The document discusses the Change Risk Assessment Model (CRAM), highlighting its role in improving risk management within project management by addressing change risks in a structured and hierarchical manner. CRAM consists of three interrelated processes: risk identification, assessment, and monitoring, which can be customized to suit various business contexts. The model emphasizes the importance of leadership, communication, and organizational culture in the effective management of change risks to enhance project success.

1. Measuring Change Risk for Organisational
Decision Making Through a Hierarchical Model
Process ApproachProcess Approach
Charalampos Apostolopoulos ,George Halikias, Krikor Maroukian, Georgios Tsaramirsis
City University London, City University London, King’s College London, King Abdulaziz University May 2014

2. CRAM (Change Risk Assessment Model) is a novel model
In Brief:
CRAM (Change Risk Assessment Model) is a novel model
approach which can significantly contribute to the missing formality
of business models especially in the change(s) risk assessment
area.
Project Management has long established the need for risk
management techniques to be utilised in the succinct definition of
associated risks in projects and agreement on countervailingassociated risks in projects and agreement on countervailing
actions as an aim to reduce scope creep, increase the probability
of on-time and in-budget delivery.
U t ll d h dl f i d l itUncontrolled changes, regardless of size and complexity, can
certainly pose as risks, of any magnitude, to projects and affect
project success or even an organisation’s coherence.

3. A dAgenda
Significance11
22 CRAM’s Processes22
33 CRAM’s Tree HierarchyCRAM’s Tree Hierarchy
44 CRAM’s Key Factor’s Analysis
55 Summary

4. C S fCRAM’s Significance
• Ideally, a change or consequence based upon a decision should have a fairly high
level of predictability and thus a low level of a failure risk materializing which would
significantly undo the decision taken.g y
• CRAM’s significance lies in the fact that focus is given specifically in the interrelation
of project environment changes and associated risks which can be assessed.
• The proposed model can be applied in a variety of business sectors irrespective of
size and complexity taking into account major environmental factors.
• The hierarchical modelling approach which CRAM is based on, is flexible enough
that, except the analysed and described change risk attributes; on per project basis,
these can be fully customised based on customer’s or even organisation’s
requirementsrequirements.

5. CProject Risk Categories
Project Risk Categories
Technical Project
Quality Legal
Performance Environmental
Change ScopeChange Scope
Organisational Quality
External / Internal Schedule
Business Process
Cultural Requirements

6. CRisk Curve
Risks have a tendency to grow exponentially with time if left unmanaged.
Drake (2005a, 2005b), cited via Service Transition v.3, p.143; TSO (The Stationery Office), UK 2007
Figure 1: Risk Profile

7. C CChange Categories
Change Categories
Individual Rules / Regulationsg
Organisational Evolutionary
Cost cutting Revolutionary
P St t iProcess Strategic
Cultural Transformational
Technical Proactive /Reactive
Planned / Unplanned Technological

8. CCRAM’s Processes
• CRAM is composed of three interrelated processes which are continually recorded
and monitored. CRAM’s processes accomplish specific risk objectives (identification,
assessment, monitor & control) which are applied to projects or at a greater extend to
business environments with a view to facilitate and control change.
Risk IdentificationRisk Identification
Risk Monitoring &
Control
Risk Assessment
Figure 2: CRAM’s Triple Process

9. fRisk Identification Process
The primary goal of Risk Identification is to recognise the threats and opportunities which
may affect the project’s objectives and consequently deliverables.
Irrespective of risk categorisation, CRAM proposes the following tools and techniques sop g , p p g q
as to identify change risks:
• SWOT analysis
• Change/Risk surveys• Change/Risk surveys
• Delphi technique
• RACI diagrams
• PERT diagrams
PESTEL l i• PESTEL analysis
• Risk Breakdown Structure (RBS)
• Interviews
• Brainstorming sessions
Of course, potential risks and required changes can be identified and decided during the
entire lifecycle of the project. Nevertheless, they have to be assessed and monitored the
sooner the possible.

10. Risk Assessment Process
A simple definition of risk in terms of probability of occurrence and its related impact is
given by the formula :
• Risk = Probability x ImpactRisk = Probability x Impact
The majority of quantitative methodologies use extensively probabilities being rather less
ambiguous and imprecise; meaning that they are more objective as far as the assessment
of the information and data on identified risks is concernedof the information and data on identified risks is concerned.
Estimation can facilitate project risks in terms of the probability of occurrence and impact.
Evaluation assesses the overall effect of all identified risks aggregated together SomeEvaluation assesses the overall effect of all identified risks aggregated together. Some
kinds of risks, like for example financial risks, can be evaluated in numerical terms.

11. (C )Risk Assessment (Cont.)
Risk Assessment can be accomplished with the aid of a variety of methods and
techniques, such as for example: Simulations, Monte Carlo analysis, CPM (Critical Path
Method), AHP (Analytic Hierarchy Process), risk maps, Bayesian probability and statistics,
probability trees or even fault tree analysis.
Concerning evaluation, this can be indicatively accomplished for example by a means of
benchmark questions, like for example:
• Were all implemented non-standard changes assessed?
• Did the approved changes meet the intended goal?
• Concerning result does it satisfy stakeholders and more specifically conform toConcerning result, does it satisfy stakeholders and more specifically conform to
customer requirements?
• Were there found any unplanned changes; which are the associated risks?
• Concerning the implementation phase, did it exceed the project’s constraints?
• Are the results documented, for example, in the change risk log?

