SlideShare a Scribd company logo
1 of 5
Download to read offline
Risk Management is How Adults Manage Projects
March
2010
1
Niwot Ridge Consulting
4347 PebbleBeach Drive
Niwot, Colorado 80503
: 303.241.9633
: glen.alleman@niwotridge.com
Risk management is essential for the success of any significantproject. 1 Information aboutkey projectcost,
performance, and scheduleattributes is often unknown until the projectis underway. Risks that can be identified
early in the project that impacts the projectlater are often termed “known unknowns.” These risks can be
mitigated, reduced, or retired with a risk management process.For risks thatare beyond the vision of the project
team a properly implemented risk management process can also rapidly quantify therisks impactand provide
sound plans for mitigatingits affect.
Risk management is concerned with the outcomes of a future event. Events whose impacts areunknown. Risk
management is aboutdealingwith this uncertainty.Outcomes are categorized as favorableor unfavorable.Risk
management is the artand science of planning,assessing,handling,and monitoringfuture events to ensure
favorableoutcomes. A good risk management process is proactiveand fundamentally differentthan reactive issue
management or problem solving.
This paper describes the fundamentals of Risk Management with 5 simpleconcepts:
1. Hope is not a strategy – Hoping that something positive happens will notlead to success.Preparingfor
success is thebasis of success.
2. All singlepointestimates arewrong – Single pointestimates of cost, scheduleand technical performance
are no better than 50/50 guesses in the absence of knowledge about the variances of the underlying
distribution.
3. Without integratingCost, Schedule and Technical Performanceyou are drivingin the rearview mirror.The
effort to produce the productor serviceand the resultingvaluecannotbe made without makingthese
connections.
4. Without a model for risk management, you are drivingin the dark with the headlights turned off – Risk
management is not an ad hoc process that you can make up as you go. A formal foundation for risk
management is needed. Choose one that has worked in high risk domains –defense, nuclear power,
manned spaceflight.
5. Risk Communication is everything – Identifyingrisks without communicating them is a waste of time.
Risk management is an importantskill thatcan be applied to a wide variety of projects.In an era of downsizing,
consolidation,shrinkingbudgets, increasingtechnological sophistication,and shorter development times, risk
management provides valuableinsights to help key projectpersonnel plan for risks.It alerts them to potential risk
issues,which can then be analyzed,and plans develop, implemented, and monitored to address risks beforethey
surfaceas issues and adversely affect projectcost,performance, and schedule.
Hope is Not a Risk Handling Strategy
Hoping that the project will proceed as planned is not a strategy for success.These same project managers who
constantly seek ways to eliminateor control risk,varianceand uncertainly.This isa hopeless pursuit.
Managing“in the presence” of risk,varianceand uncertainty is the key to success.Some projects have few
uncertainties –only the complexity of tasks and relationshipsis important –but most projects are characterized by
several types of uncertainty. Although each uncertainty type is distinct,a singleprojectmay encounter some
combination of four types: 2
1. Variation – comes from many small influences and yields a rangeof values on a particularactivity.
Attempting to control these variances outsidetheir natural boundaries isa wasteof time.
2. Foreseen Uncertainty – are uncertainties identifiableand understood influences that the team cannot be
sure will occur.There needs to be a mitigation plan for these foreseen uncertainties.
3. Unforeseen Uncertainty – is uncertainty that can’t be identified duringproject planning.When these occur,
a new plan is needed.
4. Chaos – appears in the presence of “unknown unknowns”
1
“Risk Management during Requirements,” TomDeMarco and TimLister, IEEESoftware, September/October,2003
2
“Managing ProjectUncertainty: From Variation to Chaos,”Arnoud DeMeyer, ChristophH. Loch andMichaelT. Pich, MIT Sloan Management
Review, Winter 2002
Risk Management is How Adults Manage Projects
March
2010
2
Niwot Ridge Consulting
4347 PebbleBeach Drive
Niwot, Colorado 80503
: 303.241.9633
: glen.alleman@niwotridge.com
Plans arestrategies for the successful completion of the project. Plans aredifferent than schedules.Schedules
show “how” the projectwill be executed. Plans show“what” accomplishments mustbe performed and the success
criteria for these accomplishments alongthe way to completion.
The Plan describes the increasingmaturity of the project
through “maturity assessment” points.The unit of measure
for this maturity must be meaningful to the stakeholders.
Something that can be connected to the investment they
have made in the project.
When we speak the word “Hope,” itlays the foundation for
failure.In the use of Hope we really mean “success is
possiblebutnot probable.” When we speak the word
“Plan,” itdoes not assuresuccess,butsuccess isa probable
outcome. It is the definition of the probability of success
P(s), that is the foundation of the Plan. Havinga Plan–A, Plan–Band possibly a Plan–C exposes risk,assigns
mitigations and measures the probability of success.
The idea of a Plan as a Strategy is critical to makingchanges in the behavior of the project teams that can lead to
“risk adjusted projectmanagement.” Without a Plan,the schedule is simply a listof activitiesto be performed. The
reason for their performance may be understood, but itis unlikely theseactivities fitin any cohesiveStrategy.
Strategies have goals,critical successfactors,and key performance indicators.
No Single Point Estimate of Cost, Schedule or Technical Performance Can Correct
How longwill this take? How much is itgoingto cost? What is the confidencein those two numbers? These are
three questions that must be answered for the project team to have a crediblediscussion with the stakeholders
about success. Decidingwhataccuracy is needed to provide a credibleanswer is a startingpoint. But that does not
address the question – “how can that accuracy beobtained.”
There are many check lists for estimating costand schedule, with simpleguidanceon how to build estimates.Most
of this adviceis wrongin a fundamental way. The numbers produced by the estimatingprocess do not have their
variancedefined in any statistically sound manner.By statistically sound itmeans that the underlyingprobability
distributionsareknown. If they areno known, then some form of estimatingtakingthis unknown into account
must be used.
The Project Management Institute(PMI) advices producingthree estimates – optimistic,mostlikely,pessimistic.
But these numbers are fraught with error. We can’t tell how these numbers were arrived at? Are they based on
best engineering judgment? Based in historical data? Whatis the varianceon the variance of this distribution –the
2nd standard deviation? In the absence of this information,they are of littleusein estimating risk.
The use of point estimates for duration and cost is the first
approach in an organization lowon the project management
maturity scale.Understanding that costand durations are
actually “randomvariables,”drawn from an underlying
distribution of possiblevalueis thestartingpointfor managing
in the presence of uncertainty.
In probability theory,every random variableis attributed to a
probability distribution.Theprobability distribution associated
with costor duration describes the varianceof these random
variables.A common distribution of probabilisticestimates for
costand scheduleis the TriangleDistribution.
The TriangleDistribution in Figure 2 can be used as a
subjectivedescription of a population for which there is only
limited sampledata, and especially wherethe relationship
between variablesis known but data is scarce.Itis based on
Figure 1 –The Plan for the project mustassure risk is being
reduced inproportion totheproject’s tolerancefor risk
Figure 2 –triangle distributions areusefulwhen there is
limitedinformationaboutthecharacteristics ofthe
random variables areallthat is available.
Risk Management is How Adults Manage Projects
March
2010
3
Niwot Ridge Consulting
4347 PebbleBeach Drive
Niwot, Colorado 80503
: 303.241.9633
: glen.alleman@niwotridge.com
the knowledge of the minimum and maximum and a “best guess” of the modal value(the Most Likely).
Usingthe TriangleDistribution for costand duration,a Monte Carlo simulation of the network of activities and
their costs can be performed. In technical terms, Monte Carlo methods numerically transformand integrate the
posterior quantitativerisk assessmentinto a confidence interval.The resultis a “confidence” model for the cost
