Embed Size (px)
Citation preview
1
LACCD
Risk ManagementAwareness Course 2 hrs.
Harpy Lally
Training
Objectives of this Course
1.Help you to understand Risk and Risk Management
2.Begin Participating in the Risk Process on this Program
2
Risk KPI
• Assess CPM’s compliance with the Risk Management plan by measuring the amount of effort the CPM puts into the creation and maintenance of a risk register for each College project.
• Green – 100% of Risk Registers have identified risk (s), have quantified the risk (s) and are being updated every 30 days.
• Yellow – Less than 100% of the risk registers have identified risk (s), have quantified the risk (s) and are being updated every 30 days
• Red – Less than 100% of the risk registers have identified risk (s), have quantified the risk (s) and are being updated every 30 days
Before we look at Risk Management
– lets look at Risk.
3
Defining Risk
“An uncertain event or set of circumstances that, should it or they occur, will have an effect on the achievement of the (business or) project’s objective
• Risk:
– May occur / Will have an impact
• Issue:
– Will occur/is occurring and has an impact
6
Terminology
Threat – negative side of uncertainty
Opportunity – positive side of uncertainty
Uncertain events, should it happen, will impact positively on the project’s results.
Risk event – covers both, threats and opportunities
4
Lets talk about you
What are you worried about?
5
Decisions
• Assessment of the world informs your decisions
• The better your assessment – the better potentiayour decision
• What do you need to consider?
• The Risks versus the Opportunities
• Probability and impact inform each
• Cost to mitigate
Big decisions
6
How many People Die in the US Each year?
2,487,415 annual deaths
6,815 daily deaths.
How do they die?CAUSES OF DEATH, USA INFORMAL NAME % ALL DEATHS
(1) Diseases of the heart heart attack (mainly) 28.50% 708,913
(2) Malignant neoplasms cancer 22.80% 567,131
(3) Cerebrovascular disease stroke 6.70% 166,657
(4) Chronic lower respiratory disease emphysema, chronic bronchitis 5.10% 126,858
(5) Unintentional injuries accidents 4.40% 109,446
(6) Diabetes mellitus diabetes 3.00% 74,622
(7) Influenza and pneumonia flu & pneumonia 2.70% 67,160
(8) Alzheimer's Disease Alzheimer's senility 2.40% 59,698
(9) Nephritis and Nephrosis kidney disease 1.70% 42,286
(10) Septicemia systemic infection 1.40% 34,824
(11) Intentional self‐harm suicide 1.30% 32,336
(12) Chronic Liver/Cirrhosis liver disease 1.10% 27,362
(13) Essential Hypertension high blood pressure 0.80% 19,899
(14) Assault homicide 0.70% 17,412
(15) All other causes other 17.40%432,810
7
Crime in the USA
Gun Crime
• 1,740 children in America have died from guns so far this year.
• 89 people killed with guns in America every single day.
Other Crime
• One murder every 22 minutes,
• A rape every 5 minutes
• A robbery every 49 seconds
• A burglary every 10 seconds
8
Rate of crime
Crime in the USA• $78 billion for the criminal justice system
• $64 billion for private protection,
• $202 billion in loss of life and work,
• $120 billion in crimes against business, $60 billion in stolen goods and fraud,
• $40 billion from drug abuse
• $110 billion from drunk driving.
When you add up all the costs, crime costs Americans a stunning $675 billion each year. Bureau of Justice Statistics
9
Where to live?
Price of a life• The marginal cost of death prevention in a
certain class of circumstances.
• The cost of reducing the (average) number of deaths by one.
• Risk / Reward trade-offs that people make with regard to their health,
• The VSL is the value that an individual places on a marginal change in their likelihood of death.
