RISK MANAGEMENT

RISK MANAGEMENT PROCESS

SMME

Where science is converted into technology

STEP3: RISK RESPONSE DEVELOPMENT

S M M E

When a risk event is identified and assessed, a decision must be made concerning which response is appropriate for the specific event. Responses to risk can be classified as Mitigating Avoiding Transferring Sharing Retaining

STEP3: RISK RESPONSE DEVELOPMENT

S M M E

Mitigating Risk:
Reducing risk is usually the first alternative considered. There are basically two strategies for mitigating risk:
Reduce the likelihood that the event will occur Reduce the impact that the adverse event would have on the project. Testing and prototyping are frequently used to prevent problems from surfacing later in a project.

STEP3: RISK RESPONSE DEVELOPMENT

S M M E

An example of testing can be found in an information systems project. The project team was responsible for installing a new operating system in their parent company. Before implementing the project, the team tested the new system on a smaller isolated network. By doing so they discovered a variety of problems and were able to come up with solutions prior to implementation. The team still encountered problems with the installation but the number and severity were greatly reduced.

STEP3: RISK RESPONSE DEVELOPMENT

S M M E

Often identifying the root causes of an event is useful. For example, the fear that a vendor will be unable to supply customized components on time may be attributable to (1) poor vendor relationships, (2) design miscommunication, and (3) lack of motivation. As a result of this analysis the project manager may decide to take his counterpart to lunch to clear the air, invite the vendor to attend design meetings, and restructure the contract to include incentives for on-time delivery. Other examples of reducing the probability of risks occurring are scheduling outdoor work during the summer months, investing in up-front safety training, and choosing high-quality materials and equipment.
6

STEP3: RISK RESPONSE DEVELOPMENT

S M M E

For example, a bridge-building project illustrates risk

reduction. A new bridge project for a coastal port was to use an innovative, continuous cement-pouring process developed by an Australian firm to save large sums of money and time. The major risk was that the continuous pouring process for each major section of the bridge could not be interrupted. Any interruption would require that the whole cement section (hundreds of cubic yards) be torn down and started over. An assessment of possible risks centered on delivery of the cement from the cement factory. Trucks could be delayed, or the factory could break down. Such risks would result in tremendous rework costs and delays.

STEP3: RISK RESPONSE DEVELOPMENT

S M M E

Example(continued..) Risk was reduced by having two

additional portable cement plants built nearby on different highways within 20 miles of the bridge project in case the main factory supply was interrupted. These two portable plants carried raw materials for a whole bridge section, and extra trucks were on immediate standby each time continuous pouring was required.

STEP3: RISK RESPONSE DEVELOPMENT

S M M E

Avoiding Risk
Risk avoidance is changing the project plan to eliminate the risk or condition. Although it is impossible to eliminate all risk events, some specific risks may be avoided before you launch the project. For example, adopting proven technology instead of experimental technology can eliminate technical failure. Choosing an Australian supplier as opposed to an Indonesian supplier would virtually eliminate the chance that political unrest would disrupt the supply of critical materials.
9

STEP3: RISK RESPONSE DEVELOPMENT

S M M E

Transferring Risk
Passing risk to another party is common; this transfer does not change risk. Passing risk to another party almost always results in paying a premium for this exemption. Fixed-price contracts are the classic example of transferring risk from an owner to a contractor. The contractor understands his or her firm will pay for any risk event that materializes; therefore, a monetary risk factor is added to the contract bid price. Before deciding to transfer risk, the owner should decide which party can best control activities that would lead to the risk occurring.
10

STEP3: RISK RESPONSE DEVELOPMENT

S M M E

Retaining Risk
In some cases a conscious decision is made to accept the risk of an event occurring. Some risks are so large it is not feasible to consider transferring or reducing the event. The risk is retained by developing a contingency plan to implement if the risk materializes. In a few cases a risk event can be ignored and a cost overrun accepted should the risk event occur.

