STRIDE Standard Process for RISK

STRIDEStandard Processfor Risk Management

By: Romains Bos

STReamlinedInnovation &DevelopmentExcellence

S T R I D E

What is Risk?

A risk is not a: • Problem: something already wrong or undesirable that it is too late to

avoid and which needs to be fixed now• Concern: something that is causing worry, in which case it’s best to

discuss it as an issue and see if there is a problem or a risk driving the concern

• Issue: something that requires discussion to either reach understanding or clarify a direction, problem, or potential risk

RISK: An uncertain event or condition that, if it occurs, has a positive or a negative effect on at least one project objective, such as time, cost, scope, or quality

PMBOK® Guide, 4th Edition

Flow of STRIDE Tools in Initiating & Planning Processes

Clarifying remark to initial verbatim response. Clarifying remark

to initial verbatim response.

Verbatim Verbatim response to non response to non leading question. leading question. from team.from team.


Customer's response to probing by team.



Verbatim Verbatim response to non response to non leading question. leading question. from team.from team. Verbatim Verbatim

response to non response to non leading question. leading question. from team.from team.

Clarifying remark to initial verbatim response.



Clarifying remark to initial verbatim response. Clarifying remark

to initial verbatim response.













Verbatim Verbatim response to non response to non leading question. leading question. from team.from team. Verbatim Verbatim

response to non response to non leading question. leading question. from team.from team.






X Y

Stage 1 FAI required on all

hardware

Rapid turnaround of prototype hardware

on fuel injector

The development programme will run

better with co-ordinated use of all

availabletest faciities

Current funding may only provision

for 4 - 5 builds

The last build will be an indurance run

High cost / weigt must be justified on

builds 1 & 2 with audit team

understanding and control of tolerance

stack up through fuel system will produce a

better system

Design and manufacture drop

offs would threaten the programme

RR need to do a risk assessment before

they can define safety critical and despatch

critical areas

High risk technology can be included if it does

not hazard the whole programme

A simple overall final system that

meets performance

objectives

+ + + + +

Deliver a TRL6 system + + + + +

Programme and schedule + +

ACTIONSDef ine what stage

1 FAI requirements are

Design for quick prototype

Continue to work with funding

agencies

Goodrich to be partner in audit

team

Late change of requirements need to

be managed

RR to schedule and early whole engine risk assessment to define safety and despatch

critical features

Ensure innovative solutions are

explored for builds 1 & 2

Document Review

Voice Of the Customer

Impact Matrix

Output:Actions to resolve higher fidelity requirements and increased confidence of compliance

Deliverables MapLWW Project Plan

Output:Risk Mitigation and Contingency Plans

Output:LWWPP with active risk mgmt. built in

Risk Management

This is an Iterative process that continues into the Executing and

Monitoring and Control Processes

You areHere

What is Risk Management?

• Risk management is proactive. The key point is acting early enough to be effective. If not, we go into a reactive mode and address a problem

Risk Management includes the processes concerned with conducting risk management planning, identification, analysis, responses, and monitoring and control on a project … to increase the probability and impact of positive events, and decrease the probability and impact of events adverse to the project

PMBOK® Guide, 4th Edition

Risk Management Process

—PMBOK® 4th Edition, Chapter 11

Regular Reviewsand Updates

0) Risk Planning- Select Risk Mgmt Team- Conduct Initial Risk Assmt- Create Risk Mgmt Plan- Obtain Plan Approval

1) Risk Identification- Explore RBS- Identify Risks- Draft Risk ID section of Risk Register

2) Risk Analysis- Agree to Ranking Criteria- Determine Risk Impact & Probability- Estimate Risk $ (optional)

3) Risk Response- Assign Owner- Classify Response Type- Develop Response(s)- Risk Impact & Prob. After- Est. Response $ (optional)

4) Risk Control- Execute Response- Monitor Risks- Report Risk Status

This Process is Iterative!

Risk Management Planning

Conduct Initial Risk Assessment

Select Team Members and Functional

Experts

Complete Risk Management Plan

Secure PlanApproval

Ris

k P

lann

ing

- Rating for each of 9 questions- Determine level of Risk Mgmt required to manage risk

- Determine Required Organizational Functions- Define Core Risk Management Team Members- Supporting Members - Stakeholders - Experts - Functional Leads

- Project Name- Customer- Contract $ Value- Project Duration- Define Methodology- Establish Review Frequency- Define Metrics & Reporting Frequency

- Sign-off Plan with Project Principles- File with Project Mgmt Documents

ContinueTo Risk

Identification

• Risk Management Planning is the process of deciding how to approach and conduct the risk management activities for a project

• Ensures that the level and visibility of risk management match importance of the project to the organization

• Provides for sufficient resources and time for risk management activities

• Establishes an agreed-upon basis for evaluating, monitoring and controlling risks

Risk Management Plan (RMP)

Briefdescription of the project from a risk viewpoint

Responsibilities of the PM, RMB, Project Team, QA, Sr. Mgmt, other stakeholders

Level of communication with senior mgmt. & stakeholders

Strategy, process, ground rules and assumptions, schedule, and budget/cost guidelines

Defines the risk management approach to be used on the project.

