10. Risk and Issues Management Flashcards
What are the stages of risk management
Initiate - 1. Establish baseline - Clarify baseline, objectives, scope , success criteria and benefits. 2. Decide and document how risk management will be applied through a risk management plan, including roles and responsibilities. (Does not contain the risks)
Identify - Identify risks in risk register through Brainstorming, Interviews, Checklists, lessons learned, questionnaires, SWOT.
Assess- Look at probability and impact to assess risk level to give inherent risk and key to prioritising risks. Reassess after applying response strategy. Risk register should show probability and impact.
Plan response - Avoid, plan feedback, reduce probability, reduce impact, accept, share contractually, pool, insure.
Implement Response - Plans need to resourced, implemented, monitored and adjusted as required ad reported on. Risks must have owners responsible for ensuring agreed actions are implemented. Monitoring and reporting should be agreed in risk management plan. Process effectiveness should be monitored as part of CI.
Close risk - Once risk dealt with should be closed on risk register.
Note responses to highlighted risks
Proactive approaches include: Threats: • Avoid - Change objectives or practices so that the risk cannot occur. Insure/transfer – Pass the responsibility for bearing the impact to an other party (insurance is one example of this). Important to appreciate that making somebody (such as a contractor) the risk owner does not automatically transfer the risk to them. • Pool – This is where an organisation self-insures itself against risk and absorbs the impact by having a risk pool with other projects. • Reduce impact and/or probability – Action is planned in advance to reduce either the probability and/or the impact. This is probably the most common form of risk response. • Accept – The risk is accepted, and no mitigation is planned. It is important that the risk is monitored and reported on and not ignored as risk severity can change.
Opportunities: • Share contractually – This is where the impact of the risk is shared by two or more parties e.g. a client and a contractor. This should incentivise both parties to work collaboratively to manage the risk. • Enhance probability or impact – Action to make the opportunity more likely to occur or the impact greater. • Reject – This is where an opportunity has been identified (e.g. early delivery through incentivising contractors) but has been rejected (e.g. because the support team will not be in place to accommodate the earlier delivery). • Exploit – An example of this is where a fixed price contract has been placed and the contractor identifies areas where they can do things more efficiently than planned. This will increase their profit levels.
List hard benefits of risk management
- Better informed and more reliable plans, schedules and budgets - Plans, schedules and budgets are only estimates, and are rarely accurate. Factoring in risk events and mitigating actions with their cost and time effects (tolerances and contingency) will result in plans that are more credible.
- Leads to the use of the most suitable type of contract.- Contracts apportion risk to the most appropriate party (customer or supplier). The basic examples are fixed price (supplier takes the risk) and cost plus (the customer takes the risk). Risk analysis can expose possible conflict areas between the contractor and the customer which can be addressed early in the project rather than later where litigation might be an outcome.
- A more meaningful assessment of contingencies- Calculating contingency based on risk probability and impact removes the tendency to factor in ‘blanket’ contingency. A quantified level of contingency is more likely to be accepted and confidence gained by senior management and customers.
- Discouraging the acceptance of financially unsound projects - Risk analysis creates an early awareness of potential obstacles and opportunities. In extreme cases, risk analysis may reveal that a project cannot meet its objectives, is not feasible and should not be pursued.
List soft benefits of risk management
- Improvement of corporate experience and general communication - Improved communication has been described as one of the greatest benefits of the risk management process. It provides a framework for identifying and discussing risks in a neutral, blame-free environment with the emphasis on positive action. It facilitates a common language across an organisation and provides a reporting route that connects the risk events with senior management thus alerting them to areas deserving greater attention.
- Demonstrates a responsible approach to customers -A common understanding between the customer and supplier of the risks facing a project is important to implement realistic plans. This may include accepting longer timescales or higher costs for contingencies. Sharing risk information with the customer can lead to improved understanding of the challenges ahead and result in a stronger relationship. It avoids surprises which can sour relationships and cause conflict.
- Facilitates greater risk taking, thus increased benefits-Without formal risk management, project outcomes are unpredictable (e.g. a gamble), and opportunities remain unexploited. By applying formal risk management techniques with appropriate mitigation and fallback plans, an organisation can take greater risk with lower levels of contingency, thus improving return on investment.
What are the stages of managing issues
- log and assess new issues - may need to priorities according to scope/ quality/time/cost and benefits.
• escalate issues - include date. escalate as agreed
• assign actions and apply change control
• track issues
What are barriers to overcome with issues management
- Lack of time to process issues.
- Holding on to issues too long.
- Corporate ‘blindness’ to the underlying cause of issues.
