Risk Managment
Terms
undefined, object
copy deck
- What are Risk Management Best Practice Framework?
-
1. Set Culture adn Incentives
2. Assign responsibility accountabitiy, authority
3. Understand risk benefit trade offis and choose strategy
4. Analyze your risk drivers and plan your risk mgt accordingly
5. Learn and leverage lessons from past programs
6. Immplement and execute a) Risk Mgt b) Opportunity Mgt c) Include the subcontractors fellow team members
7. Monitor and improve risk managemetn effectiveness and program management decision quality
8. Link financials (e.g, EBIT booking, size and allocations of reserves)to risk analysis
9. Work with the customer
10. Metrics
11. Education
12. Tools
13. Transferrable Assets - What is Risk/Opportunity Management?
- is a proactive process conducted according to a documented plan to identify potential problems and alternative solutions enhancing the overall probality of achieving program and businesss objectives by identifying, analying, and assessing risk/opportunity areas, implementing handling/implementation actions,a nd monitoring the action to completion.
- So What guidelines must I use?
-
Business areas are audited on Corporate Policy Statement (CPS-070)
Business Areas and Business Units establish their own requirments based on past history; corporate policy; business areas/business unit peculiarities; program requirements - How is Risk Defined?
- The possibilities that a future event should occur, will have an adverse effect on projects objectives including costs, schedule, or technical. The source of the risk can be identified and its probability of occurence and impact on the project objectives quanitified. The process of firsk identification and assessment is to turn potential probelsm and "unknown unkonws")uncertainty into risk for the purpose of better managing the projects
- So what are some of these risk concerns?
- Product Delivery and Exposure Management
- What is product delivery?
- Ability and knowledge to identifying the threats to the program and being able to deliver product to the customer. This product should be delivered on a deadline or a baseline. The delivery process is evaluated for the probability and impact if a failure should occur.
- What is exposure management?
- This has to do with meeting the concerns of the stakeholders. This threat is evaluated on the cost/schedule/performance if a failure occurs and program exposure as a function of the aggrevated factored exposure for each risk identified.
- What is involved in the Basic Risk Management Process?
- Planning; Assessment; Handling; and Monitoring.
- What is involved in the planning process?
- Contractural requirements; Define risk approach; Define Risk Organization; Identify Risk Manager; Communicate Plan
- Assessmentwhat is involved in this process?
- Identification, analysis, qualitative, quantitative, prioritization
- What is involved in the handling process?
- Develop controls, implement controls
- What is involved with monitoring and reporting?
- Communication & Feedback
- What is the Capture Manager/Program Manager responsible for?
- Ensuring that Risk Management is conducted properly and that delegated functions are supporting RM Activity appropriatly.
- What positions or parties are involved win the Risk Managment Activities?
- Capture/Program Manager, Chief Engineer, subcontractors, and customer personnel.
- What is Risk Management?
- Risk Managment is the art and science of planning for identifying, assessing, handling, and monitoring a project risk through the program life cycle leading to the most desirable outcome possible with teh goasl and constraints of the organization.
- What phase the risk management begin?
- Risk Management begings durng the earliest months of the capture phase.
- Why do risk management/
- Required by program management policy; earlier identification of potential problems during capture phase; promotes teamwork by involving personnel at all levels of the project; is a significant part of the Price to Win and Design to Value process; perform tradeoffs based on priorities and quantified assessments
- What is essential to success?
- Integrating risk management activities into your program's rhythm of business is essential to success.
- What should be reviewed at regularly scheduled meetings?
- Risks, oppotunities and other relevant issues.
- Who is involved itn the risk management enviroment?
- Enviroment, scheduling, technical, people, configure management, safety, budget, human resources, quality, contracts etc
- A risk is?
- the potential for realizing unwanted negative consequences of an unusual threat. It is the future undesirable event may or many not occur.
- What is problem?
- Once the undesirable event occurs and the adverse impact is realized it is no longer a riks. This event needs to be handled by corrective measures.
- Are corrective active or the implementation of proactive risk mitigation actions less costly and why?
- Proactive mitigation actions are less costly that corrective actions and are far less costly.
- What should be kept on a watch list?
- Trigger events should be kept on a watch list. These events should be monitored until they no longer represent an exposure to the program.
- What does risk involve?
