Agile Network India Pune Chapter conducted an interesting Session Talk on ‘Risk Management in VUCA World‘.
It is scheduled on 29th May 2021 between 10:00 to 10:50 Hours IST.
Abstract- VUCA world requires new techniques and practices to manage Risks as both problem as well solution domain tends to be volatile and unpredictable. A paradigm shift is required in terms of empowering teams across organization to be responsible for effective risk management in a decentralized and collaborative fashion. Further, risk impact has to be looked from Outcome perspective vs. traditional output perspective. Application of BizDevOps telemetry for predictive foresights to Risks leveraging eco-system of cohesive toolsets is an emerging trend.
The document discusses the risk management framework which includes enterprise, portfolio, program, and project level risk management. It defines key terms like risk, uncertainty, and risk appetite. The framework involves identifying risks, analyzing them both qualitatively and quantitatively, planning responses, implementing responses, and monitoring risks. Risk management is aligned across levels and aims to balance threats and opportunities to achieve organizational objectives.
The document discusses the five integral disciplines for leading agile transformations:
1) Conscious Change - Taking a proactive, disciplined approach to organizational change.
2) Evolving Consciousness - Evolving individual and organizational consciousness through leadership development.
3) Evolving Product Innovation - Taking an organization-centric approach to product creation that includes all stakeholders.
4) Evolving Systemic Complexity - Shifting organizational culture and mental models to create an environment for agility.
5) Evolving Adaptive Architectures - Designing organizational structures, governance, and policies that optimize flow and value creation.
A Comprehensive Overview and Interpretation of Risk and Uncertainty in Projec...Dr. Mustafa Değerli
A Comprehensive Overview and
Interpretation of
Risk and Uncertainty
in Project Management Body of Knowledge, 7th Ed.
Dr. Mustafa Degerli
PhD, PMP, PMI
RMP, PSM, ITIL, CMMI Associate, Lead Auditor
Agenda
•
Risk and Uncertainty
•
Risk as a Project Management Principle (Optimize Risk
•
Uncertainty as a Project Performance Domain
•
Tailoring Details
•
Models, Methods, and Artifacts
Dr. Mustafa Degerli - 2017 - PMI - RMP (Risk Management Professional)Dr. Mustafa Değerli
Dr. Mustafa Degerli has been evaluated and certified as a PMI Risk Management Professional (PMI-RMP) by the Project Management Institute. This credential certifies his expertise in assessing and identifying project risks through August 2020. The Board of Directors and President of PMI have signed and sealed this certification of Dr. Degerli's knowledge and skills in risk management.
This document discusses moving from a risk management approach to performance uncertainty management when dealing with projects and their objectives. It argues that uncertainty management is more effective than separating opportunities from threats. The key points are:
1. Managing uncertainty, rather than just threats or opportunities, allows for a more comprehensive approach that considers all possible impacts.
2. Separating opportunities and threats into different processes is inefficient; a combined uncertainty management approach is better.
3. The ultimate goal is to understand where and why uncertainty is important in a given performance context before seeking to manage it.
This document discusses project risk management. It defines risk as having possible outcomes that are understood, while uncertainty involves possible outcomes that are not understood. The key aspects of project risk management are risk identification, evaluation, response planning, monitoring and control. Project risk management aims to make projects more predictable and improve their chances of success through better planning and investment decisions.
This was a presentation given by Lisa Shi, head of risk management at E C Harris Hong Kong, at the Royal Hong Kong Yacht club as one of the APM HK branch's monthly CPD events. Lisa gave her presentation to some 30 local members and guests.
The document discusses the risk management framework which includes enterprise, portfolio, program, and project level risk management. It defines key terms like risk, uncertainty, and risk appetite. The framework involves identifying risks, analyzing them both qualitatively and quantitatively, planning responses, implementing responses, and monitoring risks. Risk management is aligned across levels and aims to balance threats and opportunities to achieve organizational objectives.
The document discusses the five integral disciplines for leading agile transformations:
1) Conscious Change - Taking a proactive, disciplined approach to organizational change.
2) Evolving Consciousness - Evolving individual and organizational consciousness through leadership development.
3) Evolving Product Innovation - Taking an organization-centric approach to product creation that includes all stakeholders.
4) Evolving Systemic Complexity - Shifting organizational culture and mental models to create an environment for agility.
5) Evolving Adaptive Architectures - Designing organizational structures, governance, and policies that optimize flow and value creation.
A Comprehensive Overview and Interpretation of Risk and Uncertainty in Projec...Dr. Mustafa Değerli
A Comprehensive Overview and
Interpretation of
Risk and Uncertainty
in Project Management Body of Knowledge, 7th Ed.
Dr. Mustafa Degerli
PhD, PMP, PMI
RMP, PSM, ITIL, CMMI Associate, Lead Auditor
Agenda
•
Risk and Uncertainty
•
Risk as a Project Management Principle (Optimize Risk
•
Uncertainty as a Project Performance Domain
•
Tailoring Details
•
Models, Methods, and Artifacts
Dr. Mustafa Degerli - 2017 - PMI - RMP (Risk Management Professional)Dr. Mustafa Değerli
Dr. Mustafa Degerli has been evaluated and certified as a PMI Risk Management Professional (PMI-RMP) by the Project Management Institute. This credential certifies his expertise in assessing and identifying project risks through August 2020. The Board of Directors and President of PMI have signed and sealed this certification of Dr. Degerli's knowledge and skills in risk management.
This document discusses moving from a risk management approach to performance uncertainty management when dealing with projects and their objectives. It argues that uncertainty management is more effective than separating opportunities from threats. The key points are:
1. Managing uncertainty, rather than just threats or opportunities, allows for a more comprehensive approach that considers all possible impacts.
2. Separating opportunities and threats into different processes is inefficient; a combined uncertainty management approach is better.
3. The ultimate goal is to understand where and why uncertainty is important in a given performance context before seeking to manage it.
