Post on 12-Apr-2017
transcript
STRIDEStandard Processfor Risk Management
By: Romains Bos
STReamlinedInnovation &DevelopmentExcellence
S T R I D E
What is Risk?
A risk is not a: • Problem: something already wrong or undesirable that it is too late to
avoid and which needs to be fixed now• Concern: something that is causing worry, in which case it’s best to
discuss it as an issue and see if there is a problem or a risk driving the concern
• Issue: something that requires discussion to either reach understanding or clarify a direction, problem, or potential risk
RISK: An uncertain event or condition that, if it occurs, has a positive or a negative effect on at least one project objective, such as time, cost, scope, or quality
PMBOK® Guide, 4th Edition
Flow of STRIDE Tools in Initiating & Planning Processes
Clarifying remark to initial verbatim response. Clarifying remark
to initial verbatim response.
Verbatim Verbatim response to non response to non leading question. leading question. from team.from team.
Verbatim Verbatim response to non response to non leading question. leading question. from team.from team.
Customer's response to probing by team.
Verbatim Verbatim response to non response to non leading question. leading question. from team.from team.
Verbatim Verbatim response to non response to non leading question. leading question. from team.from team.
Verbatim Verbatim response to non response to non leading question. leading question. from team.from team. Verbatim Verbatim
response to non response to non leading question. leading question. from team.from team.
Clarifying remark to initial verbatim response.
Customer's response to probing by team.
Clarifying remark to initial verbatim response.
Clarifying remark to initial verbatim response. Clarifying remark
to initial verbatim response.
Clarifying remark to initial verbatim response.
Verbatim Verbatim response to non response to non leading question. leading question. from team.from team.
Verbatim Verbatim response to non response to non leading question. leading question. from team.from team.
Verbatim Verbatim response to non response to non leading question. leading question. from team.from team.
Verbatim Verbatim response to non response to non leading question. leading question. from team.from team.
Customer's response to probing by team.
Customer's response to probing by team.
Verbatim Verbatim response to non response to non leading question. leading question. from team.from team.
Verbatim Verbatim response to non response to non leading question. leading question. from team.from team.
Verbatim Verbatim response to non response to non leading question. leading question. from team.from team.
Verbatim Verbatim response to non response to non leading question. leading question. from team.from team.
Verbatim Verbatim response to non response to non leading question. leading question. from team.from team.
Verbatim Verbatim response to non response to non leading question. leading question. from team.from team. Verbatim Verbatim
response to non response to non leading question. leading question. from team.from team.
Verbatim Verbatim response to non response to non leading question. leading question. from team.from team.
Clarifying remark to initial verbatim response.
Clarifying remark to initial verbatim response.
Customer's response to probing by team.
Customer's response to probing by team.
X Y
Stage 1 FAI required on all
hardware
Rapid turnaround of prototype hardware
on fuel injector
The development programme will run
better with co-ordinated use of all
availabletest faciities
Current funding may only provision
for 4 - 5 builds
The last build will be an indurance run
High cost / weigt must be justified on
builds 1 & 2 with audit team
understanding and control of tolerance
stack up through fuel system will produce a
better system
Design and manufacture drop
offs would threaten the programme
RR need to do a risk assessment before
they can define safety critical and despatch
critical areas
High risk technology can be included if it does
not hazard the whole programme
A simple overall final system that
meets performance
objectives
+ + + + +
Deliver a TRL6 system + + + + +
Programme and schedule + +
ACTIONSDef ine what stage
1 FAI requirements are
Design for quick prototype
Continue to work with funding
agencies
Goodrich to be partner in audit
team
Late change of requirements need to
be managed
RR to schedule and early whole engine risk assessment to define safety and despatch
critical features
Ensure innovative solutions are
explored for builds 1 & 2
Document Review
Voice Of the Customer
Impact Matrix
Output:Actions to resolve higher fidelity requirements and increased confidence of compliance
Deliverables MapLWW Project Plan
Output:Risk Mitigation and Contingency Plans
Output:LWWPP with active risk mgmt. built in
Risk Management
This is an Iterative process that continues into the Executing and
Monitoring and Control Processes
You areHere
What is Risk Management?
• Risk management is proactive. The key point is acting early enough to be effective. If not, we go into a reactive mode and address a problem
Risk Management includes the processes concerned with conducting risk management planning, identification, analysis, responses, and monitoring and control on a project … to increase the probability and impact of positive events, and decrease the probability and impact of events adverse to the project
PMBOK® Guide, 4th Edition
Risk Management Process
—PMBOK® 4th Edition, Chapter 11
Regular Reviewsand Updates
0) Risk Planning- Select Risk Mgmt Team- Conduct Initial Risk Assmt- Create Risk Mgmt Plan- Obtain Plan Approval
1) Risk Identification- Explore RBS- Identify Risks- Draft Risk ID section of Risk Register
2) Risk Analysis- Agree to Ranking Criteria- Determine Risk Impact & Probability- Estimate Risk $ (optional)
3) Risk Response- Assign Owner- Classify Response Type- Develop Response(s)- Risk Impact & Prob. After- Est. Response $ (optional)
4) Risk Control- Execute Response- Monitor Risks- Report Risk Status
This Process is Iterative!
