Ensuring Project Success Through Automated Risk Management

311 views

Published on

CAI\'s CIO Series on Project Management

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
311
On SlideShare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • How many of you are waiting for projects to fall behind schedule? Three (3) undeniable truths: 1 – SW development is a risky business because the entire business is shrouded in uncertainty 2 – Greater than 50% of all projects are delivered late or with less than promised by the original deadline 3 – Any project worth doing that is undertaken without a formal risk identification, assessment, and mitigation process is waiting to fall behind
  • What we will be talking about today is what we did at CAI to institionalize project knowledge, mitigate project risks, and eliminate surprise from projects but not just IT projects … Why? Because we found ourselves “Waiting for projects to fall behind” In doing that we will discuss the:
  • Drop background of image – make it bigger
  • Drop background of image – make it bigger
  • Drop background of image – make it bigger
  • Drop background of image – make it bigger
  • Drop background of image – make it bigger
  • Drop background of image – make it bigger
  • Drop background of image – make it bigger
  • iTMPI – Risk Consultants
  • iTMPI – Risk Consultants
  • The things we think we know are like dark clouds on projects … you never really know what is in the dark clouds … they could pass, could contain rain, or could contain lightening
  • The things we think we know are like dark clouds on projects … you never really know what is in the dark clouds … they could pass, could contain rain, or could contain lightening
  • Everyone tells the truth and projects never fail
  • The things we think we know are like dark clouds on projects … you never really know what is in the dark clouds … they could pass, could contain rain, or could contain lightening
  • Heroics a problem … what we did was identified as something always being done
  • iTMPI – Risk Consultants
  • iTMPI – Risk Consultants
  • Drop background of image – make it bigger
  • Drop background of image – make it bigger
  • Externalized package of knowledge installed like a cartridge Something that could be leveraged without programming
  • Externalized package of knowledge installed like a cartridge Something that could be leveraged without programming
  • Most PMOs only review some projects. A minimally intrusive system will allow project office review for all projects if you choose to do so. APO is a web application with no client footprint required.
  • When a Good Rating Doesn't Mean Much By Allan Holmes | Thursday, March 06, 2008  |  02:20 PM The Risk Factor blogger Bob Charette, a risk management expert who consults with federal agencies on risk management, picked up yesterday's story on the deep trouble that the Census Bureau‘s handheld computer contract is in. In his blog post, he questions the credibility of the Capability Maturity Model Integration (CMMI®). Harris Corp.'s Government Communications Systems Division, which is the prime contractor on the $600 million handheld contract (now likely much more than $650 million after all the costs from changes, errors and delays are included), has a Maturity Level 3 rating. "The Level 3 rating denotes superior process maturity within the division's program management, engineering, quality assurance, and other disciplines, and achievement of this rating has become a competitive differentiator on many government programs," Charette quotes. Charette wants to know: "At the very least, I think the division's CMMI rating may need to be re-evaluated, or maybe better, the U.S. government better start looking at what, if anything, SEI CMMI Level 3 actually means in practice.“ Or it could mean, the customer, the Census Bureau, put too many demands on Harris -- so many, in fact, that no maturity designation, no matter how high, could have avoided the very problems that now threaten the viability of the U.S. census.
  • Great Management Process + Tools = Increased Management and Governance
  • Ensuring Project Success Through Automated Risk Management

    1. 1. Visibility, Control and Early Detection @ CAI Ensuring Project Success Through Automated Project Governance
    2. 2. Today’s Agenda <ul><li>Risk Management </li></ul><ul><ul><li>The Problem Made Simple </li></ul></ul><ul><li>Today’s Objective </li></ul><ul><li>The Road Less Traveled </li></ul><ul><ul><li>Learning the Truth the Hard Way @ CAI </li></ul></ul><ul><li>Our Solution </li></ul><ul><li>Some Final Thoughts </li></ul>
    3. 3. Problem Statement <ul><li>The concept of risk is inherent in any project. </li></ul><ul><li>Since risk is impossible to avoid, the best way to deal with risk is to contain it. </li></ul><ul><li>One way to contain risk is through risk management. </li></ul><ul><li>Risk management involves the identification of risks, analysis of exposure to the risks in a development effort, and execution of the risk management plan. </li></ul>
    4. 4. <ul><li>Have you ever been surprised by something of </li></ul><ul><li>significance in your business? </li></ul>
    5. 5. <ul><li>Have you been told a project or activity was ok, only to find out later otherwise? </li></ul>
    6. 6. <ul><li>Are you sure that your organization understands what the rights things to do are? </li></ul>
    7. 7. <ul><li>Do you feel like you are being forced to make key decisions with missing data </li></ul><ul><li>or information? </li></ul>
    8. 8. <ul><li>Does this version of </li></ul><ul><li>“ Risk Management” </li></ul><ul><li>look all too familiar? </li></ul>
    9. 9. <ul><li>Do you believe that you have … “At your fingertips” … the most important data </li></ul><ul><li>and opinions about important activities and efforts? </li></ul>
    10. 10. <ul><li>If you answered “Yes” to any of these questions then your in good company for the wrong reasons … </li></ul>
    11. 11. What We Learned About The Industry … Greater than 60% of all IT projects have either failed or were delivered with less than the desired results.