This document discusses project risk management. It defines risk as having possible outcomes that are understood, while uncertainty involves possible outcomes that are not understood. The key aspects of project risk management are risk identification, evaluation, response planning, monitoring and control. Project risk management aims to make projects more predictable and improve their chances of success through better planning and investment decisions.
This was a presentation given by Lisa Shi, head of risk management at E C Harris Hong Kong, at the Royal Hong Kong Yacht club as one of the APM HK branch's monthly CPD events. Lisa gave her presentation to some 30 local members and guests.
Agile project management and normativeGlen Alleman
Reform of the traditional approaches to managing software development projects is driven by several factors, not the least of which is some spectacular failures of soft-ware projects. Ranging from the IRS, to the FAA, to large e–commerce systems, we all have some “war story” of a major failure that can be traced to non–technical causes.
This one-day introductory workshop introduces key concepts of risk management. It will expose delegates to a practical risk management process using case studies and risk management software. The workshop objectives are to cover basic risk concepts, identification techniques, analysis methods, response strategies, and risk management implementation. Attendees will use a tried and tested process to make simulated project decisions and evaluate options based on risk threats and opportunities. Ongoing support is available for facilitation, implementation, and individual risk certification.
Risk Management is the identification, assessment, and prioritization of risks to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.
The same is explained by real example of managing project via project management simulator SimulTrain(R). Simultrain(R) prepares managers to confront risks in real projects. Major conclusion is showing how managers do it in real projects every day.
Construction Risk Summit "benefit and pits of Construction Risk Management"bfriday
This document discusses conducting risk management on major projects. It provides an overview of John Holland, an engineering and construction company, and explains why risk management is important for major projects. Some key benefits of risk management mentioned include focusing teams on objectives, protecting balance sheets, gaining alignment on critical risks, and understanding residual uncertainty. The document also outlines some pitfalls to avoid, such as not involving risk information in decision making. It emphasizes the importance of focusing on key risks and matching the appropriate risk tools to each project.
Risk management involves identifying potential risks to a project, analyzing their likelihood and impact, and developing plans to mitigate negative risks. Some key risks include staff turnover, requirements changes, and underestimating the time or resources needed. It is important to identify risks early, communicate about them, assign ownership, prioritize risks, and regularly monitor risks and mitigation strategies. Effective risk management can help promote the success of software projects by focusing resources and preventing potential problems.
Kuala Lumpur - PMI Global Congress 2009 - Risk ManagementTorsten Koerting
Presentation on Risk Management Tools, like Risk Register, Risk Profile Presentation Options, How to facilitate a Risk Assessment and effective Processes for day to day application of Risk Management in your Project
This document discusses eliciting risk information through communication and consultation with stakeholders. It notes that risk identification requires input from multiple stakeholders as no single person holds all relevant information. Effective communication methods depend on the complexity and significance of the issue. Risk identification involves establishing the internal and external context, risk management context, and defining risk criteria. Tools like SWOT analysis and stakeholder analysis can help identify strengths, weaknesses, opportunities, threats, and key stakeholders. Relevant parties should be invited to assist in risk identification through research, tools, and consultation.
This document discusses risk management and provides definitions of risk. It summarizes the key steps in the risk management process as establishing context, identifying risks, analyzing risks, evaluating risks, treating risks, and monitoring and reviewing risks on an ongoing basis. Communication and consultation are also emphasized. Various risk management models and the benefits of risk management for organizations are outlined. Myths about risk management are dispelled.
Risk Management is essential to the success of all project work. Information about key project cost, performance, and schedule attributes are often unknown until the project is underway and changes are occurring during execution.
This document discusses project risk and risk management. It defines project risk as any uncertainty that can negatively or positively impact project objectives. It notes that risk management involves identifying, analyzing, and responding to risks throughout the project life cycle. The document outlines the major steps in developing a risk management plan, including identifying risks, assessing their probability and impact, developing response strategies, and monitoring risks dynamically. It concludes that while risks cannot be eliminated, they can be managed to help complete projects successfully.
Leading Successful Programmes (LSP) v2.8Stuart Robb
This document outlines the objectives and content of a programme leadership course. The course aims to teach participants what a programme is, how to lead one successfully, and the processes needed to monitor and control a programme. It does not cover methodologies or documentation requirements. The document discusses what defines a project and programme, the differences between management and leadership, and attributes of successful leadership such as vision, motivation, and decisiveness. It also addresses the origins of leadership, different power styles, and developing qualities like charisma and respect.
This document provides sample questions and answers that a Control Account Manager (CAM) could expect to encounter during an interview related to their Earned Value Management responsibilities. It includes background on topics like required training, the program organization structure, work authorization processes, performance measurement baseline planning, and earned value measurement. Sample questions are provided on each topic along with potential answers the CAM could provide to demonstrate their knowledge and management of their control accounts.
The document discusses risk management, including what it is, who uses it, and how it is applied in customs. Specifically:
- Risk management is a systematic process of identifying, analyzing, and responding to risks to reduce losses and take advantage of opportunities. It is used widely in both public and private sectors.
- The key steps in risk management are establishing the context, identifying and analyzing risks, evaluating risks, treating risks, and ongoing communication, monitoring and review.
- Customs administrations use risk management strategies to facilitate trade while maintaining control over cross-border movement of goods and people. It helps customs prioritize resources according to risk level.
Managing risk with deliverables planningGlen Alleman
This document discusses managing risk through continuous risk management (CRM). It introduces the five principles of risk management and outlines the CRM process, which includes identifying risks, analyzing and prioritizing them, planning mitigations, tracking mitigation progress and risks, making decisions based on risk data, and communicating throughout the project. The presentation provides examples of risk statements, evaluation criteria, classification approaches, and integrating risks and mitigation plans into project schedules. The goal of CRM is to continually identify, assess, and mitigate risks to improve project outcomes.
