Risk Response Control

Download Report

Transcript Risk Response Control

Quick Recap
Monitoring and Controlling
Continuation of previous lecture….
• Lesson 7: Analyzing Risks and Planning Risk
Responses
Topic 7A: Examine a Risk Management Plan
Topic 7B: Identify Project Risks and Triggers
Topic 7C: Perform Qualitative Risk Analysis
Topic 7D: Perform Quantitative Risk Analysis
Topic 7E: Develop a Risk Response Plan
Outputs
• Sources of risk (i.e., categories)
– Stakeholder actions
– Estimates
– Staffing plans
– Common sources of risk:
• Changes in requirements
• Design errors, omissions, and
misunderstandings
• Poorly defined R & R
• Insufficiently skilled staff
Outputs
• Potential Risk events
– Specific discrete events that might effect the
project
– Generally include:
• Probability
• Alternative outcomes
• Timing
• Frequency (more than once?)
Outputs
• Risk Symptoms
– Triggers, or trip wires, or indicators
– Indirect manifestations of risk events
• Poor morale
• Lack of reported progress
• Inputs to other processes
– Improved estimating
– More training
Risk Quantification
Project Risk
Management
11.0
Risk
Identification
11.1
Risk
Quantification
11.2
Risk Response
Development
11.3
Risk Response
Control
11.4
Risk quantification consists of evaluating the risks and risk
interactions to assess the range of possible project outcomes.
PHASE 2: RISK QUANTIFICATION
GOALS OF QUANTIFICATION (OR ASSESSMENT)
INCREASE THE UNDERSTANDING OF THE PROJECT
IDENTIFY THE ALTERNATIVES AVAILABLE
ENSURE THAT UNCERTAINTIES AND RISKS ARE ADEQUATELY
CONSIDERED IN A STRUCTURED AND SYSTEMATIC WAY AND
INCORPORATED INTO THE PLANNING AND DEVELOPMENT PROCESS
ESTABLISH THE IMPLICATIONS OF THESE UNCERTAINTIES ON ALL
OTHER ASPECTS OF THE PROJECT
Risk Quantification - Inputs
•
•
•
•
•
Stakeholder risk tolerances
Sources of risk
Potential risk events
Cost estimates
Activity duration estimates
Risk Quantification
Tools and Techniques
•
•
•
•
•
Expected monetary value
Statistical sums
Simulation
Decision trees
Expert judgment
RISK ANALYSIS TECHNIQUES
Brainstorming - spontaneous contribution of ideas from team
Delphi method - method to derive consensus using expert opinion
Monte carlo - iterative simulation using random numbers to
Incorporate probabilistic data and derive a
Probability distribution of the final result
Sensitivity analysis - evaluate effect of a change in a single
Variable on the entire project
Decision tree analysis - graphical "either / or" choices
Utility theory -
takes attitude of decision maker into account
Decision theory - Technique to reach decision under uncertainty
And risk. Points to best possible course no matter
The forecast accuracy
Probability analysis - next page
SIMPLE PROBABILITY
SIMPLE PROBABILITY EQUATION:
Pr (Event #1) x Pr (Event #2) = Pr (Both Events)
P(t) = P(A) * P(B)
OR
0.70 X 0.80 = 0.56
OR 56%
NOTE: THIS APPLIES TO INDEPENDENT EVENTS ONLY
PROBABILITY EXAMPLE
DATA:
Probability of Scope = 0.70
Probability of No Scope = 0.30
Probability of Approval = 0.80
Probability of No Approval = 0.20
EXAMPLE:
Pr(Scope) x Pr(Approval) =
Pr(Scope) x Pr(No Approval) =
Pr(No Scope) x Pr(Approval) =
Pr(No Scope) x Pr(No Approval) =
0.70 x 0.80 =
0.70 x 0.20 =
0.30 x 0.80 =
0.30 x 0.20 =
Total=
0.56
0.14
0.24
0.06
1.00
PRACTICAL APPLICATION -- DECISION TREE ANALYSIS
Expected Monetary Value (EMV)
• Product of two values
– Risk event probability
– Risk event value
• Valuation of the risk event is key
– Must include tangible as well as intangible value
– 1 week slippage with minor client impact