Note that the VSL is very different from the value of an actual life. It is the value placed on changes in the likelihood of death, not the price someone would pay to avoid certain death
10
Cost of Mitigation
• Over 10 years, lives in Africa common vaccinations could save six million children’s
• This would generate savings or economic value of between 230 - 300 billion dollars (cost to Vaccinate $4 billion)
• Healthy children mean families are not burdened with medical costs. And that can keep them out of poverty
Fighting Terror• By 2018, depending on how many U.S.
troops remain in Afghanistan and Iraq, the total cost is projected to likely be between $1.3 trillion and $1.7 trillion.
• On the safe assumption that the wars are being waged with borrowed money, interest payments raise the cost by an additional $600 billion through 2018.
• The trillion-dollar figure does not include long-term health care for veterans,
• Time.com
11
Travelling safely
Flying is much safer than driving a car. You'd have to fly every day for the next 26,000 years to d
in a crash. (during that time you would have died 20 times driving to the airport.)
Safety of your children
• The chance of someone abducting your child is so low, on average it would only happen once every 200,000 years; and even then you would almost certainly get your child back anyway.
12
What’s the worst that can happen?
Lose your job, lose your house, lose your money…
destitution
• an extreme state of poverty, in which a person is almost completely lacking in resources or means of support.
• In this country – probability is negligible.
24
13
25
What is Risk Management
Plan Responses
Revise Risk Register
Identify New Risks
Analyse Risks
Monitor and Review Progress
Manage Risks
Risk Management ProcessesREGISTER MENU
Current Month Jan 05
Actual Month Risk Register Risk Matrix
Jan 05 Month 1 Month 1
Feb 05 Month 2 Month 2
Mar 05 Month 3 Month 3
Apr 05 Month 4 Month 4
May 05 Month 5 Month 5
Jun 05 Month 6 Month 6
Jul 05 Month 7 Month 7
Aug 05 Month 8 Month 8
Sep 05 Month 9 Month 9
Oct 05 Month 10 Month 10
Nov 05 Month 11 Month 11
Dec 05 Month 12 Month 12
Closed Risks Closed Risks N/A
PROJECT NAME
YEARLY SUMMARY
RISK CHANGE ANALYSIS
PROXIMITY RAMP RATING
ROAG BASE DATA
OVERALL STATUS
LIKELIHOOD/IMPACT RANGES
RISK RATING MATRIX
PROJECT DETAILS
PPPRRROOOGGGRRREEESSS PPPRRROOOGGGRRRAAAMMMMMMEEE RRRIIISSSKKK
EEEVVVAAALLLUUUAAATTTIIIOOONNN SSSOOOFFFTTTWWWAAARRREEE
14
28
Overview - Barriers and IncentivesWhat are typical barriers to an effective management of risk process?
What incentives can be provided to encourage an effective risk process and support risk taking?
Risk-averse culture Better recognition and reward schemes for initiative, innovation and well managed risk taking such as stopping a project when required
Lack of culture which appreciates risk and risk management
Removal by top management of the blame culture
A blame culture within the organisation/project etc. Clear leadership by example
Risk taking is perceived as difficult in the public sector Encouragement from the Board/senior management
Lack of awareness about management of risk Better training, involvement and education in risk management
Lack of resources and time Innovation award schemes, performance bonuses
Lack of training, knowledge and formal risk tools and techniques
Individual accountability for results and achievements
Lack of clear guidelines for staff An explicit management of risk policy would provide guidelines and ensure staff understand their roles and responsibilities
Uncertainty over funding Clearly identified authority to commit funding
Absence of a management of risk strategy or policy Ensure processes are understood as well as ensuring roles are assigned with those with the authority to undertake them
15
29
Designing the Risk Management Plan
• It will include:– Introduction to Risk Management methodology
– Roles and Responsibilities
– Resourcing and budgeting
– Timetable and frequency of reviews
– Scales and ranges for scoring and interpreting severity
– Thresholds for trigger responses
– Reporting formats
– Monitoring and tracking progress
30
Roles and Responsibilities - Who’s who
• Risk Manager
– The person responsible for the overall Risk Management Programme
• Study Leader
– The person responsible for day to day Risk Management. May act as a Facilitator.
