irm801 1 introduction
TRANSCRIPT
University of Pretoria February 2013
IRM 801 1.1
1. Introduction to Project Risk Management
1.1 The need for project risk management
1.2 What is risk?
1.3 Risk concepts
1.4 What is risk management?
1.5 Risk models
1.6 Risk classification
1.7 Risk and life cycles
1.8 The bigger picture
1.9 Corporate Governance
1.10 Black Swans
1.11 Case studies
Jan-13 Slide 1 of 37
1.1 The Need for Risk Management
Jan-13
If something can go wrong,
it will go wrong!
Risk Management is about trying to prevent‘things’ from going wrong, or to reduce the
impact if 'things' do go wrong
Every project is risky! There is a chance that things won't go according to plan
(Murphy’s law, www.murphy.com)
Slide 2 of 37
University of Pretoria February 2013
IRM 801 1.2
System and Project Failures
� Many system/project 'failures‘ have occurred in the last century, e.g.� Tower of Pisa (~ 1200)
� Titanic (1912)
� Hindenburg (1937)
� LAMP Project (1997)
� Inyaka Bridge (1998)
� Millennium Bridge (2000)
� Centurion Mall (2004)
� Airbus A380 (2006)
� Heathrow Terminal 5 (2009)
� These failures had severe consequences for companies, projects and governments
Jan-13 Slide 3 of 37
The Need for Risk Management
� Companies are under increased pressure to deliver projects on time, on budget, and with satisfactory technical performance
� The outcomes of projects are a function of many parameters or variables
� Some variables can be controlled, others can't
� Risk cannot be eliminated, only reduced through effective risk management
� Two factors have a large influence on project risk, i.e. the uniqueness of the project, and the experience of the team
Jan-13 Slide 4 of 37
University of Pretoria February 2013
IRM 801 1.3
Experience of the Project Team
� In the movie, "Armageddon", an asteroid, which is on a collision course with the earth, must be blown to fragments to prevent earth destruction
� NASA decides to land a team of 'astronauts' on the asteroid, drill a hole, place a nuclear bomb, leave the asteroid, and detonate the bomb at a safe distance
� The project manager turned down the astronauts offered, and selected drillers from an oil rig to reduce the risk, based on their experience on drilling projects
Jan-13 Slide 5 of 37
1.2 Definitions of Risk
� Risk
� “Effect of uncertainty on objectives” (ISO 31000, 2009)
� "A measure of the probability and severity of adverse effects" (Haimes, 1998)
� 'A chance or possibility of danger, loss, injury, or other adverse consequences‘
� Project Risk
� "The cumulative effect of the probability of uncertain occurrences that may positively or negatively affect project objectives" (Pritchard, 2001)
� "An uncertain event or condition that, if it occurs, has a positive or negative effect on a project objective"(PMBoK, 2000)
Jan-13 Slide 6 of 37
University of Pretoria February 2013
IRM 801 1.4
1.3 Risk Concepts
� Risk depends on the perceptions of an individual or team
� Risk comprises 3 elements
� The risk event
� The probability of occurrence of the event
� The consequence should the event occur
� The Risk Value can be represented on a 2-D grid of probability (P) and consequence (C)
� Risk or Risk Value should be interpreted carefully!
Jan-13 Slide 7 of 37
Probability-Consequence Grid
Jan-13
Consequence
Pro
ba
bili
ty
Medium
Risk
Low
Risk
High
Risk
Increasing Risk
Medium
Risk?
Slide 8 of 37
University of Pretoria February 2013
IRM 801 1.5
Example: Risk Interpretation
Jan-13
Risk of Death(Air travel)
Risk of LosingMoney(Lottery)
Low probability buthigh consequence
High probability butlow consequence
Slide 9 of 37
Risk Interpretation
� Risk is part of our daily lives
� Everyone is confronted with risk and must learn to cope with it, e.g.
� purchasing some asset (house, car, computer, etc.)
� driving a car
� traveling overseas (plane crash, theft, SARS, etc.)
� investing money (shares, unit trusts, policy, etc.)
� Living in a house/flat
� Humans are gradually exposed to risk(s) as they grow up
Jan-13 Slide 10 of 37
University of Pretoria February 2013
IRM 801 1.6
Risk Interpretation
� People cope with risk through conscious and subconscious actions, e.g.
� making a career change
� braking to avoid a car accident
� People are willing to pay money to manage (reduce or transfer) risks, e.g.
