Managing Uncertainty and Risk on the Project
DanielKrogh (Talk | contribs) (→Process to manage risk in project portfolio) |
DanielKrogh (Talk | contribs) (→Process to manage risk in project portfolio) |
||
| Line 79: | Line 79: | ||
== Process to manage risk in project portfolio == | == Process to manage risk in project portfolio == | ||
| − | [[File:Risk_mangement_process_of_a_project_portfolio.jpg| | + | [[File:Risk_mangement_process_of_a_project_portfolio.jpg|500px | thumb|right |'''Figure 8:''' The process in risk management portfolio]] |
Another but similar way to look at risks in project portfolio is like in Figure 8 | Another but similar way to look at risks in project portfolio is like in Figure 8 | ||
Revision as of 11:04, 22 September 2015
Contents |
Abstract
One of the most challenging aspects in projects is to manage the risk and the uncertainty. Yet with the knowledge we possesses, it is a topic, which for many is difficult to handle. Many stakeholders are involved in the projects and therefore might have different opinions of what is the best solution approach is. The majority of people tends to think in deterministic terms of an optimal solution instead of probabilistic terms of a robust solution. This article will highlight the main differences of the risks and the uncertainties in a portfolio management. The risk management processes will be clarified in its four stages, where the identification of the problem, assessment of the risks, how to respond to the risks and lastly how to control the risks. To assess the risks, a risk-management process tool will be utilized and further explained.
Definition
Risk and uncertainty has many different definitions and can be hard to settle down to only one way to define it. Risk management had their origins in the insurance industry in USA in the 1940s. Project Portfolio management refer not only to a single project or a single program, but all projects and programs of it. When talking about risk, people often link it together with uncertainty, while others refer to it as opportunity. Risk can also be defined as a combination of the probability of an event and its consequences. There is a relationship between risk, uncertainty and opportunities. This is illustrated in Figure 1.
Risk can within Portfolio Project Management be classified into three different classes. The first class is the with the negative aspects. The second class is related to the uncertain, which is the unknown and unexpected issues. The third is correlative to possibility and result. In Figure 2, it can be seen who as classified what into the three categories.
The authors states project failure is highly connected with uncertain event (uncertainty). Uncertainty includes three different consequences, and the first is good for the project / portfolio, the second has no effect on the result for the project, and the last is harmful for a project success and objective. The first consequence of uncertainty seen as an opportunity for the project / portfolio. The second can be explained by something uncertain occurring throughout the life cycle of the project but the result of the uncertain event is either good or harmful for the project’s objective and success. And based on that we can say that uncertainty has no effect on the project. According to this section, the following definition of uncertainty is:
“An unexpected event, if it occurs, may have either no effect or a good or bad effect on at least one of the project’s objectives and success.“
And risk is defined as:
“An uncertain event or situation, if it occurs, may have threat(s) or bad effect(s) to at least one of the project’s objectives and success”
Risks and uncertainties has a big role in projects. The uncertainty is by definition the lack of the information that is available to take a decision at a given time. In Figure 3 it is illustrated the difference between the information required and the actual information available. Uncertainty have two sources and the first source is the complexity, which is where the information is available, but is too costly to collect and analyse. Second is the predictability, which is where you are able to predict uncertainties, based on previous experiences.
In the beginning of the a project the uncertainty is very high and depending on the size of the project and to decrease the mission uncertainty it can some extend be used e.g. standardised components and solutions etc. As a project moves forward more information will become available and therefore the dynamic uncertainty will be decreased since some parts of the project will be finished and therefore has less impact on the actual uncertainties. To understand the relation between risk and uncertainty, Figure 4 illustrates the risk sources which indicate the underlying condition that can generate a possible risk event. The management team can respond to the risk source and can plan to respond when or if the risk event occurs. The model explains in short terms how you can prepare the risk sources and events.
The relationship between risk source is thus the dimensions of the risk source, the impact of the risk and the to which extent the management team can respond to the risk source and events. The understanding of risk in relation the probability is divided up into four terms:
- The objectivist believes that a sample of previous observations can be used for predicting the future risk sources. The predictions rely therefore on statistics inferred from experience.
- The logical could be an engineer who is solving problems with an engineered system. Engineers’ understanding of the design and the scientific properties they might be able to identify risk sources and therefore possible risk events. It rely closely up against the basis of FMEA.
- The subjectivist rely mostly on subjective decisions. That means that despite from the information available, the observer might consider other factors than just historical facts. Therefore might there not be a clear result from two different subjectivists in the same situation unless it is an obvious decision.
- The behavioural has focus on the actual behaviour with the decision-making under uncertainty. Therefore it is relied on how decisions are made in practise.
When managing risks and uncertainties, the four different terms is important when looking at decision-making. There is a difference between the definition of uncertainty and risk where there is probability of a risk event could occur. The reason is the subjective term where the decision-maker has an impact on the outcome where the decision is not relied on historical event and statistics. The underlying definition of risk and uncertainty can be divided into four different stages of standpoints, which is defined as the cognitive standpoint. They are stated as follows:
- Known knowns is the condition of the risk where the risk source has been identified and a probability can be assigned to certain risk event. This is the standpoints which has most concentration because many advocates the use of subjective probabilities.
