Advanced program management risk mitigation and management


Published on

Published in: Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Advanced program management risk mitigation and management

  1. 1. Risk Mitigation and Management Advanced Program Management
  2. 2. Objectives <ul><li>Define risk mitigation </li></ul><ul><li>Identify components of risk mitigation </li></ul><ul><li>Learn how to manage large-scale program risks </li></ul>
  3. 3. Risk Management Definition Definition: Development, evaluation and monitoring of risk factors. Prioritization of risks and identification of contingency plans to address significant risks. <ul><li>Activities: </li></ul><ul><li>Survey management and project/team for projects risks </li></ul><ul><li>Identify approach to minimizing risks by developing mitigation strategies </li></ul><ul><li>Reassign risks which can be eliminated as issues </li></ul><ul><li>Identify contingency plans for high impact risks </li></ul><ul><li>Participants: </li></ul><ul><li>Project/team leads </li></ul><ul><li>Program Management Office </li></ul><ul><li>Outputs: </li></ul><ul><li>Updated program risks log available for program wide viewing </li></ul><ul><li>Update as risk become outdated or new risks appear </li></ul><ul><li>Objectives: </li></ul><ul><li>To develop an effective process for identifying and minimizing project risks </li></ul><ul><li>To achieve optimum balance between minimization of risks, quality of deliverables, and ability to meet completion dates (i.e. do not “over minimize” risks at the expense of quality or the schedule) </li></ul>
  4. 4. Risk Mitigation is not issue resolution <ul><li>Risk is the potential danger of harm or loss </li></ul><ul><ul><li>by definition it is outside the control of the program being managed </li></ul></ul><ul><li>Mitigation means to make something less harmful, unpleasant or bad </li></ul><ul><li>Thus, there are both anticipation and planning elements to Risk Mitigation </li></ul><ul><li>Issue resolution is about information collection and decision making </li></ul><ul><li>Risk mitigation involves evaluation, probabilities and alternatives </li></ul><ul><ul><li>Examples </li></ul></ul><ul><ul><ul><li>Business plans generally state market forces may move unfavorably </li></ul></ul></ul><ul><ul><ul><li>Insurance policies generally state that they don’t cover nuclear incidents or civil unrest </li></ul></ul></ul>
  5. 5. There are four major areas that need to be addressed when managing risk <ul><li>Assumptions and critical success factors </li></ul><ul><li>Identification of potential or real risks </li></ul><ul><li>Tracking mechanisms </li></ul><ul><li>Contingency plans </li></ul>
  6. 6. Risk vs Business Value Management <ul><li>Risk Management is the dimension of the framework that </li></ul><ul><ul><li>Identifies and manages risks at all levels of the program </li></ul></ul><ul><ul><li>Manages development of mitigating strategies </li></ul></ul><ul><ul><li>Builds contingency plans relative to development and deployment </li></ul></ul><ul><ul><li>Assigns and monitors the implementation of contingency plans and risk mitigation strategies </li></ul></ul><ul><li>Business Value Management is the dimension of the framework that </li></ul><ul><ul><li>Identifies the program’s anticipated benefits/revenue </li></ul></ul><ul><ul><li>Develops metrics and frequency to gauge realization of assumptions and critical success factors </li></ul></ul><ul><ul><li>Manages the tradeoff between benefit capture and cost of delivery during program life cycle </li></ul></ul><ul><ul><li>Risks should be captured in the business value as much as possible </li></ul></ul>
  7. 7. Risk Management - Proactively discover and mitigate risks <ul><li>Risk Management </li></ul><ul><ul><li>Provides risk analysis, including identification, categorization, and root cause assessment </li></ul></ul><ul><ul><li>Develops risk response strategy covering avoidance, prevention, deflection, and mitigation </li></ul></ul><ul><ul><li>Scenario evaluation </li></ul></ul><ul><ul><li>Solidifies risk control and risk monitoring </li></ul></ul><ul><ul><li>Builds contingency plans for development and deployment </li></ul></ul>
  8. 8. Sources of Risk/Uncertainty External Change Organizational Change Individual Change Competitive Pressures Deregulation Technology New Leadership New Strategy Re-engineering Re-organization Re-anything Expectations Motivation Skills
