Pro-active: Risk and Opportunity Management

From apppm
(Difference between revisions)
Jump to: navigation, search
 
(18 intermediate revisions by one user not shown)
Line 1: Line 1:
== Abstract ==
+
''Developed by Nicolaj J. B. Thomsen''
'''Pro-active risk and opportunity management''' considers risk and opportunity events in a project with the purpose of mitigating the risk and enhance the opportunities before they occur. Risk events occur from uncertainties within a project whereas negative outcome is a risk for the project but positive outcomes can become opportunities for the stakeholders of the project. <ref name="Geraldi"/>
+
  
To gain risk control for a pro-active risk and opportunity management a process/model is used. First  step in the process is to identify the risks, then assess the risks, treat the risks and at last review the treatment of the risks which result in risk control. The fourth step of the process, review, is done for analysing the success rate of the risk response/treatment.
 
  
Risk as definition is probability P times the impact I giving the formula:<ref name="MCON"/>
+
== Abstract ==
 +
'''Pro-active risk and opportunity management''' (P-AROM shorten for the sake of this articles length) considers negative and positive events in a project whereas risk and opportunities are the outcome of the events respectively. The purpose being mitigation of risks and enhancement of opportunities in the early phase of the project hereby gaining higher return of investment for the stakeholders. <ref name="Geraldi"/> Risk control is a tool used as P-AROM to fulfil its purpose. To obtain risk control a process with four stages is used. First step in the process is to identify the risks, then assess the risks, treat the risks and at last review the treatment of the risks which result in risk control. The fourth step of the process, review, is done for analysing the success rate of the risks responses/treatments.
 +
 
 +
Risk as definition is probability P times the impact I giving the formula:<ref name="dumb"/>
  
 
<math>R=I\cdot P</math>
 
<math>R=I\cdot P</math>
  
Therefore is key elements in risk management to control the probability and impact that events will occur and have. For pro-active risk management the key is to predict and manage these two values, done with different models and methods described further in this article. The prediction will have the effect of mitigation of risks and enhanced opportunity events.
+
Key elements in risk management is to control the probability and impact that events will occur and have. For P-AROM the key is to predict and manage these two values, done with different models, tools and methods described further in this article. Which result in mitigation of risks and enhancement of opportunities that will insure cost and time benefits and increased scope quality.
This tool can be used in any project an example could be the new super hospitals being build in Denmark. Here the unpredicted cost overruns fund was initially at 7-8% as a result from a pro-active risk management analysis. This was later changed to 10-15% in the project process due to higher amount of unpredicted expenses.<ref name="RegH"/> This is known as reactive risk management, the opposite of pro-active, which taggels events in on-going projects and find solutions. Due to unknown unknowns pro-active risk management can not be perfect and adress every possible event.
+
 
  
The super hospitals case is a construction project but pro-active risk management is not limited to the construction industry. It can be used for any industry and project, due to it providing necessary analysis of complecations that can occur.
+
This tool can be used in any projects but with a high demand on cost, it is often seen optimal in medium to large project e.g. the new super hospitals construction projects in Denmark. The unpredicted cost overruns fund was initially estimated to 7-8% of the budget as a result from a P-AROM analysis done for the projects in the capital region of Denmark. This was later changed to 10-15% in the project process due to higher amount of unpredicted expenses <ref name="RegH"/>. Which is know as reactive risk management that do changes and solutions due to complications in a on-going project. Thus a limitation of P-AROM is that prediction of every possible scenario is impossible. P-AROM is not limited to the construction industry it can be used for any industry and project, due to it providing necessary analysis of complications that can occur.
This article will explain the methodology of pro-active risk and opportunity management with an additionally amplification of the method in real cases.
+
This article will explain the methodology of P-AROM with an additionally amplification of the method in real cases.
  