- Risk involves the probality that undesired event will occure.
- What does exposure equal?
- Probability Impact
- What are known risks?
- Requires financial and schedule reserves; Affects WBA; Handling actions is included in baseline plan, involves continguency plan and reserve funding in case handling action fail, identified and actively manageduntil reduced to an acceptable level.
- What are unknown risks?
- requires financial schedule reserves; affects the WBS when these become known; handling actions willb e aded to baseline plan; involves contiguency plan and reserve funding in case handling action fail; when identified, actively managed until reduced to an acceptable leve.
- What are some key tenets of risk management?
- risk management is only effective if program manager owns it; technical risk management is usually the responsiblity of the Chief Engineer; all members of the team must understand their roles relative to risk management; customer participation in risk managemetn throuhgout the program life cycle is foundation for an effective partnership; program risk management strategy mush be based on progam risk drivers and critical success criteria as expressed int in program objectives, constraints and risk tolerance; use independent reviews and lesson learned; Assess/audit the effectiveness of "as practiced" risk management; evaluate/adapt your risk managemetn as a function of type and phase of the program; ensure risk management is performed at subcontractors, teammates, and key suppliers consistent with your needs to assure mission succes; Use risk managemetn as a means for identifying opportunities; integrate risk management with Design to Value
- What are some best practice considerations?
- Create a culture that encourages early identification of risks and sets the right behavioral incentives for program manager and team members; don't shoot the messager; conduct multi-level reviews; look at how effectively risks are managed and mitigated not just how many risks there are-aligned incentives accordinly; use risk management as a mean for identifying opportunities; reward risk managers-don't reward fire fighters in public; risk management involves everyone on the team; it is not a position but is a culture; the risk management owner is the Program Manager-it is not a risk analyst, risk manager, or risk item owner; everyone on the program mus be looking after everyone else, everyone wmust be involved in identifying risks.
- What is complete indentification of risk management?
- Tailoring of risk processes, definition of risk organization, definition of customer and supplier involvement, and other management issues in this step.
- Planning is ?
- Contractural requirement; defined risk approach; defined risk organization; identify risk manager; communication plan
- Assessment is?
- Identification; Analysis; Qualitative; Quanitative; Priorization
- How to handle?
- Develop Controls and Implement Controls
- What is monitoring?
- Communicate and Give Feedback
- Steps in the Management Plan?
- Overview; Schedule; Budget; Configuration Management Plan; Risk Management Plan
- Good risk management require...
- a strategic approach to managing risk over the life of the program
- Good risk management asks some of these questions
-
What are the program goals; What should the program take? Which should it be averse to?
What are some of the key decision that need to be made? When must the decision be made? What criteria should be used in the decision making? Are there risks that the program will carry ie intentioally take no action until later in the program; Are there mitigation actions that should be taken now as an option against future problems? - Thee stategy should consider?
- Technical; schedule; regulatory; cost; funding; customer; enviroment; production etc
- Risk management will include the following content:
- Risk Management Strategy; Roles and responsiblities of customer; and major subcontractors; overview of the risk management process; references to required documents (policies; procedures; process etc); Plans for measuring compliance with corporate or business area policy, the risk management process and the required documents; training requirement; risk management database: descriptions of software, content; outputs, maintenance of riks history status); Required resources; cost, schedules, technical, and financial opportunity management; Tracking the impact initiatives as opportunities, or as riks if already incorporated into the program estimate as completion; integrating risk management results into program performance management; plans for tracking risks identified during the capture phase (through Independent Non Advocate Review, Independent Cost Evaluation, Executive Planning Panel, etc.)throughout the program executiion phase; implementation schedules and milestones
- What is involved in risk identification?
- Finance, Engineering, Program Management, Scheduling
- Risk Management Committee
- Risk Manager, Engineering, Scheduling, Product Support, Program Managment, Quality, SPM, Finance, Customer, Subcontractors, Risk Support
- Why a working group?
- At all levels the program (Program, IPT, Branch) the risk working groups should have the key leaders, responsible for identification, handling, and monitoring of risks; Make risks, plans, actions, concerns, forecasts, and progress known, ensure the visability of risk information, to enable all project members to participate in defining and managing risks, Ensure understanding of risksa nd mitigation plans; Establishes and effective, ongoing dialog between the manager and the project team, ensures appropriate attentin is focused on issues and concerns
- What about the customer?
