UN 0603 Unit 11 - PowerPoint PPT Presentation

1 / 161
About This Presentation
Title:

UN 0603 Unit 11

Description:

Enterprise Environmental. 4.3 Develop PMP. 4.6 Int Change Control. Scope Statement ... Star-Trek syndrome (to fail boldly where...) Size has its own problems ... – PowerPoint PPT presentation

Number of Views:121
Avg rating:3.0/5.0
Slides: 162
Provided by: sherryg8
Category:
Tags: enterprise | star | trek | unit

less

Transcript and Presenter's Notes

Title: UN 0603 Unit 11


1
UN 0603Unit 11
  • Project Risk Management

Dr. J. Michael Bennett, P. Eng., PMP UNENE,
McMaster University, The University of Western
Ontario Version 2K6-X-26
2
Change Control
  • 2K6-X-26 3rd edition

3
EP 704 Road Map
  • Unit 1 Introduction to Project Management
  • Unit 2 The Project Management Context
  • Unit 3 Project Management Processes
  • Unit 4 Project Integration Management
  • Unit 5 Project Scope Management
  • Unit 6 Project Cost Management
  • Unit 7 Project Time Management
  • Unit 8 Project Quality Management
  • Unit 9 Project Human Resource Management
  • Unit 10 Project Communications Management
  • Unit 11 Project Risk Management
  • Unit 11 Project Procurement Management

4
Dilbert and Risk
5
Introduction
  • Processes concerned with conducting
  • Risk management planning
  • Risk identification
  • Risk analysis
  • Risk responses
  • Monitoring and controlling risk

6
Commercial databases
11.1 Risk Man. Planning

PMP
PP, Guidelines
Approved Change Reqs
Lessons Learned
Risk Management Plan
Scope Statement
Approved Change Requests
Risk Register
Risk Register Updates
Cost Management Plan
Schedule Management Plan
Risk Register Updates
PMP Updates
Performance Reports
Risk Register Updates Risk-related contractual
agreements
Work Performance Information
History, Calendar
Requested Changes
OPA Updates
PMP Updates
7
Objectives of Risk Management
  • To increase the probability and impact of
    positive events
  • To decrease the probability and impact of
    negative events
  • Note we normally concentrate on the latter and
    thankfully accept the former

8
Six Main Processes
  • Risk Management Planning
  • Risk Identification
  • Qualitative Risk Analysis
  • Quantitative Risk Analysis
  • Risk Response Planning
  • Risk Monitoring and Control

9
Project Risk Management
11.2 Risk Identification 11.2.1 Inputs .1EEP
.2 OPA .3 Project Scope Statemt
.4 Risk Management Plan . 5 PMP 11.2.2
Tools and Techniques .1 Documentation
Reviews .2 Info Gathering Techs .3
Checklist Analysis .4 Assumptions Analysis
.5 Diagramming Techs 11.2.3 Output
.1 Risk Register
11.3 Qualitative Risk Analysis 11.3.1 Inputs
.1 EEP .2 OPA .3 Project Scope
Statement .4 Risk Management
Plan 11.3.2 Tools and Techniques .1 Risk
Prob, Impact Assesst .2 Prob Impact
Matrix .3 Risk Data Quality .4 Risk
Categorization .5 Risk Urgency
Assesst 11.3..3 Output .1 Risk Register
Updates
11.1 Risk Management Planning 11.1.1 Inputs
.1 EEP .2 OPA .3 Project Scope
Statement . 4 PMP 11.1.2 Tools and
Techniques .1 Planning Meetings
Analysis 11.1.3 Output .1 Risk
Management Plan
10
11.4 Quantitative Risk Analysis 11.4.1 Inputs
.1 EEP .2 Project Scope Statement
.3 Risk Management Plan .4 Risk Register
. 5 PMP 11.4.2 Tools and Techniques .1
Data Gathering Rep Teks .2 Quant. Risk Ana
Modeling 11.4.3 Outputs .1 Risk Register
Updates
11.5 Risk Response Planning 11.5.1 Inputs .1
Risk Management Plan .2 Risk Register 11.5.2
Tools and Techniques .1 Strategies for Risk
Threats .2 Strategies for Opportunities
.3 Strategies for Both .4 Contingent
Response Strategy 11.5.3 Output .1 Risk
Register Updates .2 PMP Updates .3
Risk-related Contractual Agreements
11.6 Risk Monitoring Control 11.6.1 Inputs
.1 Risk Management Plan .2 Risk Register
.3 Approved Change Requests .4 Work
Performance Info. .5 Performance
Reports 11.6.2 Tools and Techniques .1 Risk
Reassessment .2 Risk Audits .3
Recommended Corrections .4 Technical Perf.
Meas. .5 Reserve Analysis .6 Status
Meetings 11.6.3 Output .1 Risk Register
Updates .2 Requested Changes .3 Recd
Corrections .4 Recd Preventions .5 OPA
Updates .6 PMP Updates
11
Risky Quotes
1. If you know your enemy and yourself, you need
not fear the result of a hundred battles (Sun Tzu
500BCE) 2. If you do not actively attack risks,
risks will actively attack you! 3. Risk
prevention is more cost-effective than risk
detection. 4. The degree of risk and its causes
must not be hidden from the decision-makers. 5.
If you dont ask for risk information, youre
asking for trouble.
12
Definition of Risk
  • Involves at least these 2 characteristics
  • uncertainty
  • loss
  • Risk is the possibility of suffering loss (SEI)
  • Risk is the measure of probability and severity
    of adverse effects (Lowrance)
  • Risk is the potential for realization of unwanted
    negative consequences of an event (Rowe)