  
 
== Introduction ==
 
== Introduction ==
 
[[File:Classicrisk.PNG|450px|thumb|Figure 1. Four stages of classic risk management towards risk control.<ref name="MEP4"/>]]
 
[[File:Classicrisk.PNG|450px|thumb|Figure 1. Four stages of classic risk management towards risk control.<ref name="MEP4"/>]]
For risk management there is in general four stages to ensure risk control the process is shown on figure 1. The four risk stages that form the risk control will be analysed with the perspective of pro-active risk and opportunity management. For the first face in risk control the identification of the subject/risk event must be specified. This leads to a list of expected events that could either be positive which becomes opportunities for the project if govern correctly or the events could be negative that will lead to risks for the project that is needed to be mitigated. This leads to assessment of the identified risk and opportunities which by analysis gives the managers possibilities of making a right decition when taking action towards enhancing opportunities and minimizing risks. With a good assessment the project manager can treat the risks and opportunities which is known as the third step in the process. Here a bad treatment can lead to project failure, cost overruns, time delays, lower scope quality etc. Therefore has the treatment a high influence in how well a projects lifecycle is considered. With treatment being allocated to the project its effect will be reviewed in the fourth stage towards risk control. Here complications within the treatment will be identified and the review will further observere whether the treatment was a succes leading to the project manager to accept the outcome. From this the identification of the treatments that was not fulfilling will be identified and the cyckle, as shown in the figure 1, will be repeated. Thus leading to risk control that for the pro-active risk management viewpoint must ensure as few as possible surprices and cost overruns.  
+
Risk management is in general attained by four stages that leads to risk control this process is shown on figure 1. The four stages that form the risk control will be analysed with the perspective of P-AROM. The first phase is the identification of the event which is further specified. The outcome being a list of expected events that can either have a positive effect which is opportunities for the project if govern correctly, or the events can have a negative result leading to risks for the project that is needed to be mitigated. From identification the next phase is assessment of the identified risks and opportunities which by analysis gives the stakeholders possibilities of making a qualified decision, when taking action towards enhancing opportunities and minimizing risks. With a good assessment the risk managers can continue to the next phase which is treating the risks and opportunities. A bad treatment can lead to project failure, cost overruns, time delays, lower scope quality etc. Therefore has the treatment of the events a high influence on how well a projects success rate becomes. With treatment being allocated to the events its effect will be reviewed, being the fourth stage towards risk control. Here complications within the treatment will be identified and reviewed to determined whether the treatment was a success or failure, resulting in the stakeholders to either accept or reject the treatment. From this the identification of the treatments that was not fulfilling will be identified and the cycle of the four phases will be repeated, as shown in the figure 1, thus leading to risk control. From the P-AROM perspective insurance of as few as possible surprise events resulting in cost overruns, time delays and lower scope quality is key.
 +
Stakeholders benefits from the tool of P-AROM in mitigation of unwanted incidents that can result in numerous complications for the project and wanted opportunities to be exploited.
  
Project managers needs the tool of pro-active risk and opportunity management for mitigation of unwanted insidents that can lead to numerous complications for the project. Further will wanted opportunities not be exploited if this management is not implemented.
+
The first step, identification, will be addressed in the following.
 
+
 
+
The first step, identifycation, will be adressed in the following.
+
  
  
 