and completion times for the project based on the upper and lower bounds of each distribution assigned to the
duration and cost.
Integrating Cost, Schedule, and Technical Performance
In many project management methods – cost, scheduleand quality are
described as an “Iron Triangle.”Change one and the other two must
change. This is too narrowa view of what's happeningon a project. It’s
the Technical PerformanceMeasurement that replaces Quality.Quality
is one Technical Performancemeasure.
Cost and Schedule are obvious elements of the project. Technical
Performance Measures (TPM) describes the status of technical
achievement of the project at any point in time. The planned technical
achievement is partof the Performance Measurement Baseline (PMB).
The Technical PerformanceMeasurement System (TPMS) uses the
techniques of risk analysisand probability to provideproject managers
with the early warnings needed to avoid unplanned costs and slippage
in schedule. Systems engineering uses technical performance
measurements to balancecost,schedule,and performance throughout the project lifecycle.
Connecting Cost, Schedule, and Technical Performance Measures closes the loop on how well a project is achieving
its technical performancerequirements whilemaintainingits costand schedulegoals.IEEE 1220,EIA 632 and "A
Guide to the ProjectManagement Body of Knowledge“ all provideguidancefor TPM planningand measurement
and for integrating TPM with cost and scheduleperformance measures (Earned Value). 3
Technical performancemeasurements compare actual versus planned technical development and design. They
report the degree to which system requirements are met in terms of performance, cost, schedule,and progress in
implementing risk retirement. Technical PerformanceMeasures are traceableto user–defined capabilities.
Integrating these three attributes produces a Performance Measurement Baselinethat:
 Is a plan driven by product quality requirements rather than work or effort requirements?
 Focuses on technical maturity and quality,in addition to costand schedule.
 Focuses on progress toward meeting success criteria of technical reviews.
 Enables insightful varianceanalysis.
 Ensures a lean and cost–effective approach to project planningand controls.
 Enables scalablescopeand complexity depending on risk.
 Integrates risk management activities with the performance measurement baseline.
 Integrates risk management outcomes into the Estimate at Completion.
The Cost and Schedule “measures” are straightforward in mostcases.The measures of Technical Performance
involvemeasures Effectiveness and Performance.
Measures of Effectiveness (MoE) arethe operational mission successfactor defined by the customer.
These are:
1. Stated from the customer point of view.
2. Focused on the most critical mission performanceneeds.
3. Independent of any particular solution.
4. Actual measures at the end of development.
3 Performance Based Earned Value, Paul SolomonandRalphYoung,John Wiley & Sons, 2006.
Figure 3 –the “new” trianglemust beused.
One where cost, schedule, andtechnical
performanceareinterconnected.
Risk Management is How Adults Manage Projects
March
2010
4
Niwot Ridge Consulting
4347 PebbleBeach Drive
Niwot, Colorado 80503
: 303.241.9633
: glen.alleman@niwotridge.com
Measures of Performance (MOP) characterizephysical or functional attributes relatingto the system operation:
5. Supplier’s pointof view.
6. Measured under specified testing or operational conditions.
7. Assesses delivered solution performanceagainstcritical systemlevel specified requirements.
8. Risk indicatorsthataremonitored progressively.
Programmatic Risk Must Follow a Well Defined Process
Using an ad hoc risk management process is itself risky.The first
placeto startto look for risk management processes is where
managingrisk is mandatory – aerospace,defense, and mission
critical projects and projects.These also includeERP and
Enterprise IT projects.
Technical performanceis a concept absentfrom the traditional
approaches to risk management. Yet itis the primary driver of risk
in many technology intensive projects.Cost growth and schedule
slippageoften occur when unrealistically high levels of
performance are required and littleflexibility is provided to
degrade performance duringthe courseof the project. Quality is
often a causerather than an impactto the projectand can
generally be broken down into Cost, Performance, and Schedule
components.
The framework shown in Figure 4 provides guidancefor:
 Risk management policy
 Risk management structure
 Risk Management Process Model
 Organizational and behavioral considerationsfor implementingrisk management
 The performance dimension of consequence of occurrence
 The performance dimension of Monte Carlo simulation modeling
 A structured approach for developinga risk handlingstrategy
Risk Communication
To be effective the activities of risk management must properly communicate risk to all the participants.Risk is
usually a term to be avoided in normal business.Beingin the risk management business is not desirablein most
businesses –except insurance.Itis common to “avoid” the discussion of risk.
Communicatingrisk is the firststep in managingrisk. Listingthe risks and makingthem public is necessary butfar
from sufficient. Risk communication is the basis of risk mitigation and retirement. It serves no purpose to have a
risk management plan and the defined mitigations in the absenceof a risk communication.
The Risk Management Plan mustaddress:
 Executive summary – a short summary of the projectand the risks associated with the activities of the project.
Each risk needs an ordinal rank,a planned mitigation is therisk is active(a risk approved by the Risk Board),and
the mitigations shown in the schedulewith associated costs.
 Project description –a detailed description of the projectand the risk associated with each of the deliverables.
 Risk reduction activities by phase – usingsome formal risk management process that connects risk,mitigation
and the IMS. The efforts for mitigation need to be in the schedule.
 Risk management methodology – usingthe DoD Risk Management process is a good start. 4 This approach is
proven and approved by high risk,high reward projects.The steps in the processes arenot optional and should
be executed for ALL risk processes.
4 Risk ManagementGuide for DoD Acquisition 2003(FifthEdition, Version2.0), www.dau.mil/pubs/gbbks/risk_management.asp
Figure 4 –this risk management process is the“gold
standard.” Anything less is inviting additional risk.
Risk Management is How Adults Manage Projects
March
2010
5
Niwot Ridge Consulting
4347 PebbleBeach Drive
Niwot, Colorado 80503
: 303.241.9633
: glen.alleman@niwotridge.com
In order to communicate risk,a clear and conciselanguage is
needed. English is notthe best choice.Ambiguity and
interpretation aretwo issues.Communicatingin mathematical
terms is also a problem,sincethe symbols and units of measure
may be confusing.
Figure 5 is from the Active Risk Manager 5 tool that connects risk
management with the schedulingsystem. ARM is a proprietary risk
management system, but illustrates howrisk is retired over time in
accordancewith a plan. The concept shows explicitly when each
risk will be“bought down” or “retired” duringthe project
execution. The Risk Registry and the Integrated Master Schedule
must be connected in some way. Without this connection, there is
no Risk Management process thatcan be used to forecast impacts
on costor schedule.
At each project maturity point, current risks,the planned
retirements of these risks,and the impact of the project must be
visiblein the schedule. With these connections,project managers can then answer the questions:
 What happens if this risk is notmitigated?
 What effort is needed to retire this risk beforea specific pointin time?
 If this risk becomes an issue,what is Plan-B? How much will Plan-Bcost? Whatis the impactof Plan-Bon the
deliverables?
 What costand schedulereserve is needed to cover all the currently activerisks?
In the End
Once cost, schedule,and techncial performanceare integrated into the Performance Measurement Baseline,risk
management can be applied to all three elements. With these connections in place,the projectmanagement team
can say with confidence – “we are doingrisk management on this project.”
The final reminder is to make sureall fiveelements of risk management are present. Leaving one out not only
reduces the effectiveness of the risk management process,but increases in the risk to the project. Project risk
management is a Practice.The theory of ProjectRisk Management is important,but the Practiceis howproject risk
gets managed.
5 www.strategicthought.com
Figure 5 –this risk retirementwaterfallshows
where in theplanrisk willbemitigatedor retired.

