Published on

Published in: Technology, Economy & Finance
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. National Aeronautics and Space AdministrationNational Aeronautics and Space Administration Risk Management Getting Started APPEL PM Challenge Conference APPEL PM Challenge Conference February 2008 February 2008 Cynthia Calhoun Cynthia Calhoun NASA Glenn Research Center NASA Glenn Research
  2. 2. Introduction Implementing a formal risk management program into any project can be challenging when most people only focus on the costs and schedule of getting the job done. Projects know risks exists, but have decided that they do not need anything getting in the way of completing their tasks on time or adding costs to their budget. Projects need to understand that the risk management process is a basis for decisions to mitigate threats not only to their costs and schedule, but threats to the technical, environmental, security, or safety aspects of the project.1/31/2008 PMC 2008 Risk Management Program 2
  3. 3. Risk Management Defined An organized, systematic decision-making process that efficiently identifies, analyzes, plans, tracks, controls, communicates, and documents risk to increase the likelihood of achieving program/project goals. NPR 7120.5 NASA Program and Project Management Requirements1/31/2008 PMC 2008 Risk Management Program 3
  4. 4. NASA Risk Management Growth NASA RiskDevelop Reporting GovernanceCRM 5 X 5 Matrix ModelProcess 1998 1999 2002 2005 2006 2007 * SMA RBAM NPR NASA Update 8000.4 Exploration NPR Kick-off Risk Mgt Safety 8000.4 Formal Reqts Study • Costs risks Risk • Schedule Risks Mgt Pgm • EVM per • Safety Risks (PRA) NPR • Sys Eng and Integration 7120.5A •Note—While Risk Management was not new to NASA, the Agency had never required a structured risk management effort to be a standard element of all programs and projects.1/31/2008 PMC 2008 Risk Management Program 4
  5. 5. NASA Continuous Risk Management (CRM) Identify—Search for and locate risks before they become problems Analyze—Convert risk data into useable information for determining priorities and making decisions Plan—Translate risk information into planning decisions and mitigating actions (both present and future), and implement those actions Track—Monitor risk indicators and mitigation actions Control—Correct risk mitigation plan deviations and decide on future actions Communicate and Document—Provide information to project on risk activities and current/future risks1/31/2008 PMC 2008 Risk Management Program 5
  6. 6. Implement and Integrate Risk Management A few examples on how a project can begin implementing risk management methods and techniques into every aspect of the project, and the barriers and successes of integrating risk management into day-to-day project activities will be covered for the following actions: Assign a risk facilitator Conduct risk management training Develop risk management plan Execute risk management plan Apply continuous improvement1/31/2008 PMC 2008 Risk Management Program 6
  7. 7. Assign a Risk Facilitator Ensure programs/projects utilize risk-based decision making to continuously manage the acquisition, safety, technical, and programmatic risks. This includes: Provide CRM training and Risks Identification Workshops Assist with developing, implementing, and updating risk management plans. Review risk statements for clarity and conciseness. Provide guidance on estimating the likelihood, consequences, and timeframe of the risks. Review risk mitigations to ensure the mitigation will actually reduce the likelihood and consequence of the risk occurring. Assure risks are tracked and used to measure the progress of the risk management program. Monitoring risk closures and reporting.1/31/2008 PMC 2008 Risk Management Program 7
  8. 8. Assign a Risk Facilitator (continued) Assure their respective project/element risk information is documented in the respective risk database and kept current. Ensuring the project is adhering to a continuous risk management process. Research methods, tools, and techniques to enable and improve the continuous risk management process. Review and assess the effectiveness of the risk management process and provide recommendations for improvement. Stay abreast of developments, enhancements, and assessments of Agency risk management related policies, standards, and guidelines.1/31/2008 PMC 2008 Risk Management Program 8
  9. 9. Assign a Risk Facilitator (continued) Risk facilitator IS NOT responsible for implementing risk management in the project; this is the PM’s responsibility. Risk facilitator SHOULD NOT be looked upon or used as the ONLY person performing risk management on the project. Depending on the size of the project, the risk facilitator could perform a dual role. For example, serve as the risk facilitator and perform Systems Engineering, Quality Assurance, or Reliability Engineering.1/31/2008 PMC 2008 Risk Management Program 9