== Identify Risks ==
 
== Identify Risks ==
The identification of risks has the purpose to determine if risk events occur whether they are positive or negative for the project. <ref name="Geraldi" /> For positive outcomes the event will be known as "opportunity" for the project, whereas the negative events is known as "threats" for the project. This can change the life cycle of the project process.<ref name="ISO" /> E.g. can an opportunity mitigate the time development of a certain product within the project or a delivery can be done more cost beneficial if two stakeholders within the project collaborate. Negative outcomes of events will be seen as threats for the project this can e.g. cause cost overruns or time delays. This can be resource based managers that can not produce a product because the detail drawings are delayed. The drawing department is delayed do to the client not being able to give early and precise instructions on what the product must fulfil. Hereby will the identification help risk managers to locate the problem of the delay and begin assessing it.
+
The identification of events has the purpose to determine whether they are positive or negative for the project<ref name="Geraldi" />. Positive outcomes will be categorised as opportunities whereas the negative events will be considered risks for the project. This can change the life cycle of the project process<ref name="ISO" />. An opportunity can e.g. mitigate the time development of a certain product within the project. This could be a technological system within a bank that handles clients return of interest in their saving accounts, the developers could discover a new method for handling the data with the positive outcome of minimizing errors. An opportunity could also be material deliverables to a construction site where the collaboration of transport between two stakeholders would lead to a more cost beneficial outcome. Negative events categorised as risks for the project could example cause cost overruns or time delays. E.g. of a time delay could be if resource based managers can not deliver the resources for the scope due to difficulties in the development team that causes delays on the detail drawings. Hereby will the identification help risk managers to locate the problem of the delay and begin assessing it. Resource based manager has to manage and are responsible for the delivery of resources to a project.
Identification analysis will only analyse where events could occur but the assessment and treatment of the events is further steps into the process of risk control.
+
Identification phase is only identifying possible events that could occur with the assessment and treatment being further steps into the process of risk control.
Additionally from the DS/ISO standard should the identification process involve many stakeholders within the project e.g. project customers, project manager, project team, senior managers, risk managers, clients, users etc. <ref name="ISO" />
+
Additionally from the DS/ISO standard should the identification process involve as many stakeholders within the project as possible e.g. project customers, project manager, project team, senior managers, risk managers, clients, users etc <ref name="ISO" />. Thus mitigating the chance of this process to oversee any opportunities or risks.
From DS/ISO the primary inputs of this face is the project plans whereas the primary outputs is risk register.<ref name="ISO" />
+
The second step in P-AROM is assessing the identified events.
 
+
The second step in pro-active risk management is assessing the risks that have prior to the project been identified.
+
  
 
== Assess Risks ==
 
== Assess Risks ==
 
[[File:Impactassess.PNG|500px|thumb|Figure 2. Impacts within a project with four project objectives.<ref name="MEP4"/>]]
 
[[File:Impactassess.PNG|500px|thumb|Figure 2. Impacts within a project with four project objectives.<ref name="MEP4"/>]]
 
[[File:Assessmentimpactprobability.PNG|400px|thumb|Figure 3. Probability and impact matrix.<ref name="MCON"/>]]
 
[[File:Assessmentimpactprobability.PNG|400px|thumb|Figure 3. Probability and impact matrix.<ref name="MCON"/>]]
The assessment/analysis of the events that has been identified is to prioritize which risks are the most severe and should be dealt with immediately.<ref name="Geraldi" /><ref name="ISO" /> How to determine the priority is through analysis of the probability for the event occurrence and the impact it will have on the project objectives. <ref name="MEP4" /> Which will lead to the risk given by the formula:<ref name="MCON"/>
+
The assessment of the events that has been identified is done to gain knowledge of which risks and opportunities that should be prioritized<ref name="Geraldi" /><ref name="ISO" />. How to determine the priority is through analysis of the probability for the events occurrence and the impact they will have on the project objectives<ref name="MEP4" />. When focusing on the risks the magnitude is given by the formula<ref name="dumb"/>:
  
 
<math>R=I\cdot P</math>
 
<math>R=I\cdot P</math>
  
Time-frame and key stakeholders risk tolerance must be considered when the impact of the risk is determined. E.g. if a risk is analysed to directly affect the client or the main investors the impact of that risk will be considered high compared to a risk that a resource based manager in the project could experience. This is due to the importance of the stakeholders if the investors in the project withdraws the funding and the project falls apart. Whereas if a resource based manager experiences threats the worst outcome could be time delays or cost overruns this should of course be mitigated as much as possible but the effect on the project will be considerably lower.
+
Key stakeholders risk tolerance are considered a higher priority when the impact of the risks is determined. E.g. if a risk is analysed to directly affect the client or the main investors the impact of that risk will be considered high compared to a risk that a smaller resource based manager in the project could experience. This is due to if key stakeholders in the project withdraws the funding as a result of a negative event the project could be terminated. Whereas if a resource based manager experiences negative events which can result in time delays, lower scope quality and/or cost overruns that hurts the project but does not terminate it.
  
