most are geared to the insurance industryThere also a number of mobile apps available on iPhones that enable you to manage risks
  • Hand out Risk Symptom Checklists
  • Roles and ResponsibilitiesExecutives: Create risk management policiesProvide sufficient resourcesDeliver risk management guidancePromptly review/approve mitigation solutionsCapture and Proposal Managers: Proactively identify risksProvide forums for communicating risksDeliver methods for tracking risksOversee the implementation of risk mitigation solutionsEntire Capture/Proposal Team Identify, document, and communicate risksDefine the risk impactImplement risk management solutions and monitor solutions Identification - make early risk identification everyone’s responsibility; define a process for risk identification and documentationCommunications – make risk reviews part of the standup or weekly communications meetingsEscalation – define a specific a specific escalation path and timeline for resolving risks with SLAsApproval andAccountability – Identify who is responsible for accountable for seeing the risk is resolved and approving the solution
  • Remember the snowball – address risks early in the lifecycle before the risks impact operations
  • Case History: a mid-sized company had recently won a GWAC with limited competition. Soon a large $10M task order came out. The incumbent was a large call center management and data center firm to whom the client outsourced the work. The intelligence gathered by the company indicated the customer generally liked the incumbent’s work but thought the cost was high. The RFP required a mature call center operation with multiple backup centers across the country and sophisticated information retrieval system and monitoring capabilities. The company was excited by the new task order. The company’s core competency was call center operations and executives immediately decided to bid on the job. The bid was complex and would require a significant amount of the company’s resources over the six week bid period. However, the company lacked many of the features and capabilities required (not desired) by the client. In addition they had never met the customer or performed work for the customer’s organization. What risks do you see?
  • During the Solution Review validate your strategy/solution and ensures it provides a clear advantage in comparison to the competition. Case History: The company appointed the BD and Capture Manager to gather as much information as possible about the customer and respond to the bid requirements. The company also appointed a lead SME to start coordinating the technical solution. The SME was in their main office located two time zones away. The SMEs in the technical office were unfamiliar with addressing government proposals because they had only responded to commercial proposals to date and where annoyed by the level of detail required and did not want to give away their secret sauce. So they sent portions of previous commercial proposals to respond to the RFP requirements. They tried to fill technical solution gaps, but were only able to fill 75% of the gaps. The proposal team began working on getting templates, past performance information, resumes, etc. into shape while they waited for the technical and management solution. What risks did you detect?
  • Case History: The company had not done an extensive analysis of its competition.
  • Case History: By the time the Pink Team arrived. Executives were still energetic about the proposal. They had developed a win strategy based on the company’s strengths and strong past performance. They had found small businesses to meet the small business requirements. The executives had still not made contact with the customer or the customer’s organization; however, they had talked to one of the customer’s vendors. The company was also missing key pieces of the solution including a secure backup call center and an information retrieval system. The executives decided to by-pass storyboard and start writing a final document. What risks to you see here?
  • Case History: The proposal team had done their best to present a final document given the information and solutions provided. They were confused in some cases about what the client wanted, because the RFP was poorly written . When they did not have solution to a customer requirement they fluffed over it vague wording. The document was compliant, attractive, and reviewers had given sufficient time to review the document. When the executives and partners read the document a meltdown occurred and they scored the technical and management sections as red. The executives decided to resolve the problem by calling in a new capture manager and called for another red team review. What risks do you see?Luckily the task order was given a two week extension due to extensive questions by offerors. However, the client either did not have the staff to respond to the questions and the responses were non-existent and the pricing became even more confusing. So the executives decided to redouble the proposal efforts and start working nights and weekends. When the business case review was presented to them, they saw the technical requirements were still not met and in an effort to unseat the incumbent the pricing was overly risky. What risks do you see?
  • Case History: The company never got to this step, because they pulled the plug on the proposal. Case History 2: A company planned sufficient time for proposal preparation and delivery. The proposal was for the U.S. Post Office and they sent the package via the U.S. postal system. However, the package was lost the day before it was to be delivered. How would you mitigate the risk?
  • What lessons did you learn from our case histories?