More Related Content

What's hot

Applying risk radar (v2)
Applying risk radar (v2)Applying risk radar (v2)
Applying risk radar (v2)Glen Alleman
 
Increasing the Probability of Success with Continuous Risk Management
Increasing the Probability of Success with Continuous Risk ManagementIncreasing the Probability of Success with Continuous Risk Management
Increasing the Probability of Success with Continuous Risk ManagementGlen Alleman
 
Risk Management in Five Easy Pieces
Risk Management in Five Easy PiecesRisk Management in Five Easy Pieces
Risk Management in Five Easy PiecesGlen Alleman
 
Increasing the Probability of Project Success
Increasing the Probability of Project SuccessIncreasing the Probability of Project Success
Increasing the Probability of Project SuccessGlen Alleman
 
Risk Management in Five Easy Pieces
Risk Management in Five Easy PiecesRisk Management in Five Easy Pieces
Risk Management in Five Easy PiecesGlen Alleman
 
Programmatic risk management workshop (slides)
Programmatic risk management workshop (slides)Programmatic risk management workshop (slides)
Programmatic risk management workshop (slides)Glen Alleman
 
Notional cam interview questions (update)
Notional cam interview questions (update)Notional cam interview questions (update)
Notional cam interview questions (update)Glen Alleman
 
Risk assesment template
Risk assesment templateRisk assesment template
Risk assesment templateGlen Alleman
 
Managing in the presence of uncertainty
Managing in the presence of uncertaintyManaging in the presence of uncertainty
Managing in the presence of uncertaintyGlen Alleman
 
Risk management of the performance measurement baseline
Risk management of the performance measurement baselineRisk management of the performance measurement baseline
Risk management of the performance measurement baselineGlen Alleman
 
Continuous Risk Management
Continuous Risk ManagementContinuous Risk Management
Continuous Risk ManagementGlen Alleman
 
Managing Risk in Agile Development: It Isn’t Magic
Managing Risk in Agile Development: It Isn’t MagicManaging Risk in Agile Development: It Isn’t Magic
Managing Risk in Agile Development: It Isn’t MagicTechWell
 
Managing cost and schedule risk
Managing cost and schedule riskManaging cost and schedule risk
Managing cost and schedule riskGlen Alleman
 
Building risk tolerance
Building risk toleranceBuilding risk tolerance
Building risk toleranceGlen Alleman
 
Building Risk Tolerance into the Program Plan and Schedule
Building Risk Tolerance into the Program Plan and ScheduleBuilding Risk Tolerance into the Program Plan and Schedule
Building Risk Tolerance into the Program Plan and ScheduleGlen Alleman
 
Programmatic risk management
Programmatic risk managementProgrammatic risk management
Programmatic risk managementGlen Alleman
 
Project risk management
Project risk managementProject risk management
Project risk managementEr Swati Nagal
 

What's hot (20)

Applying risk radar (v2)
Applying risk radar (v2)Applying risk radar (v2)
Applying risk radar (v2)
 
Increasing the Probability of Success with Continuous Risk Management
Increasing the Probability of Success with Continuous Risk ManagementIncreasing the Probability of Success with Continuous Risk Management
Increasing the Probability of Success with Continuous Risk Management
 