The above presentation talks about the risk involved in any project. The project risk identification, quantification, response and its control is also thoroughly explained.
The presentation about Project Risk Management conducted by Mr. Mohamad Boukhari for the project management community in Lebanon during PMI Lebanon Chapter monthly lecture.
This document provides guidelines for successfully deploying risk management software. It discusses the importance of collaboration between the client and vendor project teams. Key factors that contribute to success include establishing clear communication plans, addressing risks and issues, and managing the project schedule, costs and scope. The document also covers defining and measuring critical success factors, establishing organizational hierarchies and reporting structures, focusing on data mapping and integrity, and managing workloads and change. The overall theme is that structure and flexibility are both important for risk management software deployments to be efficient and successful.
In this presentation, we will discuss about risk, project risk and four broad strategies to handle risk. We will also talk about the role of buffers and contingency plan in risk management, project tracking meetings.
To know more about Welingkar School’s Distance Learning Program and courses offered, visit:
http://www.welingkaronline.org/distance-learning/online-mba.html
This document discusses the value of applying risk management to projects. It outlines how risk management can improve project delivery by providing better estimates, schedules, and project controls. It also improves communication and transparency. Applying quantitative risk analysis allows for more accurate project contingencies, which supports better capital planning. Risk workshops provide early risk identification and collaborative problem solving. Implementing a risk management process gradually and tailoring it to each project provides the most value. An independent risk analyst can help identify challenges and establish a standard process.
Establishing the Core of an Effective Technology Risk Management ProgramAmna Awan
The document discusses establishing an effective technology risk management program with three key elements:
1) Begin with the desired outcomes in mind such as effective risk management, continuous compliance monitoring, and minimal business disruption.
2) Research applicable laws and regulations to understand technology and security control requirements and leverage existing frameworks to streamline compliance.
3) Establish standard processes, roles, and governance around risk management including standardized risk, control and issue tracking, approval workflows, and leadership reporting to ensure accountability.
Centralized operations – Risk, Control, and CompliancePECB
The webinar covers:
• Centralized operation models (shared services)
• The benefits case
• Options for managing risk, control and compliance in centralized operations
Presenter:
This session was presented by Steve Tremblay, Senior ITSM Consultant and Trainer at ExcelsaTech, and a PECB Certified Trainer.
Link of the recorded session published on YouTube: https://youtu.be/LaLWI_ULjjU
Agile project management and normativeGlen Alleman
Reform of the traditional approaches to managing software development projects is driven by several factors, not the least of which is some spectacular failures of soft-ware projects. Ranging from the IRS, to the FAA, to large e–commerce systems, we all have some “war story” of a major failure that can be traced to non–technical causes.
This one-day introductory workshop introduces key concepts of risk management. It will expose delegates to a practical risk management process using case studies and risk management software. The workshop objectives are to cover basic risk concepts, identification techniques, analysis methods, response strategies, and risk management implementation. Attendees will use a tried and tested process to make simulated project decisions and evaluate options based on risk threats and opportunities. Ongoing support is available for facilitation, implementation, and individual risk certification.
Risk Management is the identification, assessment, and prioritization of risks to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.
The same is explained by real example of managing project via project management simulator SimulTrain(R). Simultrain(R) prepares managers to confront risks in real projects. Major conclusion is showing how managers do it in real projects every day.
Construction Risk Summit "benefit and pits of Construction Risk Management"bfriday
This document discusses conducting risk management on major projects. It provides an overview of John Holland, an engineering and construction company, and explains why risk management is important for major projects. Some key benefits of risk management mentioned include focusing teams on objectives, protecting balance sheets, gaining alignment on critical risks, and understanding residual uncertainty. The document also outlines some pitfalls to avoid, such as not involving risk information in decision making. It emphasizes the importance of focusing on key risks and matching the appropriate risk tools to each project.
Risk management involves identifying potential risks to a project, analyzing their likelihood and impact, and developing plans to mitigate negative risks. Some key risks include staff turnover, requirements changes, and underestimating the time or resources needed. It is important to identify risks early, communicate about them, assign ownership, prioritize risks, and regularly monitor risks and mitigation strategies. Effective risk management can help promote the success of software projects by focusing resources and preventing potential problems.
Kuala Lumpur - PMI Global Congress 2009 - Risk ManagementTorsten Koerting
Presentation on Risk Management Tools, like Risk Register, Risk Profile Presentation Options, How to facilitate a Risk Assessment and effective Processes for day to day application of Risk Management in your Project
This document discusses eliciting risk information through communication and consultation with stakeholders. It notes that risk identification requires input from multiple stakeholders as no single person holds all relevant information. Effective communication methods depend on the complexity and significance of the issue. Risk identification involves establishing the internal and external context, risk management context, and defining risk criteria. Tools like SWOT analysis and stakeholder analysis can help identify strengths, weaknesses, opportunities, threats, and key stakeholders. Relevant parties should be invited to assist in risk identification through research, tools, and consultation.
This document discusses risk management and provides definitions of risk. It summarizes the key steps in the risk management process as establishing context, identifying risks, analyzing risks, evaluating risks, treating risks, and monitoring and reviewing risks on an ongoing basis. Communication and consultation are also emphasized. Various risk management models and the benefits of risk management for organizations are outlined. Myths about risk management are dispelled.
Risk Management is essential to the success of all project work. Information about key project cost, performance, and schedule attributes are often unknown until the project is underway and changes are occurring during execution.
This document discusses project risk and risk management. It defines project risk as any uncertainty that can negatively or positively impact project objectives. It notes that risk management involves identifying, analyzing, and responding to risks throughout the project life cycle. The document outlines the major steps in developing a risk management plan, including identifying risks, assessing their probability and impact, developing response strategies, and monitoring risks dynamically. It concludes that while risks cannot be eliminated, they can be managed to help complete projects successfully.