  • To mitigate risk implement a Risk Management Policy in your organization
  • Roles and ResponsibilitiesExecutives: Create risk management policiesProvide sufficient resourcesDeliver risk management guidancePromptly review/approve mitigation solutionsCapture and Proposal Managers: Proactively identify risksProvide forums for communicating risksDeliver methods for tracking risksOversee the implementation of risk mitigation solutionsEntire Capture/Proposal Team Identify, document, and communicate risksDefine the risk impactImplement risk management solutions and monitor solutions Identification - make early risk identification everyone’s responsibility; define a process for risk identification and documentationCommunications – make risk reviews part of the standup or weekly communications meetingsEscalation – define a specific a specific escalation path and timeline for resolving risks with SLAsApproval andAccountability – Identify who is responsible for accountable for seeing the risk is resolved and approving the solution

Risk and Response-APMP 2011-Brenda Crist 6-2-11 Risk and Response-APMP 2011-Brenda Crist 6-2-11 Presentation Transcript

  • Risk and Response
    Brenda Crist, Managing DirectorLohfeld Consulting Group
  • Agenda
    Recognize Risks
    Be Aware of Risk Standards and Frameworks
    Use Risk Management Processes and Best Practices
    Use Risk Management Tools
    Address Risks Throughout the Bid Lifecycle
    Establish a Risk Management Policy
    2
  • Learning Objectives
    This presentation covers multiple topics required for accreditation training including:
    Risk definition and recognition
    How to establish and implement a proposal risk management policy
    How to escalate or own proposal risks
    3
  • Recognize Risks
    Risks to your proposalmanagement(schedule, resources, equipment, process, communications, cost)
    Risks to your proposed solution (price, technical solution, past performance, management, past performance, personnel)
    4
    Both types of risks impact the win probability
  • 5
    Not Addressing Risks……
    Is like a snow ball rolling down the hill,
    it keeps getting bigger and bigger
  • Group Discussion of Common Risks
    Little executive focus and dilution of resources away from business targets
    Lack of teamwork between operations, business development, capture, and proposals
    Inadequate proposal-related Knowledge Management (KM) processes and tools
    “Incumbentitis," "We Know Best," "We Know This Customer"
    Limited knowledge of the customer and competitors
    6
  • Leading Risk Standards and Frameworks
    Project Management Institute
    National Institute of Science and Technology
    International Organization for Standardization (risk management ISO 31000)
    Other Resources
    7
  • Use Risk Management Process and Best Practices
    8
  • Communications and Escalation
    9
    Have a single Risk Register to document and manage risks
    Assign risk communications roles and responsibilities
    Identify and communication risks in the standup meeting
    Have a defined and efficient risk mitigation path leading to executives
  • Quantitative Risk Assessment Sample
    10
    Risk score = Probability * Impact
    Risk Score values are between 1-4 with 4 being the highest risk) or red, yellow, green, blue
    Risk Probability values are between 0.1 (Remote Chance) -1.0 (Certain)
    Risk Impact values are between 1 (Insignificant) – 4 (Unable to meet objectives)
  • Evaluate Your Pursuit Risk
    11
    Consider creating scorecards to monitor risks status
  • Use Risk Management Tools
    Risk management tools embedded with an enterprise database products
    Ticket management systems
    Risk registers installed on automated collaboration tools enabled with automated workflow
    Open source risk management tools
    Risk management mobile apps
    12
    The tools will help record, track, and analyze risks
  • Use Risk Symptom Checklists
    13
    The Checklists Should Cover the Entire Business Development, Capture, and Proposal Life Cycle
  • Conduct Testing and Contingency Planning
    Routinely test all production equipment and tools to verify they are in good working condition
    A good rule is to always have a primary risk mitigation plan (Plan A) and a contingency plan (Plan B) for all risks
    14
    CONTINGENCY
  • Address Risks Throughout the Bid Lifecycle
    15
    Pursuit
    Identification
    Lessons Learned
    (White Team)
    Solution Development
    (Blue Team)
    Delivery
    Competitive Analysis
    (Black Hat Team)
    Production
    Planning Phase
    (at Kick-Off)
    Business Case
    Review (Gold Team)
    Final Document Development (Red Team)
    Proposal Strategy (Pink Team)
  • Pursuit Identification Phase Risks
    Solution:
    • Technical solution ”wrong fit” for client
    • Limited experience in related work
    • Teaming partners unavailable
    • Lack of key personnel
    Customer advocacy:
    • You don’t know customer; they don’t’ know you
    Financial objectives:
    • Limited start-up investment,
    • Can’t wait for expected revenue and profits
    Cost of pursuit affordability:
    • Unable to fund bid capture or proposal
    Strategic fit:
    Program focuses outside of core competencies
    Limited past performance, experience, processes, tools
    Understanding of Customer Requirements and Objectives:
    • Lack of understanding about customer requirements, objectives, budgets, and preferences
    • Misaligned RFP requirements and customer objectives
    Competition:
    • Unknown competition
    16
  • 17
    What Can You Do?