    12. 12. Of Course We Know the Real Story … Don’t We?
    13. 13. Today’s Objective <ul><li>To introduce you too a new toolset, process, and capability that provides you with the opportunity to become proactive and quantitative in </li></ul><ul><li>“ Project Risk Management” </li></ul>
    14. 14. Road to Risk Management <ul><li>Over 20 years of project experience as a process and metrics company </li></ul><ul><ul><li>1 st “Fixed Price” development project delivered in 1983 </li></ul></ul><ul><ul><li>1 st $1m “Fixed Price” development project delivered in 1986 </li></ul></ul><ul><li>The metrics of our evolution: </li></ul><ul><ul><li>Over 350 New Application Development Projects </li></ul></ul><ul><ul><li>Deployed Over 50 Managed Maintenance Teams </li></ul></ul><ul><ul><li>Completed Over 4m Billable Hours of Supplemental Support </li></ul></ul>
    15. 15. We Learned …
    16. 16. We Learned …
    17. 17. <ul><li>Things We Know (Facts) </li></ul><ul><ul><li>The technology to be used </li></ul></ul><ul><ul><li>The expected start date </li></ul></ul><ul><ul><li>The expected delivery date </li></ul></ul><ul><ul><li>The business rules that will be followed </li></ul></ul><ul><ul><li>The tools that will be used: development and management </li></ul></ul><ul><ul><li>The best practices to be followed </li></ul></ul><ul><li>Things We Think We Know </li></ul><ul><ul><li>The expected start date </li></ul></ul><ul><ul><li>The expected delivery date </li></ul></ul><ul><ul><li>The rate of change will be contained to 20% </li></ul></ul><ul><ul><li>No one will leave the team during the project </li></ul></ul><ul><ul><li>The business rules that will be followed </li></ul></ul>Things We Know or Do We?
    18. 18. We Didn’t Know …
    19. 19. Which is Why We Found Ourselves Too Close To the Edge <ul><li>Awarded a large applications development project </li></ul><ul><ul><li>Assigned our best Development Manager </li></ul></ul><ul><ul><li>Implemented our methodology </li></ul></ul><ul><ul><li>Implement our tools </li></ul></ul><ul><ul><li>Oversight: CAI and the </li></ul></ul><ul><ul><li>Customer </li></ul></ul><ul><li>Bad “All of a Sudden” – Project, CAI, and the Customer @ Risk </li></ul>
    20. 20. What Did We Do Next ? <ul><li>First we identified our team of and increased our budget and made quick adjustments </li></ul><ul><ul><li>Including Customer </li></ul></ul><ul><li>We performed an extensive Post-mortem on this project and others to determine how projects could unravel </li></ul>
    21. 21. <ul><li>The analysis: </li></ul><ul><ul><li>Managing risks was a 1x event on projects or at best a 2x event (Beginning and Just Before it Ended) </li></ul></ul><ul><ul><li>Bad “All of a Sudden” - Not Likely </li></ul></ul><ul><ul><li>Same mistakes being made on different projects </li></ul></ul><ul><ul><li>Inherent schedule flaws (Challenged from the Start) </li></ul></ul><ul><ul><li>Filtered Communications (In Team) </li></ul></ul><ul><ul><li>Limited Communication (Cross Team) </li></ul></ul><ul><ul><li>Requirements Inflation (I’ll know it when I see it) </li></ul></ul><ul><ul><li>Employee Turnover (Higher Than Expected) </li></ul></ul><ul><ul><li>Specification Breakdown (Design Incomplete) </li></ul></ul><ul><ul><li>Hidden Productivity Issues (Actual Time vs. Logged) </li></ul></ul><ul><ul><ul><li>Rate of Change Not Type of Change </li></ul></ul></ul><ul><ul><li>Heroics (Few People – Extraordinary Efforts) </li></ul></ul>Project Review Revealed: Close to the Edge Too Many Times
    22. 22. What We Learned About The Industry … Greater than 50% of all IT projects have either failed or were delivered with less than the desired results.