Leading Successful Programmes (LSP) v2.8Stuart Robb
This document outlines the objectives and content of a programme leadership course. The course aims to teach participants what a programme is, how to lead one successfully, and the processes needed to monitor and control a programme. It does not cover methodologies or documentation requirements. The document discusses what defines a project and programme, the differences between management and leadership, and attributes of successful leadership such as vision, motivation, and decisiveness. It also addresses the origins of leadership, different power styles, and developing qualities like charisma and respect.
This document provides sample questions and answers that a Control Account Manager (CAM) could expect to encounter during an interview related to their Earned Value Management responsibilities. It includes background on topics like required training, the program organization structure, work authorization processes, performance measurement baseline planning, and earned value measurement. Sample questions are provided on each topic along with potential answers the CAM could provide to demonstrate their knowledge and management of their control accounts.
The document discusses risk management, including what it is, who uses it, and how it is applied in customs. Specifically:
- Risk management is a systematic process of identifying, analyzing, and responding to risks to reduce losses and take advantage of opportunities. It is used widely in both public and private sectors.
- The key steps in risk management are establishing the context, identifying and analyzing risks, evaluating risks, treating risks, and ongoing communication, monitoring and review.
- Customs administrations use risk management strategies to facilitate trade while maintaining control over cross-border movement of goods and people. It helps customs prioritize resources according to risk level.
Managing risk with deliverables planningGlen Alleman
This document discusses managing risk through continuous risk management (CRM). It introduces the five principles of risk management and outlines the CRM process, which includes identifying risks, analyzing and prioritizing them, planning mitigations, tracking mitigation progress and risks, making decisions based on risk data, and communicating throughout the project. The presentation provides examples of risk statements, evaluation criteria, classification approaches, and integrating risks and mitigation plans into project schedules. The goal of CRM is to continually identify, assess, and mitigate risks to improve project outcomes.
The above presentation talks about the risk involved in any project. The project risk identification, quantification, response and its control is also thoroughly explained.
The presentation about Project Risk Management conducted by Mr. Mohamad Boukhari for the project management community in Lebanon during PMI Lebanon Chapter monthly lecture.
This document provides guidelines for successfully deploying risk management software. It discusses the importance of collaboration between the client and vendor project teams. Key factors that contribute to success include establishing clear communication plans, addressing risks and issues, and managing the project schedule, costs and scope. The document also covers defining and measuring critical success factors, establishing organizational hierarchies and reporting structures, focusing on data mapping and integrity, and managing workloads and change. The overall theme is that structure and flexibility are both important for risk management software deployments to be efficient and successful.
In this presentation, we will discuss about risk, project risk and four broad strategies to handle risk. We will also talk about the role of buffers and contingency plan in risk management, project tracking meetings.
To know more about Welingkar School’s Distance Learning Program and courses offered, visit:
http://www.welingkaronline.org/distance-learning/online-mba.html
This document discusses the value of applying risk management to projects. It outlines how risk management can improve project delivery by providing better estimates, schedules, and project controls. It also improves communication and transparency. Applying quantitative risk analysis allows for more accurate project contingencies, which supports better capital planning. Risk workshops provide early risk identification and collaborative problem solving. Implementing a risk management process gradually and tailoring it to each project provides the most value. An independent risk analyst can help identify challenges and establish a standard process.
Establishing the Core of an Effective Technology Risk Management ProgramAmna Awan
The document discusses establishing an effective technology risk management program with three key elements:
1) Begin with the desired outcomes in mind such as effective risk management, continuous compliance monitoring, and minimal business disruption.
2) Research applicable laws and regulations to understand technology and security control requirements and leverage existing frameworks to streamline compliance.
3) Establish standard processes, roles, and governance around risk management including standardized risk, control and issue tracking, approval workflows, and leadership reporting to ensure accountability.
Centralized operations – Risk, Control, and CompliancePECB
The webinar covers:
• Centralized operation models (shared services)
• The benefits case
• Options for managing risk, control and compliance in centralized operations
Presenter:
This session was presented by Steve Tremblay, Senior ITSM Consultant and Trainer at ExcelsaTech, and a PECB Certified Trainer.
Link of the recorded session published on YouTube: https://youtu.be/LaLWI_ULjjU
The document proposes a 360 Degree Risk Management Model to help organizations holistically manage risks. The model comprises people, processes, tools, and governance to 1) identify risks early, 2) mitigate negative risks, and 3) leverage learnings from risks to enhance competencies. Key aspects of the model include a corporate risk database, risk analytics dashboards, and knowledge sharing programs. The document argues the model can help organizations gain competitive advantages and improve outcomes by taking a more holistic view of risks.
Happiest Minds helps US companies comply with the NIST Cybersecurity Framework (CSF) by conducting assessments of organizations' cybersecurity risks and controls. They identify gaps between the current security posture and the NIST CSF requirements, then provide recommendations and a roadmap for remediation. Happiest Minds uses proven methodologies including mapping the NIST CSF to existing processes, conducting a current state assessment, and creating a cybersecurity risk profile to determine compliance levels and next steps.
We are FixNix, born on a vision to democratize the Governance, Risk and Compliance(GRC) vertical. GRC is a very niche area and there are very few companies doing this in market. Within one year of inception, we have cracked Microsoft Bizspark Challenge and IEEE Best Cloud Startup awards.
We master in developing mature and tailored GRC solutions and offer them as a SaaS model. We have launched our product before 6 months and we are successful by achieving enterprise clients like Cipla, Mphasis, GMR, E&Y with on-premise deployments and a couple of SMBs with SaaS sign ups.
The document discusses designing next-generation threat identification solutions. It summarizes traditional threat modeling approaches and identifies challenges, such as incomplete threat coverage, inability to follow processes rigorously, and lack of suitability for new development scenarios. It proposes key elements for new solutions, including making the business the driver, empowering developers, using continuous and customizable processes, and taking a collaborative approach. The goals are to address resource constraints, conduct analysis throughout product lifecycles, and standardize flexible processes for different teams and products.
