Upload
joe-mayo
View
221
Download
1
Embed Size (px)
Citation preview
8/14/2019 The Role of Quality in Risk Management v4a
1/24
Joseph W. Mayo
Program ManagerManTech International
8/14/2019 The Role of Quality in Risk Management v4a
2/24
Definition of risk
Websters defines risk as exposure to the chanceof injury or loss; a hazard or dangerous chance.
ANZ-4360 defines risk as the chance of somethinghappening that will have an impact on objectives.
PMBOK defines project risk as an uncertain eventor condition that, if it occurs, has a positive ornegative effect on at least one project objective,
such as time, cost, scope or quality.
8/14/2019 The Role of Quality in Risk Management v4a
3/24
PMIs Project Management Body of Knowledge(PMBOK)
ISO 31000 Risk Management
NIST 800-30
FAIRANZ-4360 (superseded by ISO 16085)
IEEE 1540 (superseded by ISO 16085)
ISO 16085:2004
8/14/2019 The Role of Quality in Risk Management v4a
4/24
Both PMBOK, ANZ-4360, IEEE-1540, and ISO16085 focus primarily on project riskmanagement whereas NIST 800-30, ISO 31000,and FAIR have a much broader scope and focusprimarily on organizational or Enterprise riskmanagement.
8/14/2019 The Role of Quality in Risk Management v4a
5/24
Risk
Management
Planning
Risk
Identification
Qualitative
Analysis
Quantitative
Analysis
Risk Response
Planning
Communicate
and Consult
Establish
Context
Identify
Risks
Analyze
Risks
Evaluate
Risks
Treat
Risks
Monitory
and Review
Plan and Implement
Risk Management
Manage the Project
Risk Profile
Risk
Analysis
Monitor
Risks
Treat
Risks
Evaluate RiskManagement
Process
P
M
B
O
K
A
N
Z
4
36
0
I
S
O
16
0
8
5
8/14/2019 The Role of Quality in Risk Management v4a
6/24
Risk management is not complex but is difficultto do well because of the nebulous nature ofrisks.
An effective project risk management process
consists of six discrete process stepsestablish the context, identify risks, quantify riskimpact, prioritize risks, treat risks, and monitor risktreatment.
Establish
Context
Identify
Risks
Quantify
Impact
Prioritize
Risks
Treat
Risks
Monitor
Risk
Treatment
8/14/2019 The Role of Quality in Risk Management v4a
7/24
In addition to the discrete process stepseffective project risk management must includethree processes that transcend the entire riskmanagement lifecycle;
oversight to ensure compliance, develop riskmodels, and feedback loop.
Oversight to ensure compliance
Develop Risk Models
Feedback loop
Establish
Context
Identify
Risks
Quantify
Impact
Prioritize
Risks
Treat
Risks
Monitor
Risk
Treatment
8/14/2019 The Role of Quality in Risk Management v4a
8/24
Plan and Implement
Risk Management
Manage the Project
Risk Profile
Risk
Analysis
Monitor
Risks
Treat
Risks
Evaluate Risk
Management
Process
I
S
O
1
6
08
5
Oversight to ensure compliance
Develop Risk Models
Feedback loop
EstablishContext
IdentifyRisks
QuantifyImpact
PrioritizeRisks
TreatRisks
Monitor
RiskTreatment
8/14/2019 The Role of Quality in Risk Management v4a
9/24
Establish Context
Objectives
Assumptions
Constraints
Risk Thresholds
Schedule
BudgetQuality
Mission Accomplishment
Initial Risk Profile
Communicate Risk Status
Identify Risks
Dont confuse symptoms,conditions, events, etc. with theactual risk
Dont confuse issues with risks
Define risks based on thepreviously established context
Proper risk identification is oneof the most important criticalsuccess factors in riskmanagement
Quantify Impact
Objectively quantify impact(e.g. three-week scheduledelay, $50,000 budget overrun,500 hours of rework, etc.
