Risk Management Framework

  Process, Tools & Techniques to
     Minimise Risk Exposure

       Anand Subramaniam
“If you are never scared or embarrassed or
       hurt, it means you never take any
                   chances.”

        ...
Highlights
   Risk Exposure
   Project, Program, Project Portfolio Risks
   Risk Management – Overview
   Risk Managem...
Risk Exposure
Risk !!




          5
Risk - Challenges & Expectations
                                     Stakeholders                       Drivers
         ...
Risk Exposure Areas

 Concept      Technology   Sys Dev & Prod & Deploy Opns &
Refinement     Develop       Demo          ...
Risk Exposure due to..




                         8
Risk – Plan vs. Actual Performance

                                                        Poor Risk
                    ...
Risk Management Realities…

Insurance Not Purchased       Insurance Not Available

      Political Risk                 Wa...
Project, Program, Project Portfolio
              Risks
Integrated Risk Management
                                           Life Cycle &
                                       ...
Project Risk - Exposure / Impact

Internal           Schedul                                    Resourc
 Risks            ...
Project - Opportunities / Risks

     Opportunities                                  Risks
• Identifies gaps in realisatio...
Projects & PPM – Risk Exposure
                Scope                                   Goals

       Risk                 ...
Risks - Project Manager’s Role
 Understand business case and project context
 Baseline the risk register
 Oversee risk ...
Program Manager’s Challenge
                                         Shareholder /
                                       ...
Portfolio Risk Management
                           Executive Board




                                                 ...
Risk Management - Overview
What is Risk?
                       There is a
GIVEN               POSSIBILITY that,
                                    ...
Risk Process – Conceptual Overview
                                 Establish the context
 Communicate and Consult




   ...
Risk Elements
                 TOOLS & TECHNIQUES

                 Scaleable, fit for purpose
PROCESSES
                 ...
Risk – Project & Process Elements
  Project Elements                       Process Elements

      Roles &                ...
Risk Scope

           Requirements/
            Specification




Quality                     Cost




            Schedu...
Risk Management – Strategy to Execution
                                                       Write
 Perform risk assess...
Risk Management Process - PMBOK




                             Source: PMI


                                    26
Risk Management - Framework
Defining a Risk Framework

                        Goals and Objectives

    Internal                  Timing
     Audit
 ...
Risk Framework



   ion




                      Stra
     t
  ecu




                          t
                     ...
Risk - Strategy
            Input                       Techniques                    Output
•   Business Strategy        ...
Risk - Tactical
            Input                    Techniques                        Output
•   Risk Profile            ...
Risk - Execution
            Input                      Techniques                        Output
•   Risk Strategy        ...
Knowledge – Capture & Improve


     Continuously
                                Capture
       Improve



              ...
Risk Management – Lessons Learned

     Capture            Communicate                 Collaborate                 Improve...
Risk Management - Governance
Risk Management - Governance
                  Portfolio Risk     Program           Project Risk     Contractor Risk
     ...
Risk Management – Governance Steps

Planning
                     Identification
                                        A...
Risk – Org. Policy, Tolerance,
  Maturity Level, Reporting
Risk Policy / Escalation Process
Corporate Risks                    Objectives

                                  Risk App...
Example – Risk Tolerance




                           40
Organisation Maturity & Risk Strategies
                    Level 1              Level 2               Level 3            ...
Example – Risk Maturity Matrix
                                                      Increase in maturity of Risk Mgt core...
Management by Exception
       Project Team
                                   A risk tolerance structure is always
      ...
Categorising Risk
Why Categorise Risk ?
 Categories help identify additional risks
 Categories may vary from project to
  project
      E...
Eg. Risk Categories
                                                                        Manufacturing
   Product Desig...
Example – Risk Categorisation




                                47
Risk Analysis - Qualitative &
       Quantitative
Risk Assessment - Approaches

                   Quantitative                  Qualitative

                              ...
Risk - Quantification / Qualification
                                          Uninsurable Risks
Valuation (factors to co...
Risk Rating Guide
                                                     Impact
                                            ...
Qualitative Risk