    23. 23. What We Learned About The Industry … Greater than 50% of all IT projects have either failed or were delivered with less than the desired results.
    24. 24. And at the End of the Day Our Risk Turned Out to About People … <ul><li>It’s About How People Feel and How They Think !!! </li></ul>
    25. 25. <ul><li>No one is immune to </li></ul><ul><li>“ Project Problems” </li></ul><ul><li>(Unmanaged Risks = Problems) </li></ul><ul><li>some are just more agile at </li></ul><ul><li>reacting to them to minimize the impact … </li></ul>Conclusion …
    26. 26. The Road to the Solution … <ul><li>Investigate how a PMO could solve the problems without the overhead </li></ul><ul><ul><li>Already committed to the concept just not the typical implementation (needed to automate it) </li></ul></ul><ul><li>Investigate Tools </li></ul><ul><ul><li>Only thing on the market were portfolio management tools (not a portfolio problem!!!!) </li></ul></ul><ul><li>Only possible solution was to “Build Our Own” </li></ul>
    27. 27. So What Problems Must Be Addressed? <ul><li>How do we get comprehensive visibility to project risks in order to make decisions </li></ul><ul><li>How do we improve the information flow and get back to a “Management By Walking Around” by leveraging technology </li></ul><ul><li>How do we limit heroics, burn-out and turnover </li></ul><ul><li>How do we perform risk assessments regularly during the project lifecycle in order to make comprehensive decisions </li></ul><ul><li>How do we change the culture by doing the right things and doing things right </li></ul>
    28. 28. So What Problems Must Be Addressed? <ul><li>How do we get comprehensive visibility to project risks in order to make decisions </li></ul><ul><li>How do we improve the information flow and get back to a “Management By Walking Around” by leveraging technology </li></ul><ul><li>How do we limit heroics, burn-out and turnover </li></ul><ul><li>How do we perform risk assessments regularly during the project lifecycle in order to make comprehensive decisions </li></ul><ul><li>How do we change the culture by doing the right things and doing things right </li></ul>
    29. 29. So What Problems Must Be Addressed? <ul><li>How do we get comprehensive visibility to project risks in order to make decisions </li></ul><ul><li>How do we improve the information flow and get back to a “Management By Walking Around” by leveraging technology </li></ul><ul><li>How do we limit heroics, burn-out and turnover </li></ul><ul><li>How do we perform risk assessments regularly during the project lifecycle in order to make comprehensive decisions </li></ul><ul><li>How do we change the culture by doing the right things and do things right </li></ul>
    30. 30. So What Problems Must Be Addressed? <ul><li>How do we get comprehensive visibility to project risks in order to make decisions </li></ul><ul><li>How do we improve the information flow and get back to a “Management By Walking Around” by leveraging technology </li></ul><ul><li>How do we limit heroics, burn-out and turnover </li></ul><ul><li>How do we perform risk assessments regularly during the project lifecycle in order to make comprehensive decisions </li></ul><ul><li>How do we change the culture by doing the right things and do things right </li></ul>
    31. 31. <ul><li>What would be the value of having a sound, low cost, risk assessment capability for our business? </li></ul>
    32. 32. <ul><li>Create an automated system that ensures “management, visibility, control, and governance” are actually occurring, is easy to use, easy to change, easy too maintain </li></ul><ul><li>Get the heart beat of the project on regularly scheduled basis … </li></ul>The Goal of Our Solution …
    33. 33. Our Solution …
    34. 34. “ The power to discern the true nature of the situation”
    35. 35. Modular Design: The Solution The Solution
    36. 36. Modular Design: The Solution
    37. 37. Modular Design: Solution + Content
    38. 38. IT Governance Content Cartridge