Subcontractor, customer, and relevant stakeholder involvement

Full Blown Risk Management Plan

Needed or available resources including tools, people, facilities

Definitionsof risk groupings, categorizations, scoring, ID technique(s), Escalation & Retirement Criteria

Risk Management

PlanCover Sheet

(Used as a screening tool for all

projects/ programs to get agreement on scope of Risk

Management need)

Project Name: Customer:Risk Leader: Project Duration:Contract Value: Project Type:Link to Project Plan:

Outcome of Initial Risk Assessment 0.0

Purpose of Project:Output:

Support

RedFormal risk management process. Support by all key stakeholders to identify risks.

Yellow Use key stakeholders to identify risks.

Green Further support only as needed.

Risk Team Members / Stakeholders

% of time Function

Frequency of updates:

Risk Leader: signature/dateLeadership: signature/dateProgram Manager: signature/dateFunctional Dept. Head: signature/dateAdditional: signature/date

Recommendations for Risk Mgmt based on

Outcome of Initial Risk Assessment

Daily to weekly reviews of response plan status. Monthly updates of Risk Register.

Dedicated Risk Management Team if needed.

Complete Risk Mgmt Plan and Initial Risk Assessment at minimum.

Regular reviews of response status (may be part of project plan). Monthly updates of Risk Register.

Review of risk management is required if circumstances change.

Initial Risk Assessment Worksheet

Roles & Responsibilities

Dedicated Risk Management Team.

Planning/Mgmt Update Frequency

Risk Management Plan

Scope Statement for Project Risk Management

Risk Management Plan Approval

Initial 9 Question

Risk Assessment

(Used as a guide to quickly determine

overall project/ program risk)

Initial Risk Assessment Worksheet (New Product Introduction)Project Name: Risk Leader:0 01) Complete probability rating for all 9 risk factors (causes). Record assessment participants.2) Provide Project/Program comments as necessary to explain the ratings that you gave.3) Summary score is automatically transferred back to Risk Management Plan.

Risk Factor (Cause) Impact of Risk (Effect)

Probability of Risk Factor Occurring Project/Program Comments

1 Proposal price is less than the current estimated cost.

Design will not be sustainable in production due to high NRC. May need product redesign or structured cost reduction via STRIDE tools.

2Performance parameter extrapolations are outside the experience base of previous products.

Design will operate beyond our experience base or known response surface. May need additional design, prototypes, testing to mitigate risk

3The product contains the first use of materials beyond the SBU's experience.

Design will be outside our experience base. May need additional materials expertise, properties data and testing to mitigate risk.

4The product contains the first use of technology beyond the SBU's experience.

Design will operate beyond our experience base. May need additional design expertise, Tech Center Support, 3rd party support, prototypes, testing or significant development time to mitigate risk

5 Inventions are required or expected during design/development.

Design is not based upon demonstrated designs and requires innovation to succeed. May need additional design, prototypes, testing or significant development time to mitigate risk

6 New suppliers to the SBU will be involved or required.

Program success is dependent upon a supplier in which we have no experience or performance history. May need additional supply chain, engineering or operations support to qualify the supplier or find alternative qualifiable sources.

7New design processes or tools will be used that are beyond the SBU's current experience.

Program success is dependent upon tools or processes in which we have little or no experience. May need additional engineering expertise, tool vendor support, training or development time to apply new tools.

8 New manufacturing processes to the SBU are required.

Program success is dependent upon manufacturing processes in which we have little or no experience. May need to build a productivity learning curve, prototype operating cells or additional training into the program plan.

9

Conditions are expected to change (e.g. schedules, customer requirements, regulations) that may invoke any of the above conditions.

Design will not be sustainable in production due to high NRC. May need product redesign or structured cost reduction via STRIDE tools.

Summary Score (1-5): 0.0Return to Risk Mgmt Plan

Risk Register Used Throughout To Manage Risk Management Process

1) Risk Identification: 3) Risk Response Planning: Date:

Total Cost of Effects:

TOTAL RISK: 104 $21,500 RISK AFTER: 31 $12,500 83

Ris

k Ite

m #

Entry Date

Risk Category

Cause(If this

happens…)

Effect(Then this

may happen…) P

roba

bilit

y (1

- 5)

Impa

ct (1

- 5)

Ris

k Sc

ore

(1 -

25)

Ris

k Ef

fect

E

stim

ated

C

ost $

Risk OwnerResponse

Type Risk Response(s) Pro

ject

Cro

ss

Ref

. # Due Date R

espo

nse

Sta

tus

Est

imat

ed

Pro

babi

lity

Afte

r (1

- 5)

Est

imat

ed

Impa

ct A

fter

(1 -

5)

Est

imat

ed

Ris

k Sc

ore

Afte

r (1

- 25)

Res

pons

e C

ost $

Current Risk

Score Res

pons

e P

lan

Sta

rt D

ate

1.0 11-Jan-08 Technical/ Design Risk cause 1 Risk cause 1 1 3 3 Jack White Accept 0 1 3 3 3

2.0 11-Jan-08 Project Mgmt Risk cause 2 Risk cause 2 5 3 15 $1,500 Mary Jane Contingency Risk Response 2.0 21 1-Jun-08 1 2 1 2 $500 11.75 1-Mar-08

3.0 11-Jan-08 Development Risk cause 3 Risk cause 3 3 4 12 $20,000 Joe Dude Mitigate Risk Response 3.0 34 20-Apr-08 3 3 1 3 $12,000 5.25

4.0 11-Jan-08 Development Risk cause 4 Risk cause 4 5 5 25 Sally Bobaly Avoid Risk Response 4.0 35 25-Jul-08 0 2 3 6 25 1-Apr-08