Subjective impact terms such assignificant delays, reduced
quality, substantial cost overrunare extremely problematic
Quantifiable impact is a criticalsuccess factor affecting allaspects of risk management
8/14/2019 The Role of Quality in Risk Management v4a
10/24
Treat Risks
Select one of the four risktreatment strategies; Avoid,Accept ,Mitigate, orTransfer.
Treat risks based on
previously prioritized risks Assumptions
Constraints
Risk Thresholds
Schedule
Monitor Treatment
Monitor risks throughoutthe life cycle
Monitor previouslyestablished contextelements for changes
Monitor and evaluate theeffectiveness of risktreatments
Look for new risks
Prioritize Risks
Risks should be prioritizedbased on impact to theproject followed byprobability of occurrence.
Evaluate risks against
previously established riskthresholds
Evaluate each riskindependently
8/14/2019 The Role of Quality in Risk Management v4a
11/24
Oversight
Inadequate oversight leadsto rapid degradation ofeffective risk management
Oversight is required at bothtactical and strategic levels
Make risk management anintegral part of all lessonslearned and processimprovement activities
Risk Models
Risk models are one of themost valuable outcomes ofrisk management
A risk model is a risktreatment plan that has
been proven to be effective Risk models should include
risk treatments that wereapplied but were found tobe ineffective
Feedback Loop
Involve all stakeholders
Provide feedback constantly
Substantiate feedback withquantifiable results
8/14/2019 The Role of Quality in Risk Management v4a
12/24
Risk Management at a Glance
Implement a defined process
Properly identify project risks
Quantify risk impact using objective measures
Prioritize risks based on impact and probability
Develop a treatment plan
Monitor risk treatments
Develop reusable risk models
Provide oversight to ensure compliance
Implement an active feedback loop
8/14/2019 The Role of Quality in Risk Management v4a
13/24
A Work Breakdown Structure (WBS) is
What is going to be builtA project management technique fordefining and organizing the total scope of a
project, using a hierarchical tree structureA defined a set of planned outcomes thatcollectively and exclusively represent 100%
of the project scope
8/14/2019 The Role of Quality in Risk Management v4a
14/24
A WBS is
A hierarchical structure where the first twolevels of the WBS (the root node and Level 2)represent 100% of the scope
A scope management tool that describesplanned outcomes (e.g. deliverables,milestones) not planned actions
Not overly prescriptive of methods
8/14/2019 The Role of Quality in Risk Management v4a
15/24
A WBS is not
A description of how the product is going to bebuilt
An exhaustive list of work or activities to perform
A project schedule
8/14/2019 The Role of Quality in Risk Management v4a
16/24
1.0
Bicycle
1.1
Frame Set
1.1.1
Frame
1.1.2Handlebar
1.1.3
Fork
1.1.4
Seat
1.2
Crank Set
1.3
Wheels
1.3.1
Front Wheel
1.3.2Rear Wheel
1.4
Braking System
1.5
Shifting System
1.5.1
De-railer
1.5.2Shift Levers
1.6
Integration
1.7
ProjectManagement
1.7.1
Status Reports
1.7.2
FinancialReports
1.7.3
Risk Register
1.7.4
Schedule
8/14/2019 The Role of Quality in Risk Management v4a
17/24
One of the most important WBS designprinciples is called the 100% Rule.
The Practice Standard for Work BreakdownStructures (Second Edition), published by the(PMI) defines the 100% Rule as follows:
The 100% Rule...states that the WBS includes 100%of the work defined by the project scope andcaptures ALL deliverables internal, external,
interim in terms of the work to be completed,including project management.
8/14/2019 The Role of Quality in Risk Management v4a
18/24
100% rule continued
The 100% rule is one of the most importantprinciples guiding the development, decompositionand evaluation of the WBS.
The 100% rule applies at all levels within the
hierarchy: the sum of the work at the child levelmust equal 100% of the work represented by theparent and the WBS should not include any work
that falls outside the actual scope of the project
8/14/2019 The Role of Quality in Risk Management v4a
19/24
WBS Tips
Do not carry action oriented details in the WBSAn action oriented WBS will likely include eithertoo many actions or too few actions. Too manyactions will exceed 100% of the parent's scope and
too few will fall short of 100% of the parent'sscope.