    39. 39. Future Cartridges and Content <ul><ul><li>Future Availability </li></ul></ul><ul><ul><li>Contract Management </li></ul></ul><ul><ul><li>Compliance Adherence </li></ul></ul><ul><ul><li>Risk Assessment </li></ul></ul><ul><ul><li>Legal Assessment </li></ul></ul><ul><ul><li>Health Assessment </li></ul></ul><ul><ul><li>IT Infrastructure Assessment </li></ul></ul>
    40. 40. <ul><li>Create an Individually Customized Model </li></ul><ul><ul><li>Collect data – what data, from whom, when </li></ul></ul><ul><ul><li>Knowledge by phase </li></ul></ul><ul><ul><li>Reminders </li></ul></ul><ul><ul><li>Issues </li></ul></ul>Repository for all projects <ul><li>Analysis </li></ul><ul><ul><li>Insight </li></ul></ul><ul><ul><li>Must Do’s </li></ul></ul><ul><ul><li>Never Agains </li></ul></ul><ul><ul><li>Exceptions </li></ul></ul><ul><ul><li>Corrective action </li></ul></ul><ul><li>Visibility </li></ul><ul><ul><li>Dashboard </li></ul></ul><ul><ul><li>Reports </li></ul></ul><ul><ul><li>Alerts </li></ul></ul><ul><li>Management Knowledge & Subject Expertise </li></ul><ul><ul><li>Assessments </li></ul></ul><ul><ul><li>Project/Process types </li></ul></ul><ul><ul><li>Project/Process classifications </li></ul></ul><ul><ul><li>Rules </li></ul></ul>Consistent Execution What do we need to know? Where do we store it? How do we consume it or view it? What Will we learn from this?
    41. 41. Foundation for Process Improvement Capability Level VISIBILITY Streamline Processes Implement Standard Processes OPTIMIZATION CONTROL Understand What is Happening Cumulative timeline
    42. 42. Developers Designers Team Leaders End Users Business Managers Vendors IT Management Infrastructure Team Risk Discovery Team Project Manager
    43. 52. The Value of Automated Management Insight and IT Governance <ul><li>Repository of Defined, Codified Recommended Practices </li></ul><ul><li>Non-Intrusive, Non-Bureaucratic Oversight and Control </li></ul><ul><li>Vehicle to Monitor and Enforce Recommended Practices Utilization </li></ul><ul><li>Repetitive, Repeatable “Project Office” Type Reviews for All Projects </li></ul><ul><li>Proactive, Quantitative Approach for Managing Project Risks </li></ul><ul><li>Collection of Historical Data and Metrics </li></ul>Orient Act Observe Decide
    44. 53. What is Insight Doing for CAI … <ul><li>Allows us to query stakeholders keeping them engaged in the success of the project </li></ul><ul><li>Expands participation in project status reviews </li></ul><ul><ul><li>Captures a “Million Points of View” </li></ul></ul><ul><ul><li>Early warning means early action and more success </li></ul></ul><ul><ul><li>Eliminates bureaucratic best practices activities and focuses everyone on the success of “The” project </li></ul></ul><ul><li>Helps us avoid blunders (Repeated Mistakes) </li></ul><ul><li>Enables us to change the culture by encouraging people to do the right things by doing things right </li></ul>Impact Low High Difficult Easy Implementation
    45. 54. The Insight Control Room Control Room for Knowledge & Management Notifications Alerts Warnings Data & Opinion <ul><li>General and specific Alerts, Notifications, & Warnings </li></ul><ul><li>Best practice Mechanism </li></ul><ul><li>Historical benchmarking </li></ul><ul><li>Analysis of large volumes of data </li></ul>Knowledge, Rules, Experience Doer Manager Rules & Knowledge Rules & Knowledge Activities External Expert
    46. 55. Closing Thoughts … Few companies can grow without taking risks. But poor risk management leads to surprises in business operations that can impact shareholder confidence, regulatory oversight and the bottom line.
    47. 56. I am not suggesting that we can eliminate all project risks, nor do we want to … some risks are good I am also not suggesting that projects will never fail again … when organizations fail to react to information, projects can still fail
    48. 57. What I am suggesting is that if there isn’t a “Risk Identification, Assessment, and Mitigation Process” implemented on all of your projects then you are just waiting for projects to fall behind schedule or fail.
    49. 58. Remember … “ Managing risk does not deal with future decisions, but the future of present decisions”
    50. 59. “ The power to discern the true nature of the situation”

    ×