5.1 12-Mar-08 Supply Chain Risk cause 5 Risk cause 5 4 5 20 John Johnson Mitigate Risk Response 5.1 37 1-Aug-08 2 2 2 4 12

5.2 0 John Johnson Contingency Risk Response 5.2 37 2-Aug-08 0 0 0

6.0 12-Mar-08 Mfg/ Operations Risk cause 6 Risk cause 6 2 4 8 Julie Bobuly Transfer Risk Response 6.0 42 1-Jun-08 3 2 2 4 5

7.0 19-Mar-08 Supply Chain Risk cause 7 Risk cause 7 2 3 6 John Johnson Accept 0 2 3 6 6

8.1 19-Mar-08 Technical/ Design Risk cause 8 Risk cause 8 3 5 15 Jack White Mitigate Risk Response 8.1 23 15-Sep-08 0 3 1 3 15 1-Apr-08

8.2 0 Jack White Mitigate Risk Response 8.2 24 15-Sep-08 0 0 0 15-May-08


0 0 0 0

0 0 0 0

0 0 0 0

0

Risk Forecasting:

2) Risk Analysis: Total Current

Risk Score:

Total Cost of

Responses:

1-Apr-08

Sort byRisk Item #

Sort byRisk

Score

Sort byCurrent Risk Score

Sort byRisk

Owner

Risk Identification

• Risks of all types may be identified throughout the New Product Introduction process – including in opportunity targeting, proposal development, project planning, product and process design, verification and validation, and production ramp-up

• Risk identification is an iterative process because new risks will become known as the project progresses through its life cycle

Review and Modify Risk Breakdown Structure (RBS)

Use Recognized Tools to Identify Risks

Ris

k Id

entif

icat

ion Draft Risk

Identification Section of Risk Register

- Expand RBS as Required for Project

- Brain Storming- Interviews- Ishikawa (fishbone) Diagrams- Other Tools

- Identify Actionable Risks- Identify Risk Event Category from the RBS

ContinueTo RiskAnalysis

Risk Identification Approach• Gather as much relevant data as possible• Schedule a risk management meeting with the key team

members• Use a structured approach to identifying risks, and be thorough• FOCUS ONLY ON IDENTIFYING RISKS

Risk Identification ApproachesWho?

• Project team members• Vendors/subs/suppliers• Customers• Senior Management• Subject Matter Experts (SME)

Tools• Risk Breakdown Structure (RBS)• Checklists (Risk Taxonomy, Lessons Learned)• Questionnaires (Risk Taxonomy)• Strengths, Weaknesses, Opportunities & Threats (SWOT) Analysis• Scenario analysis (Walk through Program scenarios)• Evaluating Proposal and Project plans for key assumptions, uncertainties, drivers• Design and project reviews, test results, problem reports

Techniques• Interviews• Brainstorm sessions – multi-disciplinary team• Written questionnaires• Delphi technique (anonymous questionnaire) – multi-disciplinary experts• At every formal and informal meeting

• Project Manager• Lead Project Engineer• End Users• Other PM• Other Stakeholders

Everybody!!!

Risk Breakdown Structure (RBS)

Each business or value stream should have an RBS / Risk Taxonomythat reflects common risks encountered.

The RBS is part of the Risk Management procedure

Default Risk Breakdown StructureCategory Sub-Category Category Sub-CategoryProject Management

Personnel Capacity Development Development Process MaturityPersonnel Skills and Experience Technical Decision-making ProcessResource Monitoring & Management System Integration and TestingFacility Capability/Constraints Configuration Control/TraceabilityProgram Financials Analysis Capability and ToolsProject Integration & Communication Supply Chain Dependency on Sole SourcesRequirements Flowdown & Execution Exotic Materials & ProcessesRisk Management Maturity Hardware Delivery PerformancesSchedule Flexibility Forecast Lead timesWork Environment PricingMulti-SBU/Site Complexity Manufacturing Manufacturing CapacityLeadership Decision-making Process / Operations Process Capability Roles & Responsibilities Clarity Equipment Suitability and Reliability

Technical / Design Interfaces Special Processes Capability Design Technology Maturity Contract Dependencies on Outside Contractors

Design Testability Contractual RestrictionsRequirements Feasibility Export Licensing RequirementsPerformance Margins Long Term AgreementsSoftware Constraints Customer Requirements CompletenessSoftware Performance/Capability Requirements ClarityDesign Capability/Capacity Requirements StabilityDesign Complexity Customer Skill and ExperienceReliability and Maintainability Safety Requirements

Relationships and Politics

Leading Investigators ThroughRisk Areas Using RBS

Project

Technical External Organizational Project Management

Requirements Subcontractors Project Dependencies

Estimating

Technology

Complexity & Interfaces

Performances & Reliability

Quality

Regulatory

Market

Customer

Weather

Resources

Funding

Prioritization

Planning

Controlling

Communication

- PMBOK® Guide, 4th Edition

Risks are categorized by:

• Class• Element• Attribute

B. Development Environment

1. Development Process a. Formality b. Suitability c. Process Control d. Familiarity e. Product Control

2. Development System a. Capacity b. Suitability c. Usability d. Familiarity e. Reliability f. System Support g. Deliverability