- A culture of blame or ‘bravado’ where the team try and solve problems above their delegated limits.
Activities that can alleviate these include:
• Having an agreed issue management process that is promoted and understood.
• Engagement of a project management office (PMO) to help facilitate the process.
• Having clear and agreed delegated tolerances for each role in the team
Explain three stages in a risk management process – 30 marks (10 marks each)
Identification.
• The purpose of this stage is to capture the risks that will be subsequently managed.
• It is therefore important that the right stakeholders must be involved, and the most effective methods/techniques employed as this forms the basis of subsequent assessment and quantification.
• Brainstorming and workshops can be effective ways of ensuring that a wide range of views, experience and knowledge is applied, and get the best outcome of this stage.
• To assist with their assessment, risks should be documented using a ‘meta-language’ structure consisting of a cause, risk event and effect.
• This will ensure that cause is separated from effect and mitigation can be targeted.
• Identified risks should be entered into a project risk register/log. This document should be kept up to date throughout the project and will show the latest status of risk events and be the basis of tracking the status of a project’s risks.
a)/2 Assessment.
• This is where the identified risk events are assessed and understood for their probability and impact.
• The combination of probability and impact produces the severity of risk (i.e. probability x impact = severity). This represents the inherent risk (i.e. before mitigation) and will be a key consideration when prioritising risks and deciding on responses.
• Another aspect of assessing a risk is consideration of its ‘window’, i.e. when or within what period the risk could occur (e.g. imminent, within stage, within project, beyond project). This will allow responses to be scheduled.
• Once the individual risk events have been assessed, the overall project risk can be calculated to understand the project and organisational exposure which supports governance.
• Risk severity should be reassessd after applying a response strategy to show the effectiveness of potential responses. Residual risk levels must be assessed after responses have been planned to ensure they are within acceptable levels.
a)/3 Plan a response.
• There are two main types of response to threats and opportunities – a proactive and a reactive approach.
• The strategy is to maximise the opportunities and to minimise the threats thus improving the likelihood of project success.
• Each response should be practical, effective in cost v benefit terms and assigned an owner who will ensure the response is implemented.
• Reactive responses are generally in the form of contingency – a provision of time or money set aside for dealing with a risk that occurs.
• One powerful way of responding to risk is in the form of contractual sharing (e.g. gainsharing) which results in both parties working together to minimise the threats and increase the opportunities. This leads to a win-win outcome.
Explain two responses that a project manager may take to proactively respond to a negative risk – 20 marks (10 marks each)
Transfer
• This passes the responsibility for bearing the impact to another party (insurance is one example of this).
• This may result in reducing the level of risk if the party to whom the risk is transferred is more capable of managing it (e.g. a contractor with more expertise of resource).
• However, it is not always possible to transfer all the risk therefore risk transfer requires a balanced approach that leaves residual risk on both sides which must be accepted or further mitigated.
• Transfer is often achieved through contracts and includes liquidated damages which limits supplier liability and incentivising them. At the same time this gives some financial recompense to the client in the case of failure to achieve agreed targets.
• Target cost type contracts also include an element of risk transfer and motivate suppliers to minimising the impact caused by threats and maximising opportunities.
b)/2 Reduce
• Action is planned in advance to reduce either the probability and/or the impact of risk. This is probably the most common form of risk response and they must be tackled at source.
• This action is preventative but requires an investment of cost and management time/resources to implement.
• The cost of this investment must be justified by the benefits gained in terms of the reduction of the risk’s expected value.
• An example of reducing probability is training staff in health and safety to reduce the chance of accidents.
• An example of reducing impact is the provision of a protective barrier to reduce the impact of flood damage.
Explain three benefits of a project risk management process – 30 marks (10 marks each)
Better informed and more reliable plans, schedules and budgets.
• Plans, schedules and budgets are only estimates, are rarely accurate and can lead to uncertainty of outcomes. This exposes an organisation to cost and reputational risk.
• Risk management helps to identify risk factors that can be assessed and responded to. This reduces this exposure to within acceptable levels.
• Factoring in risk events and mitigating actions with their cost and time effects (e.g. cost to reduce risk and contingency set aside) will result in plans that are more credible.
• This will give stakeholders more confidence in the validity of plans and increase their level of support.
a)/2 Leads to the use of the most suitable type of contract.
• Contracts apportion risk to the most appropriate party (customer or supplier).
• Risk management helps understand the inherent risk in a project and select the most appropriate form of contract.
• The basic examples are fixed price (supplier takes the risk) and cost plus (the customer takes the risk).
• Risk analysis can expose possible conflict areas between the contractor and the customer which can be addressed early in the project rather than later where litigation might be an outcome.