Risk Management in Five Easy Pieces
Risk Management in Five Easy PiecesRisk Management in Five Easy Pieces
Risk Management in Five Easy Pieces
 
Increasing the Probability of Project Success
Increasing the Probability of Project SuccessIncreasing the Probability of Project Success
Increasing the Probability of Project Success
 
Risk Management in Five Easy Pieces
Risk Management in Five Easy PiecesRisk Management in Five Easy Pieces
Risk Management in Five Easy Pieces
 
Programmatic risk management workshop (slides)
Programmatic risk management workshop (slides)Programmatic risk management workshop (slides)
Programmatic risk management workshop (slides)
 
Notional cam interview questions (update)
Notional cam interview questions (update)Notional cam interview questions (update)
Notional cam interview questions (update)
 
Risk assesment template
Risk assesment templateRisk assesment template
Risk assesment template
 
Managing in the presence of uncertainty
Managing in the presence of uncertaintyManaging in the presence of uncertainty
Managing in the presence of uncertainty
 
Risk management of the performance measurement baseline
Risk management of the performance measurement baselineRisk management of the performance measurement baseline
Risk management of the performance measurement baseline
 
Continuous Risk Management
Continuous Risk ManagementContinuous Risk Management
Continuous Risk Management
 
Managing Risk in Agile Development: It Isn’t Magic
Managing Risk in Agile Development: It Isn’t MagicManaging Risk in Agile Development: It Isn’t Magic
Managing Risk in Agile Development: It Isn’t Magic
 
Managing cost and schedule risk
Managing cost and schedule riskManaging cost and schedule risk
Managing cost and schedule risk
 
Root causes
Root causesRoot causes
Root causes
 
Building risk tolerance
Building risk toleranceBuilding risk tolerance
Building risk tolerance
 
Risk ppt1672
Risk ppt1672Risk ppt1672
Risk ppt1672
 
Building Risk Tolerance into the Program Plan and Schedule
Building Risk Tolerance into the Program Plan and ScheduleBuilding Risk Tolerance into the Program Plan and Schedule
Building Risk Tolerance into the Program Plan and Schedule
 
Programmatic risk management
Programmatic risk managementProgrammatic risk management
Programmatic risk management
 
Handling risk
Handling riskHandling risk
Handling risk
 
Project risk management
Project risk managementProject risk management
Project risk management
 

Similar to Risk management 4th in a series

Risk management (final review)
Risk management (final review)Risk management (final review)
Risk management (final review)Glen Alleman
 
Managing risk as Opportunity
Managing risk as OpportunityManaging risk as Opportunity
Managing risk as OpportunityGlen Alleman
 
Quantification of Risks in Project Management
Quantification of Risks in Project ManagementQuantification of Risks in Project Management
Quantification of Risks in Project ManagementVenkatesh Ganapathy
 
11. Project Risk Management.pptx
11. Project Risk Management.pptx11. Project Risk Management.pptx
11. Project Risk Management.pptxKamranKhan353531
 
Bertrand's Individual Essay
Bertrand's Individual EssayBertrand's Individual Essay
Bertrand's Individual EssayPrince Bertrand
 
IRJET- Projects in Constructions due to Inadequate Risk Management
IRJET-  	  Projects in Constructions due to Inadequate Risk ManagementIRJET-  	  Projects in Constructions due to Inadequate Risk Management
IRJET- Projects in Constructions due to Inadequate Risk ManagementIRJET Journal
 
Control only.pdf
Control only.pdfControl only.pdf
Control only.pdfNmnKmr2
 
Managing Risk as Opportunity
Managing Risk as OpportunityManaging Risk as Opportunity
Managing Risk as OpportunityGlen Alleman
 
IT Risk managment combined
IT Risk managment combinedIT Risk managment combined
IT Risk managment combinedGlen Alleman
 
How Traditional Risk Reporting Has Let Us Down
How Traditional Risk Reporting Has Let Us DownHow Traditional Risk Reporting Has Let Us Down
How Traditional Risk Reporting Has Let Us DownAcumen
 
Repeatable Risk Identification - Paper
Repeatable Risk Identification - PaperRepeatable Risk Identification - Paper
Repeatable Risk Identification - PaperDaniel Ackermann
 
PAPERS72 September 2009 ■ Project Management.docx
PAPERS72 September 2009 ■ Project Management.docxPAPERS72 September 2009 ■ Project Management.docx
PAPERS72 September 2009 ■ Project Management.docxherbertwilson5999
 
Risky Business
Risky BusinessRisky Business
Risky Business3gamma
 
5 Project Risk Managementadrian825iStockThinkstockLe.docx
5 Project Risk Managementadrian825iStockThinkstockLe.docx5 Project Risk Managementadrian825iStockThinkstockLe.docx
5 Project Risk Managementadrian825iStockThinkstockLe.docxgilbertkpeters11344
 
Pm 0016 project risk management
Pm 0016  project risk managementPm 0016  project risk management
Pm 0016 project risk managementsmumbahelp
 
Building a risk tolerant integrated master schedule
Building a risk tolerant integrated master scheduleBuilding a risk tolerant integrated master schedule
Building a risk tolerant integrated master scheduleGlen Alleman
 
Table of Contents Project Outline. …………………………………………………………………….docx
 Table of Contents Project Outline. …………………………………………………………………….docx Table of Contents Project Outline. …………………………………………………………………….docx
Table of Contents Project Outline. …………………………………………………………………….docxMARRY7
 

Similar to Risk management 4th in a series (20)

Risk management (final review)
Risk management (final review)Risk management (final review)
Risk management (final review)
 
Managing risk as Opportunity
Managing risk as OpportunityManaging risk as Opportunity
Managing risk as Opportunity
 
Quantification of Risks in Project Management
Quantification of Risks in Project ManagementQuantification of Risks in Project Management
Quantification of Risks in Project Management
 
11. Project Risk Management.pptx
11. Project Risk Management.pptx11. Project Risk Management.pptx
11. Project Risk Management.pptx
 
Bertrand's Individual Essay
Bertrand's Individual EssayBertrand's Individual Essay
Bertrand's Individual Essay
 