3. Management Process a. Planning b. Project Organization c. Management Experience d. Program Interfaces

4. Management Methods a. Monitoring b. Personnel Management c. Quality Assurance d. Configuration Management

5. Work Environment a. Quality Attitude b. Cooperation c. Communication d. Morale

A. Product Engineering

1. Requirements a. Stability b. Completeness c. Clarity d. Validity e. Feasibility f. Precedent g. Scale

2. Design a. Functionality b. Difficulty c. Interfaces d. Performance e. Testability f. Hardware g. Non-Developmental Software

3. Code and Unit Test a. Feasibility b. Testing c. Coding/Implementation

4. Integration and Test a. Environment b. Product c. System

5. Engineering Specialties a. Maintainability b. Reliability c. Safety d. Security e. Human Factors f. Specifications

C. Program Constraints

1. Resources a. Schedule b. Staff c. Budget d. Facilities

2. Contract a. Type of Contract b. Restrictions c. Dependencies

3. Program Interfaces a. Customer b. Associate Contractors c. Subcontractors d. Prime Contractor e. Corporate Management f. Vendors g. Politics

Leading Investigators Through Risk Areas

Risk Identification - Keys to Success

Identifying “all” risks candidates, avoid limiting the list• Large number of risks does not necessarily indicate a high risk

programEstablishing an open atmosphere for communication

• “Open” means not dismissed w/o an explanation, no retribution for surfacing concerns

Ensuring a wide perspective• All aspects of the program and all stakeholders involved

Sufficient risk identification documentation to support the analysis step• Clear statement of risk, context, and source• “If … Then …” structure helps clarify the two components of risk

Not a one time process• Update during proposal, on award, major reviews (SRR, PDR, CDR)• Update periodically (quarterly recommended)• Updates as new risks surface during daily standup meetings

http://www.google.com/imgres?imgurl=http://www.lavistachurchofchrist.org/LVstudies/Keys/Keys.JPG&imgrefurl=http://youcanbenew.wordpress.com/2008/03/18/key-5-thinking-change/&h=687&w=490&sz=27&tbnid=mAwMCIQD854J::&tbnh=139&tbnw=99&prev=/images?q=keys+picture&usg=__uCLrprst96mLstpY7-tyZEROuzE=&sa=X&oi=image_result&resnum=1&ct=image&cd=1

Risk Register:Identification Phase

1) Risk Identification: 3) Risk Response Planning: Current Date:


TOTAL RISK: 0 $0 RISK AFTER: 0 $0 0

Ris

k Ite

m #

Entry Date Risk

CategoryCause

(If this happens…)Effect

(Then this may happen…) Pro

babi

lity

(1 -

5)

Impa

ct (1

- 5)

Ris

k Sc

ore

(1 -

25)

Ris

k Ef

fect

E

stim

ated

C

ost $

Risk Owner Response Type Risk Response(s) Pro

ject

Cro

ss

Ref

. # Due Date R

espo

nse

Sta

tus

Est

imat

ed

Pro

babi

lity

Afte

r (1

- 5)

Est

imat

ed

Impa

ct A

fter

(1 -

5)

Est

imat

ed

Ris

k Sc

ore

Afte

r (1

- 25)

Res

pons

e C

ost $ Current

Risk Score Res

pons

e P

lan

Sta

rt D

ate

1.0 11-Jan-08Technical/

Design Risk cause number 1 Risk effect number 1

2.0 11-Jan-08 Project Mgmt Risk cause number 2 Risk effect number 2

3.0 11-Jan-08 Development Risk cause number 3 Risk effect number 3


5.1 12-Mar-08 Supply Chain Risk cause number 5 Risk effect number 5

5.2

6.0 12-Mar-08 Mfg/ Operations

Risk cause number 6 Risk effect number 6


8.1 19-Mar-08 Technical/ Design Risk cause number 8 Risk effect number 8

8.2

8.3

Risk Forecasti

ng:


Risk Score:

Total Cost of Responses:

1-Apr-08

Sort byRisk Item #

Sort byRisk Score


Sort byRisk Owner

1) Risk Identification:

Ris

k Ite

m #

Entry Date

Risk Category

Cause(If this happens…)

Effect(Then this may

happen…)

1.0 11-Jan-08 Technical/ Design Risk cause 1 Risk cause 1

2.0 11-Jan-08 Project Mgmt Risk cause 2 Risk cause 2

3.0 11-Jan-08 Development Risk cause 3 Risk cause 3

4.0 11-Jan-08 Development Risk cause 4 Risk cause 4

5.0 12-Mar-08 Supply Chain Risk cause 5 Risk cause 5

6.0 12-Mar-08 Mfg/ Operations Risk cause 6 Risk cause 6

7.0 19-Mar-08 Supply Chain Risk cause 7 Risk cause 7

8.0 19-Mar-08 Technical/ Design Risk cause 8 Risk cause 8

Sort byRisk Item #

Recommended Method for Risk Identification

Brainstorm project risks individually• Write one risk per stickie• Use the RBS, Impact Matrix,

documentation as a prompt for developing risks

• Set a time limit (usually 15 min.)