– 6 week slippage with major client impact
Expected Monitary Value Example
Given the following:
Cost
Probability
Optimistic $100,000
0.20
Most likely $130,000
0.60
Pessimistic $180,000
0.20
Expected Value Calculation:
Optimistic $100,000 x 0.20
= 20,000
Most likely $130,000 x 0.60 = 78,000
Pessimistic $180,000 x 0.20 = 36,000
Expected Monitary Value
$134,000
(*EMV = Opt imistic + 4(most likely) + Pessimistic)
6
* formula if probability is not known
EMV Example
• If no probabilities are given, use
EMV=(Opt + 4*ML + Pes)/6
• EMV= ($100 +4*$130+$180)*1000/6
= $133,333
Descriptive Statistics
•
•
•
•
•
•
Mean
Mode
Median
Variance
Standard Deviation
Range
Descriptive Statistics Example
Test scores are 10, 20, 25, 40, 45, 45, 50, 55, 55, 60, 60, 60, 65, 65, 65, 70, 70, 70,
70, 70, 75, 80, 80, 85, 90, 90, 90, 95, 100
Mean: number obtained by dividing the sum of a set of quantities by the number of
quantities in the set. (answer is 1855 / 29=64)
Mode: value or item occurring most frequently in a series of observations. (answer is
70 -it occurs 5 times)
Median: middle value in a distribution, above and below which lie an equal number of
values (answer is 65)
Variance: average of the squares of the variations from the mean of a frequency
distribution. (answer is 486.4)
Standard deviation: square root of the variance. (answer is 22)
Range: measure of the dispersion equal to the difference or interval between the
smallest and the largest of the set of quantities. (answer is 90 or 100-10)
Approximations
• Mean = (Opt + 4*ML + Pes)/6
• SD = (Max - Min)/6
Exercise
Opt
ML
Pess
EMV
Proj. A 100,000 125,000 180,000 130,000
SDev
Vari
13,000
169,000,000
Proj.B 80,000
100,000 125,000 100,833
7,500
5,625,000
Proj.C 75,000
130,000 180,000 129,167
17,500
306,250,000
So What?
• Normal Distribution
– Mean is expected value
– Mean = Mode = Median
– Standard deviation is a measure of dispersion
about the mean
• 68.27% of cases occur between Mean + SD
and Mean - SD
• 95.45% of cases occur between Mean+2SD
and Mean-2SD
• 99.73% of cases occur between Mean+3sd and
Mean-3SD
Mean
Blue = 68%
Blue + Green = 95%
Blue + Green
+ Red = 99.7%
34.1%
1.1%
- 3SD
- 2SD
34.1%
13.6%
- SD
13.6%
+ SD
Normal Distribution
+ 2SD
1.1%
+ 3SD
Mode
Median
Mean
Skewed Normal Distribution
BETA vs. TRIANGULAR DISTRIBUTIONS
BETA
DISTRIBUTION
TRIANGULAR
DISTRIBUTION
EXPECTED VALUE
P
R
O
B
A
B
I
L
I
T
Y
EXPECTED VALUE
P
R
O
B
A
B
I
L
I
T
Y
COST ESTIMATE
Mean = (a + 4m + b) / 6
2
Variance = [(b - a) / 6]
COST ESTIMATE
Mean = (a + m + b) / 3
Variance = [(b - a) 2 + (m - a) (m - b)] / 18
Simulation
Simulation uses a representation or model of a
system to analyze the behavior or
performance of the system.
• Monte Carlo analysis is best known
• results used to quantify risk of various schedule
choices
Monte Carlo
• Requires Optimistic, Most Likely, and Pessimistic
estimates.
• Uses random number generator to select which value
to use
• Calculates the database multiple times to develop a
probability distribution of the data
Decision Trees
Aggressive schedule EMV = $110,000
Conservative schedule EMV = $7,000
Given the following decision tree:
Outcome
60%
aggressive
Choice
event
conservative
Choice
event
Choice
event
40%
20%
250 k
EMV
150 k
100 k
40 k
45 k
9k
20 k
16 k
80%
UTILITY THEORY
•
Definition
– Endeavors to formalize management’s attitude
toward risk of the decision maker.
•
Types
– Risk Seeking
– Risk Neutral
– Risk Averse
Expert Judgment
Expert judgment can often be applied in lieu of
or in addition to the mathematical techniques
described above.
