What is meant by risk and is it different from the project, programme, portfolio and organisational perspective. How does it differ fro Major Projects and what about wicked, tame and messes.

1. Positioning project, programmePositioning project, programme
and portfolio riskand portfolio risk
Risk EssentialsRisk Essentials
18th February 201518th February 2015
Dr David Hancock MBADr David Hancock MBA
Head of ConstructionHead of Construction

2. AgendaAgenda
 What is this thing called Risk Management?What is this thing called Risk Management?
 What about upside Risk?What about upside Risk?
 Some problem areas for traditional riskSome problem areas for traditional risk
management applicationsmanagement applications
 How does management approach theseHow does management approach these
problems?problems?

3. Risk Management in ContextRisk Management in Context
 Corporate failures:Corporate failures:
Salomon Brothers 1991,Orange county 1994, Barings Bank 1995Salomon Brothers 1991,Orange county 1994, Barings Bank 1995
(Leeson £827m) Sumitomo Bank 1995, Enron 2001, Parmalat 2003,(Leeson £827m) Sumitomo Bank 1995, Enron 2001, Parmalat 2003,
Freddie Mac 2008, Lehman Brothers 2008, Société Générale 2008Freddie Mac 2008, Lehman Brothers 2008, Société Générale 2008
(Kerviel £4.1Bn), Morgan Stanley 2008 (Hubler £5.8Bn), UBS 2011, JP(Kerviel £4.1Bn), Morgan Stanley 2008 (Hubler £5.8Bn), UBS 2011, JP
Morgan 2012 (Morgan 2012 (‘the whale’),‘the whale’),
 Corporate Governance as a concept is born:Corporate Governance as a concept is born:
(Cadbury 1992, Greenbury 1995, Hampel 1998, Turnbull 1999 revised(Cadbury 1992, Greenbury 1995, Hampel 1998, Turnbull 1999 revised
2005, Sarbanes-Oxley Act 2002, Combined code 2003, UK Corporate2005, Sarbanes-Oxley Act 2002, Combined code 2003, UK Corporate
Governance code 2010 revised 2012)Governance code 2010 revised 2012)
 Principles of Corporate GovernancePrinciples of Corporate Governance
 OpennessOpenness
 IntegrityIntegrity
 AccountabilityAccountability
 Concept of Enterprise Risk Management (ERM)Concept of Enterprise Risk Management (ERM)
COSO 2004, AS/NZS 4360:2004, BS 31100:2008, ISO 31000:2009COSO 2004, AS/NZS 4360:2004, BS 31100:2008, ISO 31000:2009

4. What are Enterprise Risk ManagementWhat are Enterprise Risk Management
(ERM) and Corporate Governance ?(ERM) and Corporate Governance ?
• The underlying premise ofThe underlying premise of ERMERM is that every entity exists tois that every entity exists to
provide value for its stakeholders. It enables management toprovide value for its stakeholders. It enables management to
effectively deal with uncertainty and associated risk andeffectively deal with uncertainty and associated risk and
opportunity enhancing the capacity to build value. It is appliedopportunity enhancing the capacity to build value. It is applied
across the enterprise at every level and unit and includes takingacross the enterprise at every level and unit and includes taking
an entity level portfolio (holistic) view of risk.an entity level portfolio (holistic) view of risk.
• Corporate GovernanceCorporate Governance is the system by whichis the system by which organisationsorganisations areare
directed and controlled.directed and controlled.
• Corporate governance encompasses strategic management,Corporate governance encompasses strategic management,
performance, regulatory framework, disclosure, transparency andperformance, regulatory framework, disclosure, transparency and
business ethics – at its heart lies accountability to stakeholdersbusiness ethics – at its heart lies accountability to stakeholders
and the protection of their rights and interests.and the protection of their rights and interests.

5. Three Lines of DefenceThree Lines of Defence

6. What is meant by a Risk?What is meant by a Risk?
Effect of Uncertainty on Objectives. - Both
positive and negative
ISO 31000:2009 and BS 31100:2008
The uncertainty of outcome, whether
positive or negative threat, of actions and
events. It is the combination of likelihood
and impact, including perceived importance.
(UK HM Treasury 2004)
A statistical inevitability?

