managing risk jean morgan bcs kingston & croydon 20 th april 2004
TRANSCRIPT
![Page 1: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/1.jpg)
Managing Risk
Jean Morgan
BCS Kingston & Croydon
20th April 2004
![Page 2: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/2.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
• Introductions
• All about Risk
• Two Models
• Risk Assessment
• Some Pitfalls
AgendaMANAGING
RISK
![Page 3: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/3.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
Introductions
• Scope– Project and Operational (Turnbull Report)– Not the Monte Carlo method– Finish by Closing Time
MANAGING RISK
![Page 4: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/4.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
• PRINCE2
“The chance of exposure to the adverse consequences of future events”
What is Risk?MANAGING
RISK
• OGC
“uncertainty of outcome”
![Page 5: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/5.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
Turnbull Report
The board of a company should maintain a sound system of internal control
The directors should review the effectiveness of internal controls (at least annually)
The directors should report on the effectiveness to shareholders, including financial controls, operational controls, compliance controls and risk management
The board of a company should maintain a sound system of internal control
The directors should review the effectiveness of internal controls (at least annually)
The directors should report on the effectiveness to shareholders, including financial controls, operational controls, compliance controls and risk management
Nigel Turnbull, "Internal Control: Guidance for Directors on the combined Code“, Chairman, The Institute of Chartered Accountants in England and Wales, http://www.icaew.co.uk
MANAGING RISK
![Page 6: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/6.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
A ModelMANAGING
RISK
RiskIdentification - Workshop - Use - Checklist - Questionnaire
Risk Analysis - Probability - Impact - Severity - Proximity
Monitor &Control - Review Actions - Reassess Risk - New Actions
MitigatingAction - Dates - Actions - Names
RiskManagement
Method
![Page 7: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/7.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
• Something may happen, causing something else to happen, where the effect would be something adverse.
How to define RisksMANAGING
RISK
e.g. Information may get out regarding the project causing key people to leave the company where the effect would be the inability to support day to day operations
![Page 8: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/8.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
Nothing VenturedMANAGING
RISK
![Page 9: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/9.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
Nothing Ventured…Columbus’ trip tothe new world
You have heard from a Florentine that it should be possible to reach India bysailing west. Nobody seems to believe this but you are seeking a sponsor forthis ambitious project nonetheless. It could be that great rewards in the formof booty are there for the taking, on the other hand….Having received the patronage of Ferdinand and Isabella of Spain, your job isto set up the voyage and concoct the plans for the trip.
Manchester’sCommon-wealthGames
The aim has been to create a friendly, trouble-free games bringing credit tothe Manchester region through the warmth of the welcome, the competence ofthe organisation and the impression created by the urban environment andinfrastructure.Your job is to manage the project which mounts all aspects of the games fromthe construction and commissioning of the facilities to the organisation andoperation of the events. You will have to liaise closely with the City ofManchester authorities.
Amazon.com setup
Booksellers’ margins are high and the prospect of using the internet to sweepup a large proportion of the traditional High Street market is tempting.Internet selling can avoid the high fixed costs associated with retail outletswhilst providing high volume product throughput and a relatively low costbase. It is thought that most book sales result from customers who know whatthey want rather than those that browse.Your job is to set up the internet sales operation with a target of a financialbreak-even within 2 years of the launch date.
MANAGING RISK
![Page 10: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/10.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
MANAGING RISK
![Page 11: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/11.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
Resources may not be available for the Build phase causing the Build phase to be delayed where the effect would be a delay to the overall schedule
Resources may not have the required technical skills causing additional work to acquire resource where the effect would be a delay or significant increase in costs
Resources may not be available with domain knowledge causing inability to determine the requirements where the effect would be project does not get started
MANAGING RISKResources not Available
![Page 12: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/12.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
• Contain the impact CONTINGENCY– Extra time
– Extra people
– Extra money
– Extra facilities
– Communication Plan
• Prevent or minimise the probability PREVENTION– Transfer
– Avoid
– Reduce/Eliminate
– Ignore
Types of mitigating actionsMANAGING
RISK
‘Good communication is the enemy of Risk’
![Page 13: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/13.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
• Risk Register– Reference, Dates, Raised by– Risk Type– Description– Probability, Impact, Cost of Impact, Proximity– Mitigation, Cost Of Mitigating Actions– Status, Owner
• Risk Owner• Risk Manager/ Coordinator/ Specialist/ Project
Office/ Internal Audit
Getting to grips with the jargonMANAGING
RISK
![Page 14: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/14.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
• If it does happen how much does it matter? IMPACT • How likely? PROBABILITY
Why describe risks?MANAGING
RISK
Very High Probability
High Probability
Medium Probability
Low Probability
Very Low Probability
Very Low Impact
Low Impact Medium Impact
High Impact Very High Impact
Summary Risk Profile
![Page 15: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/15.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
Reporting Risks
Jan 2003 - Project New Business - Risk Profile
0
5
10
15
20Resources
Internal Dependencies
Ext Dependencies
PioneeringScope
Stakeholders
Regulation
Unacceptable
Critical
Significant
Minor
Area of Concern
MANAGING RISK
![Page 16: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/16.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
PitfallsMANAGING
RISK
‘Risks R Us’‘Blind leading the
Blind’
‘Rent-a-Risk’
‘Prevention is better than
cure’
‘Let’s shoot the Messenger’
‘Are the risks going away?’
‘Keep it to yourselves’
![Page 17: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/17.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
OGC M_o_R MANAGING RISK
• Complements the “Gateway” Process• A Toolbox• Guidance for Practitioners published by
TSO• Education
– Foundation, Practitioner & Professional– Accredited Trainers/ Examiners– Administered by APM Group
![Page 18: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/18.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
Framework for theManagement of Risk
Set acceptable levels of risk
Define a framework
Identify probable risk owners
Evaluate the risks
Identify suitable responses to risk
Gain assurance about
effectiveness
Embed and review
Identify the risks
Implement responses
MANAGING RISK
![Page 19: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/19.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
Strategic
Programme
Project
Operational
Decisions on business strategy
Decisions transferringstrategy into action
Decisions required forimplementing actions
Where risks occur
M_o_R Management Hierarchy
Think of examples that might occur at
each level
MANAGING RISK
![Page 20: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/20.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
• Senior managers will foster a culture to support well judged decisions about risks and opportunities, enabling innovation to be handled with confidence
• The management of risk will be integrated into existing processes
• Clear roles and definitions will be agreed relating to the accountability, management, escalation and communication of key risks
• Risks will be managed at the lowest level at which the manager has the authority, responsibility and resources to take action
• Minimum bureaucracy
• There will be consistent risk judgements to inform the decision making process
• The effectiveness of risk management will be subject to challenge through independent assessment
Developing a Risk Culture MANAGING
RISK
![Page 21: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/21.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
Making the Risk Management Transition
Where you are
"We must comply withTurnbull and other externallyimposed regulations but wedon't know whether we do ornot - maybe we 'll facecriticism from the StockExchange, the Regulators oreven the Shareholders"
"Risk Management seems tous an unfortunate overhead -but if we're doing it properlyit should really be making ourbusiness better run"
"We have a variety of riskmanagement practicesthroughout our businesswhich makes it hard toassemble an overall picturefor regulatory purposes - yetalone to see whether we aremanaging in the bestinterests of the business'future"
Where we are
"We must comply withTurnbull and other externallyimposed regulations but wedon't know whether we do ornot - maybe we 'll facecriticism from the StockExchange, the Regulators oreven the Shareholders"
"Risk Management seems tous an unfortunate overhead -but if we're doing it properlyit should really be making ourbusiness better run"
"We have a variety of riskmanagement practicesthroughout our businesswhich makes it hard toassemble an overall picturefor regulatory purposes - yetalone to see whether we aremanaging in the bestinterests of the business'future"
Where you should be
"We know that we complywith external requirements -and more - but we're notcomplacent"
"Never mind regulations ourrisk management processeshave changed our wholebusiness culture - we stillventure but now weanticipate - we are a betterrun and more confidentorganisation"
"We have common riskmanagement practicesthroughout our business -both in the operations, and inthe programmes and projectsthat deliver change - we havea clear overall picture of ourbusiness in terms of riskmanagement"
Where we want to be
"We know that we complywith external requirements -and more - but we're notcomplacent"
"Never mind regulations ourrisk management processeshave changed our wholebusiness culture - we stillventure but now weanticipate - we are a betterrun and more confidentorganisation"
"We have common riskmanagement practicesthroughout our business -both in the operations, and inthe programmes and projectsthat deliver change - we havea clear overall picture of ourbusiness in terms of riskmanagement"
WHAT MUST BE DONE
Consistent approach - introduce astandard approach to riskmanagement throughout theorganisation (operational areas,programmes and projects) whichcomplies with externalrequirements
Pilot - chose some exemplarprogrammes, projects andoperational areas on which thebusiness benefits of the newapproach can be rapidlydemonstrated
Transfer skills/knowledge - benefitfrom industry best practicethrough the introduction ofexternal experience
Integrate - link the businessexposures into a single overallpicture enabling you to focus yourmanagement effort
Coach staff - all levels of staffmust be aware of the newapproach - and start to behaveaccording to the new culture
WHAT MUST BE DONE
Consistent approach - introduce astandard approach to riskmanagement throughout theorganisation (operational areas,programmes and projects) whichcomplies with externalrequirements
Pilot - chose some exemplarprogrammes, projects andoperational areas on which thebusiness benefits of the newapproach can be rapidlydemonstrated
Transfer skills/knowledge - benefitfrom industry best practicethrough the introduction ofexternal experience
Integrate - link the businessexposures into a single overallpicture enabling you to focus yourmanagement effort
Coach staff - all levels of staffmust be aware of the newapproach - and start to behaveaccording to the new culture
![Page 22: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/22.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
Some References• BCS Practical guide – email us for publication information
• OGC – Management of Risk: Guidance for Practitioners - £35
• MANAGING RISK for projects and programmes – John Bartlett, Project Manager Today c£20
• The Institute of Chartered Accountants in England and Wales publishes a Boardroom Briefing document on its web site entitled Implementing Turnbull. The web site address is http://www.icaew.co.uk/ and search within the site for "Implementing Turnbull".
• The CRAMM User Group is a forum for information security and for using CRAMM. It can be contacted through:
PO Box 231, Burton upon Trent, DE13 8ZX, Telephone: 0707 122 3831 E-mail: [email protected]
• The Project Risk Analysis & Management Guide is available from the APM Group, a commercial organisation. More information is available from: Telephone 01494 452450 E-mail to [email protected] or [email protected]
• The Association for Project Management (APM) has a Specific Interest Groups on risk management which has a web address at http://www.eurolog.demon.co.uk/index.htm. The SIG meets four times per year to hear and discuss many topics around risk. Papers from previous meetings are accessible on the web site. These cover both project risk management and operational risk management with practical articles on implementing the Turnbull recommendations.
• Tools
MANAGING RISK
![Page 23: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/23.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
Risk CompensationDear Sir, Before any of your readers may be induced to cut their hedges as suggested by the secretary of the Motor Union they may like to know my experience of having done so. Four years ago I cut down the hedges and shrubs to a height of 4ft for 30 yards back from the dangerous crossing in this hamlet. The results were twofold: the following summer my garden was smothered with dust caused by fast-driven cars, and the average pace of the passing cars was considerably increased. This was bad enough, but when the culprits secured by the police pleaded that "it was perfectly safe to go fast" because "they could see well at the corner", I realized that I had made a mistake. Since then I have let my hedges and shrubs grow, and by planting roses and hops have raised a screen 8ft to 10ft high, by which means the garden is sheltered to some degree from the dust and the speed of many passing cars sensibly diminished. For it is perfectly plain that there are many motorists who can only be induced to go at a reasonable speed at crossroads by consideration for their own personal safety. Hence the advantage to the public of automatically fostering this spirit as I am now doing. To cut hedges is a direct encouragement to reckless driving. Your obedient servant, Willoughby Verner
From "RISK" by John Adams, UCL PressLetter to The Times, 13 July 1908, from Colonel Wjlloughby Verner
MANAGING RISK
![Page 24: Managing Risk Jean Morgan BCS Kingston & Croydon 20 th April 2004](https://reader035.vdocument.in/reader035/viewer/2022062322/5697c0141a28abf838ccd141/html5/thumbnails/24.jpg)
Copyright Wilhen Associates Limited/ Project Frameworks Solutions Limited April 2004
Contacts
• Jean Morgan www.wilhen.co.uk
• Mike Bath www.pfsl.org.uk
MANAGING RISK
Project
Solutions
Frameworks