Risk Management in Five Easy Pieces

Colorado Springs PMI Risk Management in Five Easy Pieces Colorado Springs, Colorado May 8th , 2008 Risk management is essential for any significant project. and is useful for any project where an unfavorable outcome is undesirable. Certain information about key project cost, performance, and unfavorable outcome is undesirable Certain information about key project cost performance and schedule attributes are often unknown until the project is underway. The emerging risks that can be identified early in the project that impact the project later, are often termed “known unknowns.” These risks can be mitigated with a good risk management process. For risks that are beyond the vision of the project team a properly implemented risk management process can also rapidly quantify the risks impact and provide sound plans for mitigating its affect. Risk management is concerned with the outcome of future events, whose exact outcome is unknown, and with how to deal with these uncertainties. Outcomes are categorized as favorable or unfavorable, and risk management is the art and science of planning, assessing, handling, and monitoring future events to ensure favorable outcomes. A good risk management process is proactive and fundamentally different than issue management or problem solving, which is reactive. This presentation describes the fundamental of Risk Management in 5 easy steps – using Jack Nicholson’s “Five Easy Pieces” 1970’s movie as a backdrop. The Five Pieces are: 1. Hope is not a strategy 2. All point estimates are wrong 3. Without integrating Cost, Schedule and Technical Performance you’re driving in the rearview mirror 4. Without a model for risk management, you’re driving in the dark with the headlights turn off 5. Risk Communication is everything Risk management is an important skill that can be applied to a wide variety of projects. In an era of downsizing, consolidation, shrinking budgets, increasing technological sophistication, and shorter development times, risk management provides valuable insights to help key project personnel plan for risks, alert them of potential risk issues, analyze these issues, and develop, implement, and monitor plans to address risks long before they surface as issues and adversely affect project cost, performance, and schedule. Glen B. Alleman Lewis & Fowler, 8310 South Valley Highway, Englewood CO80112 www.lewisandfowler.com 1

Colorado Springs PMI Risk Management in Five Easy Pieces Colorado Springs, Colorado May 8th , 2008 1. Hoping that something positive will result is not a very good strategy. Preparing for success is the basis of success. 2. Single point estimates are no better than 50/50 guesses in the absence of knowledge of the standard deviation of the underlying distribution 3. Without connecting cost, schedule, and technical performance of the effort to produce the product or service the connection to value cannot be made. 4. Risk management is not an ad hoc processes that you can make up as you go. A formal foundation for risk management is needed. foundation for risk management is needed 5. Identifying risks without communication them is a waste of time. Glen B. Alleman Lewis & Fowler, 8310 South Valley Highway, Englewood CO80112 www.lewisandfowler.com 2

Colorado Springs PMI Risk Management in Five Easy Pieces Colorado Springs, Colorado May 8th , 2008 Project Managers constantly seek ways to eliminate or control risk, variance and uncertainly. This is a hopeless pursuit. Managing “in the presence” of risk, variance and uncertainty is the key to success. Some projects have few uncertainties –only the complexity of tasks and relationships is important – but most projects are characterized by several types of uncertainty. Although each uncertainty type is distinct, a single project may encounter some combination of four types: 1. Variation – comes from many small influences and yields a range of values on a particular activity. Attempting to control these variances outside their natural boundaries is a waste activity. Attempting to control these variances outside their natural boundaries is a waste (Muda) 2. Foreseen Uncertainty – are uncertainties identifiable and understood influences that the team cannot be sure will occur. There needs to be a mitigation plan for these foreseen uncertainties. 3. Unforeseen Uncertainty – is uncertainty that can’t be identified during project planning. When these occur, a new plan is needed. 4. Chaos – appears in the presence of “unknown unknowns” “Managing Project Uncertainty: From Variation to Chaos,” Arnoud De Meyer, Christoph H. Loch and Michael T. Pich, MIT Sloan Management Review, Winter 2000. Glen B. Alleman Lewis & Fowler, 8310 South Valley Highway, Englewood CO80112 www.lewisandfowler.com 3