• Risk Analyst
– Carries Quantitative Analysis and models
• Project Manager
– Overall responsibility for Project Management processes, including Risk Management
• Risk Owners
– The person who is ultimately accountable for the risk
• Action Owner
– Team members responsible for specific risk management actions. Most appropriate person to manage
risk.
• Stakeholders
– Anyone (individuals, groups or organisations) who can influence (positively or negatively) the project.
16
Mitigation
• Value for money
• Appropriate
• Doable
• Success should be obvious
• Need not be what has been done before
32
Overview –Soft vs. Hard Risk Benefits
‘Hard’ Benefits ‘Soft’ Benefits
H1 Enables better informed and more believable plans, schedules and budgets.
S1 Improves corporate experience and general communication.
H2 Increases the likelihood of a project adhering to its plans.
S2 Leads to a common understanding and improved team spirit.
H3 Leads to the use of the most suitable type of contract.
S3 Assists in the distinction between good luck/good management and bad luck/bad management.
H4 Allows a more meaningful assessment of contingencies.
S4 Helps develop the ability of staff to assess risks.
H5 Discourages the acceptance of financially unsound projects.
S5 Focuses project management attention on the real and most importance issues.
H6 Contributes to the build-up of statistical information to assist in better management of future projects.
S6 Facilitates greater risk taking, thus increasing the benefits gained.
H7 Enables a more objective comparison of alternatives.
S7 Demonstrates a responsible approach to customers.
H8 Identifies and allocates responsibility to the best risk owner.
S8 Provides a fresh view of the personnel issues in a project.
17
33
Risk Identification• Risks have to be identified in order to
manage them
• Risks should come from the Project Team.
• All risks should be specific to the project
• Get to the root cause – probe and clarify with the project team
• Understand the team’s appetite for risk
• Be aware of the team’s preconceptions –what’s their view towards the project
• Understand their phobias and previous experiences
Identify- Project Risk Categories
• Funding & Business Issues
• Clarity and understanding of Client brief and objectives
• Team roles, responsibilities and competencies
• Management structure, lines of authority and communication
• Information release and decision making, timing and adequacy
• Third party and disruption to operations
• Planning and statutory approvals & Health and Safety
• Site conditions, ground, weather, access
• Procurement uncertainties, cost, time or quality
• Operational Issues
• Unresolved design issues
• Contractor solvency, competency and site management
• Force Majeure – natural or man made disasters
18
Political
Economic
Legal
Social
Environmental
High Inflation
Graduate Recruitment –Shortage
UK Employment Law Changes
Technological
New Cost Planning Software used by Architects
The GlobalCredit Crunch
Change in Government
Spending Policy
Political interferenceon the Olympics
Policy not to employ Consultants for
Government work
Fraud
Government imposed Green Tax
Overview - Other Categories• SWOT
– Strengths, Weaknesses, Opportunities, Threats
• PESTLE
– Political, Economic, Social, Technological, Legal, Environmental
• Management of Risk (M_o_R)
– Strategic/commercial risks
– Economic/financial/market risks
– Legal, contractual and regulatory risks
– Organisational management/human factors
– Political/societal factors
– Environmental factors/Acts of God (force majeure)
– Technical/operational/infrastructure risks
19
Overview - Project Success Factors1 Why is a construction project needed – is the PURPOSE clear?
2 Why is this solution appropriate – has a thorough APPRAISAL been carried out? What are the Targets?
4. What is the PRECEDENT – have exemplar processes and projects been researched?
3. What should the project deliver – is the DEFINITION comprehensive?
5. How is the project structured – are appropriate MANAGEMENT arrangements in place?
6. How well-suited are the PEOPLE chosen to undertake the project?
9. How is the DESIGN QUALITY described, what are expectations?
8. How appropriate is the chosen PROCUREMENT approach?
10. How will COSTs and budgets be defined and controlled?
11. How do Schedules and plans contribute to project success ?
12. How are RISKS identified and managed?
7. How are good COMMUNICATIONS achieved?
HOW?Interrogates how it will be
delivered
WHY?Establishes the need
for the project
WHAT?Explores the
Project’s Definition and Performance
38
Identification - A Risk Register
• Unique risk identification number
• Description of risk
• Description of consequence
• Likelihood
• Impact
• Likelihood x impact = severity rating
• Action owners, mitigation actions, date by
20
AnalysisRisk is commonly measured by estimating the likelihood that a risk will occur and the impact of its consequence(s), should it occur.
