Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Basic risk management presentation 17th june 2015


Published on

Presentation given to SWWE delegates on 17th June 2015 in BAWA

Published in: Education
  • Be the first to comment

Basic risk management presentation 17th june 2015

  1. 1. Risk Management Basics and Benefits 5 Years of Learning
  2. 2. Strictly Private and Confidential 2 About us Applied Analytics Integrator providing information management & analytics services for Asset and Enterprise Performance Management 200+ people across 3 key locations and numerous customer sites We help our customers do more with their data – enabling better decisions Working with asset intensive and mission critical industries including Defence, Energy, Rail, Infrastructure, Transport and Utilities Babcock Analytic Solutions
  3. 3. Strictly Private and Confidential Footer3 Definitions Risk APM PRAM: “A risk event is an uncertain event or set of circumstances that, should it occur, will have an effect on achievement of one or more of the project’s objectives.” Uncertainty APM BOK: “Uncertainty is the inherent variability that it is impossible to predict how long an activity will take.” Issue APM BOK: “An issue is a threat to project objectives that cannot be resolved by the project manager. Issues have already occurred and are therefore certain.”
  4. 4. Strictly Private and Confidential Footer4 Project Risk Management The purpose of risk management is to manage a project’s exposure to risk (Impact and Probability). Projects need to take risks to be profitable and maximise benefits. Good risk management goes unnoticed.
  5. 5. Strictly Private and Confidential Footer5 APM Risk Process Initiate Identify Assess Plan Responses Implement Responses ManageProcess
  6. 6. Strictly Private and Confidential Footer6 Establish the Context (Initiate) Outputs An understanding of the project. Assumptions. Risk scoring scheme. What risk information is required? To what detail is this information required? Is a risk register required? Is a risk register tool required?
  7. 7. Strictly Private and Confidential Footer7 Establish the Context Understanding the project What are the projects objectives/benefits? How does this project affect the customer and the company delivering it? How big will the project be? • Scope • Cost • Resource What assumptions have been made so far? Not understanding the context will result in poor risk data. Project Company Company's Environment Customer Customer’s Environment
  8. 8. Strictly Private and Confidential Footer8 Establish Context Risk Requirements Clear set of objectives. • Defines risk appetite Each project requires an agreed risk scoring scheme. • Qualitative risk scoring Each project may require a different scoring scheme. • How many risks will be recorded and in how much detail? ‒ Is a risk register required? – Is a specific risk tool required? Management understanding and buy in. Very High 5 10 15 20 25 High 4 8 12 16 20 Mod erate 3 6 9 12 15 Low 2 4 6 8 10 Very Low 1 2 3 4 5 Very Low Low Moder ate High Very High Impact Probability
  9. 9. Strictly Private and Confidential Footer9 Risk Identification 1 This will take more than a one hour meeting! Output Risk statements with a cause and an effect. A list of uncertainties to the project. At the bidding phase or start of the project a top down approach to risk identification allows for a better structure. Pitfalls Dominant personalities Work owners being offended by risk Group think Identifying non-risks (issues) Competition to identify the most risks. Trying to identify risk with no context.
  10. 10. Strictly Private and Confidential Footer10 Risk Identification 2 There are two types of risk: Uncertainty This is the inherent variability that it is impossible to predict how long an activity will take. 3 point estimates (Minimum, Most likely and Maximum) are used for activity durations and costs. Risk Events Discrete events that are separate from an activity. These are contained within the Risk register. Uncertainty + Risk Events = Total Risk Exposure
  11. 11. Strictly Private and Confidential Footer11 Risk Identification 3 Identification Techniques Review of WBS for potential inconsistencies Checklists One-to-one Interviews Systematic Searches Review Assumptions Learning from Experience (LFE) Prompt Lists Brainstorming
  12. 12. Strictly Private and Confidential Footer12 Risk Identification 4 Cause • A tangible and concise explanation of a definitive event or set of circumstances that exist in the project or its environment. • Due to / Caused by……….. Risk Description / Uncertainty • A description of the actual uncertainty describing what may / could occur. • There is a risk that………………. Effect • (Threat) The unplanned variations from project objectives that will arise as a result of the risk occurring/impacting. • (Opportunity) The currently unplanned alterations to the project to increase the likelihood of achieving the project objectives. • This will lead to/ result in…………………
  13. 13. Strictly Private and Confidential Risk Assessment 1 Footer13 Threat • Schedule loss • Cost increase • Reduction in performance of product Opportunity • Schedule saving • Cost saving • Increase in performance of product Outputs The creation and justification of the impacts of the risk: • Probability of occurrence • Impact on the project’s objectives • Recorded in 3 point estimates Current (pre-mitigation) – can be done immediately Target (post-mitigation) – can only be done once mitigation plans have been identified and agreed