12. & CRisk Monitor & Control Process
The Risk Monitoring and Control process mainly intends to: identify, analyse, control
and track new risks. Risk monitor and control can be accomplished with the aid of a
variety of methods and techniques, such as for example:
• Risk Reassessment
• Meetings (consultation, status update)
• Variance Analysis
• Trend Analysis
• Risk Auditing
Alongside the aforementioned CRAM processes an ‘Experts’ Judgment’ may be proven
overall constructive. An expert might be, for instance, an individual (project manager,
change manager) of a group of executives (Project Steering Committee, Change Advisory
Board) which can influence and advice on CRAM resultsBoard) which can influence and advice on CRAM results.

13. CCRAM’s Tree Hierarchy
• CRAM hierarchical tree consists of one
(1) core (root) node, eight (8) parent
nodes, five (5) child nodes and its
respective sixty one (61) attributes Forrespective sixty-one (61) attributes. For
example, ‘Communication’ parent node
consists of seven (7) risk attributes
(sub-factors).
• Depending on the scope and
deliverables of a project, CRAM’s
nodes and related risk attributes
hierarchy per level can change so as to
accommodate more of fewer criteria.
Figure 3: CRAM’s Hierarchy Tree

14. CCRAM’s web page
http://www.changemodel.net

15. fLeadership Definition
• Leadership: Project success is accounted in many ways to strong leadership and commitment to
project scope and objectives. Active leadership remains important throughout the entire project
lifecycle, with the application of skills and determinacy to succeed. Therefore, efficient resource
management is necessary to complete each task in its predefined priority. Senior management’sg y y g
accountability is key to effective decision making in the context of ‘firm but fair’ handling, to inspire
and lead the project team in achieving high performance levels and overall high adaptation rate to
proposed and authorised changes.
Attributes:
- Active
- ExperiencedExperienced
- Strong
- C-level engagement
- Authority
Firm but Fair- Firm but Fair
- Strategic
Definitions of CRAM’s Risk Attributes can be seen at: www.changemodel.net

16. C fCommunication Definition
• Communication: Refers to the exchange of ideas or information among stakeholders e.g. project
manager, team members, board of directors, which are related to change and associated risks.
The more complex the organisational structure or the proposed changes, the more communication
channels have to be engaged. Effective communication is a bi-directional activity which has to beg g y
controlled and monitored. Communication is an important business environment factor
incorporating cultural values) as project’s success is highly dependent on communication.
Attributes:
- Effective
- Trustful
- Involvement (participation)
- Supportive
- Common Vocabulary
- Knowledge SharingKnowledge Sharing
- Conflict Management

17. C fCulture Definition
• Culture: Collection (but not limited to) of beliefs, attitudes, core values, ways of acting and
thinking shared among members or organisations. Culture can impact the way of business
conduction, decision making process, communication attitude and in effect influence project
success. A supportive, knowledge sharing organisational culture can be enough ‘risk taking’ so asg g g g g
to match complicated project’s scope and objectives with success. A risk averse business culture
might be problematic against accepting proposed changes which in turn, might cause problems to
over decision making, communication and leadership of the project.
Attributes:
- Integrationeg a o
- Leadership
- Communication
- Corporate Values
- Rewards Innovative- Rewards Innovative

18. S
• Changes and the process of managing related risks differ among organisations and business cultures As
Summary
• Changes and the process of managing related risks differ among organisations and business cultures. As
far as change risk assessment modelling is concerned, there is no one-size-fits-all or all-you-can-eat model.
• Each customer is different, but what stays the same is the expectation and demand for project success,
delivery of services and overall customer’s expectations conformance. Each project may require differentdelivery of services and overall customer s expectations conformance. Each project may require different
changes and handling which may be reflected in culture, leadership, decision making, norms and directives
and consequently in the general way of implementing and managing projects.
• CRAM attempts to take into account various environmental risk factors which influence project success.p p j
These risk factors are modeled, and can be assessed numerically in a top-down hierarchical model.
Nevertheless, not all risks are the same or have the same priorities.
• An overall aim of CRAM would be its adoption in project business scenarios on a consistent and repetitive
basis so as to identify patterns related to all parent nodes described previously.
• Finally, CRAM does not actually dictate any direct or indirect walkthrough; rather it is regarded as a
structured approach for facilitating change risk effectively.
• Even if for example, no project management framework is adopted, CRAM has exactly the same
capabilities concerning change risk identification, assessment and monitor and control processes.

19. “I do not believe you can do today’s job with
yesterday’s methods and be in business tomorrow”
Nelson Jackson
Ch Ri k f O i ti l D i i M ki Th hChange Risk for Organisational Decision Making Through
a Hierarchical Model Process Approach
Questions?
Thank You!
charalampos.apostolopoulos.1@city.ac.uk Research conducted at City University London