Risk 2012 Walenta 120926 sanitized

365 views
307 views

Published on

Published in: Art & Photos
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
365
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
6
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Risk 2012 Walenta 120926 sanitized

  1. 1. Risk IntegrationUnderstand the difference of risk management on project and program level and be able to managerisks appropriately on each level while integratingthe view on risk management for the organization Thomas Walenta, PMP thwalenta@online.de
  2. 2. Why should we look at integrative riskmanagement for an organization?What are the different vertical riskmanagement areas?How is IBM managing risk on theprogram/project level?Why can Business Resilience help to reduceimplementation risk? 2
  3. 3. IBM Risk Study 2011: 77% of executives feel that risk exposure hasincreased. Not a single respondent said risk is decreasing. “The priority now is to connect the top-down and bottom-up views so that our risk management framework will be a truly holistic business resilience strategy.” Jean-Pierre Bourbonnais, CIO/VP 77% Increase Information Technologies Bombardier Aerospace in Risk Exposure Source: IBM Institute for Business Value - Risk Management Study 2011 3
  4. 4. IBM Risk Study 2011: Risk Silos are considered one of the mostimportant barriers to improve risk management Lack of best practices— 9% Functional concentration within the organization (silos)— 28% Lack of emerging technologies— 12% “My selling pitch to them Lack of C-level (CEO and the board) is vision and that a robust risk commitment — management capability is 14% a competitive advantage.” Yousef Valine, Chief Risk Officer, First Horizon National CorporationInability to predict ROIfrom improvements — 37% 4Source: IBM Institute for Business Value - Risk Management Study 2011
  5. 5. IBM 2010 IT Risk Study: Major area for improvement to attain a higher level of risk maturity: Risk Planning happens in silos Risk management issues 48% Risk maturity For the most part, risk planning happens in silos 30% Low 23% We take a reactive rather 38% than a proactive approach 27% Low to risk planning 35% 41% We do not have a formal risk management department 13% Medium 46% 13% We do not have a well-crafted business continuity strategy 28% Medium-High 54%From a staffing perspective, we 13% are ill prepared to handle the 34% Medium-High changing risk landscape 51% Agree/strongly agree Neither agree nor disagree Disagree/strongly 5 disagree IBM IT Risk Study 2010 Source:
  6. 6. Why should we look at integrative riskmanagement for an organization?What are the different vertical riskmanagement areas?How is IBM managing risk on theprogram/project level?Why can Business Resilience help to reduceimplementation risk? 6
  7. 7. Vertical Silos: different levels of the organization look at risks in different ways – examples of questions per level Enterprise Risk Do we select the right long-term vision & Management Strategy goals? What is happening on the market? Are we compliant? Are profits, revenue & Operations growth on target? Any structural risks? Do we have optimal alignment of resources Portfolio to initiatives? Right mix of initiatives? Implementation Is the goal on target? Are benefits achieved?Risk Management Program Are Stakeholders satisfied? Design Are requirements understood, is feasibility proven? Project Delivery Are changes managed, cost & milestones in line? 7
  8. 8. Risk integration across the organization Enterprise Risk Management Strategic Risk Strategy Operational Operations Risk Portfolio Risk Portfolio Implementation ProgramRisk Management Risk Program Design Project Risk Project Delivery 8
  9. 9. Attributes of Risk levels typically show different focus on time, attitude, stakeholders and signs of risk Orientation Stakeholders Key risk indicators Strategic Future (3-5 yrs+) Shareholders, Market change Risk Sustainability Market Competition capabilities Stock value Portfolio Risk Midterm (6-18 months) C-Suite, Resource constraints Right mix of initiatives, division leaders Best use of resources Operational Risk Past, Quarterly view regulation, auditors Audit results (SOX) Compliance, resilience Profit, Growth, Revenue Program Present and Future Strategic Goal Owners Benefits achievement Risk Goals & benefits Business Lines Stakeholder acceptance Opportunities Product Owners Project Risk Present Program Managers Earned value – cost & time Risk avoidance Sponsors Scope, quality, features Clients, Project Team requirements match 9