7. Evaluating A RiskEvaluating A Risk
LikelihoodLikelihood
The chance that the risk may actually be realised,The chance that the risk may actually be realised,
(occur), sometimes called probability(occur), sometimes called probability
ImpactImpact
The effect that the risk being realised would haveThe effect that the risk being realised would have
on the Objectives, sometimes called consequenceon the Objectives, sometimes called consequence

8. L
I
K
5
E
L
I
4
H
O
O
3
D
2
1
1 2 3 4 5
SEVERITY
Legal Impact
1 Improvement notice
2 Prohibition notice.
3 Prosecution with fine.
4 Directors charged with Corporate
killing, fraud etc..
5 Directors charged with Corporate
killing, fraud etc..
Reputation Impact
1 No press coverage
2 Minor, local reputation damage.
3 Major, local reputation damage.
4 National adverse media coverage.
5 International adverse media coverage
Financial
1 £ thousands
2 £ tens of
3 £ hundreds of
4 £ Millions
5 £ tens of millions
thousands
thousands
Descriptor
1 Improbable
2 Unlikely
3 Less likely than not
4 Likely
5 Probable
Likelihood
Descriptor
1 Minor
2 Moderate
3 Significant
4 Substantial
5 Catastrophic
Impact
Output Targets
1 Exactly meets targets
2 Significantly meets targets
3 Meets 50% of targets
4 partially meets
targets
5 Does not meet
targets
Health & Safety
1 Negligible injuries
2 Minor injuries
3 Major injuries
4 Single fatality
5 Multiple fatalities
Schedule
1 Day
2 Week
3 Month
4 Year
5 Years
Scoring and Traffic LightScoring and Traffic Light
NotationNotation

9. What is Risk? (Part 2)What is Risk? (Part 2)
 Exists in the futureExists in the future
 There are many possible futures availableThere are many possible futures available
 The model is not realityThe model is not reality
 ““Recognising the possibility of differentRecognising the possibility of different
outcomes and trying to make sure that activitiesoutcomes and trying to make sure that activities
are directed towards making an acceptable setare directed towards making an acceptable set
of outcomes more likely”of outcomes more likely”

10. Risk management as a science really explodedRisk management as a science really exploded
during the 20th century. However it still tended toduring the 20th century. However it still tended to
be dominated by the worlds of mathematics andbe dominated by the worlds of mathematics and
engineering. In 1921 Frank Knight inengineering. In 1921 Frank Knight in ‘Risk,‘Risk,
Uncertainty and Profit’ distinguished betweenUncertainty and Profit’ distinguished between
three different types of probability, which hethree different types of probability, which he
termed:termed:
-- deductivedeductive probability,probability,
- statistical probability and- statistical probability and
- estimates.- estimates.
History of RiskHistory of Risk

11.  Deductive probabilityDeductive probability
- odds of rolling any number on a die. Here the- odds of rolling any number on a die. Here the
probability of occurrence is known specifically.probability of occurrence is known specifically.
 Statistical probabilityStatistical probability
- probability with relative frequency over a long series- probability with relative frequency over a long series
of events or the proportion of an event in a largeof events or the proportion of an event in a large
population.population.
 EstimatesEstimates
- when there is no valid basis of any kind for classifying- when there is no valid basis of any kind for classifying
instances, only estimates can be made.instances, only estimates can be made.

In this final case the use of any kind ofIn this final case the use of any kind of statisticalstatistical
analysis would be meaningless.analysis would be meaningless.
History of RiskHistory of Risk

12. Risk AssessmentRisk Assessment
QuantitativeQuantitative
 AnAn attemptattempt to applyto apply meaningfulmeaningful and objectiveand objective
probabilities and subsequently consider and thenprobabilities and subsequently consider and then
quantify the potential of such risks in terms ofquantify the potential of such risks in terms of
time, cost and quality (Laxtons guide to risktime, cost and quality (Laxtons guide to risk
analysis and management)analysis and management)
QualitativeQualitative
 Involves the registration of the identified risks, byInvolves the registration of the identified risks, by
‘experts’ in a formal manner using‘experts’ in a formal manner using subjectivesubjective
probabilities.probabilities.
Selection of stakeholders is critical to its success.Selection of stakeholders is critical to its success.
Need to take into consideration Group Dynamics.Need to take into consideration Group Dynamics.
Also used to identify OpportunitiesAlso used to identify Opportunities