Considering pro-active risk management the goal is to analyse the identified risks before the project has begun with the benefit of cost savings. A golden rule within a projects process is that the earlier important decisions are made the cheaper it is to change.
+
Considering P-AROM the goal is to analyse the identified risks before the project has begun with the benefit of cost savings. A golden rule within a projects process is that the earlier important decisions are made the greater the return of investment<ref name="simpli" />.
  
The impact in the equation of risk can be considered in four categories cost, time, scope and quality as shown in figure 2. Already discussed is the cost and time influence in a project but the scope within the project must also be considered when investigating impact. Scope measures the hole process of producing a product with a high impact this can lead to the scope being effectively useless or unacceptable. Furthermore is the quality of the project measured when observing impact. E.g. must the client be informed of the reduction of quality with the purpose of approving the product or discard it.
+
The impact in the equation of risk can be considered in four categories cost, time, scope and quality as shown in figure 2. Already discussed is the cost and time influence in a project but the scope within the project must also be considered when investigating impact. Scope measures the whole process of producing a product. Risk that has a high impact can result in the scope being effectively useless or unacceptable which the stakeholders must address. Furthermore is the quality of the project measured when observing impact. E.g. must the stakeholders be informed if a reduction of scope quality has been detected in the production, with the outcome of them approving or discarding the product.
  
Additionally is the popular risk management tool probability/impact shown in figure 3. used to assess risks. Observing the figure a high impact low probability is explained as rare catatrophe which e.g. cold be a weather storm that ruins a construction facility or delays important work. This is for a pro-active risk managers point of view very difficult to address but could be implemented in the unpredicted expenses account. For high impact high probability the figure describes this as a probable disaster e.g. if deadlines are not met an important stakeholder will leave the project. Pro-active assessment must try to prevent and mitigate these kind of events as much as possible.
+
The popular risk management tool probability/impact matrix shown in figure 3. is used to assess risks. Observing the figure a high impact low probability is explained as rare catastrophe which e.g. cold be a weather storm that ruins scaffolding at a construction site and thereby delaying construction work considerable. This is for a P-AROM perspective very difficult to address but should be implemented pre-handedly in the unpredicted expenses account. For high impact high probability the figure describes this as a probable disaster where a risk manager prevent and mitigate these kind of events as much as possible.
  
 +
Opportunities in a project that is realised in the early faces is the assessment used to provide the stakeholders with information of how well the opportunities can be exploited. Thus giving them an analysis of how to reach the opportunity and what it provides within the project.
  
From DS/ISO the primary inputs in the assessment is the risk register and project plans hereby giving the output of prioritized risks.
+
From the analysis the stakeholders must chose the best treatment of the events. This is done by comparing treatments with focus on which is the most effective, has the highest chance of success, the one that is most cost beneficial etc. Thus follows the treatment of risks.
  
Opportunities in a project that is realised in the early faces is the assessment used to provide the stakeholders with information of how well the opportunities can be exploited. Thus giving them an analysis of how to reach the goal and what that goal then provides within the project.
+
== Treat Risks ==
 +
The third process step in controlling risks is the treatment, with the purpose of determining the actions needed to reduce the risks and enhance opportunities that have been analysed in the assessment<ref name="ISO" />. The overall purpose for treatment of the events is for the stakeholders to delegate the resources into the opportunities and risks found in the identification and assessment stages, thus achieving the highest possible return of investment. From DS/ISO it is stated: "Risk treatment includes measures to avoid the risk, to mitigate the risk, to deflect the risk or to develop contingency plans to be used if the risk occurs." <ref name="ISO" />.
 +
Possible actions for the stakeholders will be discussed in the risk control paragraph under risk responses.
 +
How well a treatment of risks or opportunities is handled determines the projects success with the degree that the outcome of a bad treatment can result in project failure or zero budget benefits. While a good treatment of events can lead to enhanced cost and time benefits and scope quality.
 +
When the treatment has been chosen and the result of it conducted the next process is reviewing the outcome. Hereby will the treatments success rate be investigated which is further explained in the following.
  