• Choosing the best form of contract will lead to better working relationships and a winwin outcome.
a)/3 Discouraging the acceptance/continuance of financially unsound projects.
• Risk analysis creates an early awareness of potential obstacles. In some cases, risk analysis may will reveal that a project cannot meet its objectives, is not feasible and should not be pursued.
• By doing risk management, the potential impact in financial terms can be calculated as well as the cost of mitigating risk. This applies before projects are authorised at the start and at each gate in the lifecycle. It is an essential input to the decision-making process.
• If the risk exposure caused by an existing project rises beyond an accepted threshold it ceases to be viable and should be stopped or reappraised. This supports good governance and allows an organisation to control the project risk proactively.
• An example of this is the initial estimated cost of building a new waste processing plant for the nuclear industry. Risk analysis shows that there is a high risk of the costs rising (based on a volatile economy) and the planned customers not buying the services provided by having the facility. The project will not go ahead in this case
Explain two reasons for escalating issues – 20 marks (10 marks each)
When the tolerances of delegated work have been or will be exceeded.
• This supports good governance by ensuring that delegated limits are not exceeded and issues are sent to the right level of management for decisions to be made.
• This allows the appropriate level of management (e.g. sponsor) to understand the impact of an issue on the project objectives as approved in the plan and implement actions.
• It stops people holding on to issues and wasting time by trying to solve them without informing the next level up. This could delay intervention and increase the impact of the issue on the project.
• To inform decision making it is helpful to recommend options for issue response when escalating.
b)/2 To get support to resolve issues.
• Issues are escalated to a level that can provide advice and expertise in resolving them (e.g. project manager escalating to sponsor and governance board who represent key stakeholder groups).
• This management level will have a view of the ‘big picture’ and as such, they will be able to understand the wider implications of issues and ensure the optimum support is provided.
• This may come in the form of securing additional resources or agreeing changes to the project success criteria (e.g. extending timescales or reducing scope).
• This management level will also be able to engage other senior stakeholders and ensure that there is agreement as to the proposed resolution strategy.
Explain three aspects of an issue management process – 30 marks (10 marks each)
Log and assess new issues
• Issues are logged in an issue register to ensure they are formally entered into the project.
• Once this is done, rapid analysis is performed to understand the nature of the issue along with its causes and potential impact.
• Delays at this stage may increase the impact of the issue (e.g. an oil spillage getting worse or security breach causing increasing risk).
• Issues should be assessed and prioritised for their impact on the success criteria of a project such as time, cost, scope, risk and benefits.
a)/2 Escalate issues
• They are escalated by the project manager to the sponsor who may in turn, escalate them to the governance board for resolution if the impact of the issue exceeds the project tolerances set by them.
• This is a key aspect of project governance and ensures that issues that exceed delegated tolerances are escalated to the owner of those tolerances.
• The issue register should be updated to show the date of escalation and the status of the issue. This will help expedite any outstanding issues that have been escalated but not actioned by the sponsor.
• This should be done as soon as possible to avoid delays to issue resolution and actions.
a)/3 Actions are agreed and assigned.
• The sponsor/governance board will make a decision and assign implementing actions to the person or group best placed to address the issue.
• This will be done with clear timescales and milestones to ensure the issue has minimum effect on the project objectives.
• Issues that result in changes to any part of the baseline plan (e.g. scope and quality) where delegated tolerances are breached, should be managed via the change control process.
• Detailed action plans may be requested so that the resolution strategy can be implement and tracked.
Explain two responses that a project manager may take to proactively respond to a positive risk – 20 marks (10 marks each)
Enhance probability or impact.
• This is an action to make the opportunity more likely to occur or the impact greater.
• This can be strategic such as a decision to develop a design in-house to increase control over the process, or tactical such as optimising project resources to increase the probability of reduced costs.
• Enhancing impact could include payment for early delivery which would take a product to market earlier with the impact of greater sales. Another example is where increased training could result in a greater impact in terms of efficiency (e.g. higher production).
b)2 Exploit an opportunity.
• This might involve changing the scope in order to achieve a beneficial outcome for one or more of the stakeholders.
• Where one aspect of risk exposure has been transferred to one stakeholder such as in a fixed price contract, the supplier may exploit an opportunity to reduce cost and increase their profit.
• Some gainshare type contracts allow both parties to benefit from more efficient ways of implementing the project thus incentivising all involved. This will result in less conflict and fewer delays.
• Another example is where a project produces a novel product that can be patented or copyrighted. The supplier may exploit this by selling the product they ‘invented’ whilst paying a license fee to the customer who commissioned the project. This results in a win-win outcome.