13. Understanding what is meant byUnderstanding what is meant by
success is crucial to RMsuccess is crucial to RM

14. The Risk ProcessThe Risk Process
Set
Objectives
Monitor
the risks
Report
movement
of the
risk
Identify Threats
and Opportunities
to Objectives
Assess the risks associated
with each threat and
opportunity (Inherent) and
map exposure (PxC)
Consider actions
to manage risk
terminate, tolerate, treat, transfer
Reassess the risk
(Residual) and remap
(PxC) in light of actions
in place

15. Response toResponse to riskrisk… the 4 Ts… the 4 Ts
Terminate – Do things differently and thus remove the risk
Tolerate – Nothing can be done at a reasonable cost to mitigate the risk or
the likelihood and impact are at a reasonable level
Treat – Take action to control the risk either by reducing the likelihood of
the risk developing or limiting the impact it will have on the project
Transfer – Some of the financial risk may be transferable via insurance or
contractual arrangements or accepted by third parties

16. Value Protection Value Creation
Risk Management as Value CreationRisk Management as Value Creation

17. Response toResponse to OpportunitiesOpportunities
Exploit – Exploiting a positive risk is about ensuring everything is in place
to increase the probability of the occurrence of the opportunity
Enhance – Enhancing an opportunity involves identifying the root cause of a
positive risk so that you can influence the root cause to increase the
likelihood of the opportunity
Accept – At times, opportunities simply fall on your lap and you choose to
accept them. This is called accepting a positive risk
Share – Sometimes exploiting a positive risk is not possible without
collaboration. Sharing a positive risk is when you collaborate with
another department or organisation to exploit an opportunity.

18. Improving risk management (maturity)Improving risk management (maturity)Certainty
Cost / Time
Target N
Distribution of
project
outcomes
Level 1 – Awareness (Heroes deliver)
Certainty
Cost / Time
Target N + a
Level 2 – Repeatability (Disciplined process)
Level 3 – Defined (Standard, consistent process)
Certainty
Cost / Time
Target N - x
Certainty
Cost / Time
Target N - y
Level 4 – Managed (Predictable process)
Certainty
Cost / Time
Target N - z
Level 5 – Optimised (Continuously Improving process)

19. Risk Management MaturityRisk Management Maturity

20. Maturity ModelMaturity Model

21. Arcadia by Tom StoppardArcadia by Tom Stoppard

22. Problem Areas for present RiskProblem Areas for present Risk
practicespractices
WickedWicked
Messy
Tame

23. • Tame ProblemsTame Problems
Systems ComplexitySystems Complexity
• Messes (Ackoff 1970)Messes (Ackoff 1970)
Behavioural ComplexityBehavioural Complexity
• Wicked Problems (Rittel & Weber 1973)Wicked Problems (Rittel & Weber 1973)
• Wicked Messes (Roth & Senge 1996)Wicked Messes (Roth & Senge 1996)
Problem areas for present riskProblem areas for present risk
practicespractices

24. Problem SolvingProblem Solving
Problem
Solution
Time since beginning
Gather Data
Analyse Data
Formulate Solution
Implement Solution
“TAME” Problems can be solved
by linear or “waterfall” process

25. Systems ComplexitySystems Complexity
 Clusters of interrelated or interdependentClusters of interrelated or interdependent
problemsproblems
 Messes (Ackoff 1970)Messes (Ackoff 1970)

26. ““MESSES”MESSES” meet the following criteria:
Organisational Complexity - clusters of interrelated
or interdependent problems, or systems of problems.
Messes are puzzles; rather than solving them we
resolve their complexities.
Cannot be solved in relative isolation from one
another.