From the analysis the best treatments for the project must be chosen. Hereby is treatments that are the most effective, has the highest chance of succes, the most cost benificial etc. Thus follows the treatment of risks.
 
  
 +
== Risk Review ==
 +
Risk management is a constant process of the four stages with the control as an outcome. The review stage has a goal of monitoring the treatment and update the risk register (explained under the risk control paragraph)<ref name="MEP4" />. The monitoring of the treatment is for assurance of effectiveness and quality of that process. If mistakes were to occur in the treatment the review process will have the purpose of detecting it, thus providing the treatment to be fulfilled without incompletions or gaps.
 +
The review will update the risk register herewith linking back to the identification stage where new and old risks will be identified and then analysed once again. Thus insuring the treatment was a success and providing the project with risk control.
  
== Treat Risks ==
+
Opportunities within the project will benefit from the review phase by the insurance of the treatment was as optimal as possible. Furthermore reviewing the treatment could lead to discovering additional opportunities to be exploited. It would also detect treatment that did not optimise the project and providing the stakeholders with the option of discarding for cost beneficial reasons.
The third process step in controlling risks is the treatment with the purpose of determining the actions needed to reduce the risks and enhance opportunities that have been analysed in the assessment. <ref name="ISO" /> This stage put resources into the opportunities and risks found in the identification process and analysed in the assessment. Thus providing information of where the investment should be and how that investment will pay of. This stage in the process towards risk control measures the necessary treatment for risks. From DS/ISO it is stated: "Risk treatment includes measures to avoid the risk, to mitigate the risk, to deflect the risk or to develop contingency plans to be used if the risk occurs." <ref name="ISO" />
+
How well a treatment of risks is handled determines the projects success with the degree that the outcome of a bad treatment can lead to project failure. While a good treatment can lead to enhanced cost benefits and minimise the time schedule.
+
  
DS/ISO determines the input of the treat risk process as risk register and project plans with the outcome of risk responses and change requests.
+
The review finishes the circle with the risk control as the wanted outcome. The control of risks is further addressed in the following section which connects all the four stages in the process.
  
When the treatment has been chosen and the result of it conducted, the review is the next process. Hereby will the treatments succes be investigated this is furhter explained in the following.
+
== Risk Control ==
 +
The objective to control risks is to mitigate the risks and enhance the opportunities that influences the project by using the stages explained. Pro.active actions is modifying the process to avoid and reduce deviations from the original plan. Compared to corrective actions that handles current events which has caused deviation of the original project plan <ref name="Geraldi" />.
  