- Known unknowns is where the uncertainty plays its role where a risk source has been identified but cannot be assigned to the risk event.
- Unknown knowns is a condition where the uncertainty appears because somebody knows about the risk source and its chances to appear. Therefore, the information is kept private instead of sharing the information.
- Unknown unknowns is the uncertainty where the risk source has not been identified and therefore the risk event cannot because of that be known. That phenomenon has been called the ‘black’ swan.
The four different standpoints is illustrated in Figure 5.
When looking at the figure, the y-axis illustrates occurrence of any future events is either certain, impossible or in between the two. It happens rarely that a proper data set is available and is not possible to make any changes in the data set so that the objectivist only have a point between certainty and impossibility.
Practice of managing risk and uncertainty
When you have the knowledge and insight of what you are dealing with regarding the potential uncertainties and risks in a project there is several protocols of how to manage them in a proper way. When looking at known unknowns, it can without problem be managed proactively and also be able to mitigate the impact of unknown unknowns. One of the basic models in the risk management process is showed in Figure 6, which has four main elements.
- Identify and classify the what risks sources that has to be managed
- Assess the risks so that you have a fully understanding of the risks and how they can affect each other.
- Respond to the risks sources and decide what to do about them if they occurs.
- Control the risks throughout the whole project, so that they have minimum impact on the project.
The model is like a loop learning model, where it is a process through time.
Identify and classify the risk sources This is one of the crucial elements in the model to actual succeed in being able to discover the risk sources. However, it is one of the less formalized elements in risk management, which in itself can have consequences. Normally this area is done by experienced employees within the actual field, which can be a problem when you thinking in e.g. knowledge sharing. It can also be done by workshops etc. and when the information gathering is done, a risk register is made with all the knowns, which is a document or a log where all the available information is accessible.
Assess the risk sources When the risk sources has been identified, there is a large number of tools for assessing them. A tool to get an easy overview of the known risk source is the probability/impact matrix. The matrix is illustrated in Figure 7, and the model is divided up in four different areas.
The different risk sources are identified and is classified in terms of their probability of occurrence and the magnitude of their impact on the project. The model can be used for assessing known unknowns whether it has high impact or probability when it occurs. Hence, it will be possible for the managers to prioritize the risk sources and schedule the risk sources.
Respond to the risk sources When the risk sources has been identified the next task is what to do with each of them. In addition, the options to do that when using the tool in Figure 7 are as follows:
- Accepting the risk as it is, and plan to respond to the risk. Since it is bad luck, there is not much to do.
- Externalise the risk down the supply chain by subcontracting. This is only done when the subcontractor is in a better position than the principal. When externalising the risk, the subcontractor has to have better managerial capability otherwise it can have fatal consequences and in extreme cases is when the subcontractor is bankrupted because of a risk event. The general rule is to communicate with the actors who is closest to the risk source and motivate them to manage them effectively so that they have as small as possible impact.
- Mitigating the risk by changing the project mission or scope to minimise the probability for the risk to happen. When mitigating the risk a systematic reduction of the risk and also called a risk reduction. This kind of risk can also be associated with e.g. the choice of technology etc. and as mentioned earlier if using the technique like FMEA, then would make the solution more robust.
- Rare catastrophes cannot be controlled of the actors, such as fire on construction projects and therefore insurance is a normal way to solve that. By mitigating the risk, it will almost be possible to avoid the risk event. A classic way is an indemnity insurance and if that is not an option, then mitigation is preferable. The last option will only be suitable if the magnitude of the risk event would not bring the company down.
- Delay the decision until the needed information is available. This will make as mentioned earlier more secure and will make the risks more known. This is crucial for high-impact risks.
Plan to respond to the risk event If the risk has been accepted in the assessment or a residual of the management responses to the risk source, the plans will also be laid out to be ready to respond to the risk events. On way to do it is to put in a slack in the time schedule in case if the event will delay the project and have higher expenses than first assumed. Control and monitor the risk source The final phase is to monitor the risk source throughout the whole project life cycle, so the information becomes available and when the probability and impact can be reassessed once the point where risk event could have been occurred has passed it can be removed from the risk document. To monitor risk sources a risk owner has to be selected to do the supervision. The rest of the management team has to have full engagement since this is the phase where the unknown unknowns will grow. The job is not a desk job, and this will include following:
- The management team has to be visible on sight noticing what is going on the be able to identify both threats to schedule and budget, but also see opportunities to do things better if possible.
- Do routine informal meetings to freely exchange views without take any minutes or recordings. This can help reveal potential problems that would be there to discover and can have a potential progress for the project.
- Spotting behavior that might be improper and interpreting the correctly.
Process to manage risk in project portfolio
Another but similar way to look at risks in project portfolio is like in Figure 8
The construction is like in the Figure 6 but have two really important aspects which is not included in the previous model. The first thing which separates this model is to understand the portfolios strategic and business objectives and each project’s or program’s objectives. Secondly, the last stage is summarize of the process of the risk management, and record risks and response of them in risk database. This is a very important aspect since this is part of learning, knowledge sharing and therefore people who work with this every day can over time develop a more systematic way of reaching out to these projects.