11

STEP3: RISK RESPONSE DEVELOPMENT

S M M E

A contingency plan is an alternative plan that will be used if a possible foreseen risk event becomes a reality. The contingency plan represents actions that will reduce or mitigate the negative impact of the risk event. A key distinction between a risk response and a contingency plan is that a response is part of the actual implementation plan and action is taken before the risk can materialize, while a contingency plan is not part of the initial implementation plan and only goes into effect after the risk is recognized. Like all plans, the contingency plan answers the questions of what, where, when, and how much action will take place
12

STEP3: RISK RESPONSE DEVELOPMENT

S M M E

Example:
A high-tech niche computer company intends to introduce a new platform product at a very specific target date. The projects 47 teams all agree delays will not be acceptable. Their contingency plans for two large component suppliers demonstrate how seriously risk management is viewed. One suppliers plant sits on the San Andreas Fault, which is prone to earthquakes. The contingency plan has an alternative supplier, who is constantly updated, producing a replica of the component in another plant. Another key supplier in Toronto, Canada, presents a delivery risk on their due date because of potential bad weather. This contingency plan calls for a chartered plane (already contracted to be on standby) if overland transportation presents a delay problem. To outsiders these plans must seem a bit extreme, but in high-tech industries where time to market is king, risks of identified events are taken seriously.

13

STEP3: RISK RESPONSE DEVELOPMENT

S M M E

Risk response matrices such as the one shown in Figure are useful for summarizing how the project team plans to manage risks that have been identified.
Example of Windows 7 project is used to illustrate this kind of matrix

14

STEP3: RISK RESPONSE DEVELOPMENT

S M M E

Some of the most common methods for handling risk Technical Risk contingency Schedule Risks Cost Risks Funding Risks

Contingency Funding and Time Buffers Budget Reserves Management Reserves Time Buffers

15

STEP 4: RISK RESPONSE CONTROL

S M M E

A major element of the risk control process is change management. Most changes easily fall into three categories: 1. Scope changes in the form of design or additions represent big changes; for example, customer requests for a new feature or a redesign that will improve the product. 2. Implementation of contingency plans, when risk events occur, represent changes in baseline costs and schedules. 3. Improvement changes suggested by project team members represent another category.
16

STEP 4: RISK RESPONSE CONTROL

S M M E

Change management systems involve reporting, controlling, and

recording changes to the project baseline. (Note: Some organizations consider change control systems part of configuration management.) In practice most change management systems are designed to accomplish the following:

1. Identify proposed changes. 2. List expected effects of proposed change(s) on schedule and budget. 3. Review, evaluate, and approve or disapprove changes formally. 4. Negotiate and resolve conflicts of change, conditions, and cost. 5. Communicate changes to parties affected. 6. Assign responsibility for implementing change. 7. Adjust master schedule and budget. 8. Track all changes that are to be implemented
17

STEP 4: RISK RESPONSE CONTROL

On small projects this process may simply entail approval of a small group of stakeholders. On larger projects more elaborate decision-making processes are established, with different processes being used for different kinds of change. For example, changes in performance requirements may require multiple sign-offs, including the project sponsor and client, while switching suppliers may be authorized by the project manager. Regardless of the nature of the project, the goal is to establish the process for introducing necessary changes in the project in a timely and effective manner.
Process Flow
18
S M M E

Change Control Process

STEP 4: RISK RESPONSE CONTROL

change control process is a document. The benefits derived from change control systems are the following:
1. Inconsequential changes are discouraged by the formal process. 2. Costs of changes are maintained in a log. 3. Integrity of the WBS and performance measures is maintained. 4. Allocation and use of budget and management reserve funds are tracked. 5. Responsibility for implementation is clarified. 6. Effect of changes is visible to all parties involved. 7. Implementation of change is monitored. 8. Scope changes will be quickly reflected in baseline and performance measures.
19
S M M E

Assignment #2 1. Given the project information below, what is the probability of completing the National Holiday Toy project in 93 time units?

SMME

Where science is converted into technology

END