uncertain occar...contact godesberger allee 150-154 53175 bonn, germany phone: +49 (0) 228 5502-167...
TRANSCRIPT
CONTACT
Godesberger Allee 150-154 53175 Bonn, Germany Phone: +49 (0) 228 5502-167Mail: [email protected]: www.occar.int
OCCA
R –
Risk
Man
agem
ent
RESPONSIBILITIES IN THE RISK MANAGEMENT PROCESS Programme Manager / Head of Division:
Lead the Risk Management (RM) activities: Planning for RM, risk identification, risk analysis, risk response planning and risk monitoring / control. Assures the compliance with the IP 111.Embeds the risk management process in Programme/Division processes.Approves the Risk Management Plan (RMP).Assigns the Risk Owners.Coordinates communication with internal and external Stakeholders.Reports the Programme/Division Top N risks in the Director’s Risk Review.Approves the Programme/Division Risk Management Maturity Model (RM3) self-assessment and KPI I7.2.Ultimately responsible to the OCCAR-EA Director for the final decisions on risk actions.
Risk Owner: Approves the risk (if it’s delegated by the PM).Manages all the activities related to the risks.Leads the qualitative analysis.Assesses the need to perform quantitative analysis.Assigns the Risk Response Plan Owner.Reviews the risk regularly.
Risk Response Plan Owner: Defines the risk response strategy.Defines the actions in accordance with the strategy.Assigns Action Owner.Follows up risk responses. Assesses risk response effectiveness (together with the Action Owner).Reviews and assesses plan effectiveness. Adjust/modify plan if necessary.Populates ARM tool accordingly.
Action Owner: Undertakes the action.Assess the effectiveness of the action (together with the risk response plan owner).Reports on the effectiveness of the action.Populates ARM accordingly.
Risk Officer:
RISK MANAGEMENT PHILOSOPHY A core business.Top down led.Actively managed.Where Heads of Division and Programme Managers own the risks and are held to account to deliver mitigation actions by due dates.
RISK MANAGEMENT ACTIVITIES
Risk Identification
Risk Management Planning
ResponsePlanning
ResponseImplementation
Risk Analysis
Risk Monitoring and Control
RiskCommunication
Develops and maintains the Risk Management Plan.Supports the Programme Manager/Head of Division in terms of RM.Supports the Risk Owners, Risk Response Plan Owners and Action Owners in terms of RM.Monitors the RM process.Supervises the quality of the information recorded in ARM.Sponsors risk identification activities.Facilitates the communication throughout the risk process.Conducts risk workshops when required (internal and external).Reports on risk (formal and informal reports) to Corporate, Programme Level and External.Updates, Monitors and Controls ARM activities. Verifi s the consistency of the data.Conducts the self-assessment with regard to the RM3 and the KPI I7.2.Represents Programme in the risk CoPs and other risk related meetings/events.Reviews/Manages shared external Risk Registers (e.g. Contractor) together with the relevant stakeholders.
RISK MANAGEMENT DOCUMENTATION
IP 111 Risk Management ProcedureIG 111-1 Risk Management Guide
RISK MANAGEMENT IN THE INTRANET
RISK: [Uncertain event, that if occurs, may have positive (Opportunity) or negative (Threat) impact on the achievement of corporate and programme objectives]
RISK IDENTIFICATION
CauseThe cause has to be a fact Risk
Uncertainevent Effects
Impact onobjectives
RISK IDENTIFIED
Example: Because XYZ is the only vendor source for the transceiver circuit card (cause), and XYZ might discontinue production of the card making it unavailable during the radar system production (risk), deliveries of the radar system may be delayed (effect).
1. Risk Event Probability assessment
Risk Probability RankingRanking Probability of Risk Event
Very High >75 AND <100%High >50 AND <= 75%
Medium >30 AND <=50%Low >10 AND <=30%
Very Low >0 AND <=10%
2. Risk Event impact assessment *
Evaluating Impact of a Risk on Programme/Project Objectives
Impa
ct ObjectiveTime Cost Performance
Very
Low Insignificant
schedule slippage.
Insignificant cost increase.
No direct impact on key performance requirements.
Low Delivery plan
milestone delay within quarter.
< 5% cost increase.
Minor shortfalls in 1 or 2 KRs.
Med
ium Delivery plan
milestone delay of one quarter.
5-10% cost increase.
Minor shortfalls in 3 KRs, significant
shortfalls in 1 or 2 KRs.
High
Delivery plan milestone delay
of more than one quarter.
10-20% cost increase.
Major shortfalls in 1 or 2 KRs, significant
shortfalls in more than 3 KRs.
Very
Hig
h Delivery plan milestone delay outside fiscal
year.
> 20%cost increase.
Major shortfalls in more than 3 KRs.
Likely to impede product acceptance by customer
or qualification. Product is not fit for purpose.
* Note: check out the Risk Management Plan to verify the scoring schemefor your programme/division.At Corporate level a Risk Scoring Scheme is established to assess the risks against REPUTATION, COHESION and GROWTH.
PROBABILITY IMPACT DIAGRAM (PID)Based on the combination of the assessed probability and the assessed impact, the risk level is obtained.
positive negative
Prob
abilit
y
VeryHigh -25 -21 -16 -11 -6 6 11 16 21 25
High -24 -20 -15 -10 -5 5 10 15 20 24
Medium -23 -19 -14 -9 -4 4 9 14 19 23
Low -22 -17 -12 -7 -2 2 7 12 17 22Very Low -18 -13 -8 -3 -1 1 3 8 13 18
Very High High Medium Low Very
LowVery Low Low Medium High Very
HighOpportunity Threat
Impact
To ensure that risks are captured correctly, the following questions need to be answered:
Is the context clearly understood by all?Is the risk linked to objectives?Is it a risk or is it an issue?Is the risk description adequate?
RISK RESPONSE STRATEGIESThreat Generic Strategy OpportunityAvoid Eliminate uncertainty. Terminate. Exploit
Transfer Involve others. Transfer. ShareReduce Change size. Treat. EnhanceAccept Take a risk. Tolerate. Accept
Risk
Sco
re
Time6 weeks ago
Response 1
Response 2
Response 3
Today in 3 weeks
Response 1
Response 2
Response 3
First Assessment (pre-mitigation)
Score (after successfullycompletitionresponse 1)
Current Risk Management (response 2 was successfully completed today, no further mitigation considered during assessment)
Post Mitigation Risk Assessment (response 3 applied, confidence level of successful completition taken into account)
RISK RESPONSE PLANNING. In accordance with the approved risk treatment strategy and with the resource constraints, a Mitigation Plan is developed. It contains a set of responses each defined in terms of aim, ownership and deadline.
Type of Risk Responses
Actions are responses taken to reduce risk exposure to an acceptable level. If effective, they do not need to be continued or repeated.
Controls are responses, generally repetitive, which are taken to maintain risk at an acceptable level. Effectiveness of each performed control measure should be recorded.
During the development of the Mitigation Plan, the target risk level for each action should be determined.
When all risk actions are combined, the residual risk can be determined.
The waterfall diagram represents graphically the plan.
RISK ANALYSISThe identified risks are individually assessed in terms of likelihood of occurrence (PROBABILITY) and magnitude of their effect (IMPACT) on objectives, in order to be prioritized as support to decision making process.
QUALITATIVE ASSESSEMENT (Prioritisation of risks)