Colorado Springs PMI Risk Management in Five Easy Pieces Colorado Springs, Colorado May 8th , 2008 Larger variances can be tolerated in early periods. But tolerances for risk must decrease as the program matures. At all times, avoiding unseen risk is mandatory. Any unknown risk must be discovered before it becomes and issue. The management of variance must first recognize four types of risk, their associated variances and the impact of these risks and variances: 1. Normal Variation – in activity durations, costs, and technical and business performance level delivered by the project. 2. Foreseen Risks – are indentified, but have uncertain influences on the project 3. Unforeseen Risks – are not formally identified in the planning stage, are not anticipated and a mitigation plan has not been identified. 4. Chaos – is fundamental uncertainty about the basic structure of the project plan itself. The key concept here is that as the project proceeds the risk must be reduced. But also the tolerance for risk must be reduced as well. This means that the variance and the tolerance must be reduced in tandem. They must track each other to the end of the project. Glen B. Alleman Lewis & Fowler, 8310 South Valley Highway, Englewood CO80112 www.lewisandfowler.com 4

Colorado Springs PMI Risk Management in Five Easy Pieces Colorado Springs, Colorado May 8th , 2008 Project duration and costs are random variables drawn from some underlying probability distribution. The use of point estimates for durations and costs is many times the first impulse in an organization low on the project management maturity scale. Understanding cost and durations are actually “random variables,” drawn from an underlying distribution of possible value is the starting point for managing in the presence of uncertainty. In probability theory, every random variable is attributed to a probability distribution. The probability distribution associated with a cost or duration describes the variance of these random probability distribution associated with a cost or duration describes the variance of these random variables. A common distribution of probabilistic estimates for cost and schedule random variables is the Triangle Distribution. The Triangle Distribution is used as a subjective description of a population for which there is only limited sample data, and especially where the relationship between variables is known but data is scarce. It is based on the knowledge of the minimum and maximum and a “best guess” of the modal value (the Most Likely). Using the Triangle Distribution for the costs and durations, a Monte Carlo simulation of the Ui h T i l Di ib i f h dd i M C l i l i f h network of activities and their costs can be performed. Monte Carlo methods are used to numerically transform and integrate the posterior quantitative risk assessment into a confidence interval. The result is a “confidence” model for the cost and completion times for the project based on the upper and lower bounds of each distribution assigned to each duration and cost. This approach to estimating provides insight into the behavior of the plan as well as sensitivity between the individual elements of the plan. Glen B. Alleman Lewis & Fowler, 8310 South Valley Highway, Englewood CO80112 www.lewisandfowler.com 5

Colorado Springs PMI Risk Management in Five Easy Pieces Colorado Springs, Colorado May 8th , 2008 Estimating is a very vague art in the absence of a formal process. One place to start is with the statistical definition of an “estimate.” But even that definition has three (3) different possibilities. The Mode is the most likely value. The value that occurs most often when statistical samples are drawn from the underlying population. The Median is the “middle” value between the highest and lowest value from the total of all samples drawn from the underlying statistical population. The Mean is the “average” of all the samples drawn from the population. The most important concept is to understand that the “sum” of all the “estimates” is never one of these three estimates. The details of this are beyond the scope of this presentation but it has to do with “summing” probability distributions is not actually a summation process – it is a convolution process. This means that the probability distribution – represented by an integral equation – is convolved with the other integral equations. the other integral equations Glen B. Alleman Lewis & Fowler, 8310 South Valley Highway, Englewood CO80112 www.lewisandfowler.com 6

Colorado Springs PMI Risk Management in Five Easy Pieces Colorado Springs, Colorado May 8th , 2008 The actual duration or cost are random variables, drawn from a probability distribution. The Mean, Mode, Median are statistical terms that characterize probability distributions – not point values. When we naively speak about a duration or cost in the absence of a variance, the result is suspect. Ignoring for the moment the Mean, Mode, and Median issues, this missing variance creates odd outcomes. The median temperature in Cody Wyoming is very close to the median temperature in Trinidad Tobago . Both are around 78°. In Trinidad the variance is significantly less than in Cody. Tobago Both are around 78° In Trinidad the variance is significantly less than in Cody Cody has a temperature range between 10°F and 100°F. The Median is 60°F. Fudge this up to 78° In Trinidad Tobago, the maximum temperature runs around 89°F with minimums running around 68°F. Means of 77°F in the winter and 85°F in the summer. Answering the variance question is as important or possibly more important than answering the Median question. Glen B. Alleman Lewis & Fowler, 8310 South Valley Highway, Englewood CO80112 www.lewisandfowler.com 7