Risk Management Planning
Conduct Initial Risk Assessment
Select Team Members and Functional
Experts
Complete Risk Management Plan
Secure PlanApproval
Ris
k P
lann
ing
- Rating for each of 9 questions- Determine level of Risk Mgmt required to manage risk
- Determine Required Organizational Functions- Define Core Risk Management Team Members- Supporting Members - Stakeholders - Experts - Functional Leads
- Project Name- Customer- Contract $ Value- Project Duration- Define Methodology- Establish Review Frequency- Define Metrics & Reporting Frequency
- Sign-off Plan with Project Principles- File with Project Mgmt Documents
ContinueTo Risk
Identification
• Risk Management Planning is the process of deciding how to approach and conduct the risk management activities for a project
• Ensures that the level and visibility of risk management match importance of the project to the organization
• Provides for sufficient resources and time for risk management activities
• Establishes an agreed-upon basis for evaluating, monitoring and controlling risks
Risk Management Plan (RMP)
Briefdescription of the project from a risk viewpoint
Responsibilities of the PM, RMB, Project Team, QA, Sr. Mgmt, other stakeholders
Level of communication with senior mgmt. & stakeholders
Strategy, process, ground rules and assumptions, schedule, and budget/cost guidelines
Defines the risk management approach to be used on the project.
Subcontractor, customer, and relevant stakeholder involvement
Full Blown Risk Management Plan
Needed or available resources including tools, people, facilities
Definitionsof risk groupings, categorizations, scoring, ID technique(s), Escalation & Retirement Criteria
Risk Management
PlanCover Sheet
(Used as a screening tool for all
projects/ programs to get agreement on scope of Risk
Management need)
Project Name: Customer:Risk Leader: Project Duration:Contract Value: Project Type:Link to Project Plan:
Outcome of Initial Risk Assessment 0.0
Purpose of Project:Output:
Support
RedFormal risk management process. Support by all key stakeholders to identify risks.
Yellow Use key stakeholders to identify risks.
Green Further support only as needed.
Risk Team Members / Stakeholders
% of time Function
Frequency of updates:
Risk Leader: signature/dateLeadership: signature/dateProgram Manager: signature/dateFunctional Dept. Head: signature/dateAdditional: signature/date
Recommendations for Risk Mgmt based on
Outcome of Initial Risk Assessment
Daily to weekly reviews of response plan status. Monthly updates of Risk Register.
Dedicated Risk Management Team if needed.
Complete Risk Mgmt Plan and Initial Risk Assessment at minimum.
Regular reviews of response status (may be part of project plan). Monthly updates of Risk Register.
Review of risk management is required if circumstances change.
Initial Risk Assessment Worksheet
Roles & Responsibilities
Dedicated Risk Management Team.
Planning/Mgmt Update Frequency
Risk Management Plan
Scope Statement for Project Risk Management
Risk Management Plan Approval
Initial 9 Question
Risk Assessment
(Used as a guide to quickly determine
overall project/ program risk)
Initial Risk Assessment Worksheet (New Product Introduction)Project Name: Risk Leader:0 01) Complete probability rating for all 9 risk factors (causes). Record assessment participants.2) Provide Project/Program comments as necessary to explain the ratings that you gave.3) Summary score is automatically transferred back to Risk Management Plan.
Risk Factor (Cause) Impact of Risk (Effect)
Probability of Risk Factor Occurring Project/Program Comments
1 Proposal price is less than the current estimated cost.
Design will not be sustainable in production due to high NRC. May need product redesign or structured cost reduction via STRIDE tools.
2Performance parameter extrapolations are outside the experience base of previous products.
Design will operate beyond our experience base or known response surface. May need additional design, prototypes, testing to mitigate risk
3The product contains the first use of materials beyond the SBU's experience.
Design will be outside our experience base. May need additional materials expertise, properties data and testing to mitigate risk.
4The product contains the first use of technology beyond the SBU's experience.
Design will operate beyond our experience base. May need additional design expertise, Tech Center Support, 3rd party support, prototypes, testing or significant development time to mitigate risk
5 Inventions are required or expected during design/development.
Design is not based upon demonstrated designs and requires innovation to succeed. May need additional design, prototypes, testing or significant development time to mitigate risk
6 New suppliers to the SBU will be involved or required.
Program success is dependent upon a supplier in which we have no experience or performance history. May need additional supply chain, engineering or operations support to qualify the supplier or find alternative qualifiable sources.
7New design processes or tools will be used that are beyond the SBU's current experience.
Program success is dependent upon tools or processes in which we have little or no experience. May need additional engineering expertise, tool vendor support, training or development time to apply new tools.
8 New manufacturing processes to the SBU are required.
Program success is dependent upon manufacturing processes in which we have little or no experience. May need to build a productivity learning curve, prototype operating cells or additional training into the program plan.
9
Conditions are expected to change (e.g. schedules, customer requirements, regulations) that may invoke any of the above conditions.
Design will not be sustainable in production due to high NRC. May need product redesign or structured cost reduction via STRIDE tools.