The document discusses a risk management software system called the Governance Portal. It provides an integrated solution that enables leading risk practices, including risk assessment, loss event tracking, key indicator monitoring, and action plan management. The system helps align risk assessment with corporate goals. It supports a forward-looking assessment of multiple risk inputs to provide comprehensive reporting and focus on high-risk areas. Several companies are highlighted that use the system successfully for tasks like internal control review and risk management.
This document provides an overview and introduction to Microsoft's Security Risk Management Guide. It discusses the challenges of managing security risks in today's environment and introduces a four-phase security risk management process developed by Microsoft. The process uses both qualitative and quantitative risk assessment methods to identify, analyze, and prioritize security risks. It then provides frameworks for making risk management decisions and measuring the effectiveness of security controls. The guide is intended to help organizations of all sizes establish a formal security risk management program to proactively manage risks in a cost-effective manner.
This document provides an overview and introduction to Microsoft's Security Risk Management Guide. It discusses the challenges of managing security risks in today's environment and introduces a four-phase security risk management process developed by Microsoft. The process uses both qualitative and quantitative risk assessment methods to identify, analyze, and prioritize security risks. It then provides frameworks for making risk management decisions and measuring the effectiveness of security controls. The guide is intended to help organizations of all sizes establish a formal security risk management program to proactively manage risks in a cost-effective manner.
This document summarizes a workshop on implementing leading indicator programs to improve safety. The workshop will address key questions around health, safety and environment leading indicators and how to use collected data to create change. Presentations will cover lagging and leading indicators, a case study of a successful leading indicator program, using technology for leading indicators, and data reporting. Attendees will participate in a workshop activity to experience using a mobile application to record inspection results. Recommendations provided include making leading indicators measure proactive activities, applying a plan-do-check-act model, and using data visualization and analytics to drive decisions to prevent incidents.
Risk Based Security and Self Protection Powerpointrandalje86
Miguel Sanchez presented on risk based security and self protection technologies. He discussed how the threat landscape has changed and the need for a proactive, risk based approach. This involves a multi-tiered risk management process including framing risks at the organizational, mission, and system levels. Emerging technologies like runtime application self protection can help applications protect themselves by monitoring for threats during execution.
The document discusses Zurich's Portfolio Management Office (PMO) expanding its services to take on more projects. It notes that Zurich undertakes various types of projects in response to regulatory changes, risks, upgrades, and to drive growth, customer experience, and efficiency. The PMO aims to become more strategic by increasing insights, creating capacity, centralizing processes, and standardizing governance. This will help deliver projects with more confidence by continuously assessing controls and risks. The PMO also wants to adapt its services to support non-IT changes and agile projects to help more areas of the business.
This document discusses organisation change management. It provides an overview of key aspects of change management including change readiness assessment, communications strategy, establishing a change facilitator network, and developing a transition management plan. The goal is to manage the people components during a business transformation initiative to help ensure the desired outcomes are achieved. A structured change management approach is advocated to help address implementation issues, build commitment rather than just compliance, and align organisational performance with the goals of the change.
The document provides guidance on successful integration strategies for acquisitions. It emphasizes the importance of having a clear integration strategy aligned with the benefits case for the deal. It also stresses designing the integration programme around delivering the anticipated benefits, managing risks to both the business and programme, rapidly engaging employees from both companies, and providing focused programme management through the integration process.
The document discusses principles of software management and development practices. It covers:
1. Establishing iterative lifecycle processes that identify risks early through multiple iterations of problem understanding, solution design, and planning.
2. Transitioning design methods to emphasize component-based development using pre-existing code to reduce custom development.
3. Enhancing change freedom through automated tools that support round-trip engineering and synchronization across different formats and stages of the iterative development process.
This document summarizes a presentation given at Predictive Analytics World in Chicago on establishing a data-driven culture through change management. The presentation discusses defining what it means for a culture to be data-driven, engaging leadership to support the change, and implementing sustainable changes. It also provides tactics for measuring whether the shift to a more data-driven culture is successful. The key recommendations are to align analytics goals with organizational objectives, evaluate how analytics fits the existing processes, communicate wins from analytics projects to drive further adoption, and use the right metrics to assess the analytics program over time.
Qpr 8 Risk Management And Compliance SolutionIycon India
The document provides an overview of QPR Risk Management and Compliance (RMC) solution. It discusses key RMC concepts, common challenges organizations face, and how the QPR RMC platform addresses these challenges by integrating risk management, compliance, business processes and performance management in a unified solution. The QPR RMC solution cycle and benefits are also summarized. Example customers that have implemented QPR RMC solutions are also provided.
Enterprises face increasing risks
Every day, modern enterprises face significant risk concerns. Consider the potential
impact of business disruption, technology breaches, and workforce safety issues, as
well as disconnected tools/systems/processes, productivity issues, and brand and
reputation damage. Other risks are ones that can’t be controlled as easily, including
extreme weather, the ever-growing cost associated with the number of global
compliance regulations, supply chain disruption—and global pandemics. This last one
previously didn’t seem that likely, but we’ve all experienced how that can change.
These concerns are present for every department across the enterprise. They impact
how people work and the business’s bottom line.
Governance, Risk, and Compliance (GRC) programs help ensure that enterprises
address risks and meet compliance mandates. Today, these programs are even
more critical as enterprises around the world embrace digital transformation and
cloud-based platforms. Such innovations enable workforces and customers to easily
access digital services and processes, but these seamless experiences also bring
increased risks.
Outdated GRC practices and solutions
Many existing GRC solutions were developed and implemented before the largescale adoption of digital technology. These outdated solutions were not designed for
front-line employees, and they place a heavy burden on risk and compliance teams.
Neither the tools nor the teams can keep up. Right now, typically every department
in an enterprise has silos of data that these solutions must attempt to work with or
around. Compliance teams are forced to use manual, outdated, and inconsistent risk
management and compliance practices that don’t provide a real-time, overall view of
risk across the business
Most companies have projects that engage employees beyond their normal duties. An effective governance process can create order by scanning the environment, applying strategy, prioritizing projects and resources, and aligning the organization.