As a group• Facilitator reads each risk for everyone’s

understanding, then posts to the wall• Any similar risks are identified and

posted together• Team groups common risks and names

groups• If needed, use the RBS categories for

groupings

Risk Analysis

• Analyzing risks for both probability and impact• Developing a risk profile for your project• Prioritizing which risks get your attention first

Agree to Ranking Criteria for Impact &

Probability

Determine Risk Impact & Probability for each

Risk

Ris

k A

naly

sis

Rank the Risks

ContinueTo Risk

Response

- Use examples to determine project-specific ranking criteria

- Input Probability and Impact Values in Risk Assessment Tool

- Prioritize Risks using sorting macros in preparation for Risk Response to the high priority items

- Define Quantitative Method and Scale Factors for Probability / Impact Values

- Define Estimated Cost of the Risk Impact

When Is Analysis and Prioritization Performed?

At the beginning of the projectWhen:

– A new risk is identified– An existing risk changes– Influential factors change– New information surfaces– The customer proposes a

change– Market conditions change– Significant personnel leave the

project

Qualitative Approach

• Uses subjective values like high, medium, and low or other combinations

• Requires common understanding of preferred ranking systemImpact (Select the column that the risk impacts the most):

Probability

5High

> 50%5

High

3Med.

10% to 50%3

Med.

1Low

< 10%1

Low

Risk may have a negligible impact on schedule.

Risk may have negligible impact on project budget.

Risk will not impact on any Customer Specification compliance.

ScopeRisk may result in a shortfall in operational performance that will NOT be accepted by Customer.

Risk may impact project NRC budget in the order of 10%.

Risk may impact project NRC budget in the order of 2%.

Risk may result in a Customer Specification non compliance, but overall operational performance will be accepted by Customer.

ScheduleRisk may prevent “On Time Delivery” of Key Customer Milestones.

Risk may incur schedule slippage, but within Customer Milestones.

Cost

Qualitative Risk Analysis – prioritizing risks for subsequent further analysis or action by assessing and combining their probability of occurrence and impact.

PMBOK® Guide, 4th Edition, Chapter 11

The Infamous 5x5 Criteria

Standard criteria should be part of the business risk management procedure

Probability5 Very Likely >75% Chance4 51-75% Chance3 26-50% Chance2 10-25% Chance1 Unlikely <10% Chance

Impact5 Severe Impact - Redesign Major Components, > 2 Mon. Slip4 Some Impact - Redesign Minor Components, 1-2 Mon. Slip3 Some Impact - Min. redesign, 2-4 Wk. Slip2 Some Impact - Min. redesign, 0-2 Wk. Slip1 Minimal - No redesign or Schedule Impact

Risk Score:

4 5

Prob

abili

ty

Impact

1

1 2 3

5

4

3

2

2 3

6

5 10

4 51

8 12 16

6 9

4

3

2

20

15

10

12

4

15 20

8

25

Combined Visual Examples

5 3

4

6

1,2

Probability

Impa

ct

1 2 3 4 51

2

3

4

5

5x5 Example3x3 ExampleLow (1) Impact Medium (3) Impact High (5) Impact

High (5) Probability

Cluttered approver mailboxes for specs not requiring their review and approval.

Stakeholder cannot complete task Project team over-extended

Specs continue to be created without obsoleting old spec.

Specs not built to Business Rules (e.g. BOS, etc.)

Non-Spec documents (records such as validation/ stability docs) not migrated from NADCS to GSS.

Incomplete, inaccurate or lack of communication of spec changes with outside suppliers/vendors.

Medium (3) Probability

Training methodology is ineffective. Maintaining updated Approval Matrix. Bad data integrity

Users not available to attend training classes.

Keeping status of BOS intact to BOM in SAP.

Resistance to new "Roles" e.g. TA approves component specs.

GSS out of sync with organizational model.

Approval matrix behavior is not as expected.

Plant operators cannot use system

Trainers availability Users cannot access system

Extremely slow response time - network bandwidth

Not delivering on ROI.

Specs not built to Business Rules (e.g. BOS, etc.)

Low (1) Probability

Mark up not working. Insufficient manpower to support user community

Users cannot create new spec revisions

Records/documentation for test scripts, execution, validation are in place.

BOS not functioning properly. Defective Workflow

Compare not working No executive support for additional resources.

On-going cost exceeds expectations

System hangs Funding not available or exhaustedNetwork failure

Cannot use reference docs Software failure - system inaccessible

Unable to restore from backupFile collaboration server - inaccurate replication and functionalityForgot critical major user requirements

Use combined matrices as a visual communication and record of project risks

Risk Level Definition and Required Action

High Risk Medium Risk Low RiskA risk that may have a significant impact (or even the possibility of failure) on the project's performance, cost, or schedule objectives or customer satisfaction. The probability of occurrence and the consequence of occurrence is so high that rigorous control of all risk sources is needed.

A risk that could affect project objectives, cost, schedules, or customer satisfaction. The combination of likelihood and consequence of occurrence requires close control of all contributing risk sources, development of a handling plan, establishment of risk milestones, and possibly secondary plans.

A risk that may have a minor effect or consequence on project objectives. The probability and consequence of occurrence are sufficiently low so as to cause little concern.

Requires: control and monitoring of each risk source, a detailed handling/mitigation plan, secondary plans, and aggressive risk monitoring.

Requires: similar attention as high risks at RMB discretion.

Requires: no special project emphasis other than normal design group monitoring and control. These risks are monitored to detect a potential increase in risk level (i.e., added to a risk watch list).

