2. Table of Content
Experience…
– Definition of Risk
– Definition of Risk Management
– It’s natural like drinking water
– Pass-no-pass
– Pierpaolo’s experience
– Mainframe from Brazil to USA!
– From Matrix to NX
– Deciding to leave the Fiat Group
– In summary
– Everything fits together
… and literature
– Risk Analysis and Risk Management
– Identify Threats
– Risk Impact / Probability
– Risk Drivers
– Risk Management Process
– Resources
– Q&A
2
3. Definition of Risk
– Possibility to get into a situation which is worse than actual
– Risk is made of two parts:
– The probability of something going wrong
– The negative consequences if it does
– Risk Value = Probability of Event x Cost of Event
3
4. Definition of Risk Management
– Risk Management is the process by which we try to figure it out all the potential
risks related to a certain situation and we define an action plan either to avoid or
mitigate the impact of the risks (consequences).
– Situations: decision among different alternatives, new initiative, project, change in
process, negotiations, new course of life, etc.
– It helps to answer the question: What happens if I do this instead of that?
– Assess the status quo versus future status:
– List the potential risks
– Evaluate the risks (e.g.: in a scale 1 to 5)
– Evaluate the probability each risk to happen
– Define a Mitigation Plan (counteractions to mitigate or minimize the consequences of a
certain event)
4
5. It’s natural like drinking water
– As human being we are accustomed to watch our steps every moment in our
life. It’s a natural behavior.
– Since we started walking our first steps, we learnt how to evaluate the risk to
– Fall down
– Breath our saliva
– Drown in water
– Be bitten by our friends at playground
– Cross the street without getting crashed by car, etc.
– It comes from when we were in the woods, it’s not just a modern invention
5
6. Pass-no-pass
– Put yourself in the worse scenario and if it is OK, you will be OK
– Equivalence of designing a bridge: actions done by winds, stress by a train
crossing the bridge, together with cars, together with people, and in case of
earthquake, then a combination of those events
– But risks cannot be an excuse to not do or not to decide about something
(otherwise we shouldn’t build bridges at all!)
6
7. Pierpaolo’s experience
– Moving mainframe service from Nova Lima (Brazil) to St. Louis (USA)
– Moving from Matrix to NX (Product Lifetime Management System)
– Deciding to leave the Fiat Group and starting a new course of life as consultant
7
8. Moving mainframe service from
Brazil to USA
Driver and risks
– Driver: Service in Brazil was bad
– Risks:
– Lack of specific know-how
– Not readable media
– Airplane crash
– Lack of time (everything must
happen in a long week-end)
– Consequences
– Daily struggle
– Stop of 4 plants for days
Mitigation Plan
– The entire team to study English
– Full back-up and 2 copies of data
– 1st copy of media shipped via plane
– Team Leader flying to USA and
carrying the 2nd copy of media on a
different flight
– “War Room” open no stop
– Post-go-live testing
8
9. From Matrix to NX
Driver and risks
– Driver: not clear, imitating a successful
story from Automotive
– Risks:
– No local support
– Data mirroring takes hours (and no free
time window is available)
– Huge amount of historical data difficult to
migrate
– Consequences
– Lack of support
– Data not synchronized
– Keep old system in place as well
Mitigation Plan
– Change contract with IBM world-wide
(post mortem)
– Hire local people for local support
(without a structured plan)
– Buy new servers running locally (without
a structured plan)
– Expand bandwidth of global network
(post mortem)
– Accept the fact that data will not be
synchronized no matter what (it became
clear post mortem)
– Set up an important project for historical
data to be migrated (post mortem)
9
10. Deciding to leave my corporate
job
Driver and risks
– Driver: lack of respect, not agreeable
vision, non-collaborative
environment, lack of professionalism
– Risks:
– Possibility to find a new job (55 YO)
– Time to pension could increase due to
changes in legislation (which
happened right away…)
– Consequences
– Lack of resources before starting
collecting my pension (with 2 children
still in school or university)
Mitigation Plan
– Forget to find a job and start your
own consulting company
– Make sure finance are there for the
time to come (a lot of financial
simulations) and plan reduced
running expenses
– Negotiate the highest severance
package possible
– Use at max the help coming from the
Executives’ Union
– Buy-back the years of university as
years on service
10
11. In summary
Keep it simple:
– Think about the “AS IS” and the “TO BE”
– List the potential risks
– Evaluate the risks and the probability of each risk to happen
– Define a solid Mitigation Plan
11
15. 11 Principles of Risk Management
(AS/NZS ISO 31000:2009)
1. Creates and protects value
2. Be an integral part of
organizational processes
3. Be part of decision making
4. Explicitly address uncertainty
5. Be systematic, structured and
timely
6. Based on the best available
information
7. Be tailored
8. Take into account human and
cultural factors
9. Be transparent and inclusive
10. Be dynamic, iterative and
responsive to change
11. Facilitate the continual
improvement of organizations
15
16. Identify Threats
Area
– Human
– Operational
– Reputational
– Procedural
– Project
– Financial
– Technical
– Natural
– Political
– Structural
Tools
– SWOT Analysis
– Failure Mode and Effects Analysis
– Scenario Analysis
– What If Analysis
16
https://www.moresteam.
com/toolbox/fmea.cfm
20. Skills You Need for Risk
Management
1. Problem Solving
2. Analytical Skills
3. Communication
4. Business Understanding
5. Negotiation and
Diplomacy
6. Numeracy
7. Working under
pressure
20
21. Resources
– The Risk Management Institute https://www.theirm.org/
– ISO 31000 2009 – Risk Management Principles and Guidelines
– A Risk Management Standard – IRM/Alarm/AIRMIC 2002 – developed in 2002
by the UK’s 3 main risk organisations.
– ISO/IEC 31010:2009 – Risk Management - Risk Assessment Techniques
– COSO 2004 – Enterprise Risk Management - Integrated Framework
– OCEG “Red Book” 2.0: 2009 – a Governance, Risk and Compliance Capability
Model
21
22. Q&A
– How did you like?
– Thank you for your attention
22