27. Behavioural ComplexityBehavioural Complexity
 Conflicting social ethics and beliefsConflicting social ethics and beliefs
 ‘‘Wickedness’Wickedness’ (Rittel & Webber 1973)(Rittel & Webber 1973)

28. ““WICKED PROBLEMSWICKED PROBLEMS”” are
characterised by:
An evolving set of interlocking issues and constraints - no definitive
statement of the problem (no understanding of the problem until the solution has
been developed).
Many stakeholders - the problem solving process is fundamentally social (getting
the right answer is not as important as having stakeholders accept the solution).
The constraints (resources, politics) change with time - stakeholders come and
go, change their minds or change the rules.
Since there is no definitive Problem there is no
definitive Solution.

29. Problem
Solution
Time since beginning
“WICKED” Problems cannot
be solved by linear or
“waterfall” process

30. Wicked Problem SolvingWicked Problem Solving
Resolving ““WICKED MESSESWICKED MESSES”” is
“SATISFICING” (H. Simon 1956)
•Because of the number of stakeholders, changing constraints and dynamics
of the problem, there is no ideal solution-it is “as good as it gets” or “good
enough”
•The Problem solving process ends when resource (time, money energy etc.)
runs out!
•Therefore we need a different approach when handling risk with respect to
problems which are not Tame

31. Boston MatrixBoston Matrix
Behavioural
Complexity
High
Low
Wicked Wicked Mess
(Complex
Adaptive
Systems)
Tame Mess
Resolution is social/
political/ ethical/
moral/ behavioural
Solution is
Scientific
Dynamic Systems Complexity
HighLow

32. What constitutes theWhat constitutes the ‘norm’ changes‘norm’ changes
over timeover time
Now OutNow Out Now InNow In

33. Experts v RealityExperts v Reality
How experts see itHow experts see itHow it really isHow it really is

34. Models v RealityModels v Reality

35. Irrational WorldIrrational World

36. Comparison of Tame and Wicked ProblemsComparison of Tame and Wicked Problems
Tame ProblemsTame Problems
 Relatively easy to define and can beRelatively easy to define and can be
treated as separate from other problemstreated as separate from other problems
and the environmentand the environment
 Information needed to solve or makeInformation needed to solve or make
sense of the problem is readily available,sense of the problem is readily available,
well structured, and easy to put into usewell structured, and easy to put into use
 There is a consensus not only amongThere is a consensus not only among
problem solvers over what is the bestproblem solvers over what is the best
method but also those with the problemmethod but also those with the problem
accept and agree with the legitimateaccept and agree with the legitimate
problem solversproblem solvers
 This class of problems has precedentsThis class of problems has precedents
from which one can learn or take advicefrom which one can learn or take advice
from others in order to become afrom others in order to become a ‘‘bona‘‘bona
fide’’ problem solverfide’’ problem solver
 Stakeholders to the problem defer to theStakeholders to the problem defer to the
expertise of the problem solver and seekexpertise of the problem solver and seek
little or no say in the process beyond thatlittle or no say in the process beyond that
requestedrequested
Wicked ProblemsWicked Problems
 Relatively difficult to define and cannot beRelatively difficult to define and cannot be
easily separated from other problems andeasily separated from other problems and
the environmentthe environment
 Information needed to solve or makeInformation needed to solve or make
sense of the problem is ill-structured,sense of the problem is ill-structured,
changing and difficult to put into usechanging and difficult to put into use
 There is neither a consensus amongThere is neither a consensus among
problem solvers over what is the bestproblem solvers over what is the best
method or a clear agreement over who ismethod or a clear agreement over who is
and is not a legitimate problem solverand is not a legitimate problem solver
 These problems are unique andThese problems are unique and
changeable; therefore attempts to solvechangeable; therefore attempts to solve
them make learning difficult andthem make learning difficult and
progression toward a solution is erraticprogression toward a solution is erratic
 Stakeholders to the problem join theStakeholders to the problem join the
problem solvers in possessing conflictingproblem solvers in possessing conflicting
views of the problem, its solution, and theviews of the problem, its solution, and the
degree of involvement of the problemdegree of involvement of the problem
stakeholdersstakeholders

37.  ProjectsProjects are stand alone, unique, transientare stand alone, unique, transient
undertakings and are measured against the projectundertakings and are measured against the project
management plan in terms of the time, costmanagement plan in terms of the time, cost
quality/performance triangle.quality/performance triangle.
 ProgrammesProgrammes are interrelated or interdependentare interrelated or interdependent
projects contributing to a common strategicprojects contributing to a common strategic
objective defined in the business plan.objective defined in the business plan.
 PortfolioPortfolio is the total of all projects and programmesis the total of all projects and programmes
and includes business as usual activities.and includes business as usual activities.
Projects, Programmes &Projects, Programmes &
PortfoliosPortfolios

38. Projects (Tame) andProjects (Tame) and
Programmes (Messes)Programmes (Messes)
Project ManagerProject Manager
 On TimeOn Time
 On BudgetOn Budget
 On QualityOn Quality
Programme ManagerProgramme Manager
 Balancing the projects in the programmeBalancing the projects in the programme
 Managing resources across boundariesManaging resources across boundaries
 Bring collectively to completionBring collectively to completion
 Trading between projects for optimisationTrading between projects for optimisation

39. Portfolios (Wickedness)Portfolios (Wickedness)
Portfolio ManagerPortfolio Manager
 Align and monitor projects to companyAlign and monitor projects to company
strategystrategy
 De-scope or stop projects no longerDe-scope or stop projects no longer
alignedaligned
 Manage permanent and temporaryManage permanent and temporary
resourcesresources
 Liaise with and satisfy stakeholderLiaise with and satisfy stakeholder’s’s
requirementsrequirements
 Pre-empt future requirementsPre-empt future requirements
 Horizon scanning and scenario planningHorizon scanning and scenario planning

40. Boston MatrixBoston Matrix
Ambiguity
High
Low
Wicked Wicked
Mess
Tame Mess
Resolution is social/
political/ ethical/ moral/
behavioural
Solution is Scientific
Uncertainty
HighLow
Projects Programmes
Portfolios ?
Politics
Societal ?
 Effect of uncertaintyuncertainty on Objectives. - Both positive and negative
ISO 31000:2009 and BS 31100:2008ISO 31000:2009 and BS 31100:2008
 The uncertaintyuncertainty of outcome, whether positive or negative threat, of actions and events. It
is the combination of likelihood and impact, including perceived importance.
UK HM Treasury, The Orange Book, 2004UK HM Treasury, The Orange Book, 2004
RISKRISK

41. Development of T5 as a Wicked MessDevelopment of T5 as a Wicked Mess

42. Leadership v ManagementLeadership v Management
(J. Kotter 1990)(J. Kotter 1990)
ManagementManagement
 Planning and BudgetingPlanning and Budgeting
 Organising and StaffingOrganising and Staffing
 Controlling and ProblemControlling and Problem
SolvingSolving
LeadershipLeadership
 Establishing a direction andEstablishing a direction and
developing a vision of thedeveloping a vision of the
futurefuture
 Aligning people (Stakeholders)Aligning people (Stakeholders)
 Motivating and inspiringMotivating and inspiring
“Leadership and management are two distinctive and complementary systems of
action…… Both are necessary for success in an increasingly complex and volatile
business environment.”
Produces a degree of predictability
and order and manages uncertainty Produces radical change and
manages ambiguity

43. Bump, bump, bumpBump, bump, bump
“Here is Edward Bear,
coming downstairs now,
bump, bump, bump, on the
back of his head, behind
Christopher Robin. It is, as
far as he knows, the only
way of coming downstairs,
but sometimes he feels that
there really is another way, if
only he could stop bumping
for a moment and think of
it.”

44. Control FallaciesControl Fallacies
1. More Rules = Tighter1. More Rules = Tighter
ControlControl
2. Targets Improve2. Targets Improve
BehaviourBehaviour
3. A thorough plan or risk3. A thorough plan or risk
register will keep us saferegister will keep us safe
4. All our risks are under4. All our risks are under
controlcontrol
Corruptissima republica plurimae leges,
the more rotten the state, the more
laws there are.
Tacitus
When a measure becomes a target, it
ceases to be a good measure.Goodhart
No battle plan ever survives first
contact with the enemy.
Moltke
Life is what happens to you
while you’re busy making
other plans.Lennon

45. “Many risk officers thought their job
was to find a way around regulation
as opposed to implementing.”
“Many risk officers thought their job
was to find a way around regulation
as opposed to implementing.”
“Banks’ biggest problem was our belief in
risk assessment systems. …this comforting
myth that you can just stick a ‘risk probe’
into any project, like checking a turkey in
the oven.”
“Banks’ biggest problem was our belief in
risk assessment systems. …this comforting
myth that you can just stick a ‘risk probe’
into any project, like checking a turkey in
the oven.”
“Principle-based regulation is all very
well but there are parts of the market
which aren’t very principled!”
“Principle-based regulation is all very
well but there are parts of the market
which aren’t very principled!”
“After a while people just get conditioned, it’s like ignoring
the fire alarm when it goes off. So you think: ‘Everyone else is
doing this so it must be all right. This is obviously normal
behaviour… everyone else is in this product, so we’ve got to
be. And anyway I’ll miss out on my bonus if I don’t.”
“After a while people just get conditioned, it’s like ignoring
the fire alarm when it goes off. So you think: ‘Everyone else is
doing this so it must be all right. This is obviously normal
behaviour… everyone else is in this product, so we’ve got to
be. And anyway I’ll miss out on my bonus if I don’t.”
Dr Miles Research
Kings College London 2011

46. Management ResponseManagement Response
TameTame
 Collect sufficient data toCollect sufficient data to
identify trends andidentify trends and
indicatorsindicators
 Pick the best response &Pick the best response &
ImplementImplement
 Command & ControlCommand & Control
MessyMessy
 Collect sufficient data toCollect sufficient data to
identify trends and indicatorsidentify trends and indicators
 Deliberate on informationDeliberate on information
collected use expertise tocollected use expertise to
chose appropriate responsechose appropriate response
 Motivating and inspiringMotivating and inspiring
Produces a degree of predictability and order
able to manage uncertainty by application of
process and command & control in a
corporate centralised function

47. Management ResponseManagement Response
WickedWicked
 Design small scale actions toDesign small scale actions to
see how they respond in realitysee how they respond in reality
 Identify patterns and selectIdentify patterns and select
what feels the right thing to dowhat feels the right thing to do
 Carry out actions that enhanceCarry out actions that enhance
good outcomes and reducegood outcomes and reduce
poor outcomespoor outcomes
Wicked MessesWicked Messes
 Design small scale actions toDesign small scale actions to
see how they respond in realitysee how they respond in reality
 Identify patterns but understandIdentify patterns but understand
they may not be scalablethey may not be scalable
 Carry out actions that enhanceCarry out actions that enhance
good outcomes and reducegood outcomes and reduce
poor outcomes monitor closelypoor outcomes monitor closely
for unintended consequencesfor unintended consequences
Manages chaos and ambiguity based on experience lessons learnt from similar
situations both good and bad. Failure is an option for positive learning
Control must be decentralised and senior leaders given autonomy over outcomes

48. Training and development which produces: practitioners
who can follow detailed procedures and techniques,
prescribed by risk management methods and tools.
From: Practitioners as
Trained Technicians
Learning and development which facilitates:
development of reflective practitioners who operate
and adapt effectively in complex environments,
through experience, intuition pragmatic application
of theory in practice.
Towards: Practitioners as
Reflective Practitioners
From: Risk Management as
Instrumental Processes
The instrumental lifecycle image of risk management as
a linear sequence of tasks to be performed on an
objective entity ‘out there’, using codified knowledge,
procedures and techniques, and based on an image of
projects as temporary apolitical production processes.
Concepts and images which focus interaction among
people, illuminating: the flux and human action, and the
framing of the risk profession) within an array of social
agenda, stakeholder relations, politics and power.
Towards: Risk Management
as Social Processes
Way ForwardWay Forward

49. Keep it SimpleKeep it Simple
 Observation is vital (regular reporting)Observation is vital (regular reporting)
 Correct application ofCorrect application of ‘‘relevantrelevant’ data’ data
 Get the basics rightGet the basics right

50. APM GroupAPM Group’s 10 reasons for’s 10 reasons for
failurefailure
1. Lack of Planning1. Lack of Planning
2. Poor user input2. Poor user input
3. Lack of senior management support3. Lack of senior management support
4. Poor definition of scope4. Poor definition of scope
5. Unrealistic timescales5. Unrealistic timescales
6. Lack of (or inadequate) resources6. Lack of (or inadequate) resources
7. Incomplete or changing requirements7. Incomplete or changing requirements
8. Lack of project leadership and communication skills8. Lack of project leadership and communication skills
9. Lack of project competence9. Lack of project competence
10. Poor stakeholder management10. Poor stakeholder management

51. NAO/OGCNAO/OGC’s reasons for failure’s reasons for failure
1. No clear link between the project and the organisation1. No clear link between the project and the organisation’s key strategic’s key strategic
priorities, including agreed measures of success.priorities, including agreed measures of success.
2. Lack of clear senior management, ownership and leadership.2. Lack of clear senior management, ownership and leadership.
3. Lack of effective stakeholder engagement.3. Lack of effective stakeholder engagement.
4. Lack of skills and proven approach to project and risk management4. Lack of skills and proven approach to project and risk management
5. Lack of understanding of and contact with the supply industry at5. Lack of understanding of and contact with the supply industry at
senior levels in the organisationsenior levels in the organisation
6. Evaluation of proposals driven by initial price rather than long term6. Evaluation of proposals driven by initial price rather than long term
value for money (especially securing delivery of business benefits).value for money (especially securing delivery of business benefits).
7. Too little attention to breaking development and implementation into7. Too little attention to breaking development and implementation into
manageable steps.manageable steps.
8. Non-integration of customer, supplier, user and project management8. Non-integration of customer, supplier, user and project management
teamteam

52. The need for holistic thinkingThe need for holistic thinking
I’m glad the hole
isn’t in our end!

53. Risk Management: Risk Leadership:
1. Works to a defined scope, budget, quality and
Programme.
Recognises the possibility of different outcomes and
tries to ensure that risk activities are directed towards
making an acceptable set of outcomes more likely
2. Uses the instrumental lifecycle image of risk
management as a linear sequence of tasks to be
performed on an objective entity using codified
knowledge, procedures and techniques, and based
on an image of projects as apolitical production
processes
Uses concepts and images which focus on social
interaction among people, understanding the flux of
events and human interaction, and the framing of
projects within an array of social agenda, practices,
stakeholder relations, politics and power.
3. Manages process to ensure complicated projects of
people and technology are kept running smoothly.
Develops behaviours and confidence in team through
scenario planning and team building to identify and
respond to risks and opportunities.
4. Establishes detailed steps, processes and
timetables for risk management.
Understands the ‘many acceptable futures’ proposition
and manages risk to produce the changes needed to
achieve the acceptable outcomes.
5. Practitioners as implementers of the risk process.
Training and development which produces:
practitioners who can follow detailed procedures and
techniques, prescribed by project management
methods and tools.
Practitioners as reflective listeners. Learning and
development facilitates the development of reflective
practitioners who can learn, operate and adapt
effectively in complex project environments, through
experience, intuition and the pragmatic application of
theory in practice.
Way Forward Risk LeadershipWay Forward Risk Leadership

54. Risk Management: Risk Leadership:
6. Applies concepts and methodologies which focus on
risk management for product creation or
improvement of a physical product, system or facility
etc and monitored and controlled against
specification (quality), cost and time.
Applies concepts and frameworks which focus on risk
management as value creation. Whilst, aware that
‘value’ and ‘benefit’ will have multiple meanings linked to
different purposes for the organisation, project and
individual.
7. Attempts to control risk by monitoring results,
identifying deviations from the plan and developing
mitigation actions to return to plan.
Adapts the risk process to overcome major political,
bureaucratic and resource barriers to develop change in
behaviours through trust and managing expectations.
8. Based on the assumption that the risk model is
(assumed to be) the actual ‘terrain’ (i.e. The actual
reality ‘out there’ in the world).
Based on the development of new risk models and
theories which recognise and take cognisance of the
complexity of projects and project management, at all
levels and that the model is only part of the complex
‘terrain’.
9. Seeks predictability and order. Has learnt to live with chaos, complexity, uncertainty and
ambiguity and leads through example to a successful
conclusion.
Way Forward Risk LeadershipWay Forward Risk Leadership

55. 'This book takes project risk management firmly onto a higher and wider plane. We thought we knew
what project risk management was and what it could do. David Hancock shows us a great deal more of
both. David Hancock has probably read more about risk management than almost anybody else, he has
almost certainly thought about it as much as anybody else and he has quite certainly learnt from doing
it on very difficult projects as much as anybody else. His book draws fully on all three components. For
a book which tackles a complex subject with breadth, insight and novelty - its remarkable that it is
also a really good read. I could go on!' –
Dr Martin Barnes CBE FREng
President, The Association for Project Management
'This book takes project risk management firmly onto a higher and wider plane. We thought we knew
what project risk management was and what it could do. David Hancock shows us a great deal more of
both. David Hancock has probably read more about risk management than almost anybody else, he has
almost certainly thought about it as much as anybody else and he has quite certainly learnt from doing
it on very difficult projects as much as anybody else. His book draws fully on all three components. For
a book which tackles a complex subject with breadth, insight and novelty - its remarkable that it is
also a really good read. I could go on!' –
Dr Martin Barnes CBE FREng
President, The Association for Project Management
'In highlighting the complexity of many of today's problems and defining them as tame, messy or
wicked, David Hancock brings a new perspective to the risk issues that we currently face. He
challenges risk managers, and particularly those involved in project risk management, to take a
much broader approach to the assessment of risk and consider the social, political and
behavioural dimensions of each problem, as well as the scientific and engineering aspects with
which they are most comfortable. In this way, risks will be viewed more holistically and managed
more effectively than at present.'
Dr Lynn T Drennan,
Chief Executive, Alarm, the public risk management association
'In highlighting the complexity of many of today's problems and defining them as tame, messy or
wicked, David Hancock brings a new perspective to the risk issues that we currently face. He
challenges risk managers, and particularly those involved in project risk management, to take a
much broader approach to the assessment of risk and consider the social, political and
behavioural dimensions of each problem, as well as the scientific and engineering aspects with
which they are most comfortable. In this way, risks will be viewed more holistically and managed
more effectively than at present.'
Dr Lynn T Drennan,
Chief Executive, Alarm, the public risk management association
'This compact and thought provoking description of risk management will be useful to anybody with responsibilities for projects, programmes or
businesses. It hits the nail on the head in so many ways, for example by pointing out that risk management can easily drift into a check-list mindset, driven
by the production of registers of numerous occurrences characterised by the Risk = Probablity x Consequence equation. David Hancock points out that
real life is much more complicated, with the heart of the problem lying in people, so that real life resembles poker rather than roulette. He also points out
that while the important thing is to solve the right problem, many real life issues cannot be readily described in a definitive statement of the problem.
There are often interrelated individual problems with surrounding social issues and he describes these real life situations as ‘Wicked Messes’. Unusual
terminology, but definitely worth the read, as much for the overall problem description as for the recommended strategies for getting to grips with real
life risk management. I have no hesitation in recommending this book.'
Sir Robert Walmsley KCB FREng
Chairman of the Board of the Major Projects Association
'This compact and thought provoking description of risk management will be useful to anybody with responsibilities for projects, programmes or
businesses. It hits the nail on the head in so many ways, for example by pointing out that risk management can easily drift into a check-list mindset, driven
by the production of registers of numerous occurrences characterised by the Risk = Probablity x Consequence equation. David Hancock points out that
real life is much more complicated, with the heart of the problem lying in people, so that real life resembles poker rather than roulette. He also points out
that while the important thing is to solve the right problem, many real life issues cannot be readily described in a definitive statement of the problem.
There are often interrelated individual problems with surrounding social issues and he describes these real life situations as ‘Wicked Messes’. Unusual
terminology, but definitely worth the read, as much for the overall problem description as for the recommended strategies for getting to grips with real
life risk management. I have no hesitation in recommending this book.'
Sir Robert Walmsley KCB FREng
Chairman of the Board of the Major Projects Association
GOWER Discount Code G11EMT35
for 35% Off.