Project mngmnt risks3.2
Project mngmnt risks3.2Project mngmnt risks3.2
Project mngmnt risks3.2
 
IRJET- Projects in Constructions due to Inadequate Risk Management
IRJET-  	  Projects in Constructions due to Inadequate Risk ManagementIRJET-  	  Projects in Constructions due to Inadequate Risk Management
IRJET- Projects in Constructions due to Inadequate Risk Management
 
Control only.pdf
Control only.pdfControl only.pdf
Control only.pdf
 
Managing Risk as Opportunity
Managing Risk as OpportunityManaging Risk as Opportunity
Managing Risk as Opportunity
 
IT Risk managment combined
IT Risk managment combinedIT Risk managment combined
IT Risk managment combined
 
How Traditional Risk Reporting Has Let Us Down
How Traditional Risk Reporting Has Let Us DownHow Traditional Risk Reporting Has Let Us Down
How Traditional Risk Reporting Has Let Us Down
 
Repeatable Risk Identification - Paper
Repeatable Risk Identification - PaperRepeatable Risk Identification - Paper
Repeatable Risk Identification - Paper
 
PAPERS72 September 2009 ■ Project Management.docx
PAPERS72 September 2009 ■ Project Management.docxPAPERS72 September 2009 ■ Project Management.docx
PAPERS72 September 2009 ■ Project Management.docx
 
Risky Business
Risky BusinessRisky Business
Risky Business
 
5 Project Risk Managementadrian825iStockThinkstockLe.docx
5 Project Risk Managementadrian825iStockThinkstockLe.docx5 Project Risk Managementadrian825iStockThinkstockLe.docx
5 Project Risk Managementadrian825iStockThinkstockLe.docx
 
Pm 0016 project risk management
Pm 0016  project risk managementPm 0016  project risk management
Pm 0016 project risk management
 
8. project risk management
8. project risk management8. project risk management
8. project risk management
 
Building a risk tolerant integrated master schedule
Building a risk tolerant integrated master scheduleBuilding a risk tolerant integrated master schedule
Building a risk tolerant integrated master schedule
 
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk Management
 
Table of Contents Project Outline. …………………………………………………………………….docx
 Table of Contents Project Outline. …………………………………………………………………….docx Table of Contents Project Outline. …………………………………………………………………….docx
Table of Contents Project Outline. …………………………………………………………………….docx
 

More from Glen Alleman

A Gentle Introduction to the IMP/IMS
A Gentle Introduction to the IMP/IMSA Gentle Introduction to the IMP/IMS
A Gentle Introduction to the IMP/IMSGlen Alleman
 
Process Flow and Narrative for Agile+PPM
Process Flow and Narrative for Agile+PPMProcess Flow and Narrative for Agile+PPM
Process Flow and Narrative for Agile+PPMGlen Alleman
 
Practices of risk management
Practices of risk managementPractices of risk management
Practices of risk managementGlen Alleman
 
Principles of Risk Management
Principles of Risk ManagementPrinciples of Risk Management
Principles of Risk ManagementGlen Alleman
 
Deliverables Based Planning, PMBOK® and 5 Immutable Principles of Project Suc...
Deliverables Based Planning, PMBOK® and 5 Immutable Principles of Project Suc...Deliverables Based Planning, PMBOK® and 5 Immutable Principles of Project Suc...
Deliverables Based Planning, PMBOK® and 5 Immutable Principles of Project Suc...Glen Alleman
 
From Principles to Strategies for Systems Engineering
From Principles to Strategies for Systems EngineeringFrom Principles to Strategies for Systems Engineering
From Principles to Strategies for Systems EngineeringGlen Alleman
 
NAVAIR Integrated Master Schedule Guide guide
NAVAIR Integrated Master Schedule Guide guideNAVAIR Integrated Master Schedule Guide guide
NAVAIR Integrated Master Schedule Guide guideGlen Alleman
 
Building a Credible Performance Measurement Baseline
Building a Credible Performance Measurement BaselineBuilding a Credible Performance Measurement Baseline
Building a Credible Performance Measurement BaselineGlen Alleman
 
Integrated master plan methodology (v2)
Integrated master plan methodology (v2)Integrated master plan methodology (v2)
Integrated master plan methodology (v2)Glen Alleman
 
IMP / IMS Step by Step
IMP / IMS Step by StepIMP / IMS Step by Step
IMP / IMS Step by StepGlen Alleman
 
DHS - Using functions points to estimate agile development programs (v2)
DHS - Using functions points to estimate agile development programs (v2)DHS - Using functions points to estimate agile development programs (v2)
DHS - Using functions points to estimate agile development programs (v2)Glen Alleman
 
Making the impossible possible
Making the impossible possibleMaking the impossible possible
Making the impossible possibleGlen Alleman
 
Heliotropic Abundance
Heliotropic AbundanceHeliotropic Abundance
Heliotropic AbundanceGlen Alleman
 
Capabilities based planning
Capabilities based planningCapabilities based planning
Capabilities based planningGlen Alleman
 
Process Flow and Narrative for Agile
Process Flow and Narrative for AgileProcess Flow and Narrative for Agile
Process Flow and Narrative for AgileGlen Alleman
 
Building the Performance Measurement Baseline
Building the Performance Measurement BaselineBuilding the Performance Measurement Baseline
Building the Performance Measurement BaselineGlen Alleman
 
Program Management Office Lean Software Development and Six Sigma
Program Management Office Lean Software Development and Six SigmaProgram Management Office Lean Software Development and Six Sigma
Program Management Office Lean Software Development and Six SigmaGlen Alleman
 
Policy and Procedure Rollout
Policy and Procedure RolloutPolicy and Procedure Rollout
Policy and Procedure RolloutGlen Alleman
 
Integrated Master Plan Development
Integrated Master Plan DevelopmentIntegrated Master Plan Development
Integrated Master Plan DevelopmentGlen Alleman
 
Project Management Theory
Project Management TheoryProject Management Theory
Project Management TheoryGlen Alleman
 

More from Glen Alleman (20)

A Gentle Introduction to the IMP/IMS
A Gentle Introduction to the IMP/IMSA Gentle Introduction to the IMP/IMS
A Gentle Introduction to the IMP/IMS
 
Process Flow and Narrative for Agile+PPM
Process Flow and Narrative for Agile+PPMProcess Flow and Narrative for Agile+PPM
Process Flow and Narrative for Agile+PPM
 
Practices of risk management
Practices of risk managementPractices of risk management
Practices of risk management
 
Principles of Risk Management
Principles of Risk ManagementPrinciples of Risk Management
Principles of Risk Management
 
Deliverables Based Planning, PMBOK® and 5 Immutable Principles of Project Suc...
Deliverables Based Planning, PMBOK® and 5 Immutable Principles of Project Suc...Deliverables Based Planning, PMBOK® and 5 Immutable Principles of Project Suc...
Deliverables Based Planning, PMBOK® and 5 Immutable Principles of Project Suc...
 