 +
Controlling a project from a P-AROM perspective is the key to provide stakeholders with information usable for early decision making, with the benefit of high return of investment.
 +
P-AROM can be used to '''control the scope''' of the project with the purpose of smoothing process by maximising opportunities and minimising risks. Tools to reach control of scope: progress data, scope statement, work breakdown structure, activity list and change request <ref name="Geraldi" />.
 +
Additionally '''resource control''' would be carried out to insure availability thus the project work would not experience time delays. Tools used for resource control: project plans, staff assignments, resource availability, progress data, resource requirements, change requests and corrective actions <ref name="Geraldi" />.
 +
A great addition that P-AROM can provide for a project is '''scheduling control'''. Good planning will provide fewer complications within the project. E.g. in a construction project an electrician can not install modules and wiring if the walls have not been made. Thus a good planner will safeguard that the electrician is scheduled to work after walls have been set up.
 +
Tools used for scheduling control: project plans, schedule, progress data, change requests and corrective actions <ref name="Geraldi" />.
 +
'''Cost control''' is an on-going monitoring threw-out the project life cycle with the desire to mitigate budget overruns. E.g. altering the schedule for more time efficiency will be costly due to the stakeholders demands of raise in investment for the extra labour. Tools to obtain cost control:
 +
project plans, budget, progress data, actual costs, forecasted cost, change requests and corrective actions.<ref name="Geraldi" />
 +
'''Quality control''' insures standards are being met, the objective of the project is obtained and reduce unwanted failures in the scope. For this tools that can be used for delivering quality control: Deliverables, quality plan, quality control measurements, verified deliverables, inspection reports, progress data, change requests and corrective actions.<ref name="Geraldi" />
 +
These different control areas will help to a minimization of needed '''risk control'''. Risk control is done to mitigate the disruption that the project could encounter such as stated earlier. The tools to risk control is formulated: project plans, risk register, risk responses, progress data, change requests and corrective actions.<ref name="Geraldi" />
 +
All these aspects for controlling will increase the possibility for project success.
  
== Risk Review ==
+
[[File:DSISO.PNG|500px|thumb|Figure 4. Inputs and outputs for risk control.<ref name="ISO"/>]]
Risk management is a constant process of the four stages with the control at focus. The next stage has a goal of reviewing/monitoring the treatment and update the risk register <ref name="MEP4" />. The monitoring of the treatment is for assurance of effectiveness and quality of that process. If mistakes were to occur in the treatment the monitoring process will have the purpose of detecting it thus providing the treatment to be fulfilled without incompletions or gaps.
+
DS/ISO defines the inputs and outputs for controlling risks as shown in figure 4. The inputs for controlling is a collection of the prior stages outputs in the process thus achieving risk control. The outputs is actions with the intent to mitigate damages to the project. E.g. could this be to diminish cost overruns, insure quality of the scope, effectiveness of the scheduling resulting in mitigation of time delays.  
The update of the risk register is the link to back to the identification because here new risk and old will be identified and then analysed once again to ensure the treatment was complete hereby providing risk control.
+
  
Opportunities within the project will have benefits of monitoring by insuring that the treatment was as optimal as possible. Furthermore reviewing the process could lead to additional opportunities to be exploited. It would also detect treatment that did not optimise the project and could be terminated for cost beneficial reasons.
+
The different primary inputs and outputs for risk control is explained further<ref name="ISO"/>. '''Risk register''' is the primary output from the identification phase this benefits the risk control by sorting of the different events that from the phase as been identified. With the register an overview is provided to the stakeholders that keeps the focus of the possible events.
  
The risk control is addressed in the following section this connects all the four stages in the process.
+
'''Progress data''' is determined to insure that the treatment applied is working as wanted.
  
== Risk Control ==
+
'''Project plans''' is an outcome of the risk control cycle which is the plans of action attributed from the stakeholders with in the project.
The objective to control risks is to mitigate the risks influences within a project by using the stages explained. Pro-active actions is modifying the process to avoid and reduce deviations from the original plan. Compared to corrective actions that handles current events which has caused deviation of the original project plan. <ref name="Geraldi" />
+
  