  10. 10. Conduct Risk Management Training Tailor course language and exercises to the theme of the Project. Be consistent in terminology: Risk Statements—“One condition per risk statement,” “one consequence per risk statement,” “two or more consequences per risk statement?” Attributes—“Probability vs. Impact” or “Likelihood vs. Consequence” Risk Planning Approach—“Mitigate,” “Watch,” “Monitor,” “Accept,” “Research?” New Risks—“Candidate,” “New?” Closed Risks—“Retire,” “Transfer,” “Close,” “Accept,” “Escalated?” Risk matrix colors and orientation1/31/2008 PMC 2008 Risk Management Program 10
  11. 11. Conduct Risk Management Training (continued) 5 5 4 5 1 2 Tot: 32 L 5 Tot: 8 I 4 9 6 3 K 4 4 Likelihood E L 33 3 7 8 I 2 Tot: 18 H 10 O 22 O 1 D 1 2 3 4 5 11 Consequences 11 2 2 33 4 4 5 5 CONSEQUENCES1/31/2008 PMC 2008 Risk Management Program 11
  12. 12. Conduct Risk Management Training (continued) Ensure course content is consistent with Agency’s requirements. Require project to include a “Risk Identification Workshop” as part of training. Use project documentation to help identify threats to goals and objectives, and to develop definitions for likelihood, consequence, and timeframe risk attributes. Walk through the whole CRM process for at least one risk.1/31/2008 PMC 2008 Risk Management Program 12
  13. 13. Develop Risk Management Plan Risk Management Plan should be project specific, configuration controlled, and compliant with Agency requirements. Overview of Risk Management (RM) process Project organization and responsibilities —Especially interfaces with the contractor; ensure Data Requirements Document (DRD) specifies compliance with Agency RM requirements. Risk management activities in detail Budget, resources, and milestones for risk management activities Procedure for documenting risks Assumptions and technical considerations Constraints Descope options1/31/2008 PMC 2008 Risk Management Program 13
  14. 14. Execute Risk Management Plan Use Engineering Review Board/Risk Board/Risk Panel as gatekeeper to vet risks. Focus facilitator on risk in project discussions. Conduct Risk Identification Workshop against WBS elements and prior to major milestones. Include and track risk mitigations in project schedule. Talk to other “-ility” disciplines. Ensure consistent communication between interfaces. Present/report high risks to senior management, especially where technical challenges and resources for mitigations are a concern.1/31/2008 PMC 2008 Risk Management Program 14
  15. 15. Execute Risk Management Plan (continued) Review risks in technical, cost, schedule, and safety discussions. Evaluate how well risk mitigations are working. Perform trend analysis on risks; any areas of concern starting to appear. Adjust risk attributes (likelihood and consequence) levels. Celebrate successes! Positive impacts to schedule and costs Technical challenges overcame Track “what ifs” Show concrete value and benefits1/31/2008 PMC 2008 Risk Management Program 15
  16. 16. Continuous Improvement Evaluate frequency of risk reporting for possible timesavers. Remove burdensome tasks or activities that have no affect on risk management process. Audit risk management process for inefficiencies. Solicit recommendations from project team members. Share lessons learned with similar projects. Tap into unused features of risk tool(s). Attend risk management conferences and/or join risk management working groups.1/31/2008 PMC 2008 Risk Management Program 16
  17. 17. Summary Projects can apply continuous risk management principles as a decision-making tool by: Identifying the threats to project objectives and mission success, along with any project constraints. Assessing the likelihood and consequences of these threats against project criteria (e.g., schedule, budget, milestones, etc.). Developing risk mitigation strategies and tasks to buy down the threats and reduce the risks. Integrating the risk mitigation strategies into the project schedule and budget. Reviewing the effectiveness of risk mitigation activities and residual risks. Documenting and communicating risks information throughout the project’s life cycle.1/31/2008 PMC 2008 Risk Management Program 17
  18. 18. Conclusion It is very important that the risk management process: Begin early in formulation. Involve the project team to assess all identifiable risks up front. Be addressed in the Project Plan and detailed in the Risk Management Plan. Be continually reviewed for the disposition and tracking of all identified risks throughout the implementation and operations phases.1/31/2008 PMC 2008 Risk Management Program 18