Comprehensive Overview Of Risk Management
Upcoming SlideShare
Loading in...5

Comprehensive Overview Of Risk Management



A comprehensive overview of project risk management. Assumes a familiarity with fundamental concepts of project management.

A comprehensive overview of project risk management. Assumes a familiarity with fundamental concepts of project management.



Total Views
Views on SlideShare
Embed Views



3 Embeds 5 2 2 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Comprehensive Overview Of Risk Management Comprehensive Overview Of Risk Management Presentation Transcript

  • Risk Management Andrew P. Valenti, Principal Consultant Valenti Partners
  • Risk Management and Product Development
    • The list of Risks:
    • Risk management is an integral part of project management
    • Product development requires project management
    • Therefore, managing risk should be as natural as managing the schedule (but it isn’t)
    Key Idea + = Risk Management Methodology
  • What is Risk?
    • Risk is the possibility:
    • Of being hurt. A lot of the time, people say risk , but are actually talking about probability , which is how likely something is to happen. To people who have jobs in judging risks, "risk" is not only how likely something bad is to happen, but also how bad it could be. (From Wikipedia).
    • That an undesired outcome (or lack of a desired outcome) disrupts your project.
    • Risk management is the activity of identifying and controlling undesired project outcomes
  • What is Risk?
    • When you are dealing with risk there are always uncertainties
    • You can narrow, but not eliminate, the uncertainty, by:
      • Clarifying the probability
      • Understanding the consequences or alternatives
      • Determining what drives the risk
    • Risk management helps you understand these factors and consistently sway them in your favor
    The more precisely the position is determined, the less precisely the momentum is known in this instant, and vice versa. --Heisenberg, uncertainty paper, 1927
  • Risk vs. Issues
    • Events that are certain to occur are issues
    • Issues arise while identifying risks, but they proceed on a different action-planning track.
    Key Idea
  • Time component
    • For every project risk, there is a time when it no longer exists
    • It is important to know when this termination time arrives so the risk can be removed
    • In some cases, termination time is distinct, in others it is ongoing.
    • Sometimes, the “time component” is manifest as a condition instead of time.
    Risk always involves the possibility of some kind of loss
  • Determining a Risk Candidate Candidate Uncertain? Loss Possible? Time Component? Risk Yes Yes Yes Yes No No No Issue No Impact Irresolvable The three components of a risk, which determine our ability to manage it.
  • Why Companies Fail in Managing Risk
    • Failure to address:
    • Cross-functionality
    • Pro-activeness
  • Why Companies Fail in Managing Risk
    • Cross functionality
      • Unique, superior, differentiated products
      • Strong market orientation
      • Sharp, early fact-based product definition
      • Solid market & technical research
      • Cross-functional teams
      • Built on core-strengths
      • Market attractiveness
      • Quality launch processes
      • Technical competence
  • Why Companies Fail in Managing Risk
    • Proactiveness:
    • Wait until late in the project when many risks start occurring
    • Let risk management lapse
    • “ Eighty percent of success is showing up.”
            • -Woody Allen
  • Why Companies Fail in Managing Risk
    • Wait until late in the project when many risks start occurring:
    • Late attention to risks often leads to expensive workarounds
    • Late discovery of potential problems precludes solutions that would have been available earlier
    • Late surprises are more disruptive to the schedule
  • Why Companies Fail in Managing Risk
    • Let risk management lapse
    • The team does deliver a list of risks, but gets on with the “real” work of the project
    • When risks occur, they are just as unprepared, but more embarrassed!
  • The Antithesis of Risk Management: Firefighting
    • A type of management behavior, often reinforced
    • A corporate firefighter is so involved in fighting the last fire that they let the next one smolder
    • Then this person pulls the new problem out of the fire and is regarded as a hero
  • How Much Risk Management?
    • The more risks you identify, analyze, and monitor, the more it will cost.
    • Good risk management requires explicit choices and decisions that are reviewed regularly
    • Consider each risk in terms of what it can do for you as well as the harm
    • Remember: project management is risk management!
    Hurricane Katrina: Three men use makeshift oars to paddle a damaged boat.
  • Using Project Risk Models
  • Introduction
    • The Risk Management methodology depends on the model:
    • Helps quantify the magnitude of a risk for comparison purposes
    • Points to root causes for risk resolution
    Credit Risk Model
  • Risk Models
    • Models:
    • Ground us in a common viewpoint so that we can communicate with others
    • Form a common basis for analyzing a risk situation
    • Provides a systematic way of dealing with risk
    Key Idea
  • Standard Risk Model
    • Seven Components:
    • Risk Event : The state that triggers a loss
    • Risk event driver : Something in the project environment can cause a risk to occur
    • Probability of risk event : Likelihood of a risk event
    • Impact : Consequence or potential loss
  • Standard Risk Model
    • Seven Components cont.:
    • Impact driver : Something in the project environment can cause an impact
