©2001 plan b systems inc. pbsi introduction to risk management
TRANSCRIPT
©2001 Plan B Systems Inc.
PBSi
Introduction to Risk Management Introduction to Risk Management
©2001 Plan B Systems Inc.
PBSi
Risk Is:Risk Is:
“An uncertain event which
threatens the ability to meet objectives
within constraints”
©2001 Plan B Systems Inc.
PBSi
Ignoring a RiskIgnoring a Risk
• Don't think about it
• Don't take action
• Pretend it won't/can't happen
"To ignore a risk is to accept it in ignorance"
©2001 Plan B Systems Inc.
PBSi
Risks Can be:Risks Can be:• Project risks
– things that could impact PROJECT success• impact: cost/schedule/performance
• Business risks– things that could impact BUSINESS success
• impact: market share/profit/satisfaction
• Operation risks– things that could impact mission operations
• impact: success/casualty rate/co-lateral damage
• Etc………...
©2001 Plan B Systems Inc.
PBSi
Risk has Two Components:Risk has Two Components:
Probability - how likely is it to occur ?
Impact - what happens if it does occur ?
©2001 Plan B Systems Inc.
PBSi
Risk Is Not a:Risk Is Not a:
• problem
• difficulty
• worry
• whinge
• gripe
©2001 Plan B Systems Inc.
PBSi
Some Causes of RisksSome Causes of Risks
• Assumptions
• Dependencies and/or Interfaces
• Uncertainties
• Constraints
Risks Are THREATS to success
©2001 Plan B Systems Inc.
PBSi
Risk Management DefinitionsRisk Management Definitions
Risk:• a problem which has not yet occurred
Problem:• a negative impact resulting from occurrence of a risk
Risk Management: • what is done to address and control risks prior to their
transition into a problem
©2001 Plan B Systems Inc.
PBSi
Risks are UncomfortableRisks are Uncomfortable
• Risks are ALWAYS Negative Things
• We don't like to think about risks
• It won't happen to me
Yeah right!!!
©2001 Plan B Systems Inc.
PBSi
Risks Are:Risks Are:
The things that can mess up your beautifully detailed plans.
©2001 Plan B Systems Inc.
PBSi
Your Typical PlanYour Typical PlanThe Plan
The Actual
The Impacted Risks
Time
Progress
©2001 Plan B Systems Inc.
PBSi
A Plan :A Plan :
• Is based on:– Known knowns; what you know "for sure"
• Incorporates:– Known unknowns; assumptions you make
• Is subject to;– Unknown unknowns; that spring up and bite
you
Fruitful source of Risks
Natural progression: requires continuous review
©2001 Plan B Systems Inc.
PBSi
Risk ManagementRisk Management
Proactive Risk Management brings
Closer to the Plan
Actual Performance
©2001 Plan B Systems Inc.
PBSi
Risk Management Key StepsRisk Management Key Steps• Identify
– Face up to your risks
• Analyse– Which are the show stoppers?
• Plan– What can we do?
• Track– What's happening?
• Control– Inform whom about what
©2001 Plan B Systems Inc.
PBSi
RISK MANAGEMENT PROCESSRISK MANAGEMENT PROCESS
RiskManagement
Plan
RiskIdentification
RiskAction
Planning
RiskAnalysis
Risk Tracking & Control
QuantitativeSchedule
RiskAnalysis
Risk Evaluation and Management Information System (REMIS)
QuantitativeCostRisk
Analysis
©2001 Plan B Systems Inc.
PBSi
Continuous Team Based Risk Continuous Team Based Risk Management ProcessManagement Process
Communicate
Risk Management Plan
©2001 Plan B Systems Inc.
PBSi
Risk Management Key StepsRisk Management Key Steps• Identify
– Face up to your risks
• Analyse– Which are the show stoppers?
• Plan– What can we do?
• Track– What's happening?
• Control– Inform whom about what
©2001 Plan B Systems Inc.
PBSi
Search for risks
State them in a standard syntax
Document risk description
Risk IdentificationRisk Identification
Identification converts concerns into manageable statements
What are the risks?
©2001 Plan B Systems Inc.
PBSi
Best Risk StatementBest Risk Statement
"If we fail to communicate on the design of the security module then additional effort will be
required to resolve misunderstandings"
a probability a condition and an impact
©2001 Plan B Systems Inc.
PBSi
Risk Management Key StepsRisk Management Key Steps• Identify
– Face up to your risks
• Analyse– Which are the show stoppers?
• Plan– What can we do?
• Track– What's happening?
• Control– Inform whom about what
©2001 Plan B Systems Inc.
PBSi
• Allows prioritization
• Removes duplication
• Supports selection for mitigation/action
• Simplifies reporting on "top ten"
Risk AnalysisRisk Analysis
Analysis converts risk statements into decision making information
Which are the serious risks
©2001 Plan B Systems Inc.
PBSi
Risk Analysis: Classify the RiskCategorise risk by each of the following:
Types are the underlying driver e.g.“Cost” if insufficient funds for the work“Schedule” if a tight schedule is causing risks
Areas are the organisation element at risk e.g.“Architecture” if it’s a design related risk“Implementation” if it’s a rollout risk
Groups are project specific risk themes“ESM”, “EMail”
©2001 Plan B Systems Inc.