  10. 10. Program Risk Project RiskCategories (*) Typical Areas of concern Categories (*) Typical Areas of concern Stakeholder Funding, major influencersEnvironmental Risks Portfolio, Stakeholders, expectations Politics, Compliance Starting and Running the Requirements Conflicts, needs vs. wantsProgram-Level Risk program Scope Boundaries, level of detailProject Risks Escalated from Projects Cost Estimation, contingencyOperational-level Risks Transition, Time Dependencies Change management, Benefits realization Resources Availability, skills, boardingPortfolio-related Risks Resources, effort interdependencies Quality Features, testingBenefits-related Risks Synergy, systemic views, Feasibility Architecture, technical risks architectural (*) Source: PMIs Standards for Project, Program and Portfolio Mgmt 10
  11. 11. Project Portfolio Risk looks at finding the optimal mix of initiatives to achieve the organizations strategy Portfolio Risk Component RiskCategories (*) Typical Areas of concernStructural Risk Portfolio composition, interactions, resources Program RiskComponent Risk Escalated from projects and programs within the portfolioOverall Risk Management maturity, Project Risk governance (*) Source: PMIs Standards for Project, Program and Portfolio Mgmt 11
  12. 12. Program Management is outward focussed while Project Management mainly deals with project internals Program Risk Project Risk Benefits Scope Understand Create Plan Achieve Control DeliverStakeholders Governance Cost Time 12
  13. 13. ISO 31000:2009 provides principles and guidelines for risk management in order to give a framework for risk integration• creates and protects value.• integral part of organisational processes Context• part of decision making. Mandate• explicitly addresses uncertainty. Communicate & Consult• systematic, structured and timely. Identify Monitor & Review Design• based on the best available information.• tailored. Analyze Improve Implement• takes human / cultural factors into account. Evaluate Monitor• transparent and inclusive.• dynamic, iterative, responsive to change. Assess• continual improvement of the organization. Treat 11 Principles Framework Process 13
  14. 14. Similar risk management frameworks for risk management on implementation (PMI) and enterprise (COSO) levels PMI … … COSO provides an ERM Framework Plan Risk Internal Environment  Establishes the entity’s risk strategy and culture Mgmt Objective Setting  Considers risk strategy in the setting of objectives, and forms the risk appetite of the entity Identify Event Identification  Differentiates risks and opportunities Risk Assessment  Assesses the extent to which potential events might impact objectives Analyze Risk Response  Identifies and evaluates possible responses to risk Control Activities Develop  Creates policies and procedures to help ensure that the risk responses are carried out Responses Information & Communication  Identifies, captures, and communicates pertinent information Monitor & Monitoring Control  Monitors effectiveness of ERM activities Source: Committee of Sponsoring Organizations of the Treadway Commission (2004) 14
  15. 15. Why should we look at integrative riskmanagement for an organization?What are the different vertical riskmanagement areas?How is IBM managing risk on theprogram/project level?Why can Business Resilience help to reduceimplementation risk? 15
  16. 16. Integration between Program and Project levels: IBMs standard regular risk assessment method 7 keys is covering both areas IBMs seven keys to success methodology is used and enhanced since more than 10 years and incorporated into IBMs Risk Management Tools. 16
  17. 17. Seven Keys are detailed by checklists and incorporated in toolsKey Area: Project ProgramStakeholders committed internal externalBusiness benefits realized xWork & Schedule predictable xScope realistic & managed xTeam is high performing xRisks being mitigated x xDelivery organizations benefits realized x 17
  18. 18. Risk integration is achieved across the organization by defining andusing Risk Management on implementation level, analysing risk data to make strategic choices and adapt policies and processes Strategy Strategy Operational Risk Data Analysis Resilience – helps to reduce Policies, processes Portfolio Portfolio impact on operation risk Program Risk Common Risk Management Tool Project Risk 18
