Search Blog

Tag Cloud

Latest Posts Acquisition  Change Management  Coaching  Doing More With Less  Federal Contracts  Information Technology  Inherently Governmental Functions  IT Service Management  Leadership Development  Organizational Performance  Program Management  Risk Management  Succession Planning 

Subscribe

Email:
	Subscribe  Unsubscribe

RSS FEED

Subscribe!

How to Manage Risks Effectively

Posted on 10/05/2011 at 08:00 am

In this post, you will gain some insight into one of the most critical elements of program management – Risk Management.  One key aspect to sustaining exceptional past-performance and preserving an organization’s reputation is to manage risk effectively.  In the last blog, 100% ‘Reference-ability’ – How do you preserve it?, we learned that risk represents uncertainty and consists of risk management planning, identification, analysis, response, and monitoring & control.  We know that projects are typically divided into five phases: Initiating, Planning, Executing, Monitoring & Controlling, and Close-Out and that we monitor risks in eight general areas.  Finally, we understand that risks are measured in their varying degrees: high, medium, or low. 

So, how do you manage risk anyway?  In this segment, we will examine how to plan, identify, assess, quantify, respond, monitor and control risks.  

Plan & ID:

How do you identify a risk?  Here are seven common sources of project risk to evaluate:

• Stakeholder Relationship/Reference-ability: “How is your relationship?” 
• Delivery: “Are there performance challenges?” 
• Staffing: “Are you properly manned to meet the client’s needs?”
• Contractual:  “Are you operating within the scope of the contract and in accordance with all the terms and conditions?” 
• Partners: “Are your partners providing complimentary capabilities to fill gaps in deliver?”
• Financial:  “Is there sufficient funding for the effort?”
• Environmental:  “What is the ‘climate’ of the workplace?”

Assess:

Be sure to analyze the cause and effects of risks and examine the sources discussed above – client relationship, delivery, staffing, etc.  For example, causes of risk would be things like period of performance ending/no renewal executed yet – “fiscal year deadlines”.  Therefore, the effect might be a high concentration of turnover.

Quantify:

Once we have identified these risks and have conducted an initial cause/effect analysis, we must further analyze them using Qualitative and Quantitative techniques. 

Qualitative methods are used to initially assess risks in order to help us determine further action: “What are the chances it will happen?” and “If it does happen, what is the potential effect?”  One possible technique to use is the Probability & Impact (P&I) Matrix.  This technique will help you determine if an opportunity is high/medium/low impact or high/medium/low probability.  Using the P&I Matrix will help you decide which risks will demand more attention and make you aware of all the potential issues that could arise.

                                                   

After performing the Qualitative analyses, the next step is to perform the Quantitative analysis to determine the magnitude of the effects.  Here are a few tools that can be used:

• Interviewing/collection, data distributions          
• Sensitivity Analysis
• Decision Trees
• Monte Carlo, modeling/simulation
• Bar Charts, Histograms, Scatter Diagrams, etc.

In performing the analyses, determine the priority of attending to each risk.  In doing so, you will also determine whether each risk is acceptable or unacceptable.  Remember, it is not a matter of more or less important; rather different risks just command different attention at the various levels.

Respond, Monitor, and Control

Now, you are faced with mitigating the risks using risk management best practices, tools and techniques to achieve project success.  There are a wide variety of tools and techniques that we use to plan for, respond to, monitor, and control risks:

• ‘The Box’ – pursue/no pursue & bid/no bid process
• Organizational Conflict of Interest determination process and mitigation plan
• Proposal Plan, compliance matrix, ‘black hat’
• Project Plan – Kickoff template, compliance matrix
• Strategic Planning – Critical Success Factors
• Project Reviews – Quads (Quantitative – Cost/Schedule), SWOT, Quarterly Client Meetings, formal Risk Review
• Expected Value/Revenue Projections, Earned Value/Backlog, Revenue Analysis (Salesforce)
• Defense Tracker
• Brainstorming
• EVMS
• Sensitivity Analysis
• Monte Carlo Simulation/Modeling
• Three-point estimates
• Probability distributions
• Delphi Technique

There are several strategies to responding to risks and opportunities; yes, opportunities … remember, the purpose of risk management is to increase the probability and impact of positive events while decreasing the probability and impact of events that would have adverse effects on the project. 

Here are a few strategies for adverse effects that can be used:

• Accept the risk, do nothing, and move on
• Avoid the risk
• Transfer the risk
• Mitigate the risk

Now, let’s look at three strategies for opportunities.  Be mindful of that fact that what might appear at first sight as a risk, might in fact be an opportunity.  For example, the client may want additional work to be performed, but the original staffing level for full-time equivalents (FTE) is not sufficient to accomplish the task at the current level of effort in the time allotted.  Scope risk, right?  However, it’s also an opportunity to exploit the risk by getting the client to execute a modification to the contract to allow for the additional work and apply funding against it.  We can share the risk; we often do this by subcontracting work out to a trusted teaming partner.  Finally, we can enhance an opportunity; I think the most common example is to exceed expectations.

Once you have a strategy, you must develop a plan.  Contingency Planning is a very thorough, detailed, and iterative process.  We could devote an entire series to this facet alone.  In a nutshell though, here are some of the primary things we accomplish in contingency planning.  The process includes:

• Problem solving
• Examining inputs (enterprise environmental factors, organizational processes/resources, scope, PWS/contract)
• Making decisions under uncertainty using decision theory (decision trees)
• Determining the ‘worst-cast’ scenario
• Implementing project risk controls
• Identifying risk triggers and anticipating risk events
• Recommending corrective action and communicating risks both internally and externally (clients, stakeholders)
• Recalculating confidence levels and continuously monitoring the risk.

The last element of risk management is to make sure that lessons learned are not lost.  We must be sure to leverage our project experience by creating an end-of-project risk report and compiling lessons learned in a risk database.  By recognizing the value of mistakes we can help to ensure they represent contributions to ensuring continual process improvement.

- Jon Katz, Vice President

Tags: Program Management  Risk Management