- Open communicaiton with the customer is a key component of good program management-the customer can help to both identify and resolve risks; As with any other program review, risk should be a standard part of any customer program review agenda; Incorporate customer representatives on risk working groups and corrective action boards that impact risk and opportunity management
- What goes on a master schedule?
- Contract Award; System PDR; Engine; CDR; Delivery to System (I&T); Diver & Structure; CDR:; Delivery to System; Catcher; Delivery to System; Control Module:CDR, SW CDR, SW to SW I & T; Control Module HWE & SW to System I & T; Auxiary; Deliver to System, System I & T
- Identification Activites
- Individual Uncertainties; Group Team Uncertainties; Project Data; Statement of Risk; LIsk of Risks
- What areas of the business are involved with identification?
- Risk Working Group; Customer PM and Staff; Engineering Staff; Corporate Resources
- Identification
-
Identification of Risks
Lessons Learned
The Risk Statement - Identification of risk from?
-
Statement of Work
Customer Perceptiosn and Expectations
Customer Identified Risks
Work Breakdown Structure Dictionary Concept of Operation and Specification Documents; Bid Documentation, Business Development Alerts; Staffing Profiles, Organizations Performance History, Aggressiveness of Acceptance Criteria, Customer Past History, Other contractrs, consultants, experts, etc. - What not learn from what we have learned?
- The rool cause of problems occur repeatedly learning lessons from other program problems is an expensive and higly effective way to avoid repeating those problems, Lessons can be learned from programs that are both similar and dissimilar; A variety of inexpensive ways can be used to transfer lesson learned team briefings, negative thinking, and analysis of documented problems); Regularily review the lessons learned, within your program, at regular intervals throughout the program; If a lesson learned data base is being used, make sure taht all members of the program team have access and it is user friendly.
- What are some frequently experience risks?
-
Incomplete understanidn of customer problems
Incomplete understanding of our offered solution
Required resources are missing on misdeployed
In effective program management and process control compromises - Incomplete Understanding of Customer Problems
- Customer does not convey problem clearily either within RTP or duing program execution; Customer requirements change over time and the contractor is not in step with the changes; There is a common understandingof the customr at various levels; The contractor does not possess doman understanding to transition key opperational requirements into technical solutions; Customer organizations change and the contractor does not understand their view of requirements; Requirements change due to the mission, budgets, priorities, poliy or politics; The customer the end user has changing requirements which are not captured by the acquisiton community; The acquisition customer and the end user are different and each has its own and sometimes conflicting requirements; Acceptance tests/sell off criteria between the contractor and the customer/user are misunderstood, ill defined in the proposal, and remain open well into the contract
- Incomplete Understanding of Our Offered Solutions
- The proposal team did not adequately assess the technical solution and risks to achieve what the customer wanted; Integrated T/S?C baselines were not developed or not committed to by the project team and the productivity and reuse potential is overstated; On software intensive programs, cost estimation modeling tools are not used to assess the realism of staffing and productivity versus schedule commitmetnt; Managing with COTS/NDI lacks a basis of estimate and understanding of performance and functional limitations. NDI is used on faith and is poorly documented. COTS does not perform as anticipated and/opr in accordance with vendor provided information; Did not plan for product updates, vendor inability or fallback options, Incomplete communication of softwar architecture to the implementation team; Underestimation of how much computer processing is required of the target hardware.
- Required Resources are Missing or Mis-Deployed
- The project is not staffed with necessary talent (skills or numbers); Key members of the Program Team are inadequate; IPt's were not established as part of the proposal proces and continuted into contract performance; Indadequate attention is given to the learing curve and attrition/turnover; Ignoring "culture." of partners when building team; especially international customers with significant business and lifestyle and cultural differences; Excessive reliance on review, and inspections to ensure quality products; Methodoloty, developmet of tools and envirment are not established early and kept stable with the needed capacity /data to test in house and after development; Naive dependency on tools, methodologies and technologies especially leading edge technologies in support of the development and system integration process
- Ineffective Program Managment Process/Control Compromises
- Balanced customer communication is not maintained; The technical baseline is not controlled; ECP's to the contract baseline are poorly assessed, especially those early in the development cycle; The contract baseline is not coordinated with the technical schedule cost baseline on the project; Risks are not identified or managed; Subcontracts are not definitized and negotiated at the contract set ups or before; Subcontractors are not selected or managed effectively; Excessive costs/schedule pressures, intenally or from the customer, result in compromises to the process and technical quality; Proces/procedures are changed with implementing alternative ways to satify basic business operations; Discrepancies between desired and actual outcomes are not visible in a timely fashion or are ignored; Small programs cannot readily apply practices and processes developed for large programs.
