Principles Of Risk Management
•Download as PPTX, PDF•
1 like•1,649 views
A presentation that attempts to strip away the often-unnecessary complexity of most risk management methodologies to focus on five fundamental elements: goals, plans, uncertainties, responses and management.
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (10)
Principles Of Risk Management
- 1. PRINCIPLES OF RISK MANAGEMENT 5/18/2010 T. Erickson © 2010 All Rights Reserved 1
- 2. Disclaimer Any opinions expressed in the following presentation are the author’s and do not reflect those of the Project Management Institute or its Chapters. 5/18/2010 T. Erickson © 2010 All Rights Reserved 2
- 3. “If anything can go wrong, it will.” Murphy’s Laws, Number 1 “. . . And even if it can’t, it might.” Barton’s Amendment 5/18/2010 T. Erickson © 2010 All Rights Reserved 3
- 4. OVERVIEW Principles The Basics Refinements Example 5/18/2010 T. Erickson © 2010 All Rights Reserved 4
- 5. WHAT IS RISK? Risk: 1: possibility of loss or injury : peril 2: someone or something that creates or suggests a hazard 3 a: the chance of loss or the perils to the subject matter of an insurance contract ; also : the degree of probability of such loss b: a person or thing that is a specified hazard to an insurer c: an insurance hazard from a specified cause or source <war risk> 4: the chance that an investment (as a stock or commodity) will lose value — risk·less 'ris-kl?s adjective — at risk : in a state or condition marked by a high level of risk or susceptibility <patients at risk of infection> Webster’s Online Dictionary 5/18/2010 T. Erickson © 2010 All Rights Reserved 5
- 6. WHAT IS RISK MANAGEMENT? “One should expect that the expected can be prevented, but the unexpected should have been expected.” Augustine’s Law of Amplification of Agony, (Number XLV) 5/18/2010 T. Erickson © 2010 All Rights Reserved 6
- 7. WHAT IS RISK MANAGEMENT? Fundamental skill A management tool Hypothetical problem analysis 5/18/2010 T. Erickson © 2010 All Rights Reserved 7
- 8. PRINCIPLES Goals Responses Management Plans Uncertainties 5/18/2010 T. Erickson © 2010 All Rights Reserved 8
- 9. EXAMPLE Taking a Trip Goals Plans Uncertainties Responses Management 5/18/2010 T. Erickson © 2010 All Rights Reserved 9
- 10. GOALS “As you travel on through life, Brother, whatever be your goal, Keep your eye upon the doughnut, Not upon the hole” Mayflower Doughnut Shop, 1956 ““If you don't know where you are going, you might wind up someplace else.” Yogi Berra 5/18/2010 T. Erickson © 2010 All Rights Reserved 10
- 11. BASICS Importance of a focus Knowing when you are there S.M.A.R.T. 5/18/2010 T. Erickson © 2010 All Rights Reserved 11
- 12. EXAMPLE - GOALS Goal: Arrive at Grandma’s house for Thanksgiving dinner by 4pm. 5/18/2010 T. Erickson © 2010 All Rights Reserved 12
- 13. PLANS “Living consists of figuring out what to do next.” Unknown “The plan is nothing; planning is everything.” Gen. Dwight D Eisenhower 5/18/2010 T. Erickson © 2010 All Rights Reserved 13
- 14. THE BASICS Actions Conditions Assumptions Plans 5/18/2010 T. Erickson © 2010 All Rights Reserved 14
- 15. REFINEMENTS Precedence relationships Hierarchies of plans. 5/18/2010 T. Erickson © 2010 All Rights Reserved 15
- 16. EXAMPLE - PLANS Actions: Bake the sweet potatoes, pack the car, take I-66, stop for lunch, take I-85 Conditions: Dry road, get up on time, good health, available fuel 5/18/2010 T. Erickson © 2010 All Rights Reserved 16
- 17. UNCERTAINTIES “Life is what happen to you while you are making other plans.” John Lennon 5/18/2010 T. Erickson © 2010 All Rights Reserved 17
- 18. THE BASICS Uncertainties Threat Opportunity Likelihood Impact Velocity Triggers 5/18/2010 T. Erickson © 2010 All Rights Reserved 18
- 19. REFINEMENTS Identification Hypothetical problem analysis Probabilities Consequences 5/18/2010 T. Erickson © 2010 All Rights Reserved 19
- 20. PROBLEM ANALYSIS Action Action Action Conditio n Problem Action Conditio Action n Conditio n Conditio n Time Now The Past 5/18/2010 T. Erickson © 2010 All Rights Reserved 20
- 21. HYPOTHETICAL PROBLEM ANALYSIS ? Goal Time Now The Future 5/18/2010 T. Erickson © 2010 All Rights Reserved 21
- 22. EXAMPLE - UNCERTAINTIES Threats Flat tire, rain, bridge out, run out of gas, Opportunities New route, less traffic than expected Events and Conditions 5/18/2010 T. Erickson © 2010 All Rights Reserved 22
- 23. RESPONSES “Delay is the deadliest form of denial” Parkinson’s Law of Delay 5/18/2010 T. Erickson © 2010 All Rights Reserved 23
- 24. THE BASICS Mitigations Proactive Promotions Contingencies Reactive Exploitations Triggers 5/18/2010 T. Erickson © 2010 All Rights Reserved 24
- 25. REFINEMENTS Prevention Mistake-proofing Controls Process Assets 5/18/2010 T. Erickson © 2010 All Rights Reserved 25
- 26. EXAMPLE - RESPONSES Mitigations: Check tire conditions and spare; stay alert; service car before trip, fill tank at start Promotions: Update maps, GPS data Contingencies: Spare tire, insurance, AAA, extra gas can, cell phone Exploitations: New favorite restaurant on the route. 5/18/2010 T. Erickson © 2010 All Rights Reserved 26
- 27. MANAGEMENT “It isn’t that things will necessarily go wrong, but rather that they will take so much more time and effort than you think, if they are not to.” Wolf’s Law 5/18/2010 T. Erickson © 2010 All Rights Reserved 27
- 28. THE BASICS Decisions, Decisions, Decisions. . . Priorities Tolerance Nothing is so constant as change 5/18/2010 T. Erickson © 2010 All Rights Reserved 28
- 29. REFINEMENTS Plan Priorities Mitigation /Opportunity Priorities Contingency/ Exploitation Priorities Risk Tolerance Mitigation/ Contingent Action Tolerance 5/18/2010 T. Erickson © 2010 All Rights Reserved 29
- 30. EXAMPLE - MANAGEMENT Decisions: Plan: Should I try a different route? Mitigation: Should I buy new tires? Get a new car? Contingencies: Should I update my AAA membership? Should I buy a GPS? Changes: Assumptions: Do I need to remind my brother to bring the green bean casserole? Conditions: Do I need to worry about the weather? 5/18/2010 T. Erickson © 2010 All Rights Reserved 30
- 31. WRAP-UP Goals Responses Management Plans Uncertainties 5/18/2010 T. Erickson © 2010 All Rights Reserved 31
- 32. FINAL THOUGHTS Risks are not Problems Risk Management is not optional - or avoidable! If we work at it hard enough we can make it really complicated! 5/18/2010 T. Erickson © 2010 All Rights Reserved 32
- 33. Murphy Lives! Be Ready For Him! 5/18/2010 T. Erickson © 2010 All Rights Reserved 33
- 34. Questions? 5/18/2010 T. Erickson © 2010 All Rights Reserved 34
- 35. Contact Information: Tom Erickson, P.E., PgMP An Enterprise Agilist Email: terickson@apnbok.com Mobile: 703.201.0021 5/18/2010 T. Erickson © 2010 All Rights Reserved 35
Editor's Notes
- This presentation discusses the 1st Principles common to all risk management. For each of the principles, I will review the basics of each element, then touch on a few refinements you may find useful. Throughout the pitch we will develop a practical example, something everyone can relate to.So, what is risk management? For that matter, what is risk?
- What is Risk? Here is a dictionary definition.In short, risk is a measure of uncertainty. Too often the second definition is the one we use, however in risk management, the other three definitions are less confusing. As we will see, there are better terms for describing uncertainty. A planned event or desired goal or objective may be AT risk from an uncertain condition or unplanned event, but it is not A risk.
- Fundamental Skill: also known as thinking ahead, preparing for the future, seeing around cornersHypothetical: A.K.A. mistake proofing, planning for problems, Management: A.K.A. planning for problems; not a separated specialty, must provide
- You can count the fundamentals of risk management on one hand. There are five elements common to all risk management activities, from the boardroom to the back room, from the enterprise to the individual.. . . .
- 1. Trip Goals. Objective: Get there!2. The Plan: preparation, travel route, including essential and non-essential items3. Threats: Flat tire, accident, breakdown, run out of gas4. Opportunities: New road,5. Mitigations: Check tire conditions and spare; stay alert, avoid bad weather; service car before trip; fill tank at start6. Promotions: Update maps, GPS data7. Contingencies: Spare tire, insurance, AAA, extra gas can, cell phone to call for help8. Exploitations:9. Triggers: 10. Management:
- Goals and objectives are desired events or conditions. They may also be called expectations, expected results, desired outcomes or other labels, but they all represent the end point of a journey. Goals or objectives should be well defined, specific and measurable. It is important to know when you are done so you can devote resources to new or other goals and objectives.
- SMART stands for Specific, Measurable, Attainable, Relevant, and Time-based.
- Trip Goals. Objective: Get there!How could we define a goal for our trip?Is it SMART?
- "how am I gonna do that?!"Plans should include both events and conditions.
- If a goal or objective represents the end of a journey, a plan represents the journey itself. A plan is a set of presumed-certain necessary and sufficient actions and conditions designed to achieve one or more goals or objectives. Activities and ArtifactsActions and ConditionsOne man's goal is another man's planA goal or objective may be the outcome of a single action or multiple actions and conditions. Most corporate objectives require a complex sequence of actions and conditions to achieve.An action is any time-variant transformational process whose output depends on its initial inputs or stimulus. If the process obeys laws of physics and, along with the inputs are sufficiently well known, the output is predictable and repeatable. The time scale may be very short, or very long, and the process may be mechanical, electrical, chemical, physical or human, but so long as the process obeys the laws of physics and all inputs and stimuli are known, the output is predictable.A Condition is a time-invariant characteristic that exists at the same time as an action, and may influence the event, but is not transformed or affected by the event. Sunlight on a cloudless day is a condition. Removing an ice cream cone from the freezer is an action. That the ice cream cone melts rapidly when exposed to the sun is a consequence of the action. The melting does not alter the condition - the sun still shines. However, the condition does alter the outcome of the action - the ice cream cone melts more rapidly than it would if it were a cloudy day.Assumptions are the events and conditions that can affect your plan, but which you do not control, and probably can't influence.
- Most often the actions and conditions in a plan are designed to occur in a particular sequence. In that case the actions have precedence relationships, i.e. a condition or outcome of one event is required for the successful completion of another event.Plans are often hierarchical. Each action on the plan may represent a complete set of subordinate actions and conditions.
- The Plan: Actions: preparation, travel route, including essential and non-essential itemsConditions: Good weather, good health, available fuel
- Emphasize terminology – “I am on a one-man campaign to clarify the conversations – bear with me while I explain.”
- Uncertainties are actions and conditions whose occurrence is not presumed-certain. Also called Speculations, Suppositions, because they happen in the future (if they happen at all) and their impact is unsure.Can be stated in the form "What if..." or "Suppose that..."Caution: "If- Then" forms of threat or opportunity statements tend to limit creativity.A threat is an uncertain action or condition that might have a negative impact on a goal, objective or expectation. Emphasis on the word MIGHT. The purpose of threat management in any risk management system is to identify threats, and to reduce their likelihood or their negative impact (or both ) through carefully selectedmitigation actions, and to plan how to respond (called contingencies) should the threat occur despite our best efforts.An opportunity is an uncertain action or condition that might have a positive impact on a goal, objective or expectation. Emphasis on the word MIGHT. The purpose of opportunity management in any risk management system is to identify opportunities and to encourage their likelihood or their positive impact (called promotions), or both and to plan our response (called exploitations) should the opportunity occur, with our without our help.Likelihood is a qualitative estimate of uncertainty, particularly the uncertainty of a threat's or opportunity's occurrence. It is qualitative because it is necessarily imprecise, often subjective. By comparison, probability is a quantitative estimate of a threat's or opportunity's occurrence, usually as the outcome of a mathematical model validated with physical evidence. Risk management more often uses likelihood rather than probability to describe uncertainty because the uncertainty of a threat or opportunity is seldom amenable to mathematical modeling.Impact describes the negative effect of a threat or the positive impact of an opportunity on a goal, objective or plan. It may be expressed qualitatively or quantitatively, in the latter often in financial terms.Tip: Estimate impact by the cost of the selected mitigations/promotions and contingency/ exploitation actions.Velocity describes the effect of time on a threat or opportunity. It is also called urgency, or time horizon. Understanding when a threat or opportunity might materialize is essential to make rational decisions about how much the organization is willing to spend to mitigate a threat, promote an opportunity or plan a contingent or exploitive action. It is also useful to know when the threat or opportunity has passed.Triggers are early-warning signs. They are actions or conditions that predict when defined threats and opportunities might occur. They are crucial to proactive risk management because they allow early and possibly graduated mitigation and promotion responses. If triggers are not identified, too often the organization must react to threats and opportunities, rather than prepare for them.
- Identifying threats means looking for the actions and conditions that are not incorporated into your plan that could change the outcome of the plan actions, or alter the assumed conditions.Identifying threats is a creative exercise, because it involves developing hypotheses for future actions and conditions that may not materialize.Hypothetical problem analysis: you can think of uncertainty identification as an exercise in hypothetical problem analysis – more to come on that subject.A risk is a probability - a measure of likeliness. People sometimes use the term to mean an existing condition that may not have met expectations, but it is most often used to mean an action or condition that has not happened yet.The likelihood of an uncertainty occurring is measured as a probability. Getting the probability correct is more important than getting it accurate. A probability calculated at 36.829% is not useful if the probability is actually about 70%.All actions bear consequences. Unplanned, unexpected, or undesirable actions or conditions bear consequences for our goals and objectives. Objectively quantifying those consequences helps later when we have to make management decisions about mitigations and contingencies.
- From “Apollo Root Cause Analysis”, Dean L. Gano, Apollonian Publications, 2008.
- 3. Threats: Flat tire, accident, breakdown, run out of gas, gas stations closed, cell phone battery dies4. Opportunities: New road, less traffic
- So you think something might happen to derail your plan, put your objective at risk. What are you going to do about it? Carefully selected actions, both proactive and reactive, can reduce the likelihood or impact of a threat, or increase the likelihood or impact of an opportunity.
- A mitigation is a new action or condition added to a plan to respond to a defined threat. Mitigations may be designed to reduce the likelihood of the threat, to delay its possible occurrence, or to reduce its potential impact.Mitigations are proactive responses.A.K.A., Prevention or Probability ReductionYou need to know what to do to head off the derailers"what could I do to prevent the derailers?""let's head 'em off at the pass!""Which of these should I bother with?“A contingency is a new action or condition added to a plan to respond to a threat if it occurs despite best efforts to mitigate it. Because they happen after the fact, contingencies can only reduce the impact of the threat after it has occurred. Nevertheless, knowing that a threat may not occur, it is sometimes more cost-effective to plan contingencies than expend resources on mitigation activities.Contingencies are reactive responses.A promotion is a new action or condition added to a plan to respond to a defined opportunity. Promotions may be designed to increase the likelihood of the threat, to move up its possible occurrence, or to increase its potential impact.An exploitation is a new action or condition added to a plan to respond to an opportunity after it occurs. Because they happen after the fact, exploitations can only increase the impact of the opportunity. Nevertheless, knowing that an opportunity may not occur despite the best efforts, it is sometimes more cost-effective to plan exploitations than expend resources on promotion activities.
- Prevention:Process assets, a.k.a. Controls, are mitigation activities. Most are intended to prevent problems or minimize impacts.
- Mitigations: Check tire conditions and spare; stay alert, avoid bad weather; service car before trip; fill tank at startPromotions: Update maps, GPS dataContingencies: Spare tire, insurance, AAA, extra gas can, cell phone to call for helpExploitations: New favorite restaurant on the road
- * Risk management is for managers* Risk management is not optional; it is not avoidable* Risk management cannot be segregated from other management tasks* Risk management is a planning and execution activity* Risk management is not an engineering specialty
- Good risk management needs good decision making. You will make decisions about which events and conditions to protect, which preventive actions (suppositions and speculations) to mitigate or promote, which reactive actions (contingencies and exploitations) to engage, and when (triggers).Priorities: You need to know what in the plan needs protection."how do I get the biggest bang for the buck?""What is most important?""Where's the beef?!““How much is enough?”Tolerance: A.K.A. Decision thresholdsChange: You need to maintain the information and the guesses, and revise the plan as events and conditions change."what happens if conditions change?"
- Plan priorities: "What is most important? Which actions and/or conditions could have the greatest impact? Which are the most likely to miss expectations?“Mitigation/Promotion priorities: It is usually impractical to mitigate all threats to a zero likelihood or zero impact, nor is it always necessary. Resources spent on mitigation or promotion detract from resources necessary for executing the plan. Sometimes it is a better idea to accept some risk and wait for the threat to occur and if it does, then engage the contingent plans. Mitigations and promotions must be balanced with contingencies and exploitations respectively.Contingency/Exploitation priorities: "what is the most cost-effective way to reduce the impact?“Risk Tolerance: "what level of uncertainty am I willing to gamble with for this set of goals/objectives?“Mitigation/Contingent Action Tolerance: "how much can you afford to spend on mitigation before exceeding the expected value?"“How much can I tolerate the consequences?"“How much can I afford to spend on contingencies?“
- 10. Management: Which are the most important actions or conditions?Which uncertainties are most likely or have the greatest impact?Which contingencies are the best to employ? How will we know when to use them?
- You can count the fundamentals of risk management on one hand. There are five elements common to all risk management activities, from the boardroom to the back room, from the enterprise to the individual.. . . .