Colorado Springs PMI Risk Management in Five Easy Pieces Colorado Springs, Colorado May 8th , 2008 In the project planning business, the use of deterministic and probabilistic analysis are both useful. The deterministic description is great for “power point” type displays of the scheduled activities and management briefings. This type of information shows a “static” description of the schedule, cost, or technical performance. The probabilistic description is useful as the basis for risk analysis. This type of information shows the range of possible values each variable can take one. The analysis derived from these variables shows to impact on the project. This itself is a variance – a variance of impact. The difference between Probability and Statistics is important to the notion of “randomness” of The difference between Probability and Statistics is important to the notion of “randomness” of durations and cost. We need to know things about the underlying statistical behavior of the durations and costs before we can ask question about the probabilistic confidence in the planned completion date and planned completion costs. Glen B. Alleman Lewis & Fowler, 8310 South Valley Highway, Englewood CO80112 www.lewisandfowler.com 8

Colorado Springs PMI Risk Management in Five Easy Pieces Colorado Springs, Colorado May 8th , 2008 In many descriptions of project management – cost, schedule, and quality are considered as the “Iron Triangle.” Change one and the other two must change as well. It turns our this is too narrow a view of what's happening on a project. It’s the Technical Performance Measurement that replaces Quality. Quality is one of the Technical Performance measures. Cost and Schedule are obvious elements of the project. Technical Performance Measures describe the status of technical achievement of the project at any point in time. The Planned technical achievement is part of the Performance Measurement Baseline (PMB) in the The Planned technical achievement is part of the Performance Measurement Baseline (PMB) in the same way the Planned Value (BCWS) is part of the PMB. The Technical Performance Measurement System (TPMS) uses the techniques of risk analysis and probability to give program managers the early warning needed to avoid unplanned costs and slippage in schedule. Systems engineering uses technical performance measurements to balance cost, schedule, and performance throughout the life cycle. Technical performance measurements compare actual versus planned technical development and design. They also report the degree to which system requirements are met in terms of performance, cost, schedule, and progress in implementing risk handling. Performance metrics are traceable to user‐defined capabilities. Glen B. Alleman Lewis & Fowler, 8310 South Valley Highway, Englewood CO80112 www.lewisandfowler.com 9

Colorado Springs PMI Risk Management in Five Easy Pieces Colorado Springs, Colorado May 8th , 2008 Measures of Effectiveness, Measures Performance, and Measures of Quality are typical Technical Performance Measures. The Cost and Schedule “measures” are straightforward in most cases. The measures of Technical Performance involve Effectiveness, Performance, Technical Performance Measures of Effectiveness (MOE) define the operational mission success factor as defined by the customer. These are: 1. Stated from the customer point of view; 2. Focused on the most critical mission performance needs; 3. Independent of any particular solution; 4. Actual measures at the end of development. Measures of Performance (MOP) characterize physical or functional attribute relating to the system operation: 1. Supplier’s point of view Supplier s point of view 2. Measured under specified testing or operational conditions 3. Assesses delivered solution performance against critical system level specified requirements 4. Risk indicators that are monitored progressively. Glen B. Alleman Lewis & Fowler, 8310 South Valley Highway, Englewood CO80112 www.lewisandfowler.com 10

Colorado Springs PMI Risk Management in Five Easy Pieces Colorado Springs, Colorado May 8th , 2008 Risk Management is a full time effort. Even if it is a part‐time job. Someone needs to “own” the risks and the process around risk management. Someone or a collection of “someone's” needs to have risk management in their mind(s) at all times Risk Management is not something you can do once and them forget. The risks don’t just go away. They are forever there, even if they are mitigated, retired or bought down. Glen B. Alleman Lewis & Fowler, 8310 South Valley Highway, Englewood CO80112 www.lewisandfowler.com 11

Colorado Springs PMI Risk Management in Five Easy Pieces Colorado Springs, Colorado May 8th , 2008 Risk Management means using a proven risk management process, adapting this to the project environment, and using this process for everyday decision making. Technical performance is a concept absent from the traditional approaches to risk management. Yet it is the primary driver of risk in many technology intensive projects. Cost growth and schedule slippage often occur when unrealistically high levels of performance are required and little flexibility is provided to degrade performance during the course of the program. Quality is often a cause rather than an impact to the program and can generally be broken down into Cost, Performance, and Schedule components. The framework shown here provides: Risk management policy Risk management structure Risk Management Process Model Organizational and behavioral considerations for implementing risk management The performance dimension of consequence of occurrence Th f di i f f The performance dimension of Monte Carlo simulation modeling A structured approach for developing a risk handling strategy Glen B. Alleman Lewis & Fowler, 8310 South Valley Highway, Englewood CO80112 www.lewisandfowler.com 12

