RISK MANAGEMENT… MADE EASYpmsymposium.umd.edu › pm2018 › wp-content › uploads ›...

htt

p:/

/pm

sym

pos

ium

.um

d.e

du/p

m20

18/

Susan ParentePMP, PMI-RMP, PMI-ACP, CSM, CSPO, PSM I, CISSP, CRISC, RESILIA, ITIL, MS Eng. Mgmt.Associate Professor, Post University, CT, MBA Program: PM ConcentrationAdjunct Professor, Montclair State University, NJ, MBA Program: Risk Management

2018 Project Management Symposium

RISK MANAGEMENT…MADE EASY

Agendau Definition of Risk Management

u Risk Management Overview

u Risk Management Processu Identification, Assessment, Response Planning,

Execution

u Monitoring, Documentation and Communication

u Applicability to Projects

u Summary

Copyright © 2011 S3 Technologies, LLC

2

Risk Definedu A Risk is an uncertain event or condition, that if it occurs, has a

positive or negative effect on at least one objective

u A Risk is described by the probability that an event will occur and the impact of the consequence of that event should it occur

u Note the Difference Between a Risk and a Problem or Issueu A Risk is an event that may occur in the future

u A Problem or Issue is something that has already occurred and you are dealing with now

Both Risks and Issues must be addressed3

Probability:The Likelihood of OccurrenceThat an Objective Will Not Be Met Using the Current Plan

Impact:The Consequence of OccurrencePenalty Incurred If theObjective Is Not Obtained

Increas

ed

Risk Exp

osure

Increased Impact

Incr

ease

d Pr

obab

ility


Why Manage Risk?

Risk Management is what we have been doing for years as successful PMs, but in a structured &

rigorous manner.4

Image from: NPS (n.d.) Climbing Experience Program. Retrieved from https://www.nps.gov/ciro/planyourvisit/climbing-experience-program.htm

Risk Managementu Risk Management has us inquire in

uncertainty…

uWhat are our project unknowns?

u…known unknowns?

u…unknown unknowns?

u Risk Management provides a capability to quickly and effectively communicate risk information up and down the management chain

5


Benefits of Risk Managementu Identifies existing as well as potential problems

u Describes and classifies risks

u Prioritizes risks so resources may be effectively applied

u Identifies strategies to reduce threat risks

u Minimizes safety risk to personnel

u Provides a structured and systematic review of the processes to manage risk

u Provides ongoing structure for project/ product improvements

u Provides continuous risk communication 6


Benefits of Risk Management

7

Risk Management facilitates

communication by offering processes, mechanisms, and a

common language for stakeholders to identify, define,

evaluate and control risks.

Image from: Pixabay (2016) Retrieved from https://pixabay.com/en/rock-climbers-teamwork-summit-peak-1720497/

Risk Management Processes

u Identificationu Discovery of a potential risk

u Assessmentu Review, analysis, and

prioritizationu Response Planning

u To mitigate, avoid, transfer, accept, escalate threats

u To enhance, exploit, share, accept or escalate opportunities

u Executionu Of response strategies, as

determined in response planning

Assess

Plan ResponseExecute

Identify

8

► Planning, Monitoring, Documentation and Communication§ Foundational for project mgmt. & essential to all processes§ Part of continuous process improvement for the RMP

PlanMonitor

DocumentCommunicate


Risk Identificationu Any and all personnel on a project

are responsible for identifying risks –it’s an everyday part of the job

u It is not necessary to resolve the risk at this stage – simply capture the potential problem

u Identification Methodsu Brainstormingu Checklistsu Cost/Schedule Analysisu Functional/Failure Analysisu Interviewing u Subject Matter Experts

9


ExecuteExecute Plan Plan ResponseResponse

AssessAssessIdentifyIdentify



Risk Identification

If You Haven’t Identified Your Risks,

You're Already Taking Them.