    • Probability of impact : Likelihood of an impact, given that the risk occurs
    • Total loss : Magnitude of the actual loss accrued when a risk event occurs
  • The Standard Risk Model Probability of risk event (P e ) Probability of impact (P i ) Risk event driver(s) Impact drivers Risk Event Impact Total loss (L t )
  • Simple Risk Model Simple Risk Model. Combines the risk event and impact into a single entity along with the risk’s probability of occurrence. Probability of risk event & impact (P e and P i ) Driver(s) Risk event and impact Total loss
  • The Risk Management Process
  • The Risk Management Process
    • Overview of the process:
    • Identify risks that you could encounter
    • Analyze risks to determine drivers, impact, and probability
    • Prioritize and map the risks to a short list
    • Plan how you will take action
    • Monitor progress on a regular basis
    The Old Mill
  • Critical information The Five-step Risk Management Process Risk events and impact Drivers, probabilities and total loss Subset of risks to be managed Types of action plans: avoidance, transfer, redundancy and mitigation (prevention, contingency, reserves) Assess status and closure of targeted risks; identify new risks Step 1: Identify risks Step 2: Analyze risks Step 3: Prioritize and map risks Step 4: Resolve risks Step 5: Monitor risks Regular check for new project risks Steps
  • Step1: Identifying Project Risks
    • Criteria:
    • Need a facilitator without a stake in the outcome
    • A brainstorming activity: strive for quantity
    • Define happening that could occur along with a time component
    • Describe the impact
    Line up
  • Step 2: Analyzing Risks
    • Criteria:
    • Identify drivers for each risk event
    • Be as factual as possible
    • Identify probabilities for risk and for its impact
    • Use historical data whenever possible
  • Step 2: Analyzing Risks cont.
    • Calculating expected loss:
    • Decide on a small set of values for probabilities, e.g. 10, 30, 50, 70, 90%
    • Expected loss is the mean loss associated with the risk
  • Formula for calculating expected loss from its components Probability of risk event (P e ) Probability of risk impact (P i ) Total loss (L t ) Expected loss (L e )    Risk likelihood Total amount of loss if risk occurs Answers question, “How risky is it?”
  • Step 3: Prioritizing and Mapping Risks
    • Techniques for developing a short list:
    • Top 10 List
    • Risk map: total loss vs. risk likelihood (P e X P i )
    • Consider catastrophic risks with low probability
  • Risk likelihood (P e X P i ) - percent Total loss - workdays Threshold line Risk 2 Risk 1 Risk 5 Risk 16 Risk 13 Risk 4 Risk 9 Risk 18 Risk 7 Risk 10 Risk Map showing risks 1, 2, 5, 13, & 16 under active management and five more monitored candidates 5 10 15 20 25 10 30 50 70 90
  • Step 4: Planning Resolution of Targeted Risks
    • An action plan has:
    • An objective
    • Means of measuring when the objective has been achieved
    • A completion date
    • A responsible individual
    • Adequate resources allocated to complete the task
  • Step 5: Monitoring Project Risks
    • Monitoring metrics:
    • Expected loss (should be declining)
    • Number of risks prevented
    • Number of impacts mitigated
    • New risks appearing
  • Factors entering into calculating expected loss, which is the prime criterion for prioritizing risks. Calculate Expected Loss Probability of risk event (P e ) Probability of risk impact (P i ) Total loss (L t ) Expected loss (L e )    Risk likelihood Total amount of loss if risk occurs Answers question, “How risky is it?”
  • Calculate Expected Loss
    • Example
    • Assume 50% chance (probability of risk event) that a tool will be two weeks late (risk event)
    • It will delay the next product build by two weeks which has a 70% (probability of impact) chance of delaying the project
    • This results in a $500,000 (total loss) lost profit (impact)
    • P e = 50%, P i = 70%, L t = $500,000
      • .5 X .7 X $500,000 = $175,000 (expected loss)
      • Note: Expected loss is your primary means going forward of comparing and prioritizing various identified risks.
  • Working with Differing Units and Qualitative Scales
    • If the total loss cannot be expressed numerically:
    • Define labels such as “medium”, as specifically as possible by calibrating them
    • Construct a calibration table
    • Be sure to perform some cross checks
    • Alternative approach is to use consequence factors
  • Calibration values for total loss when using qualitative scales 180 >500,000 >1.20 >15 High 190 150,000-500,000 0.50-1.20 6-15 Medium 205 <150,000 <0.50 1-5 Low 220 0 0 0 None Product performance (throughput, units/minute) Project budget overrun Target product cost overrun Schedule slip (workdays) Total Loss
  • Summary
    • Risk has many meanings, but we define it in terms of:
        • Uncertainty
        • Loss
        • Time component
    • Good project risk management places an emphasis on being both cross functional and proactive
  • Summary
    • It is the opposite of fire fighting which poses an organizational challenge
    • You cannot make risk management perfect; you can reach a point of diminishing returns
    • Risks can be positive as well as negative
  • Summary
    • The Standard Risk Model provides the most effective risk management for the effort expended in using it
    • Risk models provide a powerful tool to help visualize and understand risk
    • “All models are wrong. Some are useful.” – George Box, Statistician
  • Summary
    • A five step program:
    • Structured brainstorming
    • Analyze each risk according to a process to clarify the risks’ threat
    • Choose a risk set that you will manage
    • Create an action plan
    • Ongoing monitoring of risk picture