- The Risk Statement
-
Condition
Consequences
Contexr - The purpose of capturing risk is?
- to arrive at a concise description of risk, which can be understook and acted upon
- Description of capturing risk?
- Captures the condition that is causing concern for a potential loss to the projcet, followed by a brief description of the potential consequences of this condition
- Elements of a Good Risk Management Statement
-
Is it clear in concise?
Will most project members understand it?
Is there a clear condition or souce of concern?
Is the consequences clear?
Is there only one condition followed by one or more consequences? - Capturing the Context of Risk!!
- Purpose: Provide enough additional information about the reisk to ensure that the original intent o fthe risk can be understood by other personnel, particularly after time has passed
- Capturing the Context of Risk:
- Description: Capture additional informatin regarding the circumstances, events, and interrelationships not described in the statement of risk.
- Context factors
- Contributing factors; Risk Source; Circumstances; Related Issues; Interrelationships
- Effective Context Captures?
- What, when, where, how, and why of the risks by describing the circumstances, contributing factores, and related issues(background and additional information that are not in the risk statement).
- A good risk statement contains?
-
Only one condition
Contains at least one consequences
Is clear and concise
*0% have timing considerations - Good Context
-
Provides further information not in the risk statement
Ensures that the original intent of the risk can be understodod by other personnel, even after time has passed. - Capturing at Risk Statement
- Purpose & Description
- Purpose
- to arrive at a concise description of risk, which can be understood and acted upon
- Description
- captures the condition that is causing concern for a potential loss to the project, followed by a brief description of the potential consequences of this condition
- Analysis
- Evaluating, Classifying, Set of Risks
- Evaluating Risk There are 7 Approaches
-
Brainstorming
Sensitivity Analysis
Probability Analysis
Delphi Method
Monte Carlo
Decision Tree Analysis
Criteria Based Probability and Impact Analysis - Monte Carlo
- Based on probability for range of variable, Values are selected for each variable; for example, worst case, best case, most likely case; Applicable to cost and schedule modeling; Results will provide probability of levels of success over time or budge to complete a desired objective
- Criteria Based Probalitiy and Impact Analysis
- Use of templates that have pre-determined criteria for determining probability and impact; Range from very simple to extensive and complex; Important taht the right balance occure in developing the template approach; Previous analysis techniques may be predecessors/input to this method of determining probability and impact
- Classifying Risks
- Purpose: To determine how muliple risks relate to each other within a given structure. Allow us to efficiently sort through large amounts of data; Description: Involves grouping risks based on shared characteristics. The groups of classes show relationships among the risks; Examples of Classifications: Design, Development, Integrations and Test, Production, Logistics
- Dealing with set of risks
- During classification, it may be decided that some risks should be handled and tracked as a set.
- During the classification it may bed decided that some risks should be handled and tracted as a set, when this happens?
- Create a summary risk statement, assign new ID but maintain linkages to original risks: keep all context/move individual risk statements and Id# to context; Keep the worse case impact, probability, and timeframe attribute evaluations; update database
- Classifications
- Design, Development, Integration and test, Production, Logistics
- Probability Categories
-
Program Management
Technology
Supportability
Design Engineering Process
Design Engineering Requirement
Manufacturing - Probaility of Risk Occurrence Assessment Criteria-Program Managment
- The risks of system performance due to uncertainties of baseline management. This category also includes risk associated with future funing, contract awards, customer relationships, and general health or customer relationships.
- Risk Scoring
- A way of numerically prioritizing risks that is decribed in detail in your risk managment plan, The interaction of the probability Row and the Impact Column yields a value that determines the priority order for the risk. 0.9= highest & 0.1=lowest; Use the Overall "P" & "i rating on your Risk Assessment from and create a priority ordered list.