10

Risk Identification

u When is it appropriate to identify a risk?u If the risk poses threats to meeting success

criteria, mission objectives, critical milestones, etc.

u If you need resources to resolve the risk

u If broader awareness is needed

u If the risk presents threats to completing tasks

11






Risk Identification

u Risk Statements are written in a structured manneru State the risk in the format of a “If…, then…”

Statements

uCondition (‘If’) statement - A short, succinct statement that describes the background information and/or description of the problem

uConsequence (‘Then’) statement - A short, succinct statement that describes the key possible outcome(s) of the current conditions

u Consequences should be directly traceable to the event: For example, “If I have a flat tire while commuting to work, then I may not get to work on time”

12






Risk Assessment (Analysis)

u Risk Assessment/Analysis

u What is the probability of the risk occurring?

u What is the impact if the risk occurs?

u Qualitatively (subjective) Ex.: “significant”, “severe”

u Quantitatively (days or dollars) Ex.: 2 days or $10,000

u Both Probability and Impact are determined

u These are used to evaluate the risk:

Qualitative Assessment:

Ex. Risk Score or using the Probability and Impact Matrix

Quantitative Assessment:

Ex. EMV (Expected Monetary Value) = Probability x Impact13






Risk Assessment (Qualitative)

u Use a Probability and Impact Matrix

14






Risk Assessment (Quantitative)

u Results in a quantitative value (dollar or day) for the risk, which is based on the probability and impact of the risk.

u Methods Include:

u Monte Carlo Analysis (and Latin Hypercube)

u EMV (Expected Monetary Value)

u Decision Analysis

15






Response PlanningRisk Response Strategies (for Threat Risks):

u Mitigation: Pre-Event actions to reduce the probability or impact of a risk

u Avoidance: Eliminate the risk producing activity entirely by choosing an alternate approach.

u Transfer: Take actions that redistribute risk to another area. (This does not relieve the responsibility of tracking and closing the risk)

u Accept: Accept the risk as stated with no other action.

u Passive: Accept and do nothing

u Active: Accept and put a plan in place to minimize the impact of the threat, should it occur.

16






Response PlanningRisk Response Strategies (for Opportunity Risks):

u Enhance: Increase the likelihood of the risk event occurring and/or increase the magnitude of its impact.

u Exploit: Pre-Event actions to increase the probability and/or impact of an opportunity risk, to ensure it occurs and is full realized.

u Share: Optimize probability and/or impact of an opportunity risk occurring.

u Accept: Accept the risk as stated with no other action.

u Passive: Accept and do nothing

u Active: Accept and put a plan in place to take advantage of the opportunity, should it occur.

17






Execution

u PMI’s PMBOK Guide 6th Edition calls this Implement Risk Response

u Implement response strategies, as determined during response planning.

u This includes the risk responses of:

u For Threats: Mitigate, Avoid, Transfer, Accept

u For Opportunities: Enhance, Exploit, Share, Accept

18






More Risk Terms

u Secondary Risk: Often the “Consequence” of one risk statement becomes the hazard or “What can go wrong?” for another risk.

u Residual Risks: Risks that remain after implementing the Risk response.

u Risk Trigger: Is an event which when it occurs is a warning that the risk event will soon occur.

u Record & Track risks in a Risk Register

19






Risk Planning, Monitoring, Documentation & Communication

uMonitor, Track and Communicate Risk

uTrack the progress of mitigating the risk.

uCommunicate this information to management and internal and external stakeholders.

u Integration of Risk Management with Cost and Schedule Processes

20






Risk Planning, Monitoring, Documentation & Communication

uEffective Understanding and Prioritization of RisksuFacilitate Early Mitigation, Minimize Project

or Program Issues

uEscalationuEscalate Risks to the management level

where they can be resolved.

uExpedite Elevation of Critical Risks to Upper Management

21






Applicability to Projects

Potential areas for implementation of Risk Management:

uProject Objectives

uProject Management Processes

uInformation Security

uDevelopment

22


Applicability to Projects

Risk Categories:§ Integration

(hardware/software)

§ Logistics Support

§ Manufacturing§ Schedule

§ Technology

§ Budget (funding)

§ Capability of Developer

§ Management Strategies

23


§ Requirements

§ Test/Evaluation

§ Environment

§ Systems Engineering§ Maintenance/

Supportability

§ Portfolio Management

§ Marketing

§ Other…

Summaryü Risk Management is an organized, systematic

decision-making process that efficiently plans, assesses, handles, monitors, and documents risk to increase the likelihood of achieving project goals and decrease the likelihood that a risk would become a future problem

ü Risk Management adds structure and rigor to a fundamental process

ü Risk Management is everyone’s job!That means you!