From Principles to Strategies for Systems Engineering
From Principles to Strategies for Systems EngineeringFrom Principles to Strategies for Systems Engineering
From Principles to Strategies for Systems Engineering
 
NAVAIR Integrated Master Schedule Guide guide
NAVAIR Integrated Master Schedule Guide guideNAVAIR Integrated Master Schedule Guide guide
NAVAIR Integrated Master Schedule Guide guide
 
Building a Credible Performance Measurement Baseline
Building a Credible Performance Measurement BaselineBuilding a Credible Performance Measurement Baseline
Building a Credible Performance Measurement Baseline
 
Integrated master plan methodology (v2)
Integrated master plan methodology (v2)Integrated master plan methodology (v2)
Integrated master plan methodology (v2)
 
IMP / IMS Step by Step
IMP / IMS Step by StepIMP / IMS Step by Step
IMP / IMS Step by Step
 
DHS - Using functions points to estimate agile development programs (v2)
DHS - Using functions points to estimate agile development programs (v2)DHS - Using functions points to estimate agile development programs (v2)
DHS - Using functions points to estimate agile development programs (v2)
 
Making the impossible possible
Making the impossible possibleMaking the impossible possible
Making the impossible possible
 
Heliotropic Abundance
Heliotropic AbundanceHeliotropic Abundance
Heliotropic Abundance
 
Capabilities based planning
Capabilities based planningCapabilities based planning
Capabilities based planning
 
Process Flow and Narrative for Agile
Process Flow and Narrative for AgileProcess Flow and Narrative for Agile
Process Flow and Narrative for Agile
 
Building the Performance Measurement Baseline
Building the Performance Measurement BaselineBuilding the Performance Measurement Baseline
Building the Performance Measurement Baseline
 
Program Management Office Lean Software Development and Six Sigma
Program Management Office Lean Software Development and Six SigmaProgram Management Office Lean Software Development and Six Sigma
Program Management Office Lean Software Development and Six Sigma
 
Policy and Procedure Rollout
Policy and Procedure RolloutPolicy and Procedure Rollout
Policy and Procedure Rollout
 
Integrated Master Plan Development
Integrated Master Plan DevelopmentIntegrated Master Plan Development
Integrated Master Plan Development
 
Project Management Theory
Project Management TheoryProject Management Theory
Project Management Theory
 

Recently uploaded

Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FESTBillieHyde
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)IES VE
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)codyslingerland1
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Muhammad Tiham Siddiqui
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTxtailishbaloch
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveIES VE
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameKapil Thakar
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNeo4j
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1DianaGray10
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024Brian Pichman
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Libraryshyamraj55
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationKnoldus Inc.
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfTejal81
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxNeo4j
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2DianaGray10
 

Recently uploaded (20)

Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FEST
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile Brochure
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First Frame
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4j
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Library
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its application
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2
 