                          Consequence of Occurrence
Probability
of Occurrence       Very Low   Low Moder...
Risk – Impact & Probability Analysis
Impact       Schedule            Cost                Performance          Probability...
Example – Impact Analysis
Impact   Cost                      Time                       Quality
Very     Manageable by    ...
Risk – Scoring System
Consequences               1.   No direct effect on operating service level
                        ...
Risk - Scoring Results




                         56
Risk Response Management
Risk – Prioritised
Consequence




         Transfer      Terminate




         Tolerate      Treat


   0               ...
Example – Risk Contingency
                       How Long Can     Impact of Doing Without?          Vulnerabilities?     ...
Risk – Monitor & Control
Key Process Number




            Process
        Risk Number




            Risk
           Control
          Objective...
Eg. Risk Register
Project: ………………………………..                                                     Reference: ……….....
        ...
Lessons Learned
On a regular basis review / monitor ….

 Top Down /
                                Risk                         Risk
 Bot...
Note…
 Risks impacts project objectives
 The only thing we manage on a project is Risk
 Sound Project Management is Sou...
“A man's feet should be planted in his
country, but his eyes should survey the
                 world.”

                 ...
Good Luck
http://www.linkedin.com/in/anandsubramaniam




                                              67
Upcoming SlideShare
Loading in...5
×

Risk Management Framework

52,268

Published on

Process, Tools & Techniques to Minimise Risk Exposure

Published in: Business, Economy & Finance
99 Comments
253 Likes
Statistics
Notes
  • If you are sharing electronically could you send one to mervin@sacs.co.za
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • It is very helpful presentation. I appreciate an electronic copy. My mail address is : said.khalifa@gmail.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • It is very helpful presentation. I appreciate an electronic copy.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Very helpful presentation. I would appreciate an electronic copy if possible: gotcpa1972@gmail.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • @Tim O'Connor , Hello Tim, My self Babu. Regarding Risk Management from Anand ( Slideshare ). Please forward document of Risk management if have ( which is Anand sent ).
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
52,268
On Slideshare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
0
Comments
99
Likes
253
Embeds 0
No embeds