13
Risk Statement
  • For a risk to be understandable, it must be
    expressed clearly
  • Must include
  • description of current conditions that might lead
    to a loss
  • description of loss or consequence

14
Principles of Continuous RM
  • Core
  • Defining
  • Sustaining

15
Core Principle
  • Open communication
  • encourage free-flow of information
  • enable communication(formal, informal, impromptu)
  • accept all views

16
Defining Principles
  • Forward-looking view
  • Shared product vision
  • Global perspective

17
Sustaining Principles
  • Integrated Management
  • Teamwork
  • Continuous Process

18
Our Risk Paradigm
Control
Track
Identify
QQ Analysis
Plan
19
Identify
  • Search for and locate risks before they become a
    problem
  • Risk ID is a continuous process
  • Risk is everyones business

20
Analyze (Qualitative Quantitative)
  • Transform risk data to make decisions
  • Evaluate impact, probability, timeframe
  • Classify risks
  • Prioritize risks

21
Plan
  • Build a Risk Plan
  • Transform risk information into decisions and
    actions
  • Planning is continuous
  • Planning is forward-looking
  • Planning need shared product, global vision

22
Track
  • Monitor risk indicators
  • Trigger mitigation action plans
  • Tracking is continuous
  • Combine risk with project tracking

23
Control
  • Correct for deviations from risk mitigation plans
  • Combine with project control
  • Keep communications open

24
Above all, COMMUNICATE
  • Provide internal feedback on risks info
  • and external

25
SPMP Risk Factors
  • Real-world risks
  • Technological risks
  • Risks due to size
  • People risks
  • Customer risks
  • Business risks (covered above too)

26
Real-World Risks
  • Contract risks
  • Management risks
  • External risks (e.g.... Eastern Europe)
  • Acts-of-God

27
Contract Risks
  • Will explore in next unit ad naseum
  • Make sure you can deliver
  • NEVER promise too much-)!!!!!

28
Management Risks
  • Financial health of organization
  • Takeoverability of organization
  • Management attitude
  • Government inertia
  • Cost of capital
  • Cost of raw materials

29
External Risks
  • Eastern Europe syndrome (i.e.... market
    volatility example of a risk)
  • Government intervention (equal-opportunity
    initiatives)
  • GATT/FTA problems

30
Acts-of-God Risks
  • Hurricanes, tornadoes, tidal waves etc..
  • Pestilence, plagues etc..
  • Plane crashes etc..
  • Earthquakes

31
Technological Risks
  • Software
  • Hardware
  • New technologies
  • Technology failures
  • Technology scoops
  • Write-offs of legacy equipment

32
Risks due to Size
  • Star-Trek syndrome (to fail boldly where...)
  • Size has its own problems
  • Application may overstretch tech platform
  • MULTICs example
  • The non-linearity of extrapolation

33
People Risks
  • People volatility
  • People burn-out
  • Shrinkage of labour supply
  • Inappropriate skilling of people
  • Boring work
  • Union problems

34
Customer Risks
  • Customer financial stability
  • Requirement changes
  • Environmental changes (only buy Mongolian all
    documentation must be in Mayan)
  • External interfaces changed (now we use Linux)

35
Business Risks
  • Building a product that no one wants
  • Building a product that no longer fits into the
    FedGov strategy
  • Building a product that the sales force does not
    understand
  • Losing senior management support
  • Losing budget