Summary Score (1-5): 0.0Return to Risk Mgmt Plan
Risk Register Used Throughout To Manage Risk Management Process
1) Risk Identification: 3) Risk Response Planning: Date:
Total Cost of Effects:
TOTAL RISK: 104 $21,500 RISK AFTER: 31 $12,500 83
Ris
k Ite
m #
Entry Date
Risk Category
Cause(If this
happens…)
Effect(Then this
may happen…) P
roba
bilit
y (1
- 5)
Impa
ct (1
- 5)
Ris
k Sc
ore
(1 -
25)
Ris
k Ef
fect
E
stim
ated
C
ost $
Risk OwnerResponse
Type Risk Response(s) Pro
ject
Cro
ss
Ref
. # Due Date R
espo
nse
Sta
tus
Est
imat
ed
Pro
babi
lity
Afte
r (1
- 5)
Est
imat
ed
Impa
ct A
fter
(1 -
5)
Est
imat
ed
Ris
k Sc
ore
Afte
r (1
- 25)
Res
pons
e C
ost $
Current Risk
Score Res
pons
e P
lan
Sta
rt D
ate
1.0 11-Jan-08 Technical/ Design Risk cause 1 Risk cause 1 1 3 3 Jack White Accept 0 1 3 3 3
2.0 11-Jan-08 Project Mgmt Risk cause 2 Risk cause 2 5 3 15 $1,500 Mary Jane Contingency Risk Response 2.0 21 1-Jun-08 1 2 1 2 $500 11.75 1-Mar-08
3.0 11-Jan-08 Development Risk cause 3 Risk cause 3 3 4 12 $20,000 Joe Dude Mitigate Risk Response 3.0 34 20-Apr-08 3 3 1 3 $12,000 5.25
4.0 11-Jan-08 Development Risk cause 4 Risk cause 4 5 5 25 Sally Bobaly Avoid Risk Response 4.0 35 25-Jul-08 0 2 3 6 25 1-Apr-08
5.1 12-Mar-08 Supply Chain Risk cause 5 Risk cause 5 4 5 20 John Johnson Mitigate Risk Response 5.1 37 1-Aug-08 2 2 2 4 12
5.2 0 John Johnson Contingency Risk Response 5.2 37 2-Aug-08 0 0 0
6.0 12-Mar-08 Mfg/ Operations Risk cause 6 Risk cause 6 2 4 8 Julie Bobuly Transfer Risk Response 6.0 42 1-Jun-08 3 2 2 4 5
7.0 19-Mar-08 Supply Chain Risk cause 7 Risk cause 7 2 3 6 John Johnson Accept 0 2 3 6 6
8.1 19-Mar-08 Technical/ Design Risk cause 8 Risk cause 8 3 5 15 Jack White Mitigate Risk Response 8.1 23 15-Sep-08 0 3 1 3 15 1-Apr-08
8.2 0 Jack White Mitigate Risk Response 8.2 24 15-Sep-08 0 0 0 15-May-08
8.3 0 Jack White Mitigate Risk Response 8.3 25 15-Sep-08 0 0 0 15-May-08
0 0 0 0
0 0 0 0
0 0 0 0
0
Risk Forecasting:
2) Risk Analysis: Total Current
Risk Score:
Total Cost of
Responses:
1-Apr-08
Sort byRisk Item #
Sort byRisk
Score
Sort byCurrent Risk Score
Sort byRisk
Owner
Risk Identification
• Risks of all types may be identified throughout the New Product Introduction process – including in opportunity targeting, proposal development, project planning, product and process design, verification and validation, and production ramp-up
• Risk identification is an iterative process because new risks will become known as the project progresses through its life cycle
Review and Modify Risk Breakdown Structure (RBS)
Use Recognized Tools to Identify Risks
Ris
k Id
entif
icat
ion Draft Risk
Identification Section of Risk Register
- Expand RBS as Required for Project
- Brain Storming- Interviews- Ishikawa (fishbone) Diagrams- Other Tools
- Identify Actionable Risks- Identify Risk Event Category from the RBS
ContinueTo RiskAnalysis
Risk Identification Approach• Gather as much relevant data as possible• Schedule a risk management meeting with the key team
members• Use a structured approach to identifying risks, and be thorough• FOCUS ONLY ON IDENTIFYING RISKS
Risk Identification ApproachesWho?
• Project team members• Vendors/subs/suppliers• Customers• Senior Management• Subject Matter Experts (SME)
Tools• Risk Breakdown Structure (RBS)• Checklists (Risk Taxonomy, Lessons Learned)• Questionnaires (Risk Taxonomy)• Strengths, Weaknesses, Opportunities & Threats (SWOT) Analysis• Scenario analysis (Walk through Program scenarios)• Evaluating Proposal and Project plans for key assumptions, uncertainties, drivers• Design and project reviews, test results, problem reports
Techniques• Interviews• Brainstorm sessions – multi-disciplinary team• Written questionnaires• Delphi technique (anonymous questionnaire) – multi-disciplinary experts• At every formal and informal meeting
• Project Manager• Lead Project Engineer• End Users• Other PM• Other Stakeholders
Everybody!!!
Risk Breakdown Structure (RBS)
Each business or value stream should have an RBS / Risk Taxonomythat reflects common risks encountered.
The RBS is part of the Risk Management procedure
Default Risk Breakdown StructureCategory Sub-Category Category Sub-CategoryProject Management
Personnel Capacity Development Development Process MaturityPersonnel Skills and Experience Technical Decision-making ProcessResource Monitoring & Management System Integration and TestingFacility Capability/Constraints Configuration Control/TraceabilityProgram Financials Analysis Capability and ToolsProject Integration & Communication Supply Chain Dependency on Sole SourcesRequirements Flowdown & Execution Exotic Materials & ProcessesRisk Management Maturity Hardware Delivery PerformancesSchedule Flexibility Forecast Lead timesWork Environment PricingMulti-SBU/Site Complexity Manufacturing Manufacturing CapacityLeadership Decision-making Process / Operations Process Capability Roles & Responsibilities Clarity Equipment Suitability and Reliability
Technical / Design Interfaces Special Processes Capability Design Technology Maturity Contract Dependencies on Outside Contractors
Design Testability Contractual RestrictionsRequirements Feasibility Export Licensing RequirementsPerformance Margins Long Term AgreementsSoftware Constraints Customer Requirements CompletenessSoftware Performance/Capability Requirements ClarityDesign Capability/Capacity Requirements StabilityDesign Complexity Customer Skill and ExperienceReliability and Maintainability Safety Requirements
Relationships and Politics
Leading Investigators ThroughRisk Areas Using RBS
Project
Technical External Organizational Project Management
