Microsoft Power Point Simon Final


Published on

Published in: Business, Economy & Finance
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Microsoft Power Point Simon Final

  1. 1. Risk Management Jonathon Simon, Senior Manager, Ernst & Young 2nd June 2009
  2. 2. Agenda 1 2 3 4 5 6 7 1 Introduction 2 Risk – An EY context 3 What is risk management? 4 The risk management lifecycle 5 Good and bad risk management practice 6 Critical success factors for managing risk 7 Communicating risk to stakeholders Page 2 2nd June 2009 Risk Management
  3. 3. Introduction 1 2 3 4 5 6 7 Jonathon Simon ► Senior Manager in the Programme Advisory Services team within the IT Advisory practice for Ernst & Young. ► Project Management Institute (PMI) certified Project management Professional (PMP). ► Over 15 years industry experience in managing large projects. ► Prior to joining Ernst & Young, worked for a global IT service provider as a Senior Project Manager fulfilling project and programme assignments for blue chip clients in the private sector. ► Current Chair of the UK PMI London Events Committee. Page 3 2nd June 2009 Risk Management
  4. 4. Risk – an EY context 1 2 3 4 5 6 7 ► Ernst and Young is engaged globally in seeking to identify leading practices in the area of risk management. ► Our work with companies around the world suggests that there is a body of leading risk management practice emerging, but many companies are still doing little in this area. ► Our research has shown that, while strategic risks have become more important, companies have been focusing on the easier-to-manage area of operational risk. ► The implications for different sectors are blurred. Even within each sector, the risks for each company may vary. ► Most programs and projects encounter at least one of the following ► Cost and schedule overruns ► Schedule delays ► Defects ► Benefits not realised ► Project cancellations ► Loss of stakeholder confidence ► No matter what program or project is undertaken, appropriate control and management of risk is essential. Page 4 2nd June 2009 Risk Management
  5. 5. Risk – an EY context 1 2 3 4 5 6 7 Keep us out of trouble Make our business better Regulatory Enhanced Improved non-compliance Schedule delays capability visibility and Goal transparency Unanticipated business impact Cost overruns Enhanced Increase accountability business value of initiatives Loss of Post completion stakeholder defects Increased confidence confidence Achieve Project Unrealized sustainable Increased cancellations benefits changes predictability All too confusing and overdone… Must do it… Except when we get in trouble but how do we do it better? Page 5 2nd June 2009 Risk Management
  6. 6. What is risk management? 1 2 3 4 5 6 7 ► Many types of risk exist in an organisation ► This presentation will focus on risks within projects ►A project risk is defined as the probability of an undesirable event occurring or a desirable event failing to occur and the consequential impact of and on the project. ► Project risk management is a structured process that allows individual risk events and overall project risk to be understood and managed proactively, optimising project success by minimising threats and maximising opportunities. Association for project management Page 6 2nd June 2009 Risk Management
  7. 7. The risk management lifecycle 1 2 3 4 5 6 7 Monitor and Control Monitor and Control Risk Planning Risk Planning Risks Risks Proximity Respond to Risks Respond to Risks Identify Risks Identify Risks The 3 dimensions of risk Impact Probability Qualitative Risk Qualitative Risk Quantitative Risk Quantitative Risk Analysis Analysis Analysis Analysis Page 7 2nd June 2009 Risk Management
  8. 8. Good and bad risk management practice 1 2 3 4 5 6 7 Good Practice Bad Practice 1. Clear risk responsibilities 1. No clear responsibilities 2. Clarity of risk ownership 2. Lack of risk ownership including senior sponsors 3. No process for managing risks 3. Shared understanding of how 4. No guidelines for managing risks will be managed and escalating risks 4. Effective methods of assessing 5. No process for monitoring and and escalating risks updating risks 5. Risks are monitored and good 6. Risks are not reviewed and quality information is captured action is not taken to address 6. Risks are reviewed as an risks integral part of performance management Page 8 2nd June 2009 Risk Management
  9. 9. Integrated Risk Management 1 2 3 4 5 6 7 Corporate, Programme and Project Risks Direction, Strategy Focus on a strategic enterprise level governance Knowing where to go of the delivery of an organisation’s complete portfolio of transformational programmes and projects to support the organisation’s strategic Corporate goals Outcome, Benefit Inf rs 2. Focus on the delivery of a strategic change to ive orm Doing the right Programme the organisational state comprising a linked set of Dr projects and / or activities that are coordinated things s Management and managed as a unit such that they achieve outcomes and realise benefits Eg, delivery of games and legacy Output, Product Focus on the delivery of a unique set of Doing things 3. Project coordinated activities, with clearly articulated start and end points, which is undertaken by an right Management individual or team to meet specific objectives within defined time, cost and performance parameters as specified in the business case Eg, Construction of a new building There must be alignment and escalation from one level to another Page 9 2nd June 2009 Risk Management
  10. 10. EY Case Study – Government Health Project 1 2 3 4 5 6 7 Situation… ► A government department running a programme supporting a significant government health initiative ► Risk management was performed at an operational and strategic level ► No defined process for risk escalation ► Lack of risk ownership at the executive board level Consequence ► Risks were not addressed on a timely basis ► Lack of visibility of risks at a senior level ► Potential for the project to fail to deliver its scope of work within time and budget Actions taken… ► Implemented a robust risk escalation process ► Developed a risk dashboard that communicated a high level summary of risks to executive board members ► Conducted analysis and developed mitigating actions to reduce risks to an acceptable level ► Embedded risks review within the project management processes ► Implemented a communications process for mitigating actions, timelines and ownership Result ► Clear roles and responsibilities for risk management ► Project wide understanding of the process for managing risks ► Visibility of risks at a senior level and actioning of risks within acceptable timeframe Page 10 2nd June 2009 Risk Management
  11. 11. Critical success factors for managing risk 1 2 3 4 5 6 7 ► Be proactive - to be successful the organisation should be committed to addressing risk management proactively and consistently throughout the project. ► Conduct a regular risk assessment - that defines key risks and weights the impact on business drivers. ► Conduct scenario planning - for major risks identify and develop a number of operational responses. ► Evaluate your project’s ability to manage risks - ensure that the risk management process is linked to the actual risks that the business faces. ► Undertake effective monitoring and control processes - to give both early warning and improved ability to respond. ► Keep an open mind - about where the risks can come from. Page 11 2nd June 2009 Risk Management
  12. 12. Communicating risk to stakeholders 1 2 3 4 5 6 7 1 - Cannot operate without (no ability to trade) 2 - Workarounds available (limited ability to trade) 3 - Does not impact on ability to operate / trade KEY Criticality 3 Position on grid: priority and criticality of project Priority - Proximity of time requirement for completion Criticality - Ability of business to function without capability Focus management attention, project resource and reporting on: • Projects which are time critical and impact ability to trade (top right hand corner) Size of circle: degree of risk associated to project 2 • Projects impacting on overall programme (large circles) H • Projects which are not on track (red circles) L M Aim to push projects away from proximity to axis L – Risk impact within project M – Risk impact within IS H – Risk impact to programme 1 Color of circle: current project status R – Project late against plan (delay to critical path) 1 - Completion required for first wave of movement A – Project at risk of slipping 2 - Workarounds available (inhibits movement) 3 - Completion not mandatory for movement G – Project on track against plan 1 2 3 Priority Page 12 2nd June 2009 Risk Management
  13. 13. Questions? 2nd June 2009