Risk management 4th in a series

  • 1. Risk Management is How Adults Manage Projects March 2010 1 Niwot Ridge Consulting 4347 PebbleBeach Drive Niwot, Colorado 80503 : 303.241.9633 : glen.alleman@niwotridge.com Risk management is essential for the success of any significantproject. 1 Information aboutkey projectcost, performance, and scheduleattributes is often unknown until the projectis underway. Risks that can be identified early in the project that impacts the projectlater are often termed “known unknowns.” These risks can be mitigated, reduced, or retired with a risk management process.For risks thatare beyond the vision of the project team a properly implemented risk management process can also rapidly quantify therisks impactand provide sound plans for mitigatingits affect. Risk management is concerned with the outcomes of a future event. Events whose impacts areunknown. Risk management is aboutdealingwith this uncertainty.Outcomes are categorized as favorableor unfavorable.Risk management is the artand science of planning,assessing,handling,and monitoringfuture events to ensure favorableoutcomes. A good risk management process is proactiveand fundamentally differentthan reactive issue management or problem solving. This paper describes the fundamentals of Risk Management with 5 simpleconcepts: 1. Hope is not a strategy – Hoping that something positive happens will notlead to success.Preparingfor success is thebasis of success. 2. All singlepointestimates arewrong – Single pointestimates of cost, scheduleand technical performance are no better than 50/50 guesses in the absence of knowledge about the variances of the underlying distribution. 3. Without integratingCost, Schedule and Technical Performanceyou are drivingin the rearview mirror.The effort to produce the productor serviceand the resultingvaluecannotbe made without makingthese connections. 4. Without a model for risk management, you are drivingin the dark with the headlights turned off – Risk management is not an ad hoc process that you can make up as you go. A formal foundation for risk management is needed. Choose one that has worked in high risk domains –defense, nuclear power, manned spaceflight. 5. Risk Communication is everything – Identifyingrisks without communicating them is a waste of time. Risk management is an importantskill thatcan be applied to a wide variety of projects.In an era of downsizing, consolidation,shrinkingbudgets, increasingtechnological sophistication,and shorter development times, risk management provides valuableinsights to help key projectpersonnel plan for risks.It alerts them to potential risk issues,which can then be analyzed,and plans develop, implemented, and monitored to address risks beforethey surfaceas issues and adversely affect projectcost,performance, and schedule. Hope is Not a Risk Handling Strategy Hoping that the project will proceed as planned is not a strategy for success.These same project managers who constantly seek ways to eliminateor control risk,varianceand uncertainly.This isa hopeless pursuit. Managing“in the presence” of risk,varianceand uncertainty is the key to success.Some projects have few uncertainties –only the complexity of tasks and relationshipsis important –but most projects are characterized by several types of uncertainty. Although each uncertainty type is distinct,a singleprojectmay encounter some combination of four types: 2 1. Variation – comes from many small influences and yields a rangeof values on a particularactivity. Attempting to control these variances outsidetheir natural boundaries isa wasteof time. 2. Foreseen Uncertainty – are uncertainties identifiableand understood influences that the team cannot be sure will occur.There needs to be a mitigation plan for these foreseen uncertainties. 3. Unforeseen Uncertainty – is uncertainty that can’t be identified duringproject planning.When these occur, a new plan is needed. 4. Chaos – appears in the presence of “unknown unknowns” 1 “Risk Management during Requirements,” TomDeMarco and TimLister, IEEESoftware, September/October,2003 2 “Managing ProjectUncertainty: From Variation to Chaos,”Arnoud DeMeyer, ChristophH. Loch andMichaelT. Pich, MIT Sloan Management Review, Winter 2002
  • 2. Risk Management is How Adults Manage Projects March 2010 2 Niwot Ridge Consulting 4347 PebbleBeach Drive Niwot, Colorado 80503 : 303.241.9633 : glen.alleman@niwotridge.com Plans arestrategies for the successful completion of the project. Plans aredifferent than schedules.Schedules show “how” the projectwill be executed. Plans show“what” accomplishments mustbe performed and the success criteria for these accomplishments alongthe way to completion. The Plan describes the increasingmaturity of the project through “maturity assessment” points.The unit of measure for this maturity must be meaningful to the stakeholders. Something that can be connected to the investment they have made in the project. When we speak the word “Hope,” itlays the foundation for failure.In the use of Hope we really mean “success is possiblebutnot probable.” When we speak the word “Plan,” itdoes not assuresuccess,butsuccess isa probable outcome. It is the definition of the probability of success P(s), that is the foundation of the Plan. Havinga Plan–A, Plan–Band possibly a Plan–C exposes risk,assigns mitigations and measures the probability of success. The idea of a Plan as a Strategy is critical to makingchanges in the behavior of the project teams that can lead to “risk adjusted projectmanagement.” Without a Plan,the schedule is simply a listof activitiesto be performed. The reason for their performance may be understood, but itis unlikely theseactivities fitin any cohesiveStrategy. Strategies have goals,critical successfactors,and key performance indicators. No Single Point Estimate of Cost, Schedule or Technical Performance Can Correct How longwill this take? How much is itgoingto cost? What is the confidencein those two numbers? These are three questions that must be answered for the project team to have a crediblediscussion with the stakeholders about success. Decidingwhataccuracy is needed to provide a credibleanswer is a startingpoint. But that does not address the question – “how can that accuracy beobtained.” There are many check lists for estimating costand schedule, with simpleguidanceon how to build estimates.Most of this adviceis wrongin a fundamental way. The numbers produced by the estimatingprocess do not have their variancedefined in any statistically sound manner.By statistically sound itmeans that the underlyingprobability distributionsareknown. If they areno known, then some form of estimatingtakingthis unknown into account must be used. The Project Management Institute(PMI) advices producingthree estimates – optimistic,mostlikely,pessimistic. But these numbers are fraught with error. We can’t tell how these numbers were arrived at? Are they based on best engineering judgment? Based in historical data? Whatis the varianceon the variance of this distribution –the 2nd standard deviation? In the absence of this information,they are of littleusein estimating risk. The use of point estimates for duration and cost is the first approach in an organization lowon the project management maturity scale.Understanding that costand durations are actually “randomvariables,”drawn from an underlying distribution of possiblevalueis thestartingpointfor managing in the presence of uncertainty. In probability theory,every random variableis attributed to a probability distribution.Theprobability distribution associated with costor duration describes the varianceof these random variables.A common distribution of probabilisticestimates for costand scheduleis the TriangleDistribution. The TriangleDistribution in Figure 2 can be used as a subjectivedescription of a population for which there is only limited sampledata, and especially wherethe relationship between variablesis known but data is scarce.Itis based on Figure 1 –The Plan for the project mustassure risk is being reduced inproportion totheproject’s tolerancefor risk Figure 2 –triangle distributions areusefulwhen there is limitedinformationaboutthecharacteristics ofthe random variables areallthat is available.