The best way to adhere to the 100% Rule is to
define WBS elements in terms of outcomes orresults. Focus on progress not, activity
8/14/2019 The Role of Quality in Risk Management v4a
20/24
WBS Dictionary
Fully describes each component of the WBS
Includes at least the following:
Brief definition of the scope, Deliverable(s), List ofactivities, and Milestone(s)
Optionally can include the following:Quality requirements, responsible individual /organization, start and end dates, resources required,estimated cost, estimated effort, basis of estimate (BOE)and charge number.
8/14/2019 The Role of Quality in Risk Management v4a
21/24
Attribute Definition
WBS ID 1.9.3
Control Code 9502-001C
Name Time Management
Description Manage the project schedule to assure that deliverables, work products,milestones, etc. are on schedule to be delivered on time
Deliverables Updated schedule
Work Package(s) Weekly Effort Variance Analysis Report
Basis of Estimate (BOE)
Activity List Collect actual effort from team members
Apply actuals to the schedule
Conduct effort variance analysis
Submit Change Request (CR) to the CCB based on variance analysis
Input(s) Schedule
ISR
Timesheets
Dependencies
Resource Requirements Project Control Specialist
8/14/2019 The Role of Quality in Risk Management v4a
22/24
Attribute Definition
WBS ID 1.9.4Control Code 9502-001DName Cost ManagementDescription Manage the project budget to assure that deliverables, work products, milestones, etc.
are delivered within budget. Reconcile project budget with accounting system andprepare financial reports
Deliverables Updated schedule
Monthly EVM Report
Monthly Program Review Briefing
Work Package(s) Weekly Project Labor Report
Weekly Project Travel Report
Weekly Variance Analysis Report
Monthly Reconciliation Report
Basis of Estimate (BOE)Activity List Update weekly financial data
Conduct weekly financial variance analysis
Reconcile project financials with labor, travel, and ODC accounting reports
Prepare weekly financial report
Input(s) Schedule
Monthly Forecast ReportMonthly Accounting Reports
ISR
Timesheets
Dependencies 9502-001CResource Requirements Project Control Specialist
8/14/2019 The Role of Quality in Risk Management v4a
23/24
Attribute DefinitionWBS ID 15.3.2Control Code 1802-001CName JAD WorkshopDescription Facilitate Joint Application Development (JAD) workshops and document the
workshop resultsDeliverables JAD Workshop DocumentationWork Package(s) Workshop #1, Workshop #2, Workshop #3, Workshop #4, Workshop #5
Basis of Estimate (BOE) 6 hrs / workshop * 5 workshops * 7 resources = 210 hrs
8 hrs / workshop to consolidate documentation * 5 workshops * 3 resources =120 hrs
330 hrs totalActivity List Collect background information
Plan workshop interviews
Schedule workshop
Prepare for workshop
Conduct workshop
Document workshop results
Prepare workshop documentation
Distribute workshop documentationInput(s) Project ScheduleDependenciesResource Requirements Business Analyst
8/14/2019 The Role of Quality in Risk Management v4a
24/24
Attribute DefinitionWBS ID 2.1.3Control Code 9502-002GName Program Management Plan EvaluationDescription Evaluate Program Management Plan (PMP) in accordance with PMBOK
Deliverables PMP Evaluation Report Draft 1Final PMP Evaluation Report
Work Package(s) PMP Evaluation Report Template
Evaluation Plan
Evaluation Schedule
Interview Notes
Evaluation Checklists
Basis of Estimate (BOE)
Activity List Secure consensus on report formatPrepare list of artifacts to review
Prepare interview schedule
Coordinate personal interviews
Prepare artifact evaluation checklists
Evaluate project management artifactsUpdate evaluation checklists
Prepare initial draft report
Peer review draft report
Prepare final evaluation report
Input(s) Project Management Plan
PMBOK, 4th Edition
DependenciesResource Requirements Project Manager