24


Risk Management

Everyone wants to be doing it. Every thinks everyone else is doing it.

Not many people are actually doing it, and no one is doing it

particularly well…25

Risk Management

S3 Technologies, LLC

Susan Parente

[email protected]

www.s3-tec.com

O: 203-307-5246

26

Please join us on LinkedIn in the

Risk Management Implementation Group

http://www.linkedin.com/groups?mostPopular=&gid=3442533

For discussion and resources on Risk Management and Implementing Risk Management

QUESTIONS?

http://www.linkedin.com/groups?mostPopular=&gid=3442533

27

Additional Information

Risk Identification

u Sample Risk Register:

28

<Project> Risk Register- ThreatsLast Update: <date>Priority (Rank Order)

Probability Impact Exposure (Prob x Impact)

Risk ID #

Risk Type Status Owner POC Risk Statement

Very Low, Low, Med, High, Very High

Minimal, Moderate, Significant, Extensive, Severe

(see key) Ex: HIGH

4-5

1 Technical, Cost, Schedule, Security

Ex: D, DO, DOC, DOCN

First and Last Name Risk defined in "if… then…" statement.

Risk Statement Risk Triggers Risk Strategies Residual Risks or Secondary Risks

Status Notes Date Identified

Risk defined in "if… then…" statement. Mitigation, Avoidance, Transfer, Assume (include both short and long term)

Residual Risk is the risk remaining after employing the response. Secondary Risks are a direct result of the risk response.

History of Risk Status Date Risk was identified


Risk Identification

u Risk Register Fields:

§ Priority

§ Probability

§ Impact

§ Exposure

§ Risk ID #

§ Risk Type

§ Status

29

§ Owner§ POC§ Risk Statement§ Risk Triggers§ Status§ Date of Identification


Response Planning

Determining Risk Response Strategies:

30

Risk Source

<Priority 1> AvoidMinimize

ProbabilityMinimize Impact

TransferDefer

Assume

Potential Strategies

Mitigate

Estimated Benefit from Strategy Estimated Drawbacks of Strategy (including $/ resources)

Selected Strategy (check)


31

Additional Information

PMI-RMP® Certification

32

PMI-RMP® CertificationPMI Risk Management Professional (PMI-RMP)®

u “PMI’s Risk Management Professional (PMI-RMP)® credential is a response to project management’s increasing growth, complexity and diversity. Globally recognized and demanded, the PMI-RMP® fills the need for a specialist role in project risk management.”

u “It recognizes your unique expertise and competency in assessing and identifying project risks, mitigating threats and capitalizing on opportunities, while still possessing a baseline knowledge and practical application in all areas of project management.”

Reference: PMI, “PMI Risk Management Professional (PMI-RMP)” Retrieved from: http://www.pmi.org/en/Certification/PMI-Risk-Management-Professional-PMI-RMP.aspx

http://www.pmi.org/en/Certification/PMI-Risk-Management-Professional-PMI-RMP.aspx

33

PMI-RMP® CertificationWho should apply:u Risk management specialists and Project Risk Managersu To increase your skills in project managementu To highlight your specialized expertise to employers

PMI-RMP Requirements:u A 4 year degree (bachelor’s or the global equivalent),

with at least 3,000 hours of project RM experience and 30 hours of project RM education.

ORu A secondary diploma (high school or the global

equivalent) with at least 4,500 hours of project RM experience and 40 hours of project RM education.



34

PMI-RMP® Certification

How to Apply:u Online at www.pmi.orgu More Info:

u PMI-RMP Handbooku PMI-RMP Exam Preparation

Maintain Your PMI-RMP:u Earn 30 PDUs/ 3 year cycle in project risk managementu Learn more at: http://www.pmi.org/en/Certification/PMI-Risk-

Management-Professional-PMI-RMP.aspx


http://www.pmi.org/



RISK MANAGEMENT… MADE EASYpmsymposium.umd.edu › pm2018 › wp-content › uploads ›...

Documents

Transcript of RISK MANAGEMENT… MADE EASYpmsymposium.umd.edu › pm2018 › wp-content › uploads ›...