©2001 plan b systems inc. pbsi introduction to risk management

©2001 Plan B Systems Inc.

PBSi

Introduction to Risk Management Introduction to Risk Management


PBSi

Risk Is:Risk Is:

“An uncertain event which

threatens the ability to meet objectives

within constraints”


PBSi

Ignoring a RiskIgnoring a Risk

• Don't think about it

• Don't take action

• Pretend it won't/can't happen

"To ignore a risk is to accept it in ignorance"


PBSi

Risks Can be:Risks Can be:• Project risks

– things that could impact PROJECT success• impact: cost/schedule/performance

• Business risks– things that could impact BUSINESS success

• impact: market share/profit/satisfaction

• Operation risks– things that could impact mission operations

• impact: success/casualty rate/co-lateral damage

• Etc………...


PBSi

Risk has Two Components:Risk has Two Components:

Probability - how likely is it to occur ?

Impact - what happens if it does occur ?


PBSi

Risk Is Not a:Risk Is Not a:

• problem

• difficulty

• worry

• whinge

• gripe


PBSi

Some Causes of RisksSome Causes of Risks

• Assumptions

• Dependencies and/or Interfaces

• Uncertainties

• Constraints

Risks Are THREATS to success


PBSi

Risk Management DefinitionsRisk Management Definitions

Risk:• a problem which has not yet occurred

Problem:• a negative impact resulting from occurrence of a risk

Risk Management: • what is done to address and control risks prior to their

transition into a problem


PBSi

Risks are UncomfortableRisks are Uncomfortable

• Risks are ALWAYS Negative Things

• We don't like to think about risks

• It won't happen to me

Yeah right!!!


PBSi

Risks Are:Risks Are:

The things that can mess up your beautifully detailed plans.


PBSi

Your Typical PlanYour Typical PlanThe Plan

The Actual

The Impacted Risks

Time

Progress


PBSi

A Plan :A Plan :

• Is based on:– Known knowns; what you know "for sure"

• Incorporates:– Known unknowns; assumptions you make

• Is subject to;– Unknown unknowns; that spring up and bite

you

Fruitful source of Risks

Natural progression: requires continuous review


PBSi

Risk ManagementRisk Management

Proactive Risk Management brings

Closer to the Plan

Actual Performance


PBSi

Risk Management Key StepsRisk Management Key Steps• Identify

– Face up to your risks

• Analyse– Which are the show stoppers?

• Plan– What can we do?

• Track– What's happening?

• Control– Inform whom about what


PBSi

RISK MANAGEMENT PROCESSRISK MANAGEMENT PROCESS

RiskManagement

Plan

RiskIdentification

RiskAction

Planning

RiskAnalysis

Risk Tracking & Control

QuantitativeSchedule

RiskAnalysis

Risk Evaluation and Management Information System (REMIS)

QuantitativeCostRisk

Analysis


PBSi

Continuous Team Based Risk Continuous Team Based Risk Management ProcessManagement Process

Communicate

Risk Management Plan


PBSi








PBSi

Search for risks

State them in a standard syntax

Document risk description

Risk IdentificationRisk Identification

Identification converts concerns into manageable statements

What are the risks?


PBSi

Best Risk StatementBest Risk Statement

"If we fail to communicate on the design of the security module then additional effort will be

required to resolve misunderstandings"

a probability a condition and an impact


PBSi








PBSi

• Allows prioritization

• Removes duplication

• Supports selection for mitigation/action

• Simplifies reporting on "top ten"

Risk AnalysisRisk Analysis

Analysis converts risk statements into decision making information

Which are the serious risks


PBSi

Risk Analysis: Classify the RiskCategorise risk by each of the following:

Types are the underlying driver e.g.“Cost” if insufficient funds for the work“Schedule” if a tight schedule is causing risks

Areas are the organisation element at risk e.g.“Architecture” if it’s a design related risk“Implementation” if it’s a rollout risk

Groups are project specific risk themes“ESM”, “EMail”