PBSi
Risk Analysis: Quantify the RiskRisk Analysis: Quantify the Risk
• Assess Probability of event happening– the "P" score
• Assess Impact if it does– the "I" score
• The combined probability/impact "risk value" – the PI score
©2001 Plan B Systems Inc.
PBSi
Typical P- I Scoring System
0.05
0.04
0.03
0.02
0.01
0.09
0.07
0.05
0.03
0.01
0.18
0.14
0.10
0.06
0.02
0.36
0.28
0.20
0.12
0.04
0.72
0.56
0.40
0.24
0.08
HIGH
RISK
MEDIUM
RISK
LOW
RISK
VHI - 0.90
HI - 0.70
MED - 0.50
LO - 0.30
VL0 - 0.10
VL0
0.05
MED
0.20
HI
0.40
VHI
0.80
L0
0.10
PROBABILITY
IMPACT
©2001 Plan B Systems Inc.
PBSi
Assessing Probability and Impact
Scale Probability Timescale(months)
Cost($M)
Performance Urgency forAction
VHI 90% >6 >5 Lose major functions.
System Failure or not accepted
Right now
HI 70% 3-6 2-5 Lose a major requirement.
System degradation.
1 month
MED 50% 1 - 3 1-2 Degradation of majorrequirement
Lose many minor requirements.
1-3 months
LO 30% 2-4 weeks .5-1 Lose a minor requirement. 3-6 months
VLO 10% <2 weeks <.5 Degradation of minorrequirement.
>6 months
©2001 Plan B Systems Inc.
PBSi
Uses of P- I Scores
•Compare individual risks•Define most important risks (“Top N”)•Assess “total risk”
•Time, cost, performance•Risk types, risk areas, risk groups
•Compare options•Trend analysis
©2001 Plan B Systems Inc.
PBSi
Risk Management Key StepsRisk Management Key Steps• Identify
– Face up to your risks
• Analyse– Which are the show stoppers?
• Plan– What can we do?
• Track– What's happening?
• Control– Inform whom about what
©2001 Plan B Systems Inc.
PBSi
Risk Action PlanningRisk Action Planning
• Reduce Probability of risk occurring– take pro-active steps
• Reduce Impact if it does happen– prepare contingency plan
©2001 Plan B Systems Inc.
PBSi
Risk Action Planning
•Select risks for action•Identify mitigation approach•Develop actions•Outline contingency plan
What are we going to do about them?
Action planning creates the responseto the risks
©2001 Plan B Systems Inc.
PBSi
Risk Action PlanningRisk Action Planning
• Research need to know more
• Accept live with it and close it
• Watch keep an eye on it
• Mitigate actions needed
©2001 Plan B Systems Inc.
PBSi
Risk Management Key StepsRisk Management Key Steps• Identify
– Face up to your risks
• Analyse– Which are the show stoppers?
• Plan– What can we do?
• Track– What's happening?
• Control– Inform whom about what
©2001 Plan B Systems Inc.
PBSi
Risk Tracking
•Track changes in risks•Keeps actions current and appropriate•Maintains focus on top risks•Gets risks on the project agenda
Risk tracking maintains a relevant risk management process
How are we doing?
©2001 Plan B Systems Inc.
PBSi
Typical Trend AnalysisTypical Trend Analysis
00.5
11.5
22.5
3
Q1 Q2 Q3 Q4 Q5
Quarters
PI S
core
High
Medium
Low
©2001 Plan B Systems Inc.
PBSi
Gro
up T
otal
s
Exp
erie
nce
Man
agem
ent
Req
uire
men
ts
Tec
hnol
ogy
Cos
t
Sec
urity
Com
plex
ity
Exp
erie
nce
Ski
ll &
Ava
ilabi
lity
Pro
cure
men
t
Sch
edul
e
Con
trac
tual
Applications
Inter Departmental Issues
Process
Rollout & Transition
Team Cooperation
0.00
1.00
2.00
3.00
4.00
5.00
6.00
7.00
8.00
PI
sco
re
Risk Types
Risk Groups
Cumulative PI score for Risk Groups vs. Types
©2001 Plan B Systems Inc.
PBSi
Risk Control: ExecuteRisk Control: Execute
• The easy decisions are easy
• The tough ones need the right stuff
• The Plan should define how tough decisions will be made
©2001 Plan B Systems Inc.
PBSi
Risk Management:SummaryRisk Management:Summary
©2001 Plan B Systems Inc.
PBSi
Risk Management Key StepsRisk Management Key Steps• Identify
– Face up to your risks
• Analyse– Which are the show stoppers?
• Plan– What can we do?
• Track– What's happening?
• Control– Inform whom about what
©2001 Plan B Systems Inc.
PBSi
Effective Risk ManagementEffective Risk Management
A continuous process -ongoing
Team based -stakeholders
Action oriented -just do it
Integrated -not stovepiped
Forward looking -proactive
©2001 Plan B Systems Inc.
PBSi
Benefits of Risk ManagementBenefits of Risk Management
Brings performance closer to plan
Gets the “elephants” on the table
Provides a neutral forum for discussing the “un-discussable”
Encourages forward thinking
Builds teamwork not confrontation