Requirements Subcontractors Project Dependencies
Estimating
Technology
Complexity & Interfaces
Performances & Reliability
Quality
Regulatory
Market
Customer
Weather
Resources
Funding
Prioritization
Planning
Controlling
Communication
- PMBOK® Guide, 4th Edition
Risks are categorized by:
• Class• Element• Attribute
B. Development Environment
1. Development Process a. Formality b. Suitability c. Process Control d. Familiarity e. Product Control
2. Development System a. Capacity b. Suitability c. Usability d. Familiarity e. Reliability f. System Support g. Deliverability
3. Management Process a. Planning b. Project Organization c. Management Experience d. Program Interfaces
4. Management Methods a. Monitoring b. Personnel Management c. Quality Assurance d. Configuration Management
5. Work Environment a. Quality Attitude b. Cooperation c. Communication d. Morale
A. Product Engineering
1. Requirements a. Stability b. Completeness c. Clarity d. Validity e. Feasibility f. Precedent g. Scale
2. Design a. Functionality b. Difficulty c. Interfaces d. Performance e. Testability f. Hardware g. Non-Developmental Software
3. Code and Unit Test a. Feasibility b. Testing c. Coding/Implementation
4. Integration and Test a. Environment b. Product c. System
5. Engineering Specialties a. Maintainability b. Reliability c. Safety d. Security e. Human Factors f. Specifications
C. Program Constraints
1. Resources a. Schedule b. Staff c. Budget d. Facilities
2. Contract a. Type of Contract b. Restrictions c. Dependencies
3. Program Interfaces a. Customer b. Associate Contractors c. Subcontractors d. Prime Contractor e. Corporate Management f. Vendors g. Politics
Leading Investigators Through Risk Areas
Risk Identification - Keys to Success
Identifying “all” risks candidates, avoid limiting the list• Large number of risks does not necessarily indicate a high risk
programEstablishing an open atmosphere for communication
• “Open” means not dismissed w/o an explanation, no retribution for surfacing concerns
Ensuring a wide perspective• All aspects of the program and all stakeholders involved
Sufficient risk identification documentation to support the analysis step• Clear statement of risk, context, and source• “If … Then …” structure helps clarify the two components of risk
Not a one time process• Update during proposal, on award, major reviews (SRR, PDR, CDR)• Update periodically (quarterly recommended)• Updates as new risks surface during daily standup meetings
Risk Register:Identification Phase
1) Risk Identification: 3) Risk Response Planning: Current Date:
Total Cost of Effects:
TOTAL RISK: 0 $0 RISK AFTER: 0 $0 0
Ris
k Ite
m #
Entry Date Risk
CategoryCause
(If this happens…)Effect
(Then this may happen…) Pro
babi
lity
(1 -
5)
Impa
ct (1
- 5)
Ris
k Sc
ore
(1 -
25)
Ris
k Ef
fect
E
stim
ated
C
ost $
Risk Owner Response Type Risk Response(s) Pro
ject
Cro
ss
Ref
. # Due Date R
espo
nse
Sta
tus
Est
imat
ed
Pro
babi
lity
Afte
r (1
- 5)
Est
imat
ed
Impa
ct A
fter
(1 -
5)
Est
imat
ed
Ris
k Sc
ore
Afte
r (1
- 25)
Res
pons
e C
ost $ Current
Risk Score Res
pons
e P
lan
Sta
rt D
ate
1.0 11-Jan-08Technical/
Design Risk cause number 1 Risk effect number 1
2.0 11-Jan-08 Project Mgmt Risk cause number 2 Risk effect number 2
3.0 11-Jan-08 Development Risk cause number 3 Risk effect number 3
4.0 11-Jan-08 Development Risk cause number 4 Risk effect number 4
5.1 12-Mar-08 Supply Chain Risk cause number 5 Risk effect number 5
5.2
6.0 12-Mar-08 Mfg/ Operations
Risk cause number 6 Risk effect number 6
7.0 19-Mar-08 Supply Chain Risk cause number 7 Risk effect number 7
8.1 19-Mar-08 Technical/ Design Risk cause number 8 Risk effect number 8
8.2
8.3
Risk Forecasti
ng:
2) Risk Analysis: Total Current
Risk Score:
Total Cost of Responses:
1-Apr-08
Sort byRisk Item #
Sort byRisk Score
Sort byCurrent Risk Score
Sort byRisk Owner
1) Risk Identification:
Ris
k Ite
m #
Entry Date
Risk Category
Cause(If this happens…)
Effect(Then this may
happen…)
1.0 11-Jan-08 Technical/ Design Risk cause 1 Risk cause 1
2.0 11-Jan-08 Project Mgmt Risk cause 2 Risk cause 2
3.0 11-Jan-08 Development Risk cause 3 Risk cause 3
4.0 11-Jan-08 Development Risk cause 4 Risk cause 4
5.0 12-Mar-08 Supply Chain Risk cause 5 Risk cause 5
6.0 12-Mar-08 Mfg/ Operations Risk cause 6 Risk cause 6
7.0 19-Mar-08 Supply Chain Risk cause 7 Risk cause 7
8.0 19-Mar-08 Technical/ Design Risk cause 8 Risk cause 8
Sort byRisk Item #
Recommended Method for Risk Identification
Brainstorm project risks individually• Write one risk per stickie• Use the RBS, Impact Matrix,
documentation as a prompt for developing risks
• Set a time limit (usually 15 min.)
As a group• Facilitator reads each risk for everyone’s
understanding, then posts to the wall• Any similar risks are identified and
posted together• Team groups common risks and names
groups• If needed, use the RBS categories for
groupings
Risk Analysis
• Analyzing risks for both probability and impact• Developing a risk profile for your project• Prioritizing which risks get your attention first
Agree to Ranking Criteria for Impact &
Probability
Determine Risk Impact & Probability for each
Risk
Ris
k A
naly
sis
Rank the Risks
ContinueTo Risk
Response
- Use examples to determine project-specific ranking criteria
- Input Probability and Impact Values in Risk Assessment Tool
- Prioritize Risks using sorting macros in preparation for Risk Response to the high priority items
- Define Quantitative Method and Scale Factors for Probability / Impact Values
- Define Estimated Cost of the Risk Impact
When Is Analysis and Prioritization Performed?