PBSi

Risk Analysis: Quantify the RiskRisk Analysis: Quantify the Risk

• Assess Probability of event happening– the "P" score

• Assess Impact if it does– the "I" score

• The combined probability/impact "risk value" – the PI score


PBSi

Typical P- I Scoring System

0.05

0.04

0.03

0.02

0.01

0.09

0.07

0.05

0.03

0.01

0.18

0.14

0.10

0.06

0.02

0.36

0.28

0.20

0.12

0.04

0.72

0.56

0.40

0.24

0.08

HIGH

RISK

MEDIUM

RISK

LOW

RISK

VHI - 0.90

HI - 0.70

MED - 0.50

LO - 0.30

VL0 - 0.10

VL0

0.05

MED

0.20

HI

0.40

VHI

0.80

L0

0.10

PROBABILITY

IMPACT


PBSi

Assessing Probability and Impact

Scale Probability Timescale(months)

Cost($M)

Performance Urgency forAction

VHI 90% >6 >5 Lose major functions.

System Failure or not accepted

Right now

HI 70% 3-6 2-5 Lose a major requirement.

System degradation.

1 month

MED 50% 1 - 3 1-2 Degradation of majorrequirement

Lose many minor requirements.

1-3 months

LO 30% 2-4 weeks .5-1 Lose a minor requirement. 3-6 months

VLO 10% <2 weeks <.5 Degradation of minorrequirement.

>6 months


PBSi

Uses of P- I Scores

•Compare individual risks•Define most important risks (“Top N”)•Assess “total risk”

•Time, cost, performance•Risk types, risk areas, risk groups

•Compare options•Trend analysis


PBSi








PBSi

Risk Action PlanningRisk Action Planning

• Reduce Probability of risk occurring– take pro-active steps

• Reduce Impact if it does happen– prepare contingency plan


PBSi

Risk Action Planning

•Select risks for action•Identify mitigation approach•Develop actions•Outline contingency plan

What are we going to do about them?

Action planning creates the responseto the risks


PBSi

Risk Action PlanningRisk Action Planning

• Research need to know more

• Accept live with it and close it

• Watch keep an eye on it

• Mitigate actions needed


PBSi








PBSi

Risk Tracking

•Track changes in risks•Keeps actions current and appropriate•Maintains focus on top risks•Gets risks on the project agenda

Risk tracking maintains a relevant risk management process

How are we doing?


PBSi

Typical Trend AnalysisTypical Trend Analysis

00.5

11.5

22.5

3

Q1 Q2 Q3 Q4 Q5

Quarters

PI S

core

High

Medium

Low


PBSi

Gro

up T

otal

s

Exp

erie

nce

Man

agem

ent

Req

uire

men

ts

Tec

hnol

ogy

Cos

t

Sec

urity

Com

plex

ity

Exp

erie

nce

Ski

ll &

Ava

ilabi

lity

Pro

cure

men

t

Sch

edul

e

Con

trac

tual

Applications

EMail

Inter Departmental Issues

Process

Rollout & Transition

Team Cooperation

0.00

1.00

2.00

3.00

4.00

5.00

6.00

7.00

8.00

PI

sco

re

Risk Types

Risk Groups

Cumulative PI score for Risk Groups vs. Types


PBSi

Risk Control: ExecuteRisk Control: Execute

• The easy decisions are easy

• The tough ones need the right stuff

• The Plan should define how tough decisions will be made


PBSi

Risk Management:SummaryRisk Management:Summary


PBSi








PBSi

Effective Risk ManagementEffective Risk Management

A continuous process -ongoing

Team based -stakeholders

Action oriented -just do it

Integrated -not stovepiped

Forward looking -proactive


PBSi

Benefits of Risk ManagementBenefits of Risk Management

Brings performance closer to plan

Gets the “elephants” on the table

Provides a neutral forum for discussing the “un-discussable”

Encourages forward thinking

Builds teamwork not confrontation

©2001 plan b systems inc. pbsi introduction to risk management

Documents

plan b systems

risk risk management

risk management slide

pbsi risks

risk dont

typical plan

plan actual performance

problem slide