Designing adaptive and nimble organizationsEmiliano Soldi
What does it mean to design agile and adaptive organizations?
What are rthe necessary organizational archetypes?
What about Value Streams and Lean Portfolio Management?
Similar to Agile Network India | Risk Management in VUCA World | Ashwinee Singh (20)
ANIn Chennai June 2024 | Right Business strategy is foundational for Successf...AgileNetwork
Agile Network India - Chennai
Title: Right Business strategy is foundational for Successful Digital Transformation
Date: 22nd June 2024
Hosted by : Siara Tech Solutions Pvt Ltd
ANIn Mumbai June 2024 | Key Differences in DevOps Implementation: Project ver...AgileNetwork
Agile Network India - Mumbai
Title: Key Differences in DevOps Implementation: Project versus Enterprise
Date: 15th June 2024
Hosted by : Hoarway Technology
ANIn Coimbatore April 2023 | Lean,Agile & DevOps-How applied together provide...AgileNetwork
Agile Network India - Coimbatore
Title: Lean,Agile & DevOps-How applied together provides the best outcomes by Shanmuganand Sivaraman
Date: 22nd April 2023
Hosted by : Kovai
ANIn Ahmedabad June 2024 | Business outcomes directly proportional to mindset...AgileNetwork
Agile Network India - Ahmedabad
Title: Business outcomes directly proportional to mindset by Bhumi Goklani
Date: 01st June 2024
Hosted by :Solution Analysts Pvt.Ltd
ANIn Coimbatore May 2024 | Being Agile - Fortifying the GenZ Workforce by Sar...AgileNetwork
Agile Network India -Coimbatore
Title: Being Agile - Fortifying the GenZ Workforce by Sarada Jayaraman
Date: 25th May 2024
Hosted by : PSGR Krishnammal College for Women
ANIn Coimbatore May 2024 | Skills for the Evolving IT landscape by Meena Subr...AgileNetwork
Agile Network India- Coimbatore
Title: Skills for the Evolving IT landscape by Meena Subramaniam
Date: 25th May 2024
Hosted by : PSGR Krishnammal College for Women
ANIn Ahmedabad Jan 2023 | Discovery is not a phase in being Agile its, "The A...AgileNetwork
Agile Network India - Ahmedabad
Title: Discovery is not a phase in being Agile its, "The Approach" by Vishal Jariwal
Date: 28th Jan 2023
Hosted by: Third Rock Techno LLP
ANIn Ahmedabad April 2023 | Importance of agile and how it can be Implemented...AgileNetwork
Agile Network India - Ahmedabad
Title: Importance of agile and how it can be Implemented in real world by Tanmay Panchal
Date: 22nd April2024
Hosted by: 7 Span
ANIn Chennai May 2023 | Navigating the Rapids: Embracing Agility to Conquer E...AgileNetwork
Agile Network India - Chennai
Title: Navigating the Rapids: Embracing Agility to Conquer Everyday Project Challenges by Andrews Roberta Mary R
Date: 18th May 2024
Hosted by: Truckrr Information Services Pvt Ltd
Must Know Postgres Extension for DBA and Developer during MigrationMydbops
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
Facebook(Meta): https://www.facebook.com/mydbops/
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsScyllaDB
ScyllaDB monitoring provides a lot of useful information. But sometimes it’s not easy to find the root of the problem if something is wrong or even estimate the remaining capacity by the load on the cluster. This talk shares our team's practical tips on: 1) How to find the root of the problem by metrics if ScyllaDB is slow 2) How to interpret the load and plan capacity for the future 3) Compaction strategies and how to choose the right one 4) Important metrics which aren’t available in the default monitoring setup.
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...DanBrown980551
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillLizaNolte
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
ScyllaDB is making a major architecture shift. We’re moving from vNode replication to tablets – fragments of tables that are distributed independently, enabling dynamic data distribution and extreme elasticity. In this keynote, ScyllaDB co-founder and CTO Avi Kivity explains the reason for this shift, provides a look at the implementation and roadmap, and shares how this shift benefits ScyllaDB users.
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
This talk will cover ScyllaDB Architecture from the cluster-level view and zoom in on data distribution and internal node architecture. In the process, we will learn the secret sauce used to get ScyllaDB's high availability and superior performance. We will also touch on the upcoming changes to ScyllaDB architecture, moving to strongly consistent metadata and tablets.
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
2. INTRODUCTION
Ashwinee is an Enterprise Agile Transformation Coach and Digital
Transformation Leader having over 21 years of total IT experience with
12+ years of exclusive experience driving enterprise Agile and DevOps
driven Digital Transformations across geography (US, UK, Australia,
France, India) while working with various Fortune clients and Tier-1 IT
Companies. Ashwinee is currently working as member of core
transformation central team driving strategic Agile-DevOps based
Transformation designing and implementing Target Operating Model for
entire Lines of Business for major global Financial organization.
3. SESSION OBJECTIVES
What is VUCA World and what challenges organizations face operating in VUCA world?
What are Traditional Risk Management Practices and why they seem inadequate for VUCA World?
What New Risk Management Techniques better equip organizations handling challenges in VUCA World?
What would make organizations to be risk overcomer and not just risk survivor?
What are key takeaways on Risk Management techniques adopted in a Complex Regulatory and
Compliance landscape experience?
In this session today, let us try to understand :
7. WHAT IS VUCA WORLD AND
HOW IT IS AFFECTING
ORGANIZATIONS?
https://www.youtube.com/watc
h?v=9jd4tq_mwlM
8. Failures in Risk
Management:
Nokia
BlackBerry
Kodak
Xerox
Courtesy : http://www.rmmagazine.com/
Delayed response
to major
competitor threats
Failure to identify
risks under
uncertainty
Reactive rather
than proactive
Assumption - “This
has worked well in
past, hence will work
in future”
Inability to gauge
fast changing
customer
preferences
Complacency
10. VUCA Characteristics Template
V
U
C
A
Volatility
Uncertainty
Complexity
Ambiguity
Characteristics
Dealing with unexpected, unstable
events / issues probably for
unknown duration
Examples
This is a sample text.
Insert your desired
text here
This is a sample text.
Insert your desired
text here
This is a sample text.
Insert your desired
text here
This is a sample text.
Insert your desired
text here
World economy and national
economy impact due to Covid19
pandemic
Dealing with vague issues with
unclear relationships and
(unknown) unknowns
Dealing with situations flooded with
interconnected variables & parts
even though some info is available
Dealing with lack of other info even
when basic cause and effect are
known
Uncertainty of market reaction
due to disruptive technological
changes like IoT. Blockchain, etc
3rd party logistics with operations
in multiple countries each having
unique regulatory environment
and culture
Launching new products in
emerging markets never
explored before
11. LETS ANALYZE VUCA WORLD CLOSELY
From Dave Snowden’s Cynefin Framework
From Stacey’s Complexity Matrix
12. CHALLENGES MANAGING RISKS IN
COMPLEX OPERATING
ENVIRONMENTS
Simple ‘cause-&-effect’ can’t be established
Elaborative upfront Risk Management for Long-term cycles doesn’t work
Increasing Risk of missing Business Value generation and meeting customer needs
‘Tried-&-Tested’ technology approaches can’t be leveraged due to fast changing
Technologies (Eg – Newer types of Cyber security risks due to wider internet adoption)
14. NEW AGE RISK MANAGEMENT PRACTICES - 1/2
Traditional Risk Management
Big up front Risk Planning and relying on historical
risk database
Ongoing risk planning as part of various Agile events / ceremonies and
leveraging sophisticated AI Analytics to generate Risk Foresights
New Age Risk Management
Aligned to waterfall based Project Plans Aligned to short timed events, cadence and objective milestones
Centralized Risk Management Function (typically
under PMO Group)
Distributed & decentralized Risk Management done by everyone
involved in Product Lifecycle
Few Risk Management specialist owns and manages
Risks (PM / PgM)
Collaborative Risk identification and mitigation is practiced using Big
Room Planning and managed collaboratively by teams
Output and activity focus rather than
quality or need
Outcome driven Risk Management focussed on Business Value (linking
Business & Customer Outcomes and OKRs)
Traditional RAID Management Tools are used with
restricted access and control
Risks are transparently managed across ALM Tools
15. NEW AGE RISK MANAGEMENT PRACTICES - 2/2
Traditional Risk Management
Big-Bulk Requirement Risks managed through
Requirements Traceability Matrix and RAID Log
Requirements are Agile and faster feedback loops to validate
requirements while MVP and product hypothesis and Design Thinking
practices are adopted to align with customer needs to reduce Risks
New Age Risk Management
Regulatory and Compliance domain Risks are managed
by means of implementing various Controls and Audits
Regulatory and Compliance needs are added as Product Backlog
items and managed throughout Product development cycle
Formal RAID reviews only points of actions Addressed daily in Stand ups with immediate action when needed
Whole RAID reviewed every time – high
maintenance overhead
Reviewed individually at point of impact, or at due date, until resolved
Extensive up front mitigation planning Mitigation planning as needed and at appropriate level throughout
product lifecycle
PM / PgM manages Risk in RAID log and publishes
periodic reports to Senior Management
Team manages Risk Burndown across iterations and gives
transparency and visibility to all stakeholders
16. KEY BENEFITS OF NEW AGE RISK MANAGEMENT PRACTICES
The ability of project to fail early and inexpensively significantly
reduces overall project risk as not only the risks are identified early
in cycle but the impact on realization of risk is also limited
The ‘Lean Startup-approach’ of validating ideas and
investments before fully committing the spend helps reduce
the risk of building expensive and unsuccessful products
Proactive and ongoing Risk Management helps identifying
Opportunities also as potential Risks which could lead to increased
Business with timely consideration. Risk identification across different
Investment Horizons helps identify newer opportunities
The culture shift from being reactive to
proactive as organization practices
New Age Risk Management practices
17. NEW AGE RISK MANAGEMENT CASE STUDY
Organization Context
Global Financial Organization with its one of main Lines of Business having 3500+ global IT staff
Risk Management Context
• Central Risk Management Function
• Various Control Frameworks
• Separate Risk Audit and Compliance
Team
• Risk Planning tied to Project Planning
• Risk being managed and reported
across Project Plan’s output
milestones
• Lack of visibility and transparency to
central risk management function
Changes Introduced
• Adopted de-centralized and distributed Risk
Management approach
• Aligned teams to Value Streams and
established integrated Risk Management
across Value Streams
• Outcome measurements defined and OKRs
established for teams
• Risks associated to Value Stream and Program
Team’s Outcome and impact measured on
OKRs
• Control and compliance requirements added
to Product Backlog
• ALM Tools leveraged to track and manage all
Risks
Benefits Realized
• Improved Risk Transparancy and visibility
across stakeholders
• Risk impact calculation became automated
and consistent across Value Stream with
associated OKRs
• Integrated Risk Dashboards available through
ALM Tools with real-time updates for
consumption
• Lightweight Compliance and Controls stage-
gate checkpoints
New Age Risk Management
Traditional Risk Management
Current state
18. SUMMARY AND TAKE-AWAYS
18
Collaborative &
Distributed Risk
Management
New Risk
Management
Mindset and
Culture
Outcome
Focus Risk
Management
Effectively
Leveraging ALM
Tools & DevOps
Telemetry
• No central team but distributed Risk Management by everyone together
• Teams collaborate in Agile ways of working to identify and manage risks
• Various Agile events and ceremonies leveraged across Organization levels to manage Risks
• Risk Management is everyone’s responsibility
• Threats related Risks could also enable growth if handled well hence mindset change required
• Risk overcomer then just risk survivor
• Outcome focus helps relating clear impact of Risk materialization
• Risk Management practices which apply Systems Thinking approach to Risk Management and does not
treat risks handling in silos since impact of risks in VUCA world could fast transform into undesirable
outcomes for organization
• Integrated eco-system of well-connected Tools is integral to create a holistic
view of all Risk with their Outcome linkage
• Sophisticated DevOps Tools based Telemetry could also be leveraged to
provide potentially useful Risk Insights
22. Key organizational outcome metrics
of KPI’s
Release
Frequency
Cost of a
Pod
Volume of
Defects
Service
Availability
Mean time to
Recover
Lead time to
Deploy
Volume of
Incidents
How often do Pod teams release code (new or modified
features) into the Production?