  • Solution Development (Blue Team) Risks
    By the time the RFP arrives you should have:
    Ability to transition without impacting operations
    Identified your past performance and obtained the customer’s approval
    Clearly documented your understanding of the requirements
    Created a technical/mgt solution w/customer buy-in
    Identified labor categories/personnel
    Drafted an executive summary and compelling win themes
    Completed a realistic price to win
    18
    Early identification of risks mitigates issues and reduces costs during proposal development
  • 19
    What Can You Do?
  • Competitive Analysis (Black Hat Team) Risks
    Misunderstanding your strengths, weakness, opportunities and threats
    Misunderstanding of the competition’s strengths, weakness, opportunities and threats
    20
  • 21
    What Can You Do?
  • Proposal Strategy (Pink Team) Risks
    Solution Risks
    Limited executive support for proposal strategy
    Unconvincing proposal strategy
    Critical information is missing
    Proposal Risks
    Roles and responsibilities are not clearly defined
    Cumbersome strategy development process
    Insufficient resources for writing and reviewing
    Proposal strategy not effectively communicated vertically and horizontally across the organization
    22
  • 23
    What Can You Do?
  • Final Document Development/Review (Red Team)
    Final Document Solution Risk
    Insufficient understanding
    Incomplete tech/mgt solution
    Missing information/resumes
    Final Document Proposal Management Risks
    Non-compliance w/RFP requirements/instructions
    Insufficient review time
    Intelligible comments from review team
    24
    This is where the snow ball-size risks become an avalanche if not been addressed previously
  • 25
    What Can You Do?
  • Production and Delivery Risks
    Inadequate production and delivery planning resulting in errors or a late proposal
    Insufficient time for production and delivery resulting in quality or compliance errors
    Single points of failure
    Configuration control problems resulting in the wrong proposal/sections being delivered
    Security risks resulting in virus-infected files or inadvertent release of the proposal
    26
  • What Can You Do?
    27
  • Lessons Learned (White Team) Risks
    Not supported or scheduled by executives
    No method for using findings to improve processes, tools or resources
    Insufficient access to lessonslearned
    28
    Always conduct a lessons learned review session it is one of the best methods of ensuring risks do not happen twice
  • Create a Risk Management Policy
    Define risk mitigation and escalation procedures
    Promote accountability by assigning roles and responsibilities
    Raise the visibilityofrisks through defined escalation procedures
    Increase the likelihood schedules are met through specific risk mitigationactions
    29
  • Risk Management Policy Contents
    Risk Policy Elements
    Roles and responsibilities
    Communications
    Risk identification
    Risk impact assessment
    Escalation process
    Recommendations process
    Approval process
    Risk monitoring and testing
    Lessons Learned
    30
  • 31
    Questions?
  • 32
    Contact Information
    Brenda CristPrincipal Consultant, Lohfeld Consulting Group, Inc.
    Creating Winning Proposals for Government Contractors
    301-466-9566 (m)
    bcrist@lohfeldconsulting.com
    www.LohfeldConsulting.com
    @Lohfeld
    facebook.com/LohfeldConsulting
    32
    Copyright 2011 Lohfeld Consulting Group, Inc. All rights reserved.