No notes for slide

Risk Management Framework

  1. 1. Risk Management Framework Process, Tools & Techniques to Minimise Risk Exposure Anand Subramaniam
  2. 2. “If you are never scared or embarrassed or hurt, it means you never take any chances.” - Julia Sorel 2
  3. 3. Highlights  Risk Exposure  Project, Program, Project Portfolio Risks  Risk Management – Overview  Risk Management – Framework  Risk Management – Governance  Risk - Org. Policy, Tolerance, Maturity Level, Ad- hoc Reporting  Categorising Risk  Risk Analysis - Qualitative & Quantitative  Risk Response Management  Monitoring & Controlling Risks 3
  4. 4. Risk Exposure
  5. 5. Risk !! 5
  6. 6. Risk - Challenges & Expectations Stakeholders Drivers  Citizens  Mission & Objectives  Visitors  Trust & Reputations  Regulators  Asset & Capital Management  Government Agencies  Expenditures & Budget  Others  Regulations Challenges  Digital Divide  Volume  Social, Cultural and Educational Issues  Cost Management  Existing Infrastructure  Regulatory  Legacy Systems, Interoperability Requirements Expectations Delivering Value Managing Cost Managing Risk Change Mngt Compliance  Availability  Project  Confidentiality  Project / Program  Regulatory  Accessibility Management  Security Implementation Compliance  Infrastructure  Program  Data Integrity  Change  Vendor Risk  Management  Management Management Reliability Applications   Project Portfolio  Interoperability  Monitoring Governance Management  Privacy Outsourced  Control Monitoring  Innovation  Identity & Access Operations Management  Incident Response 6
  7. 7. Risk Exposure Areas Concept Technology Sys Dev & Prod & Deploy Opns & Refinement Develop Demo Support Opportunity Capture Pre- Proposal Dev Post- Assessment Team Dev Proposal Submit 7
  8. 8. Risk Exposure due to.. 8
  9. 9. Risk – Plan vs. Actual Performance Poor Risk io ns Management ct at x pe Performance e rE Technical m Inability s to Cu ce rman Perfo Actual Time 9
  10. 10. Risk Management Realities… Insurance Not Purchased Insurance Not Available Political Risk War / Strike Environmental Reputational Advertiser’s Liability Terrorism Biological Professional Liability Nuclear / Radiation E-Commerce Liability Regulatory Fines & Penalties Certain lines of Products Poor Business Judgment Patent Infringement Supply Chain Interruption Product recall Loss of Market Share Non-Owned Breach of Contract Terrorism Global Pandemic Liability Fraud 10
  11. 11. Project, Program, Project Portfolio Risks
  12. 12. Integrated Risk Management Life Cycle & Environmen Communi- Scope Integration t Variables cation Ideas, Expectation Directives, s Feasibility Data Exchange Requiremen Projec Availability, Human Quality Productivity t Standards t Risk Resources Cost Time Objectives, Objectives, Restraints Restraints Contract / Services, Time Materials: Cost Procure Performanc e Source: Wideman, Max R., ed., 12
  13. 13. Project Risk - Exposure / Impact Internal Schedul Resourc Risks Financial Quality e e Project Project Project Objectives Planning Execution Externa Integra- Procure- Commun Scope l Risks tion ment i-cation Opportunities for Tradeoffs - Resulting from Risk Analyses 13
  14. 14. Project - Opportunities / Risks Opportunities Risks • Identifies gaps in realisation of • Fragmented project plans strategic objectives • Poorly defined project mission & • Escalates current risks and tasks identifies potential risks earlier • No clear process for escalating • Ensures proper communications risks to senior management to relevant stakeholders • Insufficient reporting to support • Improves monitoring and control top-management decisions of projects • Ineffective enforcement of project • Mediates issue resolution controls and policies • Increases efficiency in tracking • Conflict between line and project progress of projects managers • Integrates project plans for all • Projects do not meet deadlines projects – standardises progress and / or milestones reporting • Lack of standardised reports and reporting frameworks 14
  15. 15. Projects & PPM – Risk Exposure Scope Goals Risk Risk Risk Risk Project Risk Project Risk Portfolio Risk Managemen Managemen t t Process Time Cost Culture Maturity 15
  16. 16. Risks - Project Manager’s Role  Understand business case and project context  Baseline the risk register  Oversee risk management activities  Embed risk thinking into project review meetings  Ensure risk response actions are carried out (threats, issues & opportunities)  Utilise risk management reserve efficiently  Manage stakeholder expectations  Deliver to time, cost and quality 16