  • 3. Risk Management is How Adults Manage Projects March 2010 3 Niwot Ridge Consulting 4347 PebbleBeach Drive Niwot, Colorado 80503 : 303.241.9633 : glen.alleman@niwotridge.com the knowledge of the minimum and maximum and a “best guess” of the modal value(the Most Likely). Usingthe TriangleDistribution for costand duration,a Monte Carlo simulation of the network of activities and their costs can be performed. In technical terms, Monte Carlo methods numerically transformand integrate the posterior quantitativerisk assessmentinto a confidence interval.The resultis a “confidence” model for the cost and completion times for the project based on the upper and lower bounds of each distribution assigned to the duration and cost. Integrating Cost, Schedule, and Technical Performance In many project management methods – cost, scheduleand quality are described as an “Iron Triangle.”Change one and the other two must change. This is too narrowa view of what's happeningon a project. It’s the Technical PerformanceMeasurement that replaces Quality.Quality is one Technical Performancemeasure. Cost and Schedule are obvious elements of the project. Technical Performance Measures (TPM) describes the status of technical achievement of the project at any point in time. The planned technical achievement is partof the Performance Measurement Baseline (PMB). The Technical PerformanceMeasurement System (TPMS) uses the techniques of risk analysisand probability to provideproject managers with the early warnings needed to avoid unplanned costs and slippage in schedule. Systems engineering uses technical performance measurements to balancecost,schedule,and performance throughout the project lifecycle. Connecting Cost, Schedule, and Technical Performance Measures closes the loop on how well a project is achieving its technical performancerequirements whilemaintainingits costand schedulegoals.IEEE 1220,EIA 632 and "A Guide to the ProjectManagement Body of Knowledge“ all provideguidancefor TPM planningand measurement and for integrating TPM with cost and scheduleperformance measures (Earned Value). 3 Technical performancemeasurements compare actual versus planned technical development and design. They report the degree to which system requirements are met in terms of performance, cost, schedule,and progress in implementing risk retirement. Technical PerformanceMeasures are traceableto user–defined capabilities. Integrating these three attributes produces a Performance Measurement Baselinethat:  Is a plan driven by product quality requirements rather than work or effort requirements?  Focuses on technical maturity and quality,in addition to costand schedule.  Focuses on progress toward meeting success criteria of technical reviews.  Enables insightful varianceanalysis.  Ensures a lean and cost–effective approach to project planningand controls.  Enables scalablescopeand complexity depending on risk.  Integrates risk management activities with the performance measurement baseline.  Integrates risk management outcomes into the Estimate at Completion. The Cost and Schedule “measures” are straightforward in mostcases.The measures of Technical Performance involvemeasures Effectiveness and Performance. Measures of Effectiveness (MoE) arethe operational mission successfactor defined by the customer. These are: 1. Stated from the customer point of view. 2. Focused on the most critical mission performanceneeds. 3. Independent of any particular solution. 4. Actual measures at the end of development. 3 Performance Based Earned Value, Paul SolomonandRalphYoung,John Wiley & Sons, 2006. Figure 3 –the “new” trianglemust beused. One where cost, schedule, andtechnical performanceareinterconnected.
  • 4. Risk Management is How Adults Manage Projects March 2010 4 Niwot Ridge Consulting 4347 PebbleBeach Drive Niwot, Colorado 80503 : 303.241.9633 : glen.alleman@niwotridge.com Measures of Performance (MOP) characterizephysical or functional attributes relatingto the system operation: 5. Supplier’s pointof view. 6. Measured under specified testing or operational conditions. 7. Assesses delivered solution performanceagainstcritical systemlevel specified requirements. 8. Risk indicatorsthataremonitored progressively. Programmatic Risk Must Follow a Well Defined Process Using an ad hoc risk management process is itself risky.The first placeto startto look for risk management processes is where managingrisk is mandatory – aerospace,defense, and mission critical projects and projects.These also includeERP and Enterprise IT projects. Technical performanceis a concept absentfrom the traditional approaches to risk management. Yet itis the primary driver of risk in many technology intensive projects.Cost growth and schedule slippageoften occur when unrealistically high levels of performance are required and littleflexibility is provided to degrade performance duringthe courseof the project. Quality is often a causerather than an impactto the projectand can generally be broken down into Cost, Performance, and Schedule components. The framework shown in Figure 4 provides guidancefor:  Risk management policy  Risk management structure  Risk Management Process Model  Organizational and behavioral considerationsfor implementingrisk management  The performance dimension of consequence of occurrence  The performance dimension of Monte Carlo simulation modeling  A structured approach for developinga risk handlingstrategy Risk Communication To be effective the activities of risk management must properly communicate risk to all the participants.Risk is usually a term to be avoided in normal business.Beingin the risk management business is not desirablein most businesses –except insurance.Itis common to “avoid” the discussion of risk. Communicatingrisk is the firststep in managingrisk. Listingthe risks and makingthem public is necessary butfar from sufficient. Risk communication is the basis of risk mitigation and retirement. It serves no purpose to have a risk management plan and the defined mitigations in the absenceof a risk communication. The Risk Management Plan mustaddress:  Executive summary – a short summary of the projectand the risks associated with the activities of the project. Each risk needs an ordinal rank,a planned mitigation is therisk is active(a risk approved by the Risk Board),and the mitigations shown in the schedulewith associated costs.  Project description –a detailed description of the projectand the risk associated with each of the deliverables.  Risk reduction activities by phase – usingsome formal risk management process that connects risk,mitigation and the IMS. The efforts for mitigation need to be in the schedule.  Risk management methodology – usingthe DoD Risk Management process is a good start. 4 This approach is proven and approved by high risk,high reward projects.The steps in the processes arenot optional and should be executed for ALL risk processes. 4 Risk ManagementGuide for DoD Acquisition 2003(FifthEdition, Version2.0), www.dau.mil/pubs/gbbks/risk_management.asp Figure 4 –this risk management process is the“gold standard.” Anything less is inviting additional risk.
  • 5. Risk Management is How Adults Manage Projects March 2010 5 Niwot Ridge Consulting 4347 PebbleBeach Drive Niwot, Colorado 80503 : 303.241.9633 : glen.alleman@niwotridge.com In order to communicate risk,a clear and conciselanguage is needed. English is notthe best choice.Ambiguity and interpretation aretwo issues.Communicatingin mathematical terms is also a problem,sincethe symbols and units of measure may be confusing. Figure 5 is from the Active Risk Manager 5 tool that connects risk management with the schedulingsystem. ARM is a proprietary risk management system, but illustrates howrisk is retired over time in accordancewith a plan. The concept shows explicitly when each risk will be“bought down” or “retired” duringthe project execution. The Risk Registry and the Integrated Master Schedule must be connected in some way. Without this connection, there is no Risk Management process thatcan be used to forecast impacts on costor schedule. At each project maturity point, current risks,the planned retirements of these risks,and the impact of the project must be visiblein the schedule. With these connections,project managers can then answer the questions:  What happens if this risk is notmitigated?  What effort is needed to retire this risk beforea specific pointin time?  If this risk becomes an issue,what is Plan-B? How much will Plan-Bcost? Whatis the impactof Plan-Bon the deliverables?  What costand schedulereserve is needed to cover all the currently activerisks? In the End Once cost, schedule,and techncial performanceare integrated into the Performance Measurement Baseline,risk management can be applied to all three elements. With these connections in place,the projectmanagement team can say with confidence – “we are doingrisk management on this project.” The final reminder is to make sureall fiveelements of risk management are present. Leaving one out not only reduces the effectiveness of the risk management process,but increases in the risk to the project. Project risk management is a Practice.The theory of ProjectRisk Management is important,but the Practiceis howproject risk gets managed. 5 www.strategicthought.com Figure 5 –this risk retirementwaterfallshows where in theplanrisk willbemitigatedor retired.