Risk Analysis Caution Areas• Risks can interact in unanticipated ways• A single risk can cause multiple effects• Opportunities for one may be a threat to another• Mathematical tools can create a false impression of precision

and reliability

Results of Risk Analysis and PrioritizationDetermination of Probability and Impact leading to prioritization byRisk Number (P x I)Root Cause of risk

• Potentially leading to restatement of risk• Why … Why … Why … Why … Why …• Fishbone and/or pareto analysis• Other problem solving techniques (Six Sigma, 8D, etc.)

Cost to the program should the high risk become a problemRecommended triggers to initiate corrective action

• When measure exceeds a specified value• When specific test fails or is marginal• Customer/Supplier feedback• ? …

Risk Register: Analysis Phase

1) Risk Identification:


TOTAL RISK: 104 $21,500

Ris

k Ite

m #

Entry Date

Risk Category


Effect(Then this may

happen…) Pro

babi

lity

(1 -

5)

Impa

ct (1

- 5)

Ris

k Sc

ore

(1 -

25)

Ris

k Ef

fect

E

stim

ated

C

ost $

1.0 11-Jan-08 Technical/ Design Risk cause 1 Risk cause 1 1 3 3

2.0 11-Jan-08 Project Mgmt Risk cause 2 Risk cause 2 5 3 15 $1,500

3.0 11-Jan-08 Development Risk cause 3 Risk cause 3 3 4 12 $20,000

4.0 11-Jan-08 Development Risk cause 4 Risk cause 4 5 5 25

5.0 12-Mar-08 Supply Chain Risk cause 5 Risk cause 5 4 5 20

6.0 12-Mar-08 Mfg/ Operations Risk cause 6 Risk cause 6 2 4 8

7.0 19-Mar-08 Supply Chain Risk cause 7 Risk cause 7 2 3 6

8.0 19-Mar-08 Technical/ Design Risk cause 8 Risk cause 8 3 5 15

0

0

0

0

0

0

0

2) Risk Analysis:

Sort byRisk Item #

Sort byRisk Score



TOTAL RISK: 0 $0 RISK AFTER: 0 $0 0

Ris

k Ite

m #

Entry Date Risk

CategoryCause

(If this happens…)Effect

(Then this may happen…) Pro

babi

lity

(1 -

5)

Impa

ct (1

- 5)

Ris

k Sc

ore

(1 -

25)

Ris

k Ef

fect

E

stim

ated

C

ost $

Risk Owner Response Type Risk Response(s) Pro

ject

Cro

ss

Ref

. # Due Date R

espo

nse

Sta

tus

Est

imat

ed

Pro

babi

lity

Afte

r (1

- 5)

Est

imat

ed

Impa

ct A

fter

(1 -

5)

Est

imat

ed

Ris

k Sc

ore

Afte

r (1

- 25)

Res

pons

e C

ost $ Current

Risk Score Res

pons

e P

lan

Sta

rt D

ate

1.0 11-Jan-08 Technical/ Design

Risk cause number 1 Risk effect number 1

2.0 11-Jan-08 Project Mgmt Risk cause number 2 Risk effect number 2




5.2

6.0 12-Mar-08 Mfg/ Operations Risk cause number 6 Risk effect number 6


8.1 19-Mar-08Technical/

Design Risk cause number 8 Risk effect number 8

8.2

8.3

Risk Forecasti

ng:


Risk Score:


1-Apr-08

Sort byRisk Item #

Sort byRisk Score


Sort byRisk Owner

Risk Response Planning

• The process of developing options and determining actions to enhance opportunities and reduce threats to the project’s objectives

• The effectiveness of response planning will directly determine whether risk increases or decreases for the project

Define RiskResponse Strategy

Establish Action & Due Date for Each Risk

Ris

k R

espo

nse

Assign Owner toEach Risk

Evaluate Response Effectiveness

(Projected Risk Score)

ContinueTo RiskMonitor

- Define Appropriate Response Approach to manage the Risk - Accept - Avoid / Exploit - Mitigate / Enhance - Transfer / Share - Contingency

- Define Measurable Response Action- Define Contingency Action & Trigger (as required)

- Establish Method to to Integrate Response Actions into the Project - Project Plan - Action Item List - Response List

- Input Projected Probability and Impact Values

- Define Estimated Cost of the Risk Response- Define Risk Response Start Date (forecasting)

Strategies for Negative Risks or Threats• Avoid: Eliminating the risk, usually by eliminating the cause

– Using a more stable technology– Using a less complicated or less sophisticated programming

language– Using a list of exclusions

• Mitigate: Managing the risk by trying to reduce the probability and / or impact of an event to an acceptable threshold

• Transfer: Shifting the negative impact of the event to a third party– Purchasing insurance, performance bonds, warranties– Contracts– Hiring subcontractors

Example Mitigation Approaches

• Personnel Short falls– Career Development– Team building– Cross-training– Hiring, consultants, subs– Overtime

• Unrealistic Schedules and Budgets– Multi-source cost & schedule

estimation– Design to cost– Incremental development– Requirements scrubbing– Outside reviews– Remove from critical path

• Shortfall in purchased components– New vendor, 2nd source– Inspections– Reference checking– Compatibility analysis

• Developing the Wrong user Interface– Parallel development– Scenarios– User Characterization (e.g. functionality,

style, workload, level)• Real-Time Performance Short falls

– Parallel development– Simulation Prototyping– Benchmarks, Modeling, Simulations

• Continuing Requirements Changes– High change threshold– Set change milestone– Enhance visibility to impact of changes– Staged/incremental development (defer

changes)– Additional Voice of the Customer session

• Straining laws of physics– Technical analysis– Cost-benefit analysis– Prototyping