  17. 17. Program Manager’s Challenge Shareholder / Stakeholder Value Programme & What are Operational the risks? Benefits Project What are the risks? Deliverables What are the risks? 17
  18. 18. Portfolio Risk Management Executive Board Guidance Programmes Operations Information Functional Projects Logistics Contractors Contractors Supply chain Supply chain 18
  19. 19. Risk Management - Overview
  20. 20. What is Risk? There is a GIVEN POSSIBILITY that, Will Condition Consequence Occur • Must be a FACT or perceived to be FACT • Must be REALITY BASED • Can have NO uncertainty attached Must be ACTIONABLE ONE condition and ONE consequence per statement 20
  21. 21. Risk Process – Conceptual Overview Establish the context Communicate and Consult Identify risks Monitor and Review Analyse risks Evaluate risks Assess risks Treat risks 21
  22. 22. Risk Elements TOOLS & TECHNIQUES Scaleable, fit for purpose PROCESSES PEOPLE & BEHAVIORS Well defined, part of normal work routine, Management commitment, consistently delivery teams own the risks, used across operations involved early, projects contractors engaged, reward the right behaviors 22
  23. 23. Risk – Project & Process Elements Project Elements Process Elements Roles & Risk Assessment Responsibilities What is the Scope of the Risk Assessment? What Adverse Events Can Happen? How Likely are These Events to Occur? Personnel How Severe Would the Consequences Be if the Events Did Occur? Feedback Loops Qualifications Risk Control & Decision Support Management of Change What Could Be Done to Control Risks? What Are the Relative Merits of the Risk Control Options? What Set of Activities Best Achieves Risk Management Goals? Communications Documentation Performance Monitoring & Feedback Project Evaluation and What Improvements are Expected to Result from the Risk Control Decisions? Improvement What Measures Best Capture These Expected Outcomes? Are the Selected Risk Control Activities Having the Intended Effect? How Can the Overall Risk Management Process be Improved? 23
  24. 24. Risk Scope Requirements/ Specification Quality Cost Schedule 24
  25. 25. Risk Management – Strategy to Execution Write  Perform risk assessment Plan  Risk management plan developed Assemble  Risk assessment team assembled Team  Risk generation process executed  Risk list rationalised Generate Risks  Risks ranked and prioritised  Response plans written Rationalise List  Risk review process established  Risk review done periodically Rank Risks  Institutionalise ongoing risk assessment Write  Ongoing risk reviews Responses  Execution of risk response plans if necessary Monitor & Control 25
  26. 26. Risk Management Process - PMBOK Source: PMI 26
  27. 27. Risk Management - Framework
  28. 28. Defining a Risk Framework Goals and Objectives Internal Timing Audit Milestones Risk Executive Manage Team composition Management Approach and r Methodology Tools Project Sponsor Reporting Information Criteria 28
  29. 29. Risk Framework ion Stra t ecu t egy Ex Iterate & Improve Tactical 29
  30. 30. Risk - Strategy Input Techniques Output • Business Strategy • Interviews • Risk Profile • Value Drivers • Questionnaires • Risk Organisation Chart • Organisation Process • Checklist • Roles & Responsibilities • Define Risk Management • Assumption Analysis • SWOT Analysis Objectives • SWOT template • Optimal Network Structure • Determine Risk Appetite / • Risk Strategy Tolerance • Risk Register • Define Risk Organisation • Risk Policies • Perform SWOT Analysis • Risk Governance Process • Design supply chain to match Risk Profile • Map & Evaluate Current Network • Analysis – Cost, Inventory • Identify & Evaluate Alternative Structures 30
  31. 31. Risk - Tactical Input Techniques Output • Risk Profile • Qualitative Assessment - • Rank Alternatives • Risk Organisation Chart Probability / Impact • Risks Related to • Roles & Responsibilities Matrix, Brainstorming, Contractual Agreements • SWOT Analysis Cause & Effect Diagrams • Risk Categorisation • Optimal Network Structure • Quantitative Assessment - • Ranking of Failure Points • Risk Strategy FMEA, Simulation, • Risk Database Populated • Risk Register Modelling, Diagramming with Alert Criteria • Select Optimal Network Techniques • Alert Process Defined Structure • Strategies for Negative • Identify Failure Points in and Positive Risks the Supply Chain • Strategies for • Prioritise the Failure Opportunities & Threats Points • Contingency Response • Identify Alternatives Strategies • Define the Alert Criteria • Risk Management Information Systems 31