� life/ health/ property insurance
� burglar alarm
� air bags and seatbelts in cars
� Risk management is about balancing risk and reward
Jan-13 Slide 11 of 37
1.4 What is Risk Management?
� Definitions
� 'An organized method for identifying and measuring risk and for selecting and developing options for handling risk' (Blanchard)
� 'The process of assessing risk, planning for it and reacting to it by developing documents and procedures that reduce risks, and by developing and nurturing experienced and skilled staff'(Camm)
� 'The activity of identifying and controlling undesired project outcomes proactively' (Smith & Merritt)
Jan-13 Slide 12 of 37
University of Pretoria February 2013
IRM 801 1.7
What is Risk Management? (Borge)
Jan-13(Refer Borge, Ch 1, for detailed discussion)
� "Risk management is a way to gain more power over events that can change one's life"
� "Good risk management can mean the difference between wealth and poverty, success and failure"
� "The experts can help you, but you cannot escape the responsibility of being the chief risk manager of your own life"
� "Risk management is not a magic formula that will always give the right answer; it’s a way of thinking that will give better answers to better questions"
� "The purpose of risk management is to improve the future, not to explain the past"
Slide 13 of 37
What is Risk (Smith & Merritt)
Jan-13
� Example of project risks� Risk management and product development� What is a risk?
� Uncertainty� Loss� Time Component
� Why companies fail in managing risk� The antithesis of risk management: Firefighting� How much risk management?� Risk as an ally� Attitudes toward risk
(Refer Smith & Merritt, Chapter 1)Slide 14 of 37
University of Pretoria February 2013
IRM 801 1.8
1.5 Risk Models
� Smith & Merritt defined a number of risk models
� Standard Risk Model
� Simple Risk Model
� Cascade Risk Model
� Ishikawa Risk Model
� Each model has certain benefits, as well as disadvantages
� The Standard Risk Model is preferred, but the simple risk model is adequate for most uses
Jan-13
(Refer Smith & Merritt, Chapter 2)
Slide 15 of 37
1.6 Classification of Risk
� Project risks are frequently classified to enable more effective management of the risks
� Different classification schemes are used
� The most important categories of risk derive from the 3 main project objectives, i.e.
� Technical
� Cost
� Schedule
� Another category, Programmatic risk, is also used by many authors
Jan-13 Slide 16 of 37
University of Pretoria February 2013
IRM 801 1.9
Some Technical Risk Sources
� System complexity
� Unproven technology
� Design problems and errors
� Construction mistakes
� Operating environment
� Material properties
� Evaluation/measurement problems
� Case Study: Tacoma Narrows Bridge Collapse
� Case Study: Challenger Shuttle Explosion
Jan-13 Slide 17 of 37
Programmatic Risk Sources
� Requirement changes
� Personnel availability and skills
� Change in priorities
� Delays in decision making
� Contractor stability
� Contractual problems
� Communication problems
� Lack of management support
� Inadequate equipment/facilities
Jan-13 Slide 18 of 37
University of Pretoria February 2013
IRM 801 1.10
Cost Risk Sources
� Unrealistic estimate or budget
� Exchange rate fluctuation
� Inflation
� Changes in legislation or regulations
� Inadequate cost reporting
� Test & evaluation failure
� Strikes for wage increases
� Changes in import duties
� Sensitivity to technical, schedule & program risk
Jan-13 Slide 19 of 37
Schedule Risk Sources
� Unrealistic task duration estimates
� Unforeseen activities
� Degree of concurrency
� Inadequate progress reporting
� Delays in decision making
� Multiple critical paths
� Logistic delays
� Late delivery from international suppliers
� Sensitivity to technical, cost & program risk
Jan-13 Slide 20 of 37
University of Pretoria February 2013
IRM 801 1.11
1.7 Risk and Life Cycles
Jan-13
Time
Example of a System Life Cycle
Design/Development
Construction/Manufacture
Operation/Maintenance
Phase-out
Determineneed
Conceptexploration
Detaildesign
Projectimplementation
Close-out Support
Example of a Project Life Cycle
Slide 21 of 37
Risk Trend in the Life Cycle
Jan-13
To
tal R
isk
Deficiency in one phase may influence the next phase, e.g.
• Poor design can influence construction or manufacture
• Poor construction can influence operation (low reliability)
Determineneed
Conceptexploration
Detaildesign
Projectimplementation
Slide 22 of 37
University of Pretoria February 2013
IRM 801 1.12
1.8 The Bigger Picture
Jan-13
Different views prevail on where project risk
management fits in
PRM
PM
PRM
PM
PRM
PM
(Source: Grey, 1995)
Slide 23 of 37
PRM and Project Management
� Project risk management can be seen as just good project management
� Risk management is everyone’s responsibility, but deserves special attention (like 'quality')
� Projects need a systematic approach to identify and manage threats - risk management
� A proactive approach is necessary - intuition not enough
� Attention should be given to risk before and during project - too late to add on when problems arise
Jan-13 Slide 24 of 37
University of Pretoria February 2013
IRM 801 1.13
RM, PM and PRM
Jan-13
Project Management (PM)
Financial
risk
Security
risk
Health
riskEnvironment
risk
Safety
risk
Risk Management (RM)
PRM
HRM
Quality
manage.
Procurement
manage.
Cost
manage.
Slide 25 of 37
1.9 Corporate Governance
� The King Report on Corporate Governance was published in 1994 and this was followed by the King II report in 2000
� Risk management is also addressed in this report
Jan-13
“Corporate governance is concerned with holding the balance between economic and social goals and between individual and communal goals…the aim is to align as nearly as possible the
interests of individuals, corporations and society”
(Source: Sir Adrian Cadbury, 1999, Corporate Governance Overview, World Bank Report)
Slide 26 of 37
University of Pretoria February 2013
IRM 801 1.14
The King II Report
� 3.1.1 The board is responsible for the total process of risk management, as well as for forming its own opinion on the effectiveness of the process. Management is accountable to the board for designing, implementing and monitoring the process of risk management and integrating it into the day-to-day activities of the company.
� 3.1.2 The board should set the risk strategy policies in liaison with the executive directors and senior management. These policies should be clearly communicated to all employees to ensure that the risk strategy is incorporated into the language and culture of the company.
Jan-13 Slide 27 of 37
The King II Report
� 3.1.3 The board must decide the company’s appetite or tolerance for risk – those risks it will take and those it will not take in the pursuit of its goals and objectives. The board has the responsibility to ensure that the company has implemented an effective ongoing process to identify risk, to measure its potential impact against a broad set of assumptions, and then to activate what is necessary to proactively manage these risks.
Jan-13 Slide 28 of 37
University of Pretoria February 2013
IRM 801 1.15
King II Report
� 3.1.5 The board is responsible for ensuring that a systematic, documented assessment of the processes and outcomes surrounding key risks is undertaken, at least annually, for the purpose of making its public statement on risk management. This risk assessment should address the company’s exposure to at least the following:
� physical and operational risks;
� human resource risks;
� technology risks;
� business continuity and disaster recovery;
� credit and market risks; and
� compliance risks
Jan-13 Slide 29 of 37
1.10 Black Swans
� A Black Swan event is an event with the following three attributes:
� It is an outlier, as it lies outside the realm of regular expectations, because nothing in the past can convincingly point to its possibility
� It has an extreme impact or consequence
� Human nature makes us concoct explanations for its occurrence after the fact, making it explainable and predictable
� A small number of Black Swans explain almost everything in our world
Jan-13
(Source: Nassim Taleb, The Black Swan, 2007)Slide 30 of 37
University of Pretoria February 2013
IRM 801 1.16
Examples of Black Swans
� The rise of Hitler and World War II
� 9/11 events in the USA in 2001
� Sinking of the Titanic in 1912
� Earthquake and tsunami in Indonesia in 2004
� Japan earthquake and tsunami in March 2011
� Great world depression in 1930's
� Discovery of penicillin in 1940's
� Invention of the transistor and IC in 1947
� Spread of the Internet in 1990's
� Diffusion of mobile phones across the worldJan-13 Slide 31 of 37
Worst Floods in History
Jan-13
0
100000
200000
300000
400000
500000
600000
700000
800000
900000
1000000
Yellow River, China
North China
Kaifeng, China
UK & Netherlands
Netherlands
Russia
Netherlands
Mekong Delta, South Vietnam
Manchuria
Foochow, China
Fatalities
Slide 32 of 37
University of Pretoria February 2013
IRM 801 1.17
Worst Earthquakes in History
Jan-13
0
100000
200000
300000
400000
500000
600000
700000
800000
900000
China
China
Syria
Sumatra Ira
nChina Ira
n
Japan
Turkmenistan
China
Pakistan
Shemakha Ira
nItaly
Peru
Portugal
Italy
Silicia
Iran
Italy
Fatalities
Slide 33 of 37
1.11 Case Studies: DoD Acquisition
� Extensive study of major defense systems acquisition programs in the USA was done during 1989/90
� Major systems acquisition budget > $130 billion per year (in 1980’s)
� Blue-Ribbon presidential commissions were appointed
� Packard Commission published their report in 1986
Jan-13 Slide 34 of 37
University of Pretoria February 2013
IRM 801 1.18
Findings of Packard Commission
� Results of investigations� Severe cost overruns of 50-
300% occurred
� Schedule slippage of 20-100% experienced
� Performance shortfalls 0-20%
� Severe shortfall in overall project performance
� Project risk management was adequately addressed
� High-level recommendations were made
Jan-13 Slide 35 of 37
North Sea Oil Projects
� The UK made major investments in North Sea oil projects in 1970's
� Investigation revealed that severe cost overruns occurred on many projects, e.g.� 20% of North Sea fields up to
200% overrun
� 30% of North Sea fields up to 100% overrun
� 50% of North Sea fields up to 50% overrun
Jan-13 Slide 36 of 37
University of Pretoria February 2013
IRM 801 1.19
The Sydney Opera House
Jan-13
Budget: A$ 7 million
Actual: A$ 102 million
Schedule: 4 years
Actual: 14 years
In 1965 the new government
and premier called the
project "the most stupendous
financial bungle ever"
Slide 37 of 37