  19. 19. Why should we look at integrative riskmanagement for an organization?What are the different vertical riskmanagement areas?How is IBM managing risk on theprogram/project level?Why can Business Resilience help to reduceimplementation risk? 19
  20. 20. Business resilience is the ability of an enterprise to rapidly adaptand respond to risks, in order to maintain continuous businessoperations, be a more trusted partner and enable growth (IBM). 20
  21. 21. Business Resilience is an important mitigating factor for Implementation Risk Role of Resiliency Influences overall (ability to mitigate) organization performance Risk = (Probability x Consequence) - Resilience Project / Program View Organizational View 21
  22. 22. Enterprise Risk Management: IBM surveyed 494 companies to better understand how risk factors are affecting their overall performance Study Objectives Study Methodology  Understand what risk factors are  On-line survey conducted by top-of-mind with executives today, IBM Institute for Business Value and what they are strategizing to alleviate the affects of risk on their  494 responses from individuals enterprise performance with a title of CxO, EVP, GM, Vice President, Director,  Identify their priorities and Product/Functional Mgr. initiatives that they are investing in to mitigate and manage risk  Interviews with companies that have holistic programs and are  Learn how they are monetizing risk to mitigate the organizationally governing these effects and deliver value to the risk initiatives enterprise (*) Source: IBM: Combating Risk with predictive analysis, June 2012 22
  23. 23. IBM Study: Which initiatives has your organization adopted / is most likely to adopt in the next three years? Up to now Next 3 years Develop integrated business 1 resilience strategy Develop communications or training program 2 Invest in new risk-related solutions 2 3 Respond to recent natural disasters by rethinking strategies 4 Engage external advisors 5 Discuss issues with supply-chain partners 4 Create a business continuity plan 1Establish company-wide risk management team 3 Assign overall responsibility to a single 5 executive (*) Source: IBM: Combating Risk with predictive analysis, June 2012 23
  24. 24. Leaders are applying predictive analytics to increase business resilience Leaders share these characteristics: Reduced Risk Effects Risk management is significant and core to their +38% 65% business strategy +15% 59% 44 They have comprehensive, “mature” risk 38% 65% 44% % 59% management programs with an established 27 management system, top-down organization and % network alignment environmental operational They achieve business value by applying intelligence to monitor, manage and mitigate risks Leaders Other participants Value Achieved +16% 51% +24% 48% +21% 48%38% 51% +23% 38% 46% 38% 51% 46% 32% 44% 35% 51% 25% 24% 23%cost efficiencies competitive advantage growth brand reputation (*) Source: IBM: Combating Risk with predictive analysis, June 2012 24
  25. 25. IBM uses a lifecycle methodology to help clients achieve sustainable improvements in business resilience. Plan Set Inputs: objectives Business objectives,Business goals, priorities, policies and current capabilitiesimperatives: Analyze Implement Design Information Assess Resilience risk lifecycle management Evaluate Deploy Regulatory compliance Corporate Monitor Control Outputs: governance Reduced risk, improved governance and facilitated compliance management Manage 25
  26. 26. Why should we look at integrative riskmanagement for an organization?What are the different vertical riskmanagement areas?How is IBM managing risk on theprogram/project level?Why can Business Resilience help to reduceimplementation risk? 26
  27. 27. Risk Integration across the organisation is driven by overall business resilience improvement and establishment of a risk management standard Enterprise Risk Management Strategy Business Resilience Operations Policy Data Portfolio ImplementationRisk Management Program Risk Mgmt Standard Design Project Delivery 27
  28. 28. How to obtain some more details?thwalenta@online.dehttp://de.linkedin.com/pub/thomas-walenta/0/3a6/732http://twitter.com/twtommIBM Institute for Business Value / Studieshttp://www-935.ibm.com/services/us/gbs/thoughtleadership/2010 IT Risk Study2011 Resilience and Risk Studyhttp://www-935.ibm.com/services/us/gbs/bus/html/risk_study.html2012 Reputational Risk and IT Studyhttp://www-935.ibm.com/services/us/gbs/bus/html/risk_study-2012-infographic.htmlBusiness Resiliencehttp://www.ibmbusinesscontinuityindex.com/ 28.

×