  32. 32. Risk - Execution Input Techniques Output • Risk Strategy • Status Meeting • Risk Registers • Risk Policies • Risk Reassessments • Recommendation – • Risk Governance • Risk Audits Preventive, Awareness, • Risk Register • Variance / Trend Analysis Remediation • Rank Alternatives • Performance Measures • Monitor Inherent, Residual • Risks Related to • Reserve Analysis & Secondary Risks Contractual Agreements • Alert Mechanisms • Evaluate Effectiveness • Risk Categorisation • Risk Management • Ranking of Failure Points Knowledgebase • Risk Database With Alert Criteria / Process • Performance Reports • Collaborate on Risk Response Plan • Continuously Monitor 32
  33. 33. Knowledge – Capture & Improve Continuously Capture Improve Lessons Learnt Collaborate Communicate 33
  34. 34. Risk Management – Lessons Learned Capture Communicate Collaborate Improve Input Input Input Input • Detect disruptions • Communicate • Review immediate • Review action plan and estimate impact of action and identify from project impact on supply disruptions causes closure phase chain performance Process Process Process Process • Risk responsible • Identify alternative • Review success / • Identify & identifies disruption solutions failure of solutions categorise & leads meeting • Select best implemented disruptions with participants alternative • Re-group if • Record risk in risk • Distribute reports • Delegate mitigation is database and documents assignment unsuccessful from ‘capture’ to • Record / update Output ‘closure’ Output the solutions • Disruption list • Project closure • Risk database Output report Output • Follow-up • Review action • Updated risk points & follow up database 34
  35. 35. Risk Management - Governance
  36. 36. Risk Management - Governance Portfolio Risk Program Project Risk Contractor Risk Mgmt Plan Risk Mgmt Mgmt Plan Key Plan Mgmt Plan Risk Mgmt Initiate Risk Governance Mgmt Document Ongoing Risk Activity Plan Risk Mgmt Monitor & Control the Discrete Risk Activity Risk Mgmt Process (Includes Learning and Identify Continuous Risks Improvement) Close-out Control Assess Risk Mgmt Risks Risk Register Risks Respond to Risks 36
  37. 37. Risk Management – Governance Steps Planning Identification Assessment Analysis Closure • Methods • FTAs • ROI • Deterministic • Mitigation • Resources • Experts • ROIC • Simulation • Prevention • Requirements • FMEAs • Quantify • Tech Perf • Complete info • Responsibilities • History • Tech Perf Measures • Critical Items • Program Measures • Business Case & Issues List Documentation Analysis • Business Case Analysis 37
  38. 38. Risk – Org. Policy, Tolerance, Maturity Level, Reporting
  39. 39. Risk Policy / Escalation Process Corporate Risks Objectives Risk Appetite Strategic Risks Risk Priorities + Significant Escalation Strategic Mitigation Tactical Risks Authorisation Behaviour Tactical Risks 39
  40. 40. Example – Risk Tolerance 40
  41. 41. Organisation Maturity & Risk Strategies Level 1 Level 2 Level 3 Level 4 Level 5 Culture Increased Culture becomes Consistency of Unaware Early awareness Awareness Known and Past and Future and bias Uniform Actions Technology Isolated projects; More "joined up" Vision drives Vision becomes None initiated from the thinking, but still vision bottom up silo-oriented. decisions Competitive Edge Alignment of Weak, early Understanding Understanding Understanding of bus. and IT Unknown concept awareness and focus at silo level and focus across lines of business wider scope; collaboration Stakeholder First signs of Stakeholder Well Understood, Optimal alignment No alignment Stakeholder Analysis, Trade Drives Decisions Stakeholder centricity; silos Off analysis Benefits Early Attempts Governance model Governance None Becomes a To resolve Defines and in Strong Governance model concern Governance issues Place Culture No process Team-based; Process integration Shared processes End-to-end Process fragmented; At department across process Integrity orientation minimal insight level the company optimisation Weak, Fragmented; Strong Strong functionality Superior functionality; IT plan limited functionality functionality with company- integrated beyond Very fragmented; and focus within silos level integration the company Data None, poor Focus on silo Ongoing, Iterative Competitive strategy quality Operational focus quality Process to maintain Differentiator Quality 41