Strategies for Positive Risks or Opportunities• Exploit: Eliminates the uncertainty associated with an

upside risk by ensuring the opportunity will happen

• Enhance: Increases probability of positive impacts; identifies and maximizes key drivers of the positive impacts

• Share: Allocates ownership to a third party who can better capture the opportunity for the benefit of the project

Strategies for Both Threats and Opportunities• Acceptance: Used when the team decides not to change

the project management plan to deal with risk or when theteam cannot identify a suitable strategy

• Contingent: A response plan that will be used only if certain events occur– Events that trigger the contingency response should be defined

and tracked

PassiveActive

http://www.illustrationsof.com/details/clipart/5447.html

Contingency Plans vs. Project Reserves

Contingency plans involve the development of alternative courses of actions, which may include:• Schedule changes• Resource changes• Contract clauses

Project reserves take the form of money or time targeted at specific areas of the project and are sometimes called:• Management• Budget• Schedule

Risk Register – Response Phase

1) Risk Identification: 3) Risk Response Planning: Date:



Ris

k Ite

m #

Entry Date

Risk Category

Cause(If this

happens…)

Effect(Then this

may happen…) P

roba

bilit

y (1

- 5)

Impa

ct (1

- 5)

Ris

k Sc

ore

(1 -

25)

Ris

k Ef

fect

E

stim

ated

C

ost $

Risk OwnerResponse


ject

Cro

ss

Ref

. # Due Date R

espo

nse

Sta

tus

Est

imat

ed

Pro

babi

lity

Afte

r (1

- 5)

Est

imat

ed

Impa

ct A

fter

(1 -

5)

Est

imat

ed

Ris

k Sc

ore

Afte

r (1

- 25)

Res

pons

e C

ost $

Current Risk

Score Res

pons

e P

lan

Sta

rt D

ate

1.0 11-Jan-08 Technical/ Design Risk cause 1 Risk cause 1 1 3 3 Jack White Accept 0 1 3 3 3

2.0 11-Jan-08 Project Mgmt Risk cause 2 Risk cause 2 5 3 15 $1,500 Mary Jane Contingency Risk Response 2.0 21 1-Jun-08 1 2 1 2 $500 11.75 1-Mar-08

3.0 11-Jan-08 Development Risk cause 3 Risk cause 3 3 4 12 $20,000 Joe Dude Mitigate Risk Response 3.0 34 20-Apr-08 3 3 1 3 $12,000 5.25

4.0 11-Jan-08 Development Risk cause 4 Risk cause 4 5 5 25 Sally Bobaly Avoid Risk Response 4.0 35 25-Jul-08 0 2 3 6 25 1-Apr-08

5.1 12-Mar-08 Supply Chain Risk cause 5 Risk cause 5 4 5 20 John Johnson Mitigate Risk Response 5.1 37 1-Aug-08 2 2 2 4 12


6.0 12-Mar-08 Mfg/ Operations Risk cause 6 Risk cause 6 2 4 8 Julie Bobuly Transfer Risk Response 6.0 42 1-Jun-08 3 2 2 4 5

7.0 19-Mar-08 Supply Chain Risk cause 7 Risk cause 7 2 3 6 John Johnson Accept 0 2 3 6 6

8.1 19-Mar-08 Technical/ Design Risk cause 8 Risk cause 8 3 5 15 Jack White Mitigate Risk Response 8.1 23 15-Sep-08 0 3 1 3 15 1-Apr-08



0 0 0 0

0 0 0 0

0 0 0 0

0

Risk Forecasting:


Risk Score:

Total Cost of

Responses:

1-Apr-08

Sort byRisk Item #

Sort byRisk

Score


Sort byRisk

Owner

Update the Appropriate Documents • Project management plan (updates)• Risk-related contracts• WBS: Add appropriate work packages that reflect the risk

response strategies• Budget: Add risk funding to the appropriate work packages • Deliverables map/LWWPP: Add time to the appropriate work

packages• Resources: Add resources as needed to the appropriate

work packages

Flow of STRIDE Tools in Executingand Monitoring and Control Processes

Inputs:• Actions to resolve

higher fidelity requirements and increased confidence of compliance

• LWWPP with active risk mgmt. built in

• Risk Mitigation and Contingency Plans

Project TeamDaily Stand-up Meetings

Regular Risk Reviews

-100

0

100

200

300

400

500

Jan Feb Mar Apr May Jun Jul Aug Sep

RNTOTAL EXPOSURECURRENT EXPOSUREMONTHLY CHANGE

0

2

4

6

8

10

12

Jan Feb Mar Apr May Jun Jul Aug Sep

LOWMEDIUMHIGH

Outputs:• Execution to Plan• Real-time Problem

Identification & Countermeasure Assignment

Outputs:• Risk Mitigation to Plan• New Risk Identification &

Response Planning

Improved Scope, Cost &

Schedule Control

You areHere

Risk Monitor and Control

The process of:• Identifying, analyzing, and planning for newly arising risks• Tracking the identified risks and those on the watch list• Reanalyzing existing risk• Monitoring triggers to activate contingency plans• Monitoring residual risks• Reviewing the execution of risk responses while evaluating their effectiveness

Execute Response Plans

Monitor Risk Responses

(periodically)

Ris

k M

onito

r/Con

trol Report Risk Status

(periodically)