Derived from:
• team members
• others in or outside of organization
• published findings
• industry averages / statistics
QUALITY RISK
GOALS OF RISK MANAGEMENT
- Increase understanding of project
- Improve plans, delivery, and id greatest risks
- Where to focus attention
REMAINING MAJOR PROJECT RISK AREA ...
What if project fails to perform as expected during operational life /
product life cycle?
Conformance to quality requirement remembered long after cost and
schedule performance.
\ Quality management has most impact on long-term perceived &
actual success of project
SCHEDULE RISK
CAN MANAGE “CRITICAL PATH” BUT NOT MANAGE DURATION
REASON --> SCHEDULE RISK
Highest risk path = path with most project completion risk
Risk in all activity duration because future is uncertain
LONGEST DURATION ACTIVITY  RISKIEST
Therefore, need to id & manage what could contribute to project delay -could override management of critical path
SCHEDULE RISK (CONT'D)
C
B
FINISH
E
START
A
ACTIVITY
MOST
D
MEAN
LOW
LIKELY
HIGH
EXPECTED
A-B
8
9
10
9
B-C
4
5
6
5
C-E
0
0
0
0
B-E
1
6
7
4.7
A-D
4
9
14
9
D-E
1
2
7
3.3
SCHEDULE RISK (CONT'D)
B
FINISH
E
START
A
D
SUM OF
SUM OF
MOST LIKELY
MEANS
HIGHS
A-B-C-E
14
14
16
A-B-E
15
13.7
17
A-D-E
11
12.3
21
A-B-E
A-B-C-E
A-D-E
PATH
MOST RISKY
SUM OF
Risk Quantification- Outputs
Opportunities to pursue, threats to respond to
Opportunities to ignore, threats to accept
Risk Response Development
Project Risk
Management
11.0
Risk
Identification
11.1
Risk
Quantification
11.2
Risk Response
Development
11.3
Risk Response
Control
11.4
Risk response development defines the enhancement steps for
opportunities and responses to threats.
Risk Response Development
• Defines steps for
– enhancing opportunities
– responding to threats
Types of Responses
• Avoidance - eliminate
• Mitigation
– Reduce EMV by reducing probability
– Reduce Impact - buy insurance
• Acceptance
– Active: develop plan to deal with risk if it occurs
– Passive: Accept risk (e.g., lower profit)
PLANNING ALTERNATIVES
• Project Managers have Several Response Options
– Avoidance
– Absorption
– Adjustment
– Deflection
– Contingent Planning
– A Combination of the Above
AVOIDANCE
•
Defined
– Characterized by project manager statements
such as: “This alternative is totally
unacceptable to me
– You would take the appropriate steps to avoid
this situation.
ABSORPTION
•
•
•
Risk is Recognized-But Not Acted Upon
Accept the Risk AS IS
It’s a Matter of Policy
•
Retained & Absorbed (by prudential allowances)
•
Unrecognized, Unmanaged, or Ignored (by
default)
ADJUSTMENT
•
Modification of the Project
– Scope
– Budget
– Schedule
– Quality Specification
– Combination of the Above
DEFLECTION
•
Involves transfer of risk by such means as:
– Contracting Out to Another Party
– Insurance or Bonding
– By Recognizing it in the Contract
CONTINGENT PLANNING
Contingent planning is a means to address risks to the
Project through a formal process and provide resources
To meet the risk events.
It is the establishment of management plans to be invoked
In the event of specified risk events
Examples:
The provision and prudent management of a
contingency allowance in the budget
The preparation of schedule alternatives and
Work-arounds
Emergency responses to deal with major specific
Areas of risk
An assessment of liabilities in the event of a
Complete project shut-down
Types of Responses
• Prevent risk from occurring
– Reduce the probability that the event will occur
– Eliminate means P=0
• Reduce the impact (think “containment”)
– Buy insurance (monetary)
– Alternative strategies (additional supplier to PDQ)
CONTRACT STRATEGY
• To Select the Right Form of Contract Requires:
– Identification of Specific Risks
– Determination of how they should be shared
between the parties, and
– The insertion of clear, legal language in the
contract documents to put it into effect.