  42. 42. Example – Risk Maturity Matrix Increase in maturity of Risk Mgt core skill sets Increase # of Risk Mgt core skill sets PROJECT EXECUTION RISK MATURITY MATRIX INDEX Current Target & Date Level Level 0 Level 1 Level 2 Level 3 Level 4 Level 5 (Score) Q4'03 Certified (2) Risk Mgr or Divisional PM's assigned Divisional Risk Coordinators 1. Risk Org Support PM core team has not been PM responsibility allocated to Functional Risk Div/Area/Site Risk Structure's in place allocated to project yet Risk Mgt of project Coordinators appointed Coordinator nominated to Risk Mgt responsibility for all divisions involved in project assigned for all divisions involved 2 3 in project support project when required (1) Project Team trained in BT Certified (2) Divisional or Risk & Oppty Mgt 5 Step Area/ Site Risk Mgt support Project Team trained (1) in BT Project Team trained (1) in BT Risk 2. Project Teams Risk No training received by Project Process (Module 2) coord allocated to support ROP Database Use (Module 6) Costing Methodology (Module 8) Trained (1 & 2) Team Informal training received emphasis on understanding project core team assigned to and how to run a Risk Meeting and reporting Risk in the MOR 1 5 3C's methodology (Module 3) project trained in Facilitating (Module 7) (Module 10) Roles & Responsibility Risk Workshops (Module 5) (Module 4) Risk & Opp - ID, Assess & Risk & Opp - ID, Assess & Cross Divisional Risk & Opp - ID, Risk & Opp Assess & (3 & 4) Risk & Opp - ID, Assess & Mitigation workshops (3 & 4) run Mitigating Action workshops (3 Mitigation workshops run Assess & Mitigation workshops (3 & 4) 3. Appropriate (3 & 4) No Risk Workshops held Risk & Opp Workshops run Mitigation workshops (3 & 4) run by a NON certified facilitator & 4) run by certified facilitator by certified facilitator (2) for run by certified facilitator (2) for 3 3 by a NON certified facilitator for lead & supporting Divisions (2) lead & supporting Divisions lead & supporting Divisions involved in the Project involved in the Project involved in the Project Project set up in ROP for all Project set up in ROP with Project set up in ROP with Project Set up in ROP with all Project Set up in ROP for all 4. Projects Set up in Divisions in Project with ROP Project not in ROP only PM assigned as Risk Coord for Risks & Opps some Risk Coords assigned for Risks & Opps Risk Coords assigned for some Risk Coords assigned Divisions in Project with all Risk Coords assigned for Risks & Opps 2 3 Risks & Opps for Risks & Opps 1 - 20% Risks & Opps have 21 - 40% Risks & Opps have 41 - 60% Risks & Opps have 61 - 80% Risks & Opps have 81 - 100% Risks & Opps have Action 5. % Risks with Action 0 % Risks & Opps have Action Plans Plan in place Action Plan identified, dates and ownership assigned Action Plan identified, dates and ownership assigned Action Plan identified, dates and ownership assigned Action Plan identified, dates and ownership assigned Plan identified, dates and ownership assigned 4 0 Risk & Opps consistently on Cross Divisional Risk& Opp Functional Risk & Opps Risk & Opps appear adhoc 6. Maturity of Risk Risk & Opps not on any of the Project Coordination meeting mtg being held by lead meetings being run by Risk Action Plans progress linked to Meetings Projects Mtg agendas on the Projects Coordination Mtg agendas agenda with Action Plans Division in the project, with Coords with Action Plans Detailed Project Schedule (DPS) 1 2 progress tracked action plans being tracked progress tracked All Risks, Opps & Mitigating All Red Risks, Opps & Actions costed per BT costing All Risks, Opps & Mitigating Actions Some Risks, Opps & All Red Risks, Opps & Mitigating Actions costed per methodology and figure for costed per BT costing methodology 7. Risks being costed No Risks or Opps costed per correctly BT costing methodology Mitigating Actions costed per BT costing methodology Mitigating Actions costed per BT costing methodology BT costing methodology with some Yellow and Green Provision using Sum of all (Probabaility x Most Likely and figure for Provision using Monte Carlo simulation in EAC derived 0 2 costed as well Costs) in EAC derived from from this this 8. Maturity of Risk No reporting of Risk & Opp Risk & Opp situation reported Risk & Opp situation reported Risk & Opp situation reported Risk & Opp situation reported Risk & Opp situation reported Reporting situation Monthly to Project Core Team Monthly to Head of PM Monthly to Head of Functions Monthly to Divisional MOR Monthly to Group MOR 3 3 Certified / All Div's / Full No activity Informal Division trained Group Certified All Divisions in Project Process 16 21 In order to move up a level you must also have satisfied all the levels below Project RMMI 40% 53% Risk Mgt Maturity Score 42
