Panelists and Moderator PM Challenge 2009 – “Making Risk Manageable” PanelNick Chrissotimos, NASA Goddard Space Flight CenterMr. Chrissotimos has 26 years of project/program management experience at the Goddard SpaceFlight Center (GSFC). He is currently the Associate Director of Flight Projects for Explorers andHeliophysics where he is the Program Manager for Explorers, Living with a Star and SolarTerrestrial Probes.Joe Fuller, Futron CorporationJoseph Fuller, Jr. is the founder and President of Futron Corporation. He spent the first 20 yearsof his career at the National Aeronautics and Space Administration (NASA) as an aerospacesystems engineer, project manager, and senior executive. He is experienced in the design,development, and operations of human-piloted and robotics spacecraft, and serves as an expertadvisor on independent space studies and working groups.Richard Grou, Canadian Space AgencyGraduated from Ecole Polytechnique de Montréal, Richard Grou holds a B.A. Sc in MechanicalEngineering and is also certified Engineer and Project Management Professional. In 1980, hejoined the Public Service of Canada. He started at the Agency in 2001 where he first held theposition of Project Manager for the implementation of the CSA Project Management Framework(PAMF). He is currently working at the corporate level of the Canadian Space Agency as a Risk andProgram Assurance Manager within the Safety & Program Assurance Directorate.Mike McGrath, University of ColoradoMr. McGrath is the Engineering Director at the Laboratory for Atmospheric and Space Physics(LASP) at the University of Colorado at Boulder and most recently participated in NASA’sAeronomy of Ice in the Mesosphere SMEX Mission as Project Manager. His experience extendsback to the Pioneer Venus mission, and includes NASA’s Voyager, SME, Cassini, TIMED, SNOE andSORCE missions. He teaches spacecraft design as a Professor Adjunct in Aerospace Engineering,and is an instructor in CU’s Integrated Teaching and Learning Laboratory.John Turner, NASA Johnson Space CenterJohn V. Turner, PhD, has over twenty-three years experience in human space-flight applications,including: mission operations, engineering development, systems engineering, project management,risk assessment, and risk management. As a private consultant he has provided risk assessment andmanagement expertise in the oil and gas, defense acquisition, and airport security applications. Hecurrently serves as the Risk Manager and Risk Assessment lead for the Constellation humanspaceflight exploration program.Moderator: Peter J. Rutledge, Ph.D., Quality Assurance & Risk Management Services, Inc.Currently working as a consultant, Dr. Rutledge retired from the Office of Safety and MissionAssurance at NASA Headquarters in 2004, after 33 years of Federal service. His last position inNASA was that of Director, Enterprise Safety and Mission Assurance Division. His entire careerhas been in the safety, reliability, and risk fields.
NOTESNick Chrissotimos, NASA Goddard Space Flight CenterRisk Management from a Project Manager’s Perspective• Project Management is Risk Management (experience, lessons learned, intuition, decision making).• Use of a Risk Management tool has become essential; understand it but let someone else run it and do not let it manage you.• Lead System Engineer runs your Risk Management Board (they are not data entry clerks).• Understand and track most important risks as the PM (you cannot reasonably manage more than 10-20).• Know and actively manage your top ten risks (Yellow and Red); know when to accept a risk.• SE must keep you aware of which ones are bubbling up (Yellow and Red).• Know your risk windows for exposure, separate from mitigation: a risk timeline. Budget profile has to be correlated with the risk timeline for effective leveling.• Decisions on which risks to mitigate and spend reserve on need to be weighed across all other risks and programmatics (preserves precious resources).• Always have “plan B” options for mitigating your top ten risks.• Make clear to the Risk Management Board the projects, programs, and Center management’s 5x5 matrix definitions and risk reporting expectations.• Know your Residual (accepted) and Single Point Failure risks and make your management aware of these.• Understand and use your test program as the best risk mitigation when it is appropriate (it is already costed).• Tracking Risks at the Program Level should be a subset of the Top Ten risks of the projects within the program.• At the Program level a risk that can never be retired may not make sense to track (most of those are usually out of the program’s and projects’ control); you usually watch but you cannot do anything about them. You should have already been aware of those (i.e., Budget, LV availability, and inflation).
NOTESJoe Fuller, Futron CorporationRecent Trends in Risk Management SophisticationThe capability of organizations to perform risk management is growing and becoming moresophisticated. • 2002 MSFC Risk Management Assessment indicated projects operating at maturity Level 2; Ares Project assessment in 2007 indicated almost Level 4. • Exploration Technology Development Project (ETDP) combining risk and opportunity management represents an increase in sophistication. • Greater use of quantitative risk assessment (PRA, Cost-Schedule Risk Assessment, Dynamic Modeling and Simulation). • New NPR 8000.4A calling for integration of CRM and decision-making, including institutional risk management.Enterprise Risk Management (ERM), or Institutional Risk Management (NPR 8000.4A), willrepresent a cultural change and the next level of sophistication. Implementing ERM engages andaligns the workforce to ensure more strategic, comprehensive, and effective risk management.
NOTESRichard Grou, Canadian Space AgencyThe Canadian Space Agency is committed to Integrated Risk Management into all decision makingprocesses. This requirement is from Treasury Board Canada, the entity that provides oversight ofthe Management Function of all Canadian Government Departments and Agencies. Integrated RiskManagement is one Key element of the Management Accountability Framework that sets out theexpectation of Senior Managers for good public service management.Integrated Risk Management (IRM) is a continuous, proactive, and systematic process tounderstand, manage, and communicate risk from an organization-wide perspective. It is aboutmaking strategic decisions that contribute to the achievement of an organizations overallcorporate objectives.In implementing IRM, CSA is adopting an holistic approach to managing risk and addressing thefollowing elements:- CSA Corporate Risk Profile- Establishing an Integrated Risk Management function- Incorporation of Risk-Management into Existing Decision-making & Reporting- Practicing Integrated Risk Management- Ensuring Continuous Risk Management LearningA few Tips:- Communicate early and often- Base all discussions on fact- Credibility and trust take a long time to develop but can be destroyed in an instant
NOTESMike McGrath, University of Colorado• Project managers continue to seek out new techniques to gain an edge in the design/development process. Risk management on projects has been observed to provide a high quality return for minimum investment of training time and supporting infrastructure, and is proving to be effective in all phases of a project.• A formal risk management process is inclusive of the team working on a project, enabling focused, supportive discussion through the use of a concise language and a quantitative evaluation scale. When used as part of a project management approach, risk management supports project-wide participation that encourages discussion and review by the entire project team -- irrespective of role or responsibility of the participant.• By design, the risk management process is a positive, supporting process, and when structured appropriately, risk management encourages information to be revealed, processed, and evaluated, accompanied by a logical follow-up process.• Risk management is particularly effective in supporting resource shifting in the early phases of a project where TRL levels are being advanced, assuming that the appropriate team structure is in place, and that a resilient schedule management approach is being used.• A risk management process can be tailored to the project scope, and because of the way it seamlessly integrates with the design/development process, it scales well with increasing levels of project size and complexity.
NOTESJohn Turner, NASA Johnson Space Center• The RM program must evolve as it progresses from early development through design verification to acceptance, operations, and retirement. o Examples of Development Issues: Design and verification, setting achievable requirements, selecting preliminary architectures, understanding environments and operations, verifying achievement of requirements, optimizing risk versus other design commodities and cost, setting operational safety baseline, characterizing transition risks. o Examples of Operations Issues: Burning down accepted risk baseline, managing new risks as they come up, aging, unforeseen system interactions or environmental threats, changes in performance or mission goals, retirement issues.• RM practice has been fairly schizophrenic over the past 20-30 years. We see major differences between what people say about RM in books and at conferences and what we see in practice on programs and projects.• There is often little formal connection between critical design or operations oriented analyses and risk. We should use integrated simulation and modeling techniques early to surface risks and enable action to manage them.• The way that we understand RM has evolved continuously. Most recently, the agency has been using the term Risk-Informed Decision-Making, or RIDM. o RIDM Moves beyond managing “risks,” to understanding the risk implications of significant decisions. o Requires processes to ensure risks are understood and considered in all critical decision-making applications.• The CxP is working to establish he formal processes and linkages that support RIDM. We have some of these pieces in place and are developing others. o Significant obstacles to progress: Projects started first. Struggle between the lowest level or “the prime knows best” and doing things consistently across primes. • Everything is a cost, whether it is an addition or deletion, when the prime or govE project does not wish to do it. Parochialism Unrealistic budget restrictions Risk Informed Decision Making (RIDM) Knowledge • KBRs Management • PAL • Knowledge Capture Systems Engineering • Requirements and TPM ATP MMRs Ops/Test Achievability • Analysis priorities • Test Objectives • Iterative Design and • Risks Reviewed at Analysis Authority to Proceed • Readiness Reviews • C/S/T Baseline • Real Time Decisions Systems Safety Boards/Panels • Systematic Analysis • Formal Risk Acceptance • Establish Operational Safety Continuous Risk • Managing risk Baseline (OSB) through change IRMA Management (CRM) Probabilistic Design • Standards for risk characterization • CLAS for risks and Analysis • Risk Communication and Reporting • Standards of Practice Process • LOC LOM Reqts • Prioritization of risk mitigation • Integrated Campaign, proposals Architecture, System, Element Analysis Page 10 Dynamic Information Linkages NASA CxP John V. Turner, PMC 2009