  14. 14. Strictly Private and Confidential Risk Assessment 2 Footer14 Pitfalls Estimating • People’s personality and personal experience will be drivers at this point in the process • Humans are naturally poor at estimating • Affect – substitution of what you feel when asked a difficult question • Availability – a mental shortcut that relies on immediate examples that come to a given person's mind when evaluating a specific topic, concept, method or decision • Anchoring – a heavy reliance on the first piece of information offered (the "anchor") when making decisions
  15. 15. Strictly Private and Confidential Risk Assessment 3 Footer15 Threat Scenario creation Analysing plans - Increase in work scope - Delay to start dates Analysing cost models - Increase in costs Analysing the product - Decrease in benefits Opportunity Plan out and agree the benefits to the programme. Agree with Subject Matter Experts (SMEs) and Suitably Qualified and Experienced Personnel (SQEP) - Reductions in schedule - Cost savings - Increase in benefits Techniques
  16. 16. Strictly Private and Confidential Footer16 Plan Responses (Threats) Outputs • Threat – a set of mitigation actions that reduce the impacts or the probability of those impacts Types of responses • Mitigate – undertake specific actions to reduce probability and / or impact • Avoid – take a different course of action that stops the risk occurring • Transfer – transfer of risk to another party better placed to manage the threat • Accept – accept the risk impact on the programme and establish a fallback plan • Fallback – strategy to be implemented if the risk materialises, to overcome the impacts of the risk
  17. 17. Strictly Private and Confidential Footer17 Plan Responses (Opportunities) Outputs • Opportunity – a set of actions that maximise the impacts or increase the probability of realising the opportunity Type of realisations: • Exploit – Increase the probability of the opportunity occurring • Enhance – Increase the positive effects of the opportunity • Share – Share the opportunity with another party better placed to manage the threat • Accept – Being willing to take advantage of it if it comes along, but not actively pursuing it
  18. 18. Strictly Private and Confidential Footer18 Plan Responses 1 Responses and Realisations should be: • Specific • Measureable • Action orientated • Realistic • Time-bound Responses should also contain how they are going to affect the risks probability or impacts and by how much. Once Mitigations have been agreed, the Target risk score can be calculated. Pitfalls • Decision around treatment strategy • Cost benefit of strategy • Try to mitigate everything and not focussed on the priorities • Inconsistent use of the words “by” and “to” in mitigation actions
  19. 19. Strictly Private and Confidential Footer19 Plan Responses 2 Very High 5 10 15 20 25 High 4 8 12 16 20 Mod erate 3 6 9 12 15 Low 2 4 6 8 10 Very Low 1 2 3 4 5 Very Low Low Moder ate High Very High Very High 5 10 15 20 25 High 4 8 12 16 20 Mod erate 3 6 9 12 15 Low 2 4 6 8 10 Very Low 1 2 3 4 5 Very Low Low Moder ate High Very High At the initial risk assessment (before and responses were identified) the risk was qualitatively scored at 20. Once responses have been agreed and opened, the target score can be reduced to the sum of the reductions in the mitigations.
  20. 20. Strictly Private and Confidential Footer20 Implement Responses and Manage Process 1 Outputs • A risk set that is relevant and up to date • High quality of data within the risks • Reductions in threat exposure • Increase in opportunity realisation Techniques • Pro-active approach to risk • Regular risk reviews with the risk owners • Reviewing status of proposed, ongoing mitigation plans and responses • Reviewing, developing and approving new risks
  21. 21. Strictly Private and Confidential Footer21 Implement Responses & Manage Process 2 When Reviewing Risks • Has the mitigation had the desired effect? • Is the “real” current threat/opportunity impact still valid? • Are there new mitigations responses? • What effect will the late delivery of the Response have on the Risk / Opportunity? Pitfalls • Reviewing everything with everyone
  22. 22. Strictly Private and Confidential Footer22 Risk & Project Processes The risk process must have close ties to the other processes being utilised in the project. The risk register holds the data that the other processes will use. Integrating mitigations into the project. Opportunity realisation Threat realisation Risk Change Process Responses Other Project Processes
  23. 23. Strictly Private and Confidential Footer23 Cause Based or Risk Based Multiple causes for a single risk statement. (Bow Tie method) Multiple risk events due to a single cause. Multiple causes against multiple risk events, this is no long a risk! It is UNCERTAINTY. To give these methods the best chance of succeeding, the risk manager must code the causes, effects and responses so it is obvious which response is affecting which cause, effect or risk event.
  24. 24. Strictly Private and Confidential Footer24 Threat and Opportunity Perceptions on Risk