  9. 9. Defining Assumptions or Critical Success Factors <ul><li>Assumptions or Critical Success Factors are usually identified early in the project planning stage </li></ul><ul><li>They need to be explicitly stated </li></ul><ul><li>Utilizing the sources of uncertainty and risk will ensure that the process is comprehensive </li></ul>
  10. 10. Risk Identification and Quantification <ul><li>All key risks need to be identified and reported via the use of a risk memorandum/report </li></ul><ul><li>The risks arise out of the assumptions made and potential changes in either the internal or external identified sources of risk </li></ul><ul><li>Each risk needs to be reviewed in terms of </li></ul><ul><ul><li>Potential Impact on strategy, program resources and schedule </li></ul></ul><ul><ul><li>Likelihood of occurrence </li></ul></ul><ul><ul><li>Need for tracking/monitoring of factors affecting risk </li></ul></ul><ul><ul><li>Need for a contingency plan </li></ul></ul><ul><ul><li>Identification of trigger points </li></ul></ul><ul><li>Risks and contingency plans need signoff by the client </li></ul><ul><ul><li>These need to be “living and breathing” documents </li></ul></ul>Discussion Idea: How thoroughly have you captured and documented risks and contingency plans in the past?
  11. 11. Contingency Plans <ul><li>Contingency plans are alternative plans that can be put into effect if certain critical success factors or assumptions do not occur as expected </li></ul><ul><li>Only high impact and high priority areas require contingency plans </li></ul><ul><li>Contingency plans should be as simple as possible, since there is little advanced warning when implementation is necessary </li></ul><ul><li>The event or point “trigger” at which the contingency plan will be executed needs to be defined as part of the risk memorandum </li></ul>
  12. 12. Tracking Mechanisms <ul><li>Depending upon the type and number of risks identified, the variety of sources tracked and monitored can be large </li></ul><ul><li>Sources range from government reports, speeches, internal business reports, financial market analysis, news sources, weather reports, or even reading online / offline pop culture “rags” </li></ul><ul><li>The key event, value, or trigger point should be well defined and the target of the tracking, both to limit time spent and to minimize disagreements about whether or not the contingency plans need to be deployed </li></ul>
  13. 13. Sequence of Activities in Risk Management <ul><li>Identify positive and negative events or uncertainties that could derail the program </li></ul><ul><li>Specify trigger points and timing of the events </li></ul><ul><li>Create mitigation strategies that could reduce the probability of the risk becoming a reality </li></ul><ul><li>Assess level of impact and probability of the events that readily impact assumptions / critical success factors </li></ul><ul><li>Develop contingency plans only for high-impact or high-probability events </li></ul><ul><li>Implement monitoring effort </li></ul><ul><li>Report and track events against assumptions and critical success factors </li></ul><ul><li>Develop and implement contingency plans as needed </li></ul>
  14. 14. Remember — Issues are not Risks <ul><li>Issues </li></ul><ul><ul><li>are under the program’s control </li></ul></ul><ul><ul><li>information can be gathered to make informed decisions </li></ul></ul><ul><ul><li>can be resolved </li></ul></ul><ul><ul><li>may have major budget, scope or schedule impacts to the plan </li></ul></ul><ul><li>Risks </li></ul><ul><ul><li>are external to the program </li></ul></ul><ul><ul><li>cannot be resolved, only monitored </li></ul></ul><ul><ul><li>cause alternative plans to be executed </li></ul></ul><ul><ul><li>have various probabilities and impacts associated with them </li></ul></ul>
  15. 15. Risk Management Key Considerations <ul><li>Invest in building real contingency plans where appropriate instead of just talking about the need </li></ul><ul><li>Use the risk reports to manage risks on an ongoing basis (remove risks, add risks, determine contingency planning is required) </li></ul><ul><li>Resist the tendency to stop managing the risks because the program itself is so overwhelming </li></ul>