For controlling a project for a pro-action risk and opportunity management a lot of aspects must be considered thus given examples of these. Pro-active risk management can be used to control the scope of the project with the purpose of smoothing the project process by maximising opportunities and minimising risks. Tools to do this: progress data, scope statement, work breakdown structure, activity list and change request. <ref name="Geraldi" />  
+
'''Risk responses''' is from the treatment of the risks phase, thus providing stakeholders with five choices of responses.<ref name="MCON" /> First '''Accept the risk''' simply accept that this risk can occur without further engagement, this is often chosen with risk that have a low probability. Second '''Eternalise the risk''' is delegating the risk to a subcontractor often done when the contractor has more experience or better knowledge of the dependant risk. Third '''Mitigate the risk''' this is done to minimise the probability of the risk to occur often done by changing scope of the project. This is the most used response to risks and thereby one of the greatest reasons for P-AROM has such a high importance for the project manager. Fourth '''Insure or hedge against the risk''' done to prevent risks such as fires where the impact will be high but the probability is low. The solution is not always available due to the insurance companies acceptance is needed. Fifth '''Delay the decision''' is done when more information is analysed to give a better outcome of the treatment.
Some of which are tools focused for the corrective actions within risk control.
+
Additionally resource control would be carried out to ensure availability thus the project work would not experience time delays. Tools used for this: project plans, staff assignments, resource availability, progress data, resource requirements, change requests and corrective actions.<ref name="Geraldi" />
+
A great addition that pro-active can provide a project is the scheduling control. Hereby will good planning provide fewer complications within the project. Complications such as stakeholders within the project can not work due to the lack of progress from another stakeholder e.g. in a construction project a electrician can install the electricity if the walls have not been finished.
+
Tools used: project plans, schedule, progress data, change requests and corrective actions.<ref name="Geraldi" />
+
Cost control will be an ongoing monitoring of the risks of budget overruns. Such as altering the schedule will be costly due to the stakeholders demands e.g. if alternating the schedule to be more time efficient stakeholders will demand raise in investment for the extra labour. Tools to obtain this:
+
project plans, budget, progress data, actual costs, forecasted cost, change requests and corrective actions.<ref name="Geraldi" />
+
  
Quality control ensures standards are being met, the objective of the project is obtained and reduce unwanted failures in the scope. For this tools can be used such as: Deliverables, quality plan, quality control measurements, verified deliverables, inspection reports, progress data, change requests and corrective actions.<ref name="Geraldi" />
+
The two outputs shown in figure 4. is elaborated on further. '''Change requests''' is the state where the outcome of the treatment has been decided to change a direction or decision from the original project plan. A simple example could be a firm producing televisions, that discovers the remote produced does not have sufficient possibilities for clients to control the television as wanted. A change request would then come from the product development team for including the features wanted.
 +
The second output from risks control is '''corrective actions''' which is an action taking within a firm for either manufacturing, systems, documentation or procedures to reassure quality of scope, be within budget and no time delays. E.g. could be a product resource that stops delivering here actions must be taken to either work more efficient with the resources provided or get a new delivery where stakeholders has to accept the related extra cost.
 +
Both the outcomes would often be a reactive risks management thus meaning that P-AROM have limitations.
  
 +
[[File:Pokeyoke.png|300px|thumb|Figure 5. Poke Yoke example.<ref name="rolf"/>]]
 +
A third risk control output, not shown on the figure, is a P-AROM orientated action known as '''preventive actions'''<ref name="simpli" /> this is a action taken to prevent negative events. The action is based of analysis of the product or from managers experience. E.g. the car company Toyota has one of the worlds best developed production systems. Which has been under development since 1950's with the goal of efficient and fast production <ref name="rolf" />. The production system is a product of well performed P-AROM that has improve the companies value and efficiency. Solutions that has been made in the production of Toyota cars is e.g. Poka Yoke which insures that wrong assembling can not occur. This is done by making connections between two components impossible to do wrong as shown in figure 5. Prevention action often have a high return of investment due to changes made in the early stages of a project is cheaper rather than later.
  
Risk control is done to mitigate the disruption that the project could encounter such as stated earlier. The tools to risk control is formulated: project plans, risk register, risk responses, progress data, change requests and corrective actions.<ref name="Geraldi" />
 
All these aspects for controlling will increase the possibility of project and risk controlling success
 
  
[[File:DSISO.PNG|500px|thumb|Figure 4. Inputs and outputs for risk control.<ref name="ISO"/>]]
+
== Limