Your SlideShare is downloading. ×
Risk Management Framework
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Risk Management Framework

39,971
views

Published on

Process, Tools & Techniques to Minimise Risk Exposure

Process, Tools & Techniques to Minimise Risk Exposure

Published in: Business, Economy & Finance

79 Comments
200 Likes
Statistics
Notes
  • Very useful presentation. is it possible to get a copy via manye01@hotmail.com. thanks
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Could you please please share with me this excellent presentation etyrtyshny@yahoo.com. Thank you.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • its a nice overview on risk mgmt ---if possible kindly share the presentation at amitbhimrajka@gmail.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • can you share the document to infosecchamp@gmail.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • man why u disable the download option?????
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
39,971
On Slideshare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
0
Comments
79
Likes
200
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Risk Management Framework Process, Tools & Techniques to Minimise Risk Exposure Anand Subramaniam
  • 2. “If you are never scared or embarrassed or hurt, it means you never take any chances.” - Julia Sorel 2
  • 3. Highlights  Risk Exposure  Project, Program, Project Portfolio Risks  Risk Management – Overview  Risk Management – Framework  Risk Management – Governance  Risk - Org. Policy, Tolerance, Maturity Level, Ad- hoc Reporting  Categorising Risk  Risk Analysis - Qualitative & Quantitative  Risk Response Management  Monitoring & Controlling Risks 3
  • 4. Risk Exposure
  • 5. Risk !! 5
  • 6. Risk - Challenges & Expectations Stakeholders Drivers  Citizens  Mission & Objectives  Visitors  Trust & Reputations  Regulators  Asset & Capital Management  Government Agencies  Expenditures & Budget  Others  Regulations Challenges  Digital Divide  Volume  Social, Cultural and Educational Issues  Cost Management  Existing Infrastructure  Regulatory  Legacy Systems, Interoperability Requirements Expectations Delivering Value Managing Cost Managing Risk Change Mngt Compliance  Availability  Project  Confidentiality  Project / Program  Regulatory  Accessibility Management  Security Implementation Compliance  Infrastructure  Program  Data Integrity  Change  Vendor Risk  Management  Management Management Reliability Applications   Project Portfolio  Interoperability  Monitoring Governance Management  Privacy Outsourced  Control Monitoring  Innovation  Identity & Access Operations Management  Incident Response 6
  • 7. Risk Exposure Areas Concept Technology Sys Dev & Prod & Deploy Opns & Refinement Develop Demo Support Opportunity Capture Pre- Proposal Dev Post- Assessment Team Dev Proposal Submit 7
  • 8. Risk Exposure due to.. 8
  • 9. Risk – Plan vs. Actual Performance Poor Risk io ns Management ct at x pe Performance e rE Technical m Inability s to Cu ce rman Perfo Actual Time 9
  • 10. Risk Management Realities… Insurance Not Purchased Insurance Not Available Political Risk War / Strike Environmental Reputational Advertiser’s Liability Terrorism Biological Professional Liability Nuclear / Radiation E-Commerce Liability Regulatory Fines & Penalties Certain lines of Products Poor Business Judgment Patent Infringement Supply Chain Interruption Product recall Loss of Market Share Non-Owned Breach of Contract Terrorism Global Pandemic Liability Fraud 10
  • 11. Project, Program, Project Portfolio Risks
  • 12. Integrated Risk Management Life Cycle & Environmen Communi- Scope Integration t Variables cation Ideas, Expectation Directives, s Feasibility Data Exchange Requiremen Projec Availability, Human Quality Productivity t Standards t Risk Resources Cost Time Objectives, Objectives, Restraints Restraints Contract / Services, Time Materials: Cost Procure Performanc e Source: Wideman, Max R., ed., 12
  • 13. Project Risk - Exposure / Impact Internal Schedul Resourc Risks Financial Quality e e Project Project Project Objectives Planning Execution Externa Integra- Procure- Commun Scope l Risks tion ment i-cation Opportunities for Tradeoffs - Resulting from Risk Analyses 13
  • 14. Project - Opportunities / Risks Opportunities Risks • Identifies gaps in realisation of • Fragmented project plans strategic objectives • Poorly defined project mission & • Escalates current risks and tasks identifies potential risks earlier • No clear process for escalating • Ensures proper communications risks to senior management to relevant stakeholders • Insufficient reporting to support • Improves monitoring and control top-management decisions of projects • Ineffective enforcement of project • Mediates issue resolution controls and policies • Increases efficiency in tracking • Conflict between line and project progress of projects managers • Integrates project plans for all • Projects do not meet deadlines projects – standardises progress and / or milestones reporting • Lack of standardised reports and reporting frameworks 14
  • 15. Projects & PPM – Risk Exposure Scope Goals Risk Risk Risk Risk Project Risk Project Risk Portfolio Risk Managemen Managemen t t Process Time Cost Culture Maturity 15
  • 16. Risks - Project Manager’s Role  Understand business case and project context  Baseline the risk register  Oversee risk management activities  Embed risk thinking into project review meetings  Ensure risk response actions are carried out (threats, issues & opportunities)  Utilise risk management reserve efficiently  Manage stakeholder expectations  Deliver to time, cost and quality 16
  • 17. Program Manager’s Challenge Shareholder / Stakeholder Value Programme & What are Operational the risks? Benefits Project What are the risks? Deliverables What are the risks? 17
  • 18. Portfolio Risk Management Executive Board Guidance Programmes Operations Information Functional Projects Logistics Contractors Contractors Supply chain Supply chain 18
  • 19. Risk Management - Overview
  • 20. What is Risk? There is a GIVEN POSSIBILITY that, Will Condition Consequence Occur • Must be a FACT or perceived to be FACT • Must be REALITY BASED • Can have NO uncertainty attached Must be ACTIONABLE ONE condition and ONE consequence per statement 20
  • 21. Risk Process – Conceptual Overview Establish the context Communicate and Consult Identify risks Monitor and Review Analyse risks Evaluate risks Assess risks Treat risks 21
  • 22. Risk Elements TOOLS & TECHNIQUES Scaleable, fit for purpose PROCESSES PEOPLE & BEHAVIORS Well defined, part of normal work routine, Management commitment, consistently delivery teams own the risks, used across operations involved early, projects contractors engaged, reward the right behaviors 22
  • 23. Risk – Project & Process Elements Project Elements Process Elements Roles & Risk Assessment Responsibilities What is the Scope of the Risk Assessment? What Adverse Events Can Happen? How Likely are These Events to Occur? Personnel How Severe Would the Consequences Be if the Events Did Occur? Feedback Loops Qualifications Risk Control & Decision Support Management of Change What Could Be Done to Control Risks? What Are the Relative Merits of the Risk Control Options? What Set of Activities Best Achieves Risk Management Goals? Communications Documentation Performance Monitoring & Feedback Project Evaluation and What Improvements are Expected to Result from the Risk Control Decisions? Improvement What Measures Best Capture These Expected Outcomes? Are the Selected Risk Control Activities Having the Intended Effect? How Can the Overall Risk Management Process be Improved? 23
  • 24. Risk Scope Requirements/ Specification Quality Cost Schedule 24
  • 25. Risk Management – Strategy to Execution Write  Perform risk assessment Plan  Risk management plan developed Assemble  Risk assessment team assembled Team  Risk generation process executed  Risk list rationalised Generate Risks  Risks ranked and prioritised  Response plans written Rationalise List  Risk review process established  Risk review done periodically Rank Risks  Institutionalise ongoing risk assessment Write  Ongoing risk reviews Responses  Execution of risk response plans if necessary Monitor & Control 25
  • 26. Risk Management Process - PMBOK Source: PMI 26
  • 27. Risk Management - Framework
  • 28. Defining a Risk Framework Goals and Objectives Internal Timing Audit Milestones Risk Executive Manage Team composition Management Approach and r Methodology Tools Project Sponsor Reporting Information Criteria 28
  • 29. Risk Framework ion Stra t ecu t egy Ex Iterate & Improve Tactical 29
  • 30. Risk - Strategy Input Techniques Output • Business Strategy • Interviews • Risk Profile • Value Drivers • Questionnaires • Risk Organisation Chart • Organisation Process • Checklist • Roles & Responsibilities • Define Risk Management • Assumption Analysis • SWOT Analysis Objectives • SWOT template • Optimal Network Structure • Determine Risk Appetite / • Risk Strategy Tolerance • Risk Register • Define Risk Organisation • Risk Policies • Perform SWOT Analysis • Risk Governance Process • Design supply chain to match Risk Profile • Map & Evaluate Current Network • Analysis – Cost, Inventory • Identify & Evaluate Alternative Structures 30
  • 31. Risk - Tactical Input Techniques Output • Risk Profile • Qualitative Assessment - • Rank Alternatives • Risk Organisation Chart Probability / Impact • Risks Related to • Roles & Responsibilities Matrix, Brainstorming, Contractual Agreements • SWOT Analysis Cause & Effect Diagrams • Risk Categorisation • Optimal Network Structure • Quantitative Assessment - • Ranking of Failure Points • Risk Strategy FMEA, Simulation, • Risk Database Populated • Risk Register Modelling, Diagramming with Alert Criteria • Select Optimal Network Techniques • Alert Process Defined Structure • Strategies for Negative • Identify Failure Points in and Positive Risks the Supply Chain • Strategies for • Prioritise the Failure Opportunities & Threats Points • Contingency Response • Identify Alternatives Strategies • Define the Alert Criteria • Risk Management Information Systems 31
  • 32. Risk - Execution Input Techniques Output • Risk Strategy • Status Meeting • Risk Registers • Risk Policies • Risk Reassessments • Recommendation – • Risk Governance • Risk Audits Preventive, Awareness, • Risk Register • Variance / Trend Analysis Remediation • Rank Alternatives • Performance Measures • Monitor Inherent, Residual • Risks Related to • Reserve Analysis & Secondary Risks Contractual Agreements • Alert Mechanisms • Evaluate Effectiveness • Risk Categorisation • Risk Management • Ranking of Failure Points Knowledgebase • Risk Database With Alert Criteria / Process • Performance Reports • Collaborate on Risk Response Plan • Continuously Monitor 32
  • 33. Knowledge – Capture & Improve Continuously Capture Improve Lessons Learnt Collaborate Communicate 33
  • 34. Risk Management – Lessons Learned Capture Communicate Collaborate Improve Input Input Input Input • Detect disruptions • Communicate • Review immediate • Review action plan and estimate impact of action and identify from project impact on supply disruptions causes closure phase chain performance Process Process Process Process • Risk responsible • Identify alternative • Review success / • Identify & identifies disruption solutions failure of solutions categorise & leads meeting • Select best implemented disruptions with participants alternative • Re-group if • Record risk in risk • Distribute reports • Delegate mitigation is database and documents assignment unsuccessful from ‘capture’ to • Record / update Output ‘closure’ Output the solutions • Disruption list • Project closure • Risk database Output report Output • Follow-up • Review action • Updated risk points & follow up database 34
  • 35. Risk Management - Governance
  • 36. Risk Management - Governance Portfolio Risk Program Project Risk Contractor Risk Mgmt Plan Risk Mgmt Mgmt Plan Key Plan Mgmt Plan Risk Mgmt Initiate Risk Governance Mgmt Document Ongoing Risk Activity Plan Risk Mgmt Monitor & Control the Discrete Risk Activity Risk Mgmt Process (Includes Learning and Identify Continuous Risks Improvement) Close-out Control Assess Risk Mgmt Risks Risk Register Risks Respond to Risks 36
  • 37. Risk Management – Governance Steps Planning Identification Assessment Analysis Closure • Methods • FTAs • ROI • Deterministic • Mitigation • Resources • Experts • ROIC • Simulation • Prevention • Requirements • FMEAs • Quantify • Tech Perf • Complete info • Responsibilities • History • Tech Perf Measures • Critical Items • Program Measures • Business Case & Issues List Documentation Analysis • Business Case Analysis 37
  • 38. Risk – Org. Policy, Tolerance, Maturity Level, Reporting
  • 39. Risk Policy / Escalation Process Corporate Risks Objectives Risk Appetite Strategic Risks Risk Priorities + Significant Escalation Strategic Mitigation Tactical Risks Authorisation Behaviour Tactical Risks 39
  • 40. Example – Risk Tolerance 40
  • 41. Organisation Maturity & Risk Strategies Level 1 Level 2 Level 3 Level 4 Level 5 Culture Increased Culture becomes Consistency of Unaware Early awareness Awareness Known and Past and Future and bias Uniform Actions Technology Isolated projects; More "joined up" Vision drives Vision becomes None initiated from the thinking, but still vision bottom up silo-oriented. decisions Competitive Edge Alignment of Weak, early Understanding Understanding Understanding of bus. and IT Unknown concept awareness and focus at silo level and focus across lines of business wider scope; collaboration Stakeholder First signs of Stakeholder Well Understood, Optimal alignment No alignment Stakeholder Analysis, Trade Drives Decisions Stakeholder centricity; silos Off analysis Benefits Early Attempts Governance model Governance None Becomes a To resolve Defines and in Strong Governance model concern Governance issues Place Culture No process Team-based; Process integration Shared processes End-to-end Process fragmented; At department across process Integrity orientation minimal insight level the company optimisation Weak, Fragmented; Strong Strong functionality Superior functionality; IT plan limited functionality functionality with company- integrated beyond Very fragmented; and focus within silos level integration the company Data None, poor Focus on silo Ongoing, Iterative Competitive strategy quality Operational focus quality Process to maintain Differentiator Quality 41
  • 42. Example – Risk Maturity Matrix Increase in maturity of Risk Mgt core skill sets Increase # of Risk Mgt core skill sets PROJECT EXECUTION RISK MATURITY MATRIX INDEX Current Target & Date Level Level 0 Level 1 Level 2 Level 3 Level 4 Level 5 (Score) Q4'03 Certified (2) Risk Mgr or Divisional PM's assigned Divisional Risk Coordinators 1. Risk Org Support PM core team has not been PM responsibility allocated to Functional Risk Div/Area/Site Risk Structure's in place allocated to project yet Risk Mgt of project Coordinators appointed Coordinator nominated to Risk Mgt responsibility for all divisions involved in project assigned for all divisions involved 2 3 in project support project when required (1) Project Team trained in BT Certified (2) Divisional or Risk & Oppty Mgt 5 Step Area/ Site Risk Mgt support Project Team trained (1) in BT Project Team trained (1) in BT Risk 2. Project Teams Risk No training received by Project Process (Module 2) coord allocated to support ROP Database Use (Module 6) Costing Methodology (Module 8) Trained (1 & 2) Team Informal training received emphasis on understanding project core team assigned to and how to run a Risk Meeting and reporting Risk in the MOR 1 5 3C's methodology (Module 3) project trained in Facilitating (Module 7) (Module 10) Roles & Responsibility Risk Workshops (Module 5) (Module 4) Risk & Opp - ID, Assess & Risk & Opp - ID, Assess & Cross Divisional Risk & Opp - ID, Risk & Opp Assess & (3 & 4) Risk & Opp - ID, Assess & Mitigation workshops (3 & 4) run Mitigating Action workshops (3 Mitigation workshops run Assess & Mitigation workshops (3 & 4) 3. Appropriate (3 & 4) No Risk Workshops held Risk & Opp Workshops run Mitigation workshops (3 & 4) run by a NON certified facilitator & 4) run by certified facilitator by certified facilitator (2) for run by certified facilitator (2) for 3 3 by a NON certified facilitator for lead & supporting Divisions (2) lead & supporting Divisions lead & supporting Divisions involved in the Project involved in the Project involved in the Project Project set up in ROP for all Project set up in ROP with Project set up in ROP with Project Set up in ROP with all Project Set up in ROP for all 4. Projects Set up in Divisions in Project with ROP Project not in ROP only PM assigned as Risk Coord for Risks & Opps some Risk Coords assigned for Risks & Opps Risk Coords assigned for some Risk Coords assigned Divisions in Project with all Risk Coords assigned for Risks & Opps 2 3 Risks & Opps for Risks & Opps 1 - 20% Risks & Opps have 21 - 40% Risks & Opps have 41 - 60% Risks & Opps have 61 - 80% Risks & Opps have 81 - 100% Risks & Opps have Action 5. % Risks with Action 0 % Risks & Opps have Action Plans Plan in place Action Plan identified, dates and ownership assigned Action Plan identified, dates and ownership assigned Action Plan identified, dates and ownership assigned Action Plan identified, dates and ownership assigned Plan identified, dates and ownership assigned 4 0 Risk & Opps consistently on Cross Divisional Risk& Opp Functional Risk & Opps Risk & Opps appear adhoc 6. Maturity of Risk Risk & Opps not on any of the Project Coordination meeting mtg being held by lead meetings being run by Risk Action Plans progress linked to Meetings Projects Mtg agendas on the Projects Coordination Mtg agendas agenda with Action Plans Division in the project, with Coords with Action Plans Detailed Project Schedule (DPS) 1 2 progress tracked action plans being tracked progress tracked All Risks, Opps & Mitigating All Red Risks, Opps & Actions costed per BT costing All Risks, Opps & Mitigating Actions Some Risks, Opps & All Red Risks, Opps & Mitigating Actions costed per methodology and figure for costed per BT costing methodology 7. Risks being costed No Risks or Opps costed per correctly BT costing methodology Mitigating Actions costed per BT costing methodology Mitigating Actions costed per BT costing methodology BT costing methodology with some Yellow and Green Provision using Sum of all (Probabaility x Most Likely and figure for Provision using Monte Carlo simulation in EAC derived 0 2 costed as well Costs) in EAC derived from from this this 8. Maturity of Risk No reporting of Risk & Opp Risk & Opp situation reported Risk & Opp situation reported Risk & Opp situation reported Risk & Opp situation reported Risk & Opp situation reported Reporting situation Monthly to Project Core Team Monthly to Head of PM Monthly to Head of Functions Monthly to Divisional MOR Monthly to Group MOR 3 3 Certified / All Div's / Full No activity Informal Division trained Group Certified All Divisions in Project Process 16 21 In order to move up a level you must also have satisfied all the levels below Project RMMI 40% 53% Risk Mgt Maturity Score 42
  • 43. Management by Exception Project Team A risk tolerance structure is always established early in the project to Will I have unacceptable provide the boundaries within which schedule variance? Yes issues are categorised, managed, No and escalated. Risk management is Will I have unacceptable embedded in all work-streams. budget variance? Yes No Project Manager Executive Will I deviate appreciably from specifications? Yes Establish the Governance structure No that will span each of the Phases. Is the issue I am facing This structure will be necessary to politically sensitive? Yes ensure the overall success of the No project. The focus, attendance, and structure of will be different in each Make decision of the project phases. 43
  • 44. Categorising Risk
  • 45. Why Categorise Risk ?  Categories help identify additional risks  Categories may vary from project to project  External: Beyond team control  Internal: Within team control External Internal Predictable Unpredictable Financial Schedule Technical Legal (but uncertain) 45
  • 46. Eg. Risk Categories Manufacturing Product Design System/Software Fabrication Data Accuracy & Assembly Material & Product Design Processes Performance Maturity Server/Network Performance Process Availability Scaling Production Test & Weight Factor Tooling Evaluation System Maintenance Technology Compatibility Process Software Supplier Development Level Process Security Project Management Quality All Other Resources Schedule Quality Market Consumer Calibration Service Systems Product Customer Teamwork Cost Process Sigma Environment, Health & Adoption Capability Levels Safety Changing Scope 46
  • 47. Example – Risk Categorisation 47
  • 48. Risk Analysis - Qualitative & Quantitative
  • 49. Risk Assessment - Approaches Quantitative Qualitative Evaluation Baseline Point-in-Time Timing Approaches Identification Threat Continuous Vulnerability Team Self Assessment Independent Collaborative 49
  • 50. Risk - Quantification / Qualification Uninsurable Risks Valuation (factors to consider)  Supplier non-performance  Customer demand volatility Quantitative factors  Partner work stoppages Revenue value  Product defects/recalls Asset value  Emerging risks (pandemic) Cash flow value  Others Qualitative factors Insurable Risks Brand  Catastrophic disaster Compliance  Property damage/loss  Product liability Strategy  Business interruption  Others 50
  • 51. Risk Rating Guide Impact Low High 1 3 5 Probability High 5 15 25 R Show stopper 1 3 5 3 9 15 O Significant risk Low 1 3 5 Y Proceed with caution G No concern Probability Impact • Major uncertainties remain • Performance, quality, cost or safety • No or little prior experience or data impacts resulting in major redesign and High (5) program delay • Infrastructure and/or resources not in place • Some uncertainties remain • Performance, quality, cost and/or safety impacts resulting in minor redesign and Medium (3) • Some experience and data exist schedule adjustment • Infrastructure in place but under- resourced • Performance, quality, cost and safety requirements met within planned • Few uncertainties remain schedule Low (1) • Significant experience and data exist • Infrastructure in place and fully resourced 51
  • 52. Qualitative Risk Consequence of Occurrence Probability of Occurrence Very Low Low Moderate High Very High Very Low Low Moderate High Very High Low Risk Medium Risk High Risk 52
  • 53. Risk – Impact & Probability Analysis Impact Schedule Cost Performance Probability of Assessment risk occurring 3 Large slip to key Large increase in Major shortfall in > 50% milestone of total cost operational contractual performance importance 2 Small slip to key Significant Minor shortfall in 25-50% milestone of increase operational contractual in total cost performance, importance which impacts upon the customer 1 Small slip to an Small increase in Minor shortfall in 10-25% internal total cost operational milestone performance, which does not impact the customer 0 No impact on No increase in No impact on <10% schedule total operational cost performance 53
  • 54. Example – Impact Analysis Impact Cost Time Quality Very Manageable by Slight slippage against Slight reduction in Low exchange against internal targets quality / scope, no internal budgets overall impact Low Requires some Slight slippage against Failure to include additional funding key milestones or certain ‘nice to have’ from institution published targets elements Medium Requires significant Delay affects key Significant elements of additional funding stakeholders – loss of scope for functionality from institution confidence in the will be unavailable project High Requires significant Failure to meet key Failure to meet the reallocation of deadlines in relation to needs of a large institutional funds (or the academic year or proportion of borrowing) strategic plan stakeholders Very Increases threaten Delay jeopardises Project outcomes High viability of project viability of project effectively unusable 54
  • 55. Risk – Scoring System Consequences 1. No direct effect on operating service level 2. Minor deterioration in operating service level 3. Definite reduction in operating service level 4. Serious deterioration in operating service level 5. Operating service level approaches zero Likelihood of occurrence E. Probability of once in many years D. Probability of once in many operating months C. Probability of once in some operating weeks B. Probability of weekly occurrence A. Probability of daily occurrence Likelihood of detection A. Detectability is very high B. Considerable warning of failure before occurrence C. Some warning of failure before occurrence D. Little warning of failure before occurrence E. Detectability is effectively zero 55
  • 56. Risk - Scoring Results 56
  • 57. Risk Response Management
  • 58. Risk – Prioritised Consequence Transfer Terminate Tolerate Treat 0 Likelihood 58
  • 59. Example – Risk Contingency How Long Can Impact of Doing Without? Vulnerabilities? Contingency in case of a You Do Without? disaster? Equipment (IT only) 5 days After five days no way to No UPS/generator, MD Use paper reports for 5 days schedule production or hardware, SPOF SME then go manual for as many track orders members as possible Facility 0 days No production, potential for Metal building, flood Look for warehouse space, bankruptcy, IT non-existent zone, poor attempt to salvage equipment maintenance, no and restart operation, file perimeter security, door bankruptcy lock broken Personnel 0 days Degraded operations, low Too many SPOF Best effort shifting of available service levels staff, temps Raw Materials 30 days before None until on hand Single supplier Search for alternative supplier new deliveries exhausted relationship Transportation 30 days in No supplies Location, design of None System 2 days out No deliveries entrance Utilities 0 hours/power Extrusion shuts down, lines Single power feed, no None 0 hours/water cleaned, waste collected generator or backup and prepared for grinder, IT water supply non-existent Vendors (Sourcing) 4 hours No call center Mercy of vendor Bring in-house 59
  • 60. Risk – Monitor & Control
  • 61. Key Process Number Process Risk Number Risk Control Objective Control Number Control Description Control Owner Process Narrative Risk Control Matrix Control Category Control Type Primary/ Secondary Control Frequency Design Assessment 61
  • 62. Eg. Risk Register Project: ……………………………….. Reference: ………..... Key: H – High; M – Prepared by: …………….. Date: ………………… Medium; L - Low Type of Description of Probability Impact Risk reduction Contingency Risk Risk Risk strategy plans owner H M L Perf. Cost Time 62
  • 63. Lessons Learned
  • 64. On a regular basis review / monitor …. Top Down / Risk Risk Bottom Up Policies and Technology Risk Procedures Used Planning Risk Organisatio Risk Training and n Risk Management Continuous Culture, Program Improvemen Tolerance t Risk Risk Staff Monitoring Alignment Competenc & and y/ Performanc Governance Capability e Measures 64
  • 65. Note…  Risks impacts project objectives  The only thing we manage on a project is Risk  Sound Project Management is Sound Risk Management  Risks come from decisions we make as we try to achieve objectives  As a minimum risks need to be identified in the areas of technical, cost, schedule and quality  Risks require a factual condition and have a potential negative consequence  Integrating risk activities and communicating, vastly enhances the effectiveness of the overall Risk Management Program 65
  • 66. “A man's feet should be planted in his country, but his eyes should survey the world.” - George Santayana 66
  • 67. Good Luck http://www.linkedin.com/in/anandsubramaniam 67