36
11.1 Risk Management Planning
11.1.1 Inputs .1 EEP .2 OPA .3
Project Scope Statement . 4 PMP 11.1.2 Tools
and Techniques .1 Planning Meetings
Analysis 11.1.3 Output .1 Risk
Management Plan
37
11.1.1 Inputs
  • EEFs
  • Flavour of the Org will set the Risk agenda
  • May be expressed in policy statements
  • May be inferred from actions
  • OPAs
  • May have risk categories, common definition of
    terms
  • Standard templates
  • Roles responsibilities
  • Authority levels for risk decision making

38
Risk Planning
  • can easily have 30-50 risks
  • use Pareto 80/20 rule to cull
  • prepare a Risk Management Plan RMP
  • General plan aspects
  • Boehms Top Ten
  • Boehms List
  • RMMP

39
The Top Ten SW Risks (after Boehm)
Risk Risk Management Techniques 1
Personnel Staffing with top talent, job matching
team building shortfalls morale building,
cross-training, prescheduling key people 2
Unrealistic Detailed, multisourced cost-schedule
estimation use of schedules and design and
FP metrics, software reuse requirements
budgets engineering 3 Developing
the Organizational analysis mission analysis
wrong software user surveys prototyping early
users functions manuals 4 Developing
the Task analysis prototyping scenarios user
wrong user characterization interface 5
Gold Requirements scrubbing prototyping
cost-benefit Plating analysis design to
cost
40
The Top Ten SW Risks (after Boehm)
6 Changing High change threshold information
hiding incremental Requirements development
7 Shortfalls in Benchmarking inspections
reference checking externally
supplied compatibility analysis
components 8 Shortfalls in Reference
checking pre-audit awards award-fee
externally performed team building competitive
design tasks 9 Real-time Simulation
benchmarking modeling prototyping
performance SFs instrumentation tuning 10
Straining CS Technical analysis cost-benefit
analysis prototyping capabilities referenc
e checking
41
Common SW Weaknesses 90-95
  • 1 Schedules set before definition
  • 2 Excessive schedule pressure
  • 3 Major Reqs change after SO
  • 4 Inadequate PM skills
  • 5 Inadequate pretest defect removal procs
  • 6 Inadequate SW process

C. Jones Applied Software Measurement McGH 1997
42
Weaknesses cont.
  • 7 Inadequate office space, environment
  • 8 Inadequate training
  • 9 Inadequate support for reuse, code and design
  • 10 Inadequate orgs, specialist support
  • 11 Too much emphasis on partial solns
  • 12 Too new technologies

43
Common Strengths, 1990-95
  • 1 Experience in application area
  • 2 Morale and cohesiveness
  • 3 Experience with prog langs
  • 4 Experience with support tools
  • 5 Experience with hardware
  • 6 Availability of hardware

44
Strengths cont.
  • 7 Availability of support tools
  • 8 Use of adequate testing methods
  • 9 Use of configuration management
  • 10 Use of structured code methodologies
  • 11 Use of formal assessments
  • 12 Use of geriatric tools for legacy SW

45
11.1.2 TT
  • The Team will have planning meetings to develop
    the Risk Management Plan
  • Again is successively elaborated

46
11.1.3 Risk Management Plan
  • Includes at least the following
  • Methodology
  • Roles responsibilities
  • Budgeting
  • Timing categories
  • Definitions of risk probability and impact
  • Probability Impact Matrix
  • Stakeholders tolerances
  • Reporting formats
  • Tracking

47
Risk Breakdown Structure (RBS) PMBOK Pg 244
PROJECT
Project Management
Technical
External
Organizational
Project Dependencies
Estimating
Resources
Planning
Funding
Controlling
Prioritization
Communication
48
Impact Scales for 4 Project Objectives PMBOK pg
245
49
Sample Risk Management Plan (Charette)
  • I Introduction 1. Scope and purpose 2.
    Overview a) Objectives b) Risk aversion
    priorities 3. Organization a) Management b)
    Responsibilities c) Job descriptions 4.
    Aversion program description a) Schedule b)
    Major Milestones and reviews c) Budget

50
Sample Risk Management Plan (Charette) cont.
  • II Risk Analysis 1. Identification a) Survey
    of risks b) Sources of risk c) Risk
    Taxonomy 2. Risk Estimation a) Estimated
    probability of risk b) Estimated consequence of
    risk c) Evaluation of risk referents d)
    Evaluation results 3. Evaluation a) Evaluation
    methods to be used b) Evaluation method
    assumptions and limitations c) Evaluation risk
    referents d) Evaluation results