  43. 43. Management by Exception Project Team A risk tolerance structure is always established early in the project to Will I have unacceptable provide the boundaries within which schedule variance? Yes issues are categorised, managed, No and escalated. Risk management is Will I have unacceptable embedded in all work-streams. budget variance? Yes No Project Manager Executive Will I deviate appreciably from specifications? Yes Establish the Governance structure No that will span each of the Phases. Is the issue I am facing This structure will be necessary to politically sensitive? Yes ensure the overall success of the No project. The focus, attendance, and structure of will be different in each Make decision of the project phases. 43
  44. 44. Categorising Risk
  45. 45. Why Categorise Risk ?  Categories help identify additional risks  Categories may vary from project to project  External: Beyond team control  Internal: Within team control External Internal Predictable Unpredictable Financial Schedule Technical Legal (but uncertain) 45
  46. 46. Eg. Risk Categories Manufacturing Product Design System/Software Fabrication Data Accuracy & Assembly Material & Product Design Processes Performance Maturity Server/Network Performance Process Availability Scaling Production Test & Weight Factor Tooling Evaluation System Maintenance Technology Compatibility Process Software Supplier Development Level Process Security Project Management Quality All Other Resources Schedule Quality Market Consumer Calibration Service Systems Product Customer Teamwork Cost Process Sigma Environment, Health & Adoption Capability Levels Safety Changing Scope 46
  47. 47. Example – Risk Categorisation 47
  48. 48. Risk Analysis - Qualitative & Quantitative
  49. 49. Risk Assessment - Approaches Quantitative Qualitative Evaluation Baseline Point-in-Time Timing Approaches Identification Threat Continuous Vulnerability Team Self Assessment Independent Collaborative 49
  50. 50. Risk - Quantification / Qualification Uninsurable Risks Valuation (factors to consider)  Supplier non-performance  Customer demand volatility Quantitative factors  Partner work stoppages Revenue value  Product defects/recalls Asset value  Emerging risks (pandemic) Cash flow value  Others Qualitative factors Insurable Risks Brand  Catastrophic disaster Compliance  Property damage/loss  Product liability Strategy  Business interruption  Others 50
  51. 51. Risk Rating Guide Impact Low High 1 3 5 Probability High 5 15 25 R Show stopper 1 3 5 3 9 15 O Significant risk Low 1 3 5 Y Proceed with caution G No concern Probability Impact • Major uncertainties remain • Performance, quality, cost or safety • No or little prior experience or data impacts resulting in major redesign and High (5) program delay • Infrastructure and/or resources not in place • Some uncertainties remain • Performance, quality, cost and/or safety impacts resulting in minor redesign and Medium (3) • Some experience and data exist schedule adjustment • Infrastructure in place but under- resourced • Performance, quality, cost and safety requirements met within planned • Few uncertainties remain schedule Low (1) • Significant experience and data exist • Infrastructure in place and fully resourced 51
  52. 52. Qualitative Risk Consequence of Occurrence Probability of Occurrence Very Low Low Moderate High Very High Very Low Low Moderate High Very High Low Risk Medium Risk High Risk 52
  53. 53. Risk – Impact & Probability Analysis Impact Schedule Cost Performance Probability of Assessment risk occurring 3 Large slip to key Large increase in Major shortfall in > 50% milestone of total cost operational contractual performance importance 2 Small slip to key Significant Minor shortfall in 25-50% milestone of increase operational contractual in total cost performance, importance which impacts upon the customer 1 Small slip to an Small increase in Minor shortfall in 10-25% internal total cost operational milestone performance, which does not impact the customer 0 No impact on No increase in No impact on <10% schedule total operational cost performance 53
  54. 54. Example – Impact Analysis Impact Cost Time Quality Very Manageable by Slight slippage against Slight reduction in Low exchange against internal targets quality / scope, no internal budgets overall impact Low Requires some Slight slippage against Failure to include additional funding key milestones or certain ‘nice to have’ from institution published targets elements Medium Requires significant Delay affects key Significant elements of additional funding stakeholders – loss of scope for functionality from institution confidence in the will be unavailable project High Requires significant Failure to meet key Failure to meet the reallocation of deadlines in relation to needs of a large institutional funds (or the academic year or proportion of borrowing) strategic plan stakeholders Very Increases threaten Delay jeopardises Project outcomes High viability of project viability of project effectively unusable 54
  55. 55. Risk – Scoring System Consequences 1. No direct effect on operating service level 2. Minor deterioration in operating service level 3. Definite reduction in operating service level 4. Serious deterioration in operating service level 5. Operating service level approaches zero Likelihood of occurrence E. Probability of once in many years D. Probability of once in many operating months C. Probability of once in some operating weeks B. Probability of weekly occurrence A. Probability of daily occurrence Likelihood of detection A. Detectability is very high B. Considerable warning of failure before occurrence C. Some warning of failure before occurrence D. Little warning of failure before occurrence E. Detectability is effectively zero 55
  56. 56. Risk - Scoring Results 56
  57. 57. Risk Response Management
  58. 58. Risk – Prioritised Consequence Transfer Terminate Tolerate Treat 0 Likelihood 58
  59. 59. Example – Risk Contingency How Long Can Impact of Doing Without? Vulnerabilities? Contingency in case of a You Do Without? disaster? Equipment (IT only) 5 days After five days no way to No UPS/generator, MD Use paper reports for 5 days schedule production or hardware, SPOF SME then go manual for as many track orders members as possible Facility 0 days No production, potential for Metal building, flood Look for warehouse space, bankruptcy, IT non-existent zone, poor attempt to salvage equipment maintenance, no and restart operation, file perimeter security, door bankruptcy lock broken Personnel 0 days Degraded operations, low Too many SPOF Best effort shifting of available service levels staff, temps Raw Materials 30 days before None until on hand Single supplier Search for alternative supplier new deliveries exhausted relationship Transportation 30 days in No supplies Location, design of None System 2 days out No deliveries entrance Utilities 0 hours/power Extrusion shuts down, lines Single power feed, no None 0 hours/water cleaned, waste collected generator or backup and prepared for grinder, IT water supply non-existent Vendors (Sourcing) 4 hours No call center Mercy of vendor Bring in-house 59
  60. 60. Risk – Monitor & Control
  61. 61. Key Process Number Process Risk Number Risk Control Objective Control Number Control Description Control Owner Process Narrative Risk Control Matrix Control Category Control Type Primary/ Secondary Control Frequency Design Assessment 61
  62. 62. Eg. Risk Register Project: ……………………………….. Reference: ………..... Key: H – High; M – Prepared by: …………….. Date: ………………… Medium; L - Low Type of Description of Probability Impact Risk reduction Contingency Risk Risk Risk strategy plans owner H M L Perf. Cost Time 62
  63. 63. Lessons Learned
  64. 64. On a regular basis review / monitor …. Top Down / Risk Risk Bottom Up Policies and Technology Risk Procedures Used Planning Risk Organisatio Risk Training and n Risk Management Continuous Culture, Program Improvemen Tolerance t Risk Risk Staff Monitoring Alignment Competenc & and y/ Performanc Governance Capability e Measures 64
  65. 65. Note…  Risks impacts project objectives  The only thing we manage on a project is Risk  Sound Project Management is Sound Risk Management  Risks come from decisions we make as we try to achieve objectives  As a minimum risks need to be identified in the areas of technical, cost, schedule and quality  Risks require a factual condition and have a potential negative consequence  Integrating risk activities and communicating, vastly enhances the effectiveness of the overall Risk Management Program 65
  66. 66. “A man's feet should be planted in his country, but his eyes should survey the world.” - George Santayana 66
  67. 67. Good Luck http://www.linkedin.com/in/anandsubramaniam 67

×