How quickly do Pod teams recover from a service failure (for
both complete and partial disruptions)?
How long does it take for Pod teams from building or
modifying a feature to deploying it into the Production?
How many failures (both complete and partial disruptions)
do the services in a Pod experience?
How available are the services with respect to the
committed availability targets agreed with the Business?
How many defects are detected during the engineering of
applications delivered by the Pod?
How much does it cost to run the services delivered by the
Pod (people, property, licenses, and administration)?
Goal Metric Definition
Deliver
Faster
Deliver
Better
Deliver
Cheaper
Velocity
Trends
The pace of delivering value (in story points) every sprint by
a Pod.
Delivery
Predictability
What is the ratio of completed vs committed stories / story
points for a pod?
Measure
15-25% increase over a year
25-30% increase from initial
baseline
~ 20% improvement for shared
platform
~ 25% improvement
~ 90% commitment achievement
ratio
~ 20% decrease in production
incidents
100% meeting the agreed targets
20-30 % decrease in defect leakage
Active prioritization to create more
value per pod cost
Cost of
Quality
How much preventive and corrective effort is being spent for
each release to maintain quality?
~ 25% decrease in cost of quality
24. VUCA World: Problem as well as solution landscape is fast changing
COMPLEXITY
Multiple Key decision factors
VOLATILITY
Rate of change
AMBIGUITY
Lack of clarity about
meaning of n event
UNCERTAINTY
Unclear about the
present
How
well
can
you
predict
the
outcome
of
your
actions?
How much do you know about the situation?
25. VUCA WORLD
Shore
Past Experiences and Current Conditions
Vision
Understanding
Clarity
Agility
Horizon
The Future State
VUCA
Quadrangle
Volatility Uncertainty Complexity Ambiguity
27. NEW AGE RISK MANAGEMENT PRACTICES - 1/2
Operating in VUCA World requires following key changes in Risk Management approach over traditional Risk Management practices:
Traditional Risk Management New Age Risk Management
Scope
Level
Big up front Risk Planning and relying on historical risk
database
Ongoing risk planning as part of various Agile events /
ceremonies and leveraging sophisticated AI Analytics to
Risk Foresights
Program
Aligned to waterfall based Project Plans Aligned to short timed events, cadence and milestones Team /
Centralized Risk Management Function (typically
PMO Group)
Distributed & decentralized Risk Management done by all
involved in Product Lifecycle
Enterprise
Few Risk Management specialist owns and manages
Risks (PM / PgM)
Collaborative Risk identification and mitigation is practiced using
Big Room Planning and managed collaboratively by teams
Enterprise
Output and activity focus rather than quality or need Outcome driven Risk Management focussed on Business Value
(linking Business & Customer Outcomes and OKRs)
Enterprise
Traditional RAID Management Tools are used with
restricted access and control
Risks are transparently managed across ALM Tools All
28. NEW AGE RISK MANAGEMENT PRACTICES - 2/2
Traditional Risk Management New Age Risk Management Scope Level
Big bulk Requirement Risks managed through
Requirements Traceability Matrix and RAID Log
Requirements are Agile and faster feedback loops to validate
requirements while MVP and product hypothesis and Design Thinking
practices are adopted to align with customer needs to reduce Risks
Enterprise
Regulatory and Compliance domain Risks are managed
by means of implementing various Controls and Audits
Regulatory and Compliance needs are added as Product Backlog items
and managed throughout Product development cycle
Enterprise
Formal RAID reviews only points of actions Addressed daily in Stand ups with immediate action when needed Team
Whole RAID reviewed every time – high maintenance
overhead
Reviewed individually at point of impact, or at due date, until resolved Program
Extensive up front mitigation planning Mitigation planning as needed and at appropriate level throughout
product lifecycle cycle
Program
PM / PgM manages Risk in RAID log and publishes
periodic reports to Senior Management
Team manages Risk Burndown across iterations and gives transparency
and visibility to all stakeholders
Program
Editor's Notes
Simple cause-&-effect based approaches don’t apply in Complex domain
Long term Planning can’t be applied as its changing rapidly making plans outdated
The Traditional Risk Management practices wont work ‘as-it-is’ since detailed upfront planning can’t be done and rather needs more adaptive incremental Risk Management
The Risk of not generating required Business Value has increased many folds in VUCA world and isn’t adequately addressed by Outcome focused Traditional Risk Management approaches
There is less and less applicability of applying ‘Tried-&-Tested’ technology approaches and patterns due to fast changing technology landscape hence resulting in rise of newer types of risks (Eg – Newer types of Cyber security risks due to wider internet adoption)
The illustration above outlines the key metrics that are to be measured at each level of the organisation, the enabling toolset and the reason why stakeholders are interested. There is a bidirectional flow of data for key data items from POD level through to enterprise, which makes data upkeep critical to making informed decisions.
The illustration above outlines the key metrics that are to be measured at each level of the organisation, the enabling toolset and the reason why stakeholders are interested. There is a bidirectional flow of data for key data items from POD level through to enterprise, which makes data upkeep critical to making informed decisions.