Risks may be assessed Qualitatively or Quantitativelydepending upon the ultimate use of the results.
Likelihood x Impact– Example
– Likelihood = Very High
– Impact = Medium
– Rating = 16 (L) x 50 (I) = 800
40
Analysis - Proximity
PROXIMITY
IMPACT
LIKE
LIH
OO
D
H
HL
LIMMINENT
DISTANT
Immediate area of focus
21
The Plan - Scales anrangesLIKELIHOOD
Description Scenario Code Letter
Guide Probability
RAMP Value
Very High Almost certain to occur VH 90 16
High More likely to occur than not H 75 12
Medium Fairly likely to happen M 50 8
Low Low but not impossible L 25 4
Very Low Extremely unlikely to happen VL 5 2IMPACT
Description Scenario Code Letter
RAMP Value Guide Cost % of Project
Guide Time % of Prog.
Very High Critical impact on the achievement of objectives and overall performance. Huge impact on costs and/or reputation. Very difficult and possibly long-term to recover.
VH 1000 2 5
High Major impact on costs, objectives. Serious impact on output and/or quality and reputation. Medium to long-term effect and expensive to recover.
H 500 1.5 3
Medium Reduces viability significant waste of time and resources and impact on operational efficiency, output, and quality. Medium term effect, which may be expensive to recover.
M 50 1 1.5
Low Minor loss, delay, inconvenience or interruption. Short to medium term effect.
L 5 0.5 0.75
Very Low Minimal loss, delay, inconvenience or interruption. Can be easily and quickly remedied.
VL 1 0.25 0.25
VH 16 80 800 8000 16000
H 12 60 600 6000 12000
M 8 40 400 4000 8000
L 4 20 200 2000 4000
VL 2 10 100 1000 2000
VL L M H VH
Impact
Like
lihoo
d
The Plan - Thresholds
22
43
Analysis - Update Risk Register
Traffic Light Indicator
Red Orange Amber GreenRiskScale
• Qualitative method to assess risks – using its Likelihood and Impact and calculating its Risk Rating.
• Useful for identifying risk mitigation approaches– Red: Unacceptable. Must eliminate or transfer risk
– Orange: Highly undesirable. Attempt to manage, avoid or transfer risk.
– Amber: Retain and manage risk
– Green: Negligible - department will carry the risk but it needs to be actively managed
23
Risk Management - Strategies
46
Responses - Managing Risk
• Risk Management strategies– ERIC
• Selecting risks to manage– Selecting the thresholds
• Allocating management actions, ownership and timing
• Reviews
• Escalation
• Risk Allocation between contracting parties
24
47
Action
• Review Project aims
• Re-appraise concept
• Cancel the Project
Possible Outcome
• Different Project
• Different Project
• No Project
Significant change to project
Management Strategies Eliminate (Avoid)
Management Strategies Reduce (Mitigate)
Action
Design risk out
Conduct Surveys
Different Materials/eqpt.
Different methods
Change Procurement plan
Possible Outcome
Increased base cost
Better information
More proven solution
Less risky methods
Different packages
Increased base cost, reduced risk contingency
25
Management Strategies Insure (Transfer)
49
Action
Allocate risks differently
to Design team
to Contractor
to Insurer
to Bank or Bond
Possible Outcome
Different contract
Higher fees
Higher prices
Pay premium
Pay for bond
Known premium paid, reduced risk contingency
Action
Unallocated contingency
fund
Possible Outcome
Manage risk and apply
contingency as necessary
Base cost, increased risk allowance
Management Strategies Contain (Accept)
26
Response - Risk Response Planning
Risk Management Activities
Planning Involves planning how each of the countermeasure activities will be done and what will trigger action to be taken
Resourcing This involves identifying which resources are needed to carry out the countermeasures
Monitoring This includes checking that the planned actions are having the desired effect, watching for signs of existing risks developing in terms of likelihood and impact and watching for triggers, which mean action, is necessary. Adding new risks to the risk log and closing entries of risks that no longer exist. Checking that overall management of the risk is being applied effectively, and reporting on risk status (through Highlight Reports). The risk log should be reviewed at regular intervals.