Colorado Springs PMI Risk Management in Five Easy Pieces Colorado Springs, Colorado May 8th , 2008 The traditional three variables the “iron triangle” are inappropriate in today’s integrated software, hardware and operational world and there are two other “triangles.” One includes Risk, Customer Satisfaction, and Quality The other includes CMMI, Six Sigma, and Lean. The three collections of three attributes form a “system” to assess risk, address these risks and manage the project in the presence of this risk. Putting these 3 sets of 3 together results in a view of Product risk – the risk that the product will not performance as specified or perform to the needs of the customer Programmatic risk – the risk that the project will be over budget or behind schedule in producing the product Process risk – the risk that the processes used to build the product or management the project will fail in their desired outcomes. Glen B. Alleman Lewis & Fowler, 8310 South Valley Highway, Englewood CO80112 www.lewisandfowler.com 13

Colorado Springs PMI Risk Management in Five Easy Pieces Colorado Springs, Colorado May 8th , 2008 It does no good to manage risks if the results are not communicated to all the participants. Only the participants can define the needed mitigations Risk communication is the basis of risk mitigation. It serves no purpose to have a risk plan and the defined mitigations in the absence of a risk communication plan. This plan needs to address the following: Executive summary – a simple summary of the program and the risks associated with the activities of the program. Each risk needs an ordinal rank, a planned mitigation is the risk is active (a risk approved by the Risk Board), and the mitigations shown in the schedule with associated costs. Program description – a detailed description of the program and the risk associated with each of the deliverables. This description should be “operational” in nature, with the consequences description in “operational” terms as well. Risk reduction activities by phase – using some formal risk management process that connects risk, mitigation and the IMS. The efforts for mitigation need to be in the schedule. risk mitigation and the IMS The efforts for mitigation need to be in the schedule Risk management methodology – using the DoD Risk Management process is a good start. This approach has proven and approved by high risk, high reward programs. The steps in the processes are not optional and should be executed for ALL risk processes. Glen B. Alleman Lewis & Fowler, 8310 South Valley Highway, Englewood CO80112 www.lewisandfowler.com 14

Colorado Springs PMI Risk Management in Five Easy Pieces Colorado Springs, Colorado May 8th , 2008 This list comes from guidance in the defense program management business. While some of the statement may not be appropriate for the commercial world, every statement has some applicability to every project – not matter what the domain. Whether formal or informal the programmatic risk assessment of a project needs to ask or answer these statements. The actions needed to close any gaps from these statements are outside the scope of this presentation. But the next step is to have the project management team start to answer these questions. Glen B. Alleman Lewis & Fowler, 8310 South Valley Highway, Englewood CO80112 www.lewisandfowler.com 15

Colorado Springs PMI Risk Management in Five Easy Pieces Colorado Springs, Colorado May 8th , 2008 Many speak about risk management as part of the project management process. But do they do risk management as part of the project management process? Test yourself and anyone who claims to be doing risk management Glen B. Alleman Lewis & Fowler, 8310 South Valley Highway, Englewood CO80112 www.lewisandfowler.com 16

Colorado Springs PMI Risk Management in Five Easy Pieces Colorado Springs, Colorado May 8th , 2008 The first set of questions should be: How do we earn back the investment in risk management? How can be measure the benefits of risk management? Who gets to say what the value of risk management is? These is monetized questions are risk. So the answers have to be monetized as well. attaching money to risk is the starting point. attaching money to the mitigation activities is the next. The risks and their mitigations need to be represented in the schedule and cost the next The risks and their mitigations need to be represented in the schedule and cost baseline. Otherwise risk management is not Project Management. Glen B. Alleman Lewis & Fowler, 8310 South Valley Highway, Englewood CO80112 www.lewisandfowler.com 17

Risk Management in Five Easy Pieces

by Glen Alleman on Oct 20, 2009

Accessibility

Categories

Upload Details

Usage Rights

1 Embed 1

Statistics

Risk Management in Five Easy Pieces Document Transcript