51
Sample Risk Management Plan (Charette) cont.
  • III Risk Management1. Recommendations2. Risk
    aversion options3. Risk aversion
    recommendations4. Risk monitoring procedures
  • IV Appendices1. Risk estimate of the solution2.
    Risk abatement plan

52
11.2 Risk Identification
11.2.1 Inputs .1 EEP .2 OPA .3
Project Scope Statement .4 Risk
Management Plan . 5 PMP 11.2.2 Tools and
Techniques .1 Documentation Reviews .2
Info Gathering Techniques .3 Checklist
Analysis .4 Assumptions Analysis .5
Diagramming Techniques 11.2.3 Output .1
Risk Register
53
Risk Identification
  • Determines which risks might affect the project
    and document their characteristics
  • Who does this
  • PM, team members, management team
  • SMEs, other external experts
  • Customers, end users
  • Stakeholders

54
Risk Identification
  • Step 1 Capture the Statement of Risk
  • Step 2 Capture the Context of the Risk

55
Our Risk Paradigm
Control
Track
Identify
QQ Analyze
Plan
56
Step 1 Capturing a Statement of Risk
  • The Risk statement consists of 2 parts
  • condition a single phrase describing the key
    circumstances, situations, causing concern,
    doubt, anxiety, uncertainty
  • consequence a single sentence describing the key
    (normally negative) outcomes of the current
    situation

57
Example
  • Condition The GUI must be coded using X Windows
    and we do not have expertise in X Windows
  • Consequence The GUI code may not be completed in
    time and may be inefficient

58
Step 2 Capturing the Context of a Risk
  • This includes recording additional information
    regarding the circumstances, events and
    interrelationships that may affect the risk
  • intent is to provide enough extra information
    that other people can understand the risk,
    particularly after time has passed

59
Example
  • A GUI is.. And we need one because
  • The graphical interface is an important part of
    the system and we do not have anyone trained in X
    Windows. We have all been studying the language
    but it is complex and only one person on the team
    has any graphics experience and that is with
    Windows on a PC.

60
11.2.2 Risk Identification TT
  • .1 Documentation Reviews
  • .2 Info Gathering Techniques
  • .3 Checklist Analysis
  • .4 Assumptions Analysis
  • .5 Diagramming Techniques

61
.1 Documentation Reviews
  • Structured review of
  • Project documentation
  • Plans, assumptions
  • Prior project morgue files
  • Check the consistency of the various plans

62
.2 Information Gathering Techniques
  • Brainstorming
  • Delphi technique
  • Interviewing
  • Root cause identification
  • SWOT analysis

63
.3 Checklist Analysis
  • Like Boehms list
  • Org should have one
  • Check out textbooks
  • Look at the lowest level of the RBS/WBS
  • Note that we cannot build an exhaustive list,
    ever!

64
.4 Assumptions Analysis
  • Find the assumptions
  • Check out the validity of the assumptions
  • Look at the inaccuracy, inconsistencies,
    incompleteness of those assumptions

65
.5 Diagramming Techniques
  • Ishikawas
  • Process flow charts
  • Influence diagrams

66
Ishikawa Diagrams
Environment
People
Process
hard to modify
hard coded
Unit 12 costs 50 of all Effort LQ
Measurement
Machines
Materials
67
Sample Process Flowchart PMBOK page 194
NO
7 Vendor makes Proofs
6 Artwork out for Proofs
YES
NO
NO
8 Proofs acceptable?
9 QA Review Approval?
10 Proof back to Vendor
11 Specs Signed
YES
YES
12 Order Materials
68
11.2.3 Risk Identification Outputs
  • Risk Registry
  • A PMI term to indicate the repository of all of
    the information associated with risks
  • Available to other planning areas and processes

69
Risk Registry
  • List of identified risks
  • List of potential responses
  • Root causes of the risks
  • Updated risk categories

70
11.3 Qualitative Risk Analysis
11.3.1 Inputs .1 EEP .2 OPA .3
Project Scope Statement .4 Risk
Management Plan 11.3.2 Tools and Techniques
.1 Risk Probability Impact Assessment .2
Probability Impact Matrix .3 Risk Data
Quality .4 Risk Categorization .5 Risk
Urgency Assessment 11.3.3 Output .1 Risk
Register Updates
71
Purpose of Qualitative RA
  • Focuses on ranking in non-numeric terms
  • Want to focus on high-priority risks especially
  • Risk has 3 dimensions
  • Probability of occurrence
  • Impact of eventuated risk
  • Timing of the risk
  • Is rapid, cheap, foundational
  • Indicates the need for expansion in quant section

72
.1 Risk Probability Impact Assessment
  • Severity LikelihoodImpact
  • Ranking very important

73
3.1 Risk Estimation
  • Also called Risk Attribute Evaluation
  • Try to rate
  • Likelihood of risks reality
  • Consequences of risks effects
  • Severity Likelihood x Consequence

74
Likelihood
  • What is the chance that it might happen?
  • Impossible
  • Unlikely
  • Likely
  • Guaranteed to happen

75
Risk Consequences
  • Nature of riskWhat are the problems associated
    with this risk happening?
  • Scope of riskhow serious is it AND how much of
    the project will be harmed (or how many
    customers?)
  • Timing of riskwhen and how long will the effects
    be felt?
  • Assign a rating

76
Risk Examples
  • task is to map quadruples onto STEPS to avert risk

RISK Management
RMMP
77
Evaluating Risks
  • Air Force example
  • Binary level
  • Ternary level
  • Probability

78
Binary Level
  • There are 4 possibilities (impact-probability)
  • 1 yes-yes (high)
  • 2 yes-no (moderate)
  • 3 no-yes (moderate)
  • 4 no-no (low)

79
Ternary Level
  • 9 levels
  • h-h, h-m, m-h (high)
  • h-l, m-m, l-h (moderate)
  • m-l, l-m, l-l (low)

80
Air Force Categorization
  • Impact
  • catastrophic
  • critical
  • marginal
  • negligible
  • Probability
  • frequent
  • probable
  • improbable
  • impossible

81
.2 Probability Impact Matrix
  • Can also use a stoplight chart as follows
  • Permits us to rank risks or put them in a common
    risk basket

82
Probability- Impact Matrix PMBOK page 252
THREATS
OPPORTUNITIES
Impact
83
International Nuclear Event Scale
  • L Name Criteria Examples
  • 0 Below scale no safety experience
  • 1 Anomaly variation from pp
  • 2 Incident insig release of R
  • 3 Serious " very small RoR Vandellos E, 1989
  • 4 Acc without minor RoR StLaurent F, 1980
  • sig offsite RoR Sig plant dam, death
  • 5 Acc with " limited RoR TMI 1979, Japan 2K
  • 6 Serious A sig RoR
  • 7 Major Acc major RoR, Widespread Chernobyl
  • health, envir effects
  • RoR Release of Radiation
    sigsignificant

84
.3 Risk Data Quality
  • An non-numeric assessment of the quality of the
    data
  • Tries to qualitatively estimate
  • Degree of understanding of the risk
  • Accuracy of the risk data
  • Quality of the risk data
  • Reliability of the risk data
  • Integrity of the risk data

85
.4 Risk Categorization
  • Grouping makes it much more cost-effective

86
Risk Classification
  • Group risks into similar groups
  • Permits removal of duplicate risks
  • Allows for separate approaches depending on the
    group

87
Classification Perspective
  • Predefined (like Boehms)
  • Self-organized (based on common characteristics)

88
Classification by Source/Impact
  • Source based on the same cause or source
  • Impact based on the impact on the Project

89
Taxonomy Element
90
.5 Risk Urgency Assessment
  • Need to assess the risk timing
  • A risk that has eventuated is no longer a risk
    its a FACT

91
11.3.3 Qual Risk Analysis Outputs
  • Risk Registry Updates
  • Priority ranking of risks
  • Risks grouped by category
  • Risks requiring near-term response
  • Risks requiring more analysis/response
  • Watch lists of low priority risks
  • Trends in qualitative risk analysis results

92
11.4 Quantitative Risk Analysis
11.4.1 Inputs .1 EEP .2 Project Scope
Statement .3 Risk Management Plan
.4 Risk Register . 5 PMP 11.4.2 Tools and
Techniques .1 Data Gathering
Representation Techniques .2 Quantitative
Risk Analysis Modeling 11.4.3 Outputs .1
Risk Register Updates
93
Our Risk Paradigm
Control
Track
Identify
QQ Analyze
Plan
94
Quantitative
  • Here we put numbers on the risks
  • Here be Dragons
  • Just because there is a number, does not make it
    true!
  • Not everything that matters, can be measured.
  • Not everything that is measured, matters

95
The Ideal is to
  • Quantify the possible outcome
  • Assess the probability of achieving objectives
  • Use the numeric ranking to watch the highest
  • Identify realistic costs, schedules, scope
    targets in the face of the project risks
  • Determine the best PM decision when some risks
    rear their ugly heads

96
.1 Data Gathering Representation Teks
  • Interviewing
  • Probability distributions
  • Expert judgment

97
Range of Cost Estimates
98
Probability Distributions
Likely
Likely
Beta
Triangular
99
.2 Quantitative Risk Analysis Modeling
  • Sensitivity analysis
  • Expected monetary value
  • Decision tree analysis
  • Modeling and simulation

100
Decision Tree Diagram Upgrade?
Build New Plant
Build or Upgrade
Upgrade New Plant
101
Risk Register Updates
  • Probabilistic analysis of project
  • Probability of achieving cost and time objectives
  • Prioritized list of quantified risks
  • Trends in quantitative risk analysis results

102
Probability
  • 0 means impossible
  • 1 means will happen
  • 0.0001.0.99999
  • provides a continuum of values
  • normally must eyeball

103
Failure Intensities (Death/106 hrs)
  • Space shuttles 38,000
  • Nuclear Plants 3,400
  • Horseback ride 2,860
  • Light bulbs 1,000
  • NYC subway cars 478
  • Motorcycles 143
  • (Disabling household injuries)
    4.1
  • (Car thefts) 1.1
  • Death at 35 1.0
  • Auto deaths 0.7
  • Air deaths 0.5
  • Death by fire .00023
  • Electrocution .00006

104
Quantifying Risks with Probability
  • Sev Likelihoodi x Impacti
  • Problem is that it is hard to quantify these
  • For example, what is the likelihood of a ship
    hitting an iceberg in the North Atlantic?

105
Prioritizing Risks
  • Use the Pareto Rule
  • Pick the top 10

106
Risk Example
  • Suppose that you have identified the triplet
  • 1. r1 high staff turnover
  • 2. l1 estimated at 0.70
  • 3. x1 impact of increasing project duration by
    15 and overall cost 12
  • 4. s1 severity is .7 X .15

107
Risk Example cont.
  • Steps to Reduce the Risk of Turnovers might
    include
  • meet with current staff to determine causes of
    high turnover
  • change these before project commences
  • assume that turnover WILL occur during project
    and build that into plan
  • organize project teams so that information about
    each development activity is widely dispersed
  • define documentation standards
  • establish mechanism so that these are developed
    in a timely manner
  • conduct peer reviews and walkthroughs for
    second-sourcing
  • identify critical technologists
  • define a backup person for each critical
    technologist

108
Risk Product Number (RPN)
  • Uses 3 variables
  • Occurrence
  • Severity
  • Detection
  • RPNOSD (each ranked 1-10, increasing)
  • RPN1 most risk free
  • RPN1000 yikes! Head for the hills!

109
OOccurrence
  • Remote 1
  • Low failure rate 2-3
  • Moderate 4-6
  • High 7-9
  • Very high almost certain 10

110
SSeverity
  • Insignificant 1 - customer will not notice
  • Low severity 2-3 - slight annoyance
  • Moderate 4-6 - some dissatisfaction
  • High 7-9 - anger
  • Very high 10 - customer at risk

111
DDetection Ranking
  • Very High 1 - design controls will find Ds
  • High 2-3 - good chance to detect failure
  • Moderate 4-5 - may detect failures
  • Low 6-7 - not likely to detect
  • Very low 8-9 - will not detect
  • Unlikely 10 - no controls at all!

112
Case Study aluminum beverage cans
  • Pressure of compressed liquid splits can open
  • Compression of top causes stepped neck into can
  • Cans side wrinkles the way they do in an empty
    can
  • Cans bottom pops out
  • Cans bottom splits open
  • Cans top arches to accommodate pressure
  • Rivet in pop-top is ejected
  • Top cracks open when scored
  • Can leaks at rim where top joins side

113
Aluminum Can Example
  • Part FM F Mech Eff FR SR DR RPN Acts
  • Side break pressure splits leak 4 7 4 112
    thicken
  • sides open can wall
  • wrinkle insuff wall ugly 4 5 3 60
  • thickness
  • Top neck ext impact ugly 3 6 6 108 protect
  • pushed in when shipd
  • arches top arches ugly 3 5 3 45
    stiffen
  • out can wall
  • Bottom pops out press can 5 6 5 150 stiffen
    dish
  • falls bottom
  • splits press leaks 3 7 4 84 stiffen
  • can wall
  • Rivet ejected hi press leaks 5 8 4 160 ??

114
11.5 Risk Response Planning
11.5.1 Inputs .1 Risk Management Plan
.2 Risk Register 11.5.2 Tools and Techniques
.1 Strategies for Risk Threats .2 Strategies
for Risk Opportunities .3 Strategies for
Threats and Opportunities .4 Contingent
Response Strategy 11.5.3 Output .1 Risk
Register Updates .2 PMP Updates .3
Risk-related Contractual Agreements
115
Our Risk Paradigm
Control
Track
Identify
QQ Analyze
Plan
116
.1 Strategies for Risk Threats
  • Avoid
  • Transfer
  • Mitigate

117
Planning
  • What is planning?
  • Is it MY Risk? (assign responsibility)
  • What can I do? (approach)
  • How Much and What? (scope and actions)
  • Set Mitigation considerations
  • Guidelines and tips

118
Objectives of the PLAN
  • ID risks sources and consequences
  • develop effective plans
  • plan efficiently
  • produce the correct set of actions to minimize
    risk and impacts
  • plan important risks first

119
Whose Risk IS it?
  • 3 options
  • 1 keep the risk
  • 2 delegate the risk within the organization
  • 3 transfer it outside

120
Qs to Ask
  • Who could solve this risk?
  • Who has the power to allocate resources?
  • Who can be held accountable for this risk?
  • Who has the time to manage this risk?
  • Who has the opportunity to take action?

121
Keep the Risk
  • Retain accountability, responsibility, authority
  • You have resources, knowledge, position to manage
    risk
  • You approve all risk actions

122
Delegate
  • You retain accountability, assign responsibility
    and authority
  • You manage the risk

123
Transfer
  • You assign accountability, responsibility,
    authority
  • Third party now accepts the risk

124
What to do?
  • If you do not know enough about this risk to
    decide, research
  • Can you live with the risk? Accept
  • No can I mitigate? No track the risk
  • Yes develop a mitigation plan

125
Culling Risks
  • All risks cannot be planned simultaneously.
  • Plan in order of important at this time
  • What is important now to the project, client,
    user, management?
  • Is the project facing critical milestones?
  • What limits, constraints does the project have?
  • What milestones are fixed, flexible?
  • What resources are available for mitigation?
  • How does this risk factor into the overall
    project concerns?

126
Range of Mitigation Approaches
  • 1 Research
  • 2 Accept
  • 3 Mitigate
  • 4 Track

127
Mitigation Scope
  • Some Questions for Mitigation
  • How complex will the mitigation be?
  • How will it be documented?
  • What is the strategy?
  • What are the tasks?

128
Action Item?
  • Risk statement
  • Mitigation goal measures
  • Responsible person
  • Action items
  • Due dates and closing dates
  • Contingency action and triggers

129
or Task Plan?
  • Risk statement
  • Mitigation goal measures
  • Responsible person(s)
  • Related risks
  • Due date for task plan completion
  • Due dates and closing dates

130
Task Plan cont.
  • Chosen strategies
  • Specific actions
  • Budget
  • Schedule (MSP)
  • Risk tracking indicators, thresholds, reporting
    frequency
  • Contingency action and triggers

131
Risk ROI
  • Rule of Thumb do not spend more than 10 on
    mitigation

132
Set Mitigation Considerations
  • Try to collect related risks into a set
  • can benefit from coordinated mitigation
  • avoid possibly conflicting goals
  • increase cost-effectiveness

133
Hints
  • ID specific, implementable actions which will
    preempt problems
  • Create the desired further state
  • Integrate RMMP with project plans
  • Communicate mitigation plans to all affected
    personnel
  • Do not lose sight of the end product

134
.2 Strategies for Risk Opportunities
  • Exploit
  • Share
  • Enhance

135
.3 Strategies for Threats and Opportunities
  • Acceptance

136
.4 Contingent Response Strategy
  • Will happen only if predefined conditions occur
  • Events that can trigger the contingency must be
    defined and tracked

137
11.6 Risk Monitoring and Control
11.6.1 Inputs
11.6.3 Output .1 Risk Management Plan
.1 Risk Register Updates .2
Risk Register .2
Requested Changes .3 Approved Change
Requests .3 Recd Corrections .4
Work Performance Info. .4 Recd
Preventions .5 Performance Reports
.5 OPA Updates 11.6.2 Tools and
Techniques .6 PMP Updates
.1 Risk Reassessment .2 Risk Audits .3
Recommended Corrections .4 Technical
Performance Meas. .5 Reserve Analysis
.6 Status Meetings
138
.2 Risk Reassessment
  • Risks are temporal
  • Constantly being reassessed
  • At project meetings for example

139
Risk Tracking
  • Starts as soon as RMP is done
  • Gaulish in that its 3 objectives are1. to
    assess whether a risk does occur2. to ensure
    that the risk aversion steps defined in the
    RMMP are properly applied and3. to collect
    information for the database
  • this is a BIG job!

140
Our Risk Paradigm
Control
Track
Identify
QQ Analyze
Plan
141
Tracking
  • Definitions
  • Acquiring
  • Compiling
  • Reporting

142
Definitions
  • metrics
  • measure
  • indicator
  • trigger
  • provides a warning of an impending critical event
  • indicates a need to implement the RMP
  • requests immediate attention to a risk

143
Acquiring
  • Includes all steps to collect information about
    the risk measures and status indicators for
    watched and mitigated risks
  • input to the compile phase

144
CSFs for tracking data
  • Status information is only as good as its
    accuracy and timeliness
  • stale data is worse than useless
  • when a group of indicators is required, all of
    the data must be collected at the same time
  • collecting tracking data is responsibility of
    person responsible for the risk

145
Compiling
  • Risk data is analyzed, combined, calculated,
    organized for the tracking of the risk and its
    associated Risk Mitigation Plan

146
CSFs for the Report
  • What information needs to be reported?
  • What results are desired from the report?
  • Does the reports format match the desired
    outcome?

147
Reporting
  • Status information is reported to the decision
    makers, team members
  • verbal reporting
  • written reports
  • formal presentations

148
Our Risk Paradigm
Control
Track
Identify
QQ Analyze
Plan
149
.2 Risk Audits
  • Formal checks by management to ensure that proper
    risking is occurring

150
Controlling
  • Analyzing
  • Deciding
  • Executing

151
1 Analyzing
  • Uses tracking data to examine risks for trends,
    deviations, anomalies
  • Need to have a clear understanding as to the risk
    picture

152
Analyzing Tracking Data
  • Cause and effect Analysis
  • Cost-Benefit Analysis
  • Mitigation Status reports
  • PERT Charts
  • Spreadsheet Risk Tracking
  • Stoplight Chart

153
2 Deciding
  • There are 4 options
  • 1 replan
  • 2 close the risk
  • 3 invoke a contingency plan
  • 4 continuing tracking

154
3 Executing
  • Implement the control decisions
  • may decide to close out the risks

155
Closing Risks
  • Person responsible for the risk closes it
  • Personnel who either initiated the risk or
    received status info from it are notified
  • Proper approval for closing is acquired
  • If the risk is in a set, decide to close the set
    or not

156
  • Failed mitigation plans and the reasons for their
    failure
  • Risk relationships which were not obvious
  • Successful mitigation plans and why they were
    successful
  • Relevant analysis data (esp. cost and benefits of
    the mitigation plan)

157
.5 Reserve Analysis
  • We compare mitigation costs against remaining
    reserves

158
Your Chances of Dying from
  • Small pox 0
  • Asteroid impact 1 in 1,960,000,000
  • Winning the powerball jackpot 1 in 80,089,128
  • Anthrax 1 in 55,052,999
  • Black death 1 in 54,049,705
  • Venomous snakes, spiders, etc 1 in 54,049,600
  • Falling after collision or shoving 1 in
    45,041,333
  • Your IQ is higher than B Fischers 1 in
    36,927,646

159
Still Dyin
  • Domestic highjacking 1 in 16,817,784
  • Odds a coin is heads 24 times 1 in 16,777,216
  • Salmonella 1 in 10,587,115
  • Execution by US justice 1 in 3,622,270
  • Lightning strikes 1 in 3,106,880
  • Flesh-eating bacteria 1 in 1,254,488
  • Airplane crash 1 in 659,779
  • Royal flush 1 in 649,739
  • Railway accident 1 in 524,753

160
Read the last Entry ?
  • Poisonous gases 1 in 494,960
  • Electricity 1 in 493,153
  • Falling objects 1 in 373,787
  • Bad medical care 1 in 83,720
  • Residential fire 1 in 83,025
  • Gun shot 1 in 8,802
  • Having triplets (without drugs) 1 in 8,100
  • Motor vehicle accident 1 in 6,585
  • Flu or pneumonia 1 in 4,107

161
  • Diabetes 1 in 4,009
  • Unintentional injuries 1 in 2,941
  • Chronic respiratory disease 1 in 2,228
  • Stroke 1 in 1,658
  • Odds of injuring yourself in golf 1 in 600
  • Cancer 1 in 400
  • Heart disease 1 in 388
  • Your next meal will be at McDonalds 1 in 8
Write a Comment
User Comments (0)
About PowerShow.com