At the beginning of the projectWhen:
– A new risk is identified– An existing risk changes– Influential factors change– New information surfaces– The customer proposes a
change– Market conditions change– Significant personnel leave the
project
Qualitative Approach
• Uses subjective values like high, medium, and low or other combinations
• Requires common understanding of preferred ranking systemImpact (Select the column that the risk impacts the most):
Probability
5High
> 50%5
High
3Med.
10% to 50%3
Med.
1Low
< 10%1
Low
Risk may have a negligible impact on schedule.
Risk may have negligible impact on project budget.
Risk will not impact on any Customer Specification compliance.
ScopeRisk may result in a shortfall in operational performance that will NOT be accepted by Customer.
Risk may impact project NRC budget in the order of 10%.
Risk may impact project NRC budget in the order of 2%.
Risk may result in a Customer Specification non compliance, but overall operational performance will be accepted by Customer.
ScheduleRisk may prevent “On Time Delivery” of Key Customer Milestones.
Risk may incur schedule slippage, but within Customer Milestones.
Cost
Qualitative Risk Analysis – prioritizing risks for subsequent further analysis or action by assessing and combining their probability of occurrence and impact.
PMBOK® Guide, 4th Edition, Chapter 11
The Infamous 5x5 Criteria
Standard criteria should be part of the business risk management procedure
Probability5 Very Likely >75% Chance4 51-75% Chance3 26-50% Chance2 10-25% Chance1 Unlikely <10% Chance
Impact5 Severe Impact - Redesign Major Components, > 2 Mon. Slip4 Some Impact - Redesign Minor Components, 1-2 Mon. Slip3 Some Impact - Min. redesign, 2-4 Wk. Slip2 Some Impact - Min. redesign, 0-2 Wk. Slip1 Minimal - No redesign or Schedule Impact
Risk Score:
4 5
Prob
abili
ty
Impact
1
1 2 3
5
4
3
2
2 3
6
5 10
4 51
8 12 16
6 9
4
3
2
20
15
10
12
4
15 20
8
25
Combined Visual Examples
5 3
4
6
1,2
Probability
Impa
ct
1 2 3 4 51
2
3
4
5
5x5 Example3x3 ExampleLow (1) Impact Medium (3) Impact High (5) Impact
High (5) Probability
Cluttered approver mailboxes for specs not requiring their review and approval.
Stakeholder cannot complete task Project team over-extended
Specs continue to be created without obsoleting old spec.
Specs not built to Business Rules (e.g. BOS, etc.)
Non-Spec documents (records such as validation/ stability docs) not migrated from NADCS to GSS.
Incomplete, inaccurate or lack of communication of spec changes with outside suppliers/vendors.
Medium (3) Probability
Training methodology is ineffective. Maintaining updated Approval Matrix. Bad data integrity
Users not available to attend training classes.
Keeping status of BOS intact to BOM in SAP.
Resistance to new "Roles" e.g. TA approves component specs.
GSS out of sync with organizational model.
Approval matrix behavior is not as expected.
Plant operators cannot use system
Trainers availability Users cannot access system
Extremely slow response time - network bandwidth
Not delivering on ROI.
Specs not built to Business Rules (e.g. BOS, etc.)
Low (1) Probability
Mark up not working. Insufficient manpower to support user community
Users cannot create new spec revisions
Records/documentation for test scripts, execution, validation are in place.
BOS not functioning properly. Defective Workflow
Compare not working No executive support for additional resources.
On-going cost exceeds expectations
System hangs Funding not available or exhaustedNetwork failure
Cannot use reference docs Software failure - system inaccessible
Unable to restore from backupFile collaboration server - inaccurate replication and functionalityForgot critical major user requirements
Use combined matrices as a visual communication and record of project risks
Risk Level Definition and Required Action
High Risk Medium Risk Low RiskA risk that may have a significant impact (or even the possibility of failure) on the project's performance, cost, or schedule objectives or customer satisfaction. The probability of occurrence and the consequence of occurrence is so high that rigorous control of all risk sources is needed.
A risk that could affect project objectives, cost, schedules, or customer satisfaction. The combination of likelihood and consequence of occurrence requires close control of all contributing risk sources, development of a handling plan, establishment of risk milestones, and possibly secondary plans.
A risk that may have a minor effect or consequence on project objectives. The probability and consequence of occurrence are sufficiently low so as to cause little concern.
Requires: control and monitoring of each risk source, a detailed handling/mitigation plan, secondary plans, and aggressive risk monitoring.
Requires: similar attention as high risks at RMB discretion.
Requires: no special project emphasis other than normal design group monitoring and control. These risks are monitored to detect a potential increase in risk level (i.e., added to a risk watch list).
Risk Analysis Caution Areas• Risks can interact in unanticipated ways• A single risk can cause multiple effects• Opportunities for one may be a threat to another• Mathematical tools can create a false impression of precision
and reliability
Results of Risk Analysis and PrioritizationDetermination of Probability and Impact leading to prioritization byRisk Number (P x I)Root Cause of risk
• Potentially leading to restatement of risk• Why … Why … Why … Why … Why …• Fishbone and/or pareto analysis• Other problem solving techniques (Six Sigma, 8D, etc.)
Cost to the program should the high risk become a problemRecommended triggers to initiate corrective action
• When measure exceeds a specified value• When specific test fails or is marginal• Customer/Supplier feedback• ? …
Risk Register: Analysis Phase
1) Risk Identification:
Total Cost of Effects:
TOTAL RISK: 104 $21,500
Ris
k Ite
m #
Entry Date
Risk Category
Cause(If this happens…)
Effect(Then this may
happen…) Pro
babi
lity
(1 -
5)
Impa
ct (1
- 5)
Ris
k Sc
ore
(1 -
25)
Ris
k Ef
fect
E
stim
ated
C
ost $
1.0 11-Jan-08 Technical/ Design Risk cause 1 Risk cause 1 1 3 3
2.0 11-Jan-08 Project Mgmt Risk cause 2 Risk cause 2 5 3 15 $1,500
3.0 11-Jan-08 Development Risk cause 3 Risk cause 3 3 4 12 $20,000
4.0 11-Jan-08 Development Risk cause 4 Risk cause 4 5 5 25
5.0 12-Mar-08 Supply Chain Risk cause 5 Risk cause 5 4 5 20
6.0 12-Mar-08 Mfg/ Operations Risk cause 6 Risk cause 6 2 4 8
7.0 19-Mar-08 Supply Chain Risk cause 7 Risk cause 7 2 3 6
8.0 19-Mar-08 Technical/ Design Risk cause 8 Risk cause 8 3 5 15
0
0
0
0
0
0
0
2) Risk Analysis:
Sort byRisk Item #
Sort byRisk Score
1) Risk Identification: 3) Risk Response Planning: Current Date:
Total Cost of Effects:
TOTAL RISK: 0 $0 RISK AFTER: 0 $0 0
Ris
k Ite
m #
Entry Date Risk
CategoryCause
(If this happens…)Effect
(Then this may happen…) Pro
babi
lity
(1 -
5)
Impa
ct (1
- 5)
Ris
k Sc
ore
(1 -
25)
Ris
k Ef
fect
E
stim
ated
C
ost $
Risk Owner Response Type Risk Response(s) Pro
ject
Cro
ss
Ref
. # Due Date R
espo
nse
Sta
tus
Est
imat
ed
Pro
babi
lity
Afte
r (1
- 5)
Est
imat
ed
Impa
ct A
fter
(1 -
5)
Est
imat
ed
Ris
k Sc
ore
Afte
r (1
- 25)
Res
pons
e C
ost $ Current
Risk Score Res
pons
e P
lan
Sta
rt D
ate
1.0 11-Jan-08 Technical/ Design
Risk cause number 1 Risk effect number 1
2.0 11-Jan-08 Project Mgmt Risk cause number 2 Risk effect number 2
3.0 11-Jan-08 Development Risk cause number 3 Risk effect number 3
4.0 11-Jan-08 Development Risk cause number 4 Risk effect number 4
5.1 12-Mar-08 Supply Chain Risk cause number 5 Risk effect number 5
5.2
6.0 12-Mar-08 Mfg/ Operations Risk cause number 6 Risk effect number 6
7.0 19-Mar-08 Supply Chain Risk cause number 7 Risk effect number 7
8.1 19-Mar-08Technical/
Design Risk cause number 8 Risk effect number 8
8.2
8.3
Risk Forecasti
ng:
2) Risk Analysis: Total Current
Risk Score:
Total Cost of Responses:
1-Apr-08
Sort byRisk Item #
Sort byRisk Score
Sort byCurrent Risk Score
Sort byRisk Owner
Risk Response Planning
• The process of developing options and determining actions to enhance opportunities and reduce threats to the project’s objectives
• The effectiveness of response planning will directly determine whether risk increases or decreases for the project
Define RiskResponse Strategy
Establish Action & Due Date for Each Risk
Ris
k R
espo
nse
Assign Owner toEach Risk
Evaluate Response Effectiveness
(Projected Risk Score)
ContinueTo RiskMonitor
- Define Appropriate Response Approach to manage the Risk - Accept - Avoid / Exploit - Mitigate / Enhance - Transfer / Share - Contingency
- Define Measurable Response Action- Define Contingency Action & Trigger (as required)
- Establish Method to to Integrate Response Actions into the Project - Project Plan - Action Item List - Response List
- Input Projected Probability and Impact Values
- Define Estimated Cost of the Risk Response- Define Risk Response Start Date (forecasting)
Strategies for Negative Risks or Threats• Avoid: Eliminating the risk, usually by eliminating the cause
– Using a more stable technology– Using a less complicated or less sophisticated programming
language– Using a list of exclusions
• Mitigate: Managing the risk by trying to reduce the probability and / or impact of an event to an acceptable threshold
• Transfer: Shifting the negative impact of the event to a third party– Purchasing insurance, performance bonds, warranties– Contracts– Hiring subcontractors
Example Mitigation Approaches
• Personnel Short falls– Career Development– Team building– Cross-training– Hiring, consultants, subs– Overtime
• Unrealistic Schedules and Budgets– Multi-source cost & schedule
estimation– Design to cost– Incremental development– Requirements scrubbing– Outside reviews– Remove from critical path
• Shortfall in purchased components– New vendor, 2nd source– Inspections– Reference checking– Compatibility analysis
• Developing the Wrong user Interface– Parallel development– Scenarios– User Characterization (e.g. functionality,
style, workload, level)• Real-Time Performance Short falls
– Parallel development– Simulation Prototyping– Benchmarks, Modeling, Simulations
• Continuing Requirements Changes– High change threshold– Set change milestone– Enhance visibility to impact of changes– Staged/incremental development (defer
changes)– Additional Voice of the Customer session
• Straining laws of physics– Technical analysis– Cost-benefit analysis– Prototyping
Strategies for Positive Risks or Opportunities• Exploit: Eliminates the uncertainty associated with an
upside risk by ensuring the opportunity will happen
• Enhance: Increases probability of positive impacts; identifies and maximizes key drivers of the positive impacts
• Share: Allocates ownership to a third party who can better capture the opportunity for the benefit of the project
Strategies for Both Threats and Opportunities• Acceptance: Used when the team decides not to change
the project management plan to deal with risk or when theteam cannot identify a suitable strategy
• Contingent: A response plan that will be used only if certain events occur– Events that trigger the contingency response should be defined
and tracked
PassiveActive
Contingency Plans vs. Project Reserves
Contingency plans involve the development of alternative courses of actions, which may include:• Schedule changes• Resource changes• Contract clauses
Project reserves take the form of money or time targeted at specific areas of the project and are sometimes called:• Management• Budget• Schedule
Risk Register – Response Phase
1) Risk Identification: 3) Risk Response Planning: Date:
Total Cost of Effects:
TOTAL RISK: 104 $21,500 RISK AFTER: 31 $12,500 83
Ris
k Ite
m #
Entry Date
Risk Category
Cause(If this
happens…)
Effect(Then this
may happen…) P
roba
bilit
y (1
- 5)
Impa
ct (1
- 5)
Ris
k Sc
ore
(1 -
25)
Ris
k Ef
fect
E
stim
ated
C
ost $
Risk OwnerResponse
Type Risk Response(s) Pro
ject
Cro
ss
Ref
. # Due Date R
espo
nse
Sta
tus
Est
imat
ed
Pro
babi
lity
Afte
r (1
- 5)
Est
imat
ed
Impa
ct A
fter
(1 -
5)
Est
imat
ed
Ris
k Sc
ore
Afte
r (1
- 25)
Res
pons
e C
ost $
Current Risk
Score Res
pons
e P
lan
Sta
rt D
ate
1.0 11-Jan-08 Technical/ Design Risk cause 1 Risk cause 1 1 3 3 Jack White Accept 0 1 3 3 3
2.0 11-Jan-08 Project Mgmt Risk cause 2 Risk cause 2 5 3 15 $1,500 Mary Jane Contingency Risk Response 2.0 21 1-Jun-08 1 2 1 2 $500 11.75 1-Mar-08
3.0 11-Jan-08 Development Risk cause 3 Risk cause 3 3 4 12 $20,000 Joe Dude Mitigate Risk Response 3.0 34 20-Apr-08 3 3 1 3 $12,000 5.25
4.0 11-Jan-08 Development Risk cause 4 Risk cause 4 5 5 25 Sally Bobaly Avoid Risk Response 4.0 35 25-Jul-08 0 2 3 6 25 1-Apr-08
5.1 12-Mar-08 Supply Chain Risk cause 5 Risk cause 5 4 5 20 John Johnson Mitigate Risk Response 5.1 37 1-Aug-08 2 2 2 4 12
5.2 0 John Johnson Contingency Risk Response 5.2 37 2-Aug-08 0 0 0
6.0 12-Mar-08 Mfg/ Operations Risk cause 6 Risk cause 6 2 4 8 Julie Bobuly Transfer Risk Response 6.0 42 1-Jun-08 3 2 2 4 5
7.0 19-Mar-08 Supply Chain Risk cause 7 Risk cause 7 2 3 6 John Johnson Accept 0 2 3 6 6
8.1 19-Mar-08 Technical/ Design Risk cause 8 Risk cause 8 3 5 15 Jack White Mitigate Risk Response 8.1 23 15-Sep-08 0 3 1 3 15 1-Apr-08
8.2 0 Jack White Mitigate Risk Response 8.2 24 15-Sep-08 0 0 0 15-May-08
8.3 0 Jack White Mitigate Risk Response 8.3 25 15-Sep-08 0 0 0 15-May-08
0 0 0 0
0 0 0 0
0 0 0 0
0
Risk Forecasting:
2) Risk Analysis: Total Current
Risk Score:
Total Cost of
Responses:
1-Apr-08
Sort byRisk Item #
Sort byRisk
Score
Sort byCurrent Risk Score
Sort byRisk
Owner
Update the Appropriate Documents • Project management plan (updates)• Risk-related contracts• WBS: Add appropriate work packages that reflect the risk
response strategies• Budget: Add risk funding to the appropriate work packages • Deliverables map/LWWPP: Add time to the appropriate work
packages• Resources: Add resources as needed to the appropriate
work packages
Flow of STRIDE Tools in Executingand Monitoring and Control Processes
Inputs:• Actions to resolve
higher fidelity requirements and increased confidence of compliance
• LWWPP with active risk mgmt. built in
• Risk Mitigation and Contingency Plans
Project TeamDaily Stand-up Meetings
Regular Risk Reviews
-100
0
100
200
300
400
500
Jan Feb Mar Apr May Jun Jul Aug Sep
RNTOTAL EXPOSURECURRENT EXPOSUREMONTHLY CHANGE
0
2
4
6
8
10
12
Jan Feb Mar Apr May Jun Jul Aug Sep
LOWMEDIUMHIGH
Outputs:• Execution to Plan• Real-time Problem
Identification & Countermeasure Assignment
Outputs:• Risk Mitigation to Plan• New Risk Identification &
Response Planning
Improved Scope, Cost &
Schedule Control
You areHere
Risk Monitor and Control
The process of:• Identifying, analyzing, and planning for newly arising risks• Tracking the identified risks and those on the watch list• Reanalyzing existing risk• Monitoring triggers to activate contingency plans• Monitoring residual risks• Reviewing the execution of risk responses while evaluating their effectiveness
Execute Response Plans
Monitor Risk Responses
(periodically)
Ris
k M
onito
r/Con
trol Report Risk Status
(periodically)
ReturnTo Risk
Identification- Manage Completion of Response Actions- Record Completed Response Actions (risk score achieved)
- Review Visual Controls - Current Risk Score - Number of Risks
- Evaluate and Report Risk Management Results
- Record % Complete (risk score achieved)
- Projected Time Based Risk Score (forecasting)
Identifying Triggers for Each Risk EventWhat is a risk trigger? A risk trigger is an earlywarning sign that the risk event may occur:• Identify potential triggers that would indicate the
occurrence of a risk event• Ensure that these triggers are visible to the project team• Monitor triggers frequently
Incorporating Risk Reviews• Build risk reviews into the LWWPP• Establish a window of time to monitor the project• Review schedule, budget, and change control log for
potential risks• Review risk plan after each risk occurrence• Reassess probabilities and impact for each risk event• Make risk management part of status meetings, ideally
including daily stand-up meetings
Outcome from Risk Monitoring and Control• Corrective and preventive actions• Updates to risk management plan• Updates to budget, including reserve and contingency• Updates to schedule• Impact matrix closed out; going forward use the risk
management tool• Risk Event Lessons Learned
Best Practice: Risk Management Tool• Monitors action closure status using Lean symbols• Adjusts CURRENT risk score as a result of the action taken• Forecasts reduction in risk score based on completion status, start
and finish dates for the risk response(s)
1) Risk Identification: 3) Risk Response Planning: Current Date:
Total Cost of Effects:
TOTAL RISK: 104 $21,500 RISK AFTER: 31 $12,500 83
Ris
k Ite
m #
Entry Date
Risk Category
Cause(If this happens…)
Effect(Then this may happen…) P
roba
bilit
y (1
- 5)
Impa
ct (1
- 5)
Ris
k Sc
ore
(1 -
25)
Ris
k Ef
fect
E
stim
ated
C
ost $
Risk OwnerResponse
Type Risk Response(s) Pro
ject
Cro
ss
Ref
. # Due Date R
espo
nse
Sta
tus
Est
imat
ed
Pro
babi
lity
Afte
r (1
- 5)
Est
imat
ed
Impa
ct A
fter
(1 -
5)
Est
imat
ed
Ris
k Sc
ore
Afte
r (1
- 25)
Res
pons
e C
ost $
Current Risk
Score Res
pons
e P
lan
Sta
rt D
ate
4.0 11-Jan-08 Development Risk cause number 4 Risk effect number 4 5 5 25 Sally Bobaly Avoid Risk Response 4.0 35 25-Jul-08 0 2 3 6 25 1-Apr-08
5.1 12-Mar-08 Supply Chain Risk cause number 5 Risk effect number 5 4 5 20 John Johnson Mitigate Risk Response 5.1 37 1-Aug-08 2 2 2 4 12
5.2 0 John Johnson Contingency Risk Response 5.2 37 2-Aug-08 0 0 0
2.0 11-Jan-08 Project Mgmt Risk cause number 2 Risk effect number 2 5 3 15 $1,500 Mary Jane Contingency Risk Response 2.0 21 1-Jun-08 1 2 1 2 $500 11.75 1-Mar-08
8.1 19-Mar-08 Technical/ Design Risk cause number 8 Risk effect number 8 3 5 15 Jack White Mitigate Risk Response 8.1 23 15-Sep-08 0 3 1 3 15 1-Apr-08
8.2 0 Jack White Mitigate Risk Response 8.2 24 15-Sep-08 0 0 0 15-May-08
8.3 0 Jack White Mitigate Risk Response 8.3 25 15-Sep-08 0 0 0 15-May-08
3.0 11-Jan-08 Development Risk cause number 3 Risk effect number 3 3 4 12 $20,000 Joe Dude Mitigate Risk Response 3.0 34 20-Apr-08 3 3 1 3 $12,000 5.25
6.0 12-Mar-08 Mfg/ Operations Risk cause number 6 Risk effect number 6 2 4 8 Julie Bobuly Transfer Risk Response 6.0 42 1-Jun-08 3 2 2 4 5
7.0 19-Mar-08 Supply Chain Risk cause number 7 Risk effect number 7 2 3 6 John Johnson Accept 0 2 3 6 6
1.0 11-Jan-08 Technical/ Design Risk cause number 1 Risk effect number 1 1 3 3 Jack White Accept 0 1 3 3 3
0 0 0 0
0 0 0 0
Risk Forecastin
g:
2) Risk Analysis: Total Current
Risk Score:
Total Cost of Responses:
1-Apr-08
Sort byRisk Item #
Sort byRisk Score
Sort byCurrent Risk Score
Sort byRisk Owner
STRIDE Risk ManagementMonitoring and ControlRisk Tool provides visual controls for historical risk and risk reduction forecast:
Forecast in Total Risk Reduction
0
20
40
60
80
100
120
TotalRisk
Apr-08 May-08 Jun-08 Jul-08 Aug-08 Sep-08 Oct-08 Nov-08 Dec-08
Risk
Num
ber
LowMediumHigh
Forecast in # Risk by Category
0
1
2
3
4
5
6
7
8
9
TotalRisk
Apr-08
May-08
Jun-08
Jul-08 Aug-08
Sep-08
Oct-08
Nov-08
Dec-08
Jan-09
Feb-09
Num
ber o
f Ris
ks
LowMediumHigh
Historical Change in Total Risk
0
20
40
60
80
100
120
Jan-08 Feb-08 Mar-08 Apr-08
Risk
Num
ber
LowMediumHigh
Historical Change in # Risks by Category
0
1
2
3
4
5
6
7
8
9
Jan-08 Feb-08 Mar-08 Apr-08
Num
ber o
f Ris
ks
LowMedium
High
• By Overall Risk Score:
• By Risk Category: Low, Medium, & High
Foundations of Project Success
Scope and Requirements
Sche
dul
eProject Success
Qual
ity
Cost
Integrity and Safety
The End
Questions?
Comments?