Controlling This is taking action to ensure that the events planned above are really taking place
Response - Which Risks to manage?VH
H
M
L
VL
VH H M L VL
Impact
Lik
elih
oo
d
VH
H
M
L
VL
VL L M H VH
Impact
Lik
elih
oo
d
RISKS OPPORTUNITIES
Zone of Attention
27
Davis Langdon © 2007Risk Management Foundation Course
53
Response - Secondary and Consequential Risks
• A management action may result in a risk with smaller rating (residual risk) and/or another risk (ideally of a lesser rating)
• Consequential risk(s) may result should the risk occur
Risk A
Risk B Secondary Risk
Management Action
Risk AResidual
Risk A1Consequential risk
Risk A2Consequential riskRisk A3
Consequential risk
54
Risk Reviews, Follow-up and Feedback
• Reviewing progress/updating the Risk Register– Convene Risk Group
– Consult with Risk Action Owners
– Identify and Assess New Risk
– Reassess Risk Ratings
– Reviews/update Management Actions
– Re-calculate Risk Allowances
– Close passed Risks
– Update Risk Register
• Encouraging follow-up procedures
28
55
Purpose of Reviews
• Review progress of management actions and revisit as necessary.
• Update assessments for all identified risks and assign new actions
as necessary.
• Delete (transfer to Closed Risk Register) all closed or passed risks.
• Add and assess new risks, assigning new actions as necessary.
• If risks are quantified, re-calculate the Risk allowances.
• After each review, update and re-issue the Risk Register.
• If risk management is proving ineffective (s)he should report it to the
Line Manager.
Reporting formats
Impact Diagram - Month 12
Green
Amber
Orange
Red
Time / Cost
Like
lihoo
d
29
Plan Responses
Revise Risk Register
Identify New Risks
Analyse Risks
Monitor and Review Progress
Manage Risks
Risk Management ProcessesREGISTER MENU
Current Month Jan 05
Actual Month Risk Register Risk Matrix
Jan 05 Month 1 Month 1
Feb 05 Month 2 Month 2
Mar 05 Month 3 Month 3
Apr 05 Month 4 Month 4
May 05 Month 5 Month 5
Jun 05 Month 6 Month 6
Jul 05 Month 7 Month 7
Aug 05 Month 8 Month 8
Sep 05 Month 9 Month 9
Oct 05 Month 10 Month 10
Nov 05 Month 11 Month 11
Dec 05 Month 12 Month 12
Closed Risks Closed Risks N/A
PROJECT NAME
YEARLY SUMMARY
RISK CHANGE ANALYSIS
PROXIMITY RAMP RATING
ROAG BASE DATA
OVERALL STATUS
LIKELIHOOD/IMPACT RANGES
RISK RATING MATRIX
PROJECT DETAILS
PPPRRROOOGGGRRREEESSS PPPRRROOOGGGRRRAAAMMMMMMEEE RRRIIISSSKKK
EEEVVVAAALLLUUUAAATTTIIIOOONNN SSSOOOFFFTTTWWWAAARRREEE
Risk Management
• Risk Management is not about the process, the modeling, the statistics, the registers
• Its about making the right decisions
• You can’t do that without having the right information
• Understanding what to do with it
• Applying your knowledge
30
END• Next Steps
– Participation in Register Development
– Risk Strategy and Plan
– Ongoing Management
– Make Decisions
– Conduct actions