ReturnTo Risk

Identification- Manage Completion of Response Actions- Record Completed Response Actions (risk score achieved)

- Review Visual Controls - Current Risk Score - Number of Risks

- Evaluate and Report Risk Management Results

- Record % Complete (risk score achieved)

- Projected Time Based Risk Score (forecasting)

Identifying Triggers for Each Risk EventWhat is a risk trigger? A risk trigger is an earlywarning sign that the risk event may occur:• Identify potential triggers that would indicate the

occurrence of a risk event• Ensure that these triggers are visible to the project team• Monitor triggers frequently

Incorporating Risk Reviews• Build risk reviews into the LWWPP• Establish a window of time to monitor the project• Review schedule, budget, and change control log for

potential risks• Review risk plan after each risk occurrence• Reassess probabilities and impact for each risk event• Make risk management part of status meetings, ideally

including daily stand-up meetings

Outcome from Risk Monitoring and Control• Corrective and preventive actions• Updates to risk management plan• Updates to budget, including reserve and contingency• Updates to schedule• Impact matrix closed out; going forward use the risk

management tool• Risk Event Lessons Learned

Best Practice: Risk Management Tool• Monitors action closure status using Lean symbols• Adjusts CURRENT risk score as a result of the action taken• Forecasts reduction in risk score based on completion status, start

and finish dates for the risk response(s)




Ris

k Ite

m #

Entry Date

Risk Category


Effect(Then this may happen…) P

roba

bilit

y (1

- 5)

Impa

ct (1

- 5)

Ris

k Sc

ore

(1 -

25)

Ris

k Ef

fect

E

stim

ated

C

ost $

Risk OwnerResponse


ject

Cro

ss

Ref

. # Due Date R

espo

nse

Sta

tus

Est

imat

ed

Pro

babi

lity

Afte

r (1

- 5)

Est

imat

ed

Impa

ct A

fter

(1 -

5)

Est

imat

ed

Ris

k Sc

ore

Afte

r (1

- 25)

Res

pons

e C

ost $

Current Risk

Score Res

pons

e P

lan

Sta

rt D

ate

4.0 11-Jan-08 Development Risk cause number 4 Risk effect number 4 5 5 25 Sally Bobaly Avoid Risk Response 4.0 35 25-Jul-08 0 2 3 6 25 1-Apr-08

5.1 12-Mar-08 Supply Chain Risk cause number 5 Risk effect number 5 4 5 20 John Johnson Mitigate Risk Response 5.1 37 1-Aug-08 2 2 2 4 12


2.0 11-Jan-08 Project Mgmt Risk cause number 2 Risk effect number 2 5 3 15 $1,500 Mary Jane Contingency Risk Response 2.0 21 1-Jun-08 1 2 1 2 $500 11.75 1-Mar-08

8.1 19-Mar-08 Technical/ Design Risk cause number 8 Risk effect number 8 3 5 15 Jack White Mitigate Risk Response 8.1 23 15-Sep-08 0 3 1 3 15 1-Apr-08



3.0 11-Jan-08 Development Risk cause number 3 Risk effect number 3 3 4 12 $20,000 Joe Dude Mitigate Risk Response 3.0 34 20-Apr-08 3 3 1 3 $12,000 5.25

6.0 12-Mar-08 Mfg/ Operations Risk cause number 6 Risk effect number 6 2 4 8 Julie Bobuly Transfer Risk Response 6.0 42 1-Jun-08 3 2 2 4 5

7.0 19-Mar-08 Supply Chain Risk cause number 7 Risk effect number 7 2 3 6 John Johnson Accept 0 2 3 6 6

1.0 11-Jan-08 Technical/ Design Risk cause number 1 Risk effect number 1 1 3 3 Jack White Accept 0 1 3 3 3

0 0 0 0

0 0 0 0

Risk Forecastin

g:


Risk Score:


1-Apr-08

Sort byRisk Item #

Sort byRisk Score


Sort byRisk Owner

STRIDE Risk ManagementMonitoring and ControlRisk Tool provides visual controls for historical risk and risk reduction forecast:

Forecast in Total Risk Reduction

0

20

40

60

80

100

120

TotalRisk

Apr-08 May-08 Jun-08 Jul-08 Aug-08 Sep-08 Oct-08 Nov-08 Dec-08

Risk

Num

ber

LowMediumHigh

Forecast in # Risk by Category

0

1

2

3

4

5

6

7

8

9

TotalRisk

Apr-08

May-08

Jun-08

Jul-08 Aug-08

Sep-08

Oct-08

Nov-08

Dec-08

Jan-09

Feb-09

Num

ber o

f Ris

ks

LowMediumHigh

Historical Change in Total Risk

0

20

40

60

80

100

120

Jan-08 Feb-08 Mar-08 Apr-08

Risk

Num

ber

LowMediumHigh

Historical Change in # Risks by Category

0

1

2

3

4

5

6

7

8

9

Jan-08 Feb-08 Mar-08 Apr-08

Num

ber o

f Ris

ks

LowMedium

High

• By Overall Risk Score:

• By Risk Category: Low, Medium, & High

Foundations of Project Success

Scope and Requirements

Sche

dul

eProject Success

Qual

ity

Cost

Integrity and Safety

The End

Questions?

Comments?

Date post:	12-Apr-2017
Category:	Documents
Upload:	romains-bos-pmp-mba
View:	1,507 times
Download:	0 times