CONTRACT TYPE vs. RISK
SCOPE OF WORK
INFORMATION
UNCERTAINTY
DEGREE OF
RISK
VERY LITTLE
HIGH
HIGH
100%
SUGGESTED
RISK
ALLOCATION
PARTIAL
MODERATE
MEDIUM
LOW
LOW
0%
AGENCY (BUYER)
SELLER (CONTRACTOR) 100%
0%
CONTRACT
TYPES
COMPLETE
CPPF
CPIF
CPFF
FPPI
FFP
CONTRACT TYPE vs. RISK (CONT'D)
Project A
Well defined scope and work
content. High probability of
achieving realistic cost
estimate at 100%
P
R
O
B
A
B
I
L
I
T
Y
Project B
Fairly well defined scope
and work content. Fair
probability of achieving
100% cost estimate
Project c
Poorly defined scope
and content. Low
probability of 100%
cost estimate
80%
90%
95%
100%
110%
120%
140%
COST ESTIMATE VALUE
+/- 15%: FFP
+/- 25%: CPFF
+/- 50%: CPIF
> 50%: CPPF
Suggested types of
contract for various
spreads
FAST-TRACKING
•
•
•
Awarding contracts before all the information is
complete to reduce the overall time for the project
Much higher risk category!!
Appropriate contingency allowances must be
increased accordingly.
Risk Response Development - Inputs
Opportunities to pursue, threats to respond to
Opportunities to ignore, threats to accept
Risk Response Development
Tools and Techniques
• Procurement
– Buy outside skills
• Contingency planning
– what to do if the event occurs
– containment
• Alternative strategies
– Prevention
• Insurance
Risk Response Development - Outputs
•
•
•
•
•
Risk management plan
Inputs to other processes
Contingency plans
Reserves
Contractual agreements
Risk Response Control
Project Risk
Management
11.0
Risk
Identification
11.1
Risk
Quantification
11.2
Risk Response
Development
11.3
Risk Response
Control
11.4
Risk response control involves responding to changes in risk
over the life of the project.
PHASE 4:
RISK RESPONSE CONTROL
• Execute the risk management plan from phase
-Id, quantify and respond to any changes
Execute workarounds -- unplanned responses
To negative events
-Additional risk response development
•Current project database
-Documenting on-going risks
•build historical databases
Reliable data is hard to find! Should consist of:
-Recorded risk events
-Experience on past projects (similar is preferred)
•Post-project assessment and archive update
Risk Response Control
• Respond to the changes in project risk over the life of
the project
Risk Response Control - Inputs
• Risk management plan
• Actual risk events
• Additional risk identification
Risk Response Control
Tools and Techniques
• Workarounds
– Unplanned responses to unforeseen risks that
actually occur
• Additional risk response development
– Revisions to the response, if it proves inadequate
Risk Response Control - Outputs
• Corrective action
– Implementing the risk management plan when the
risk occurs
• Updates to risk management plan
– Revisions to the risk management plan as
circumstances require
• Risk never materializes
• Probability of occurrence is reduced
Risk Documentation
Historical database
Current project database
Post project assessment and archive update
• Lessons learned
• Plan variances
• Actuals
• Methods, tools and techniques
• Case studies
When Should Risk Assessments be Carried
Out?
Risk assessments should be carried out
as early as possible and then continuously.
Don’t take the risk if...
•
•
•
•
•
•
the organization cannot afford to lose.
the exposure to the outcome is too great.
the situation (or project) is not worth it.
the odds are not in the project’s favor.
the benefits are not clearly identified.
there appear to be a large number of acceptable
alternatives.
Don’t take the risk if...
• the risk does not achieve the project objective.
• the expected value from baseline assumptions is
negative.
• the data is unorganized, without structure or pattern.
• there is not enough data to understand the results.
• a contingency plan for recovery is not in place should
the results prove unsatisfactory.
SUMMARY
Projects are launched to take advantage of opportunities,
But opportunities are associated with uncertainties which
Have risks attached
Risk can never be 100% eliminated
For the project to be viable, the expected value resulting
From a favorable probability of gain must be higher than
The consequences and probability of loss
Therefore, the risks associated with a project must receive
Careful examination in the context of the organization's
Willingness or aversion to taking risks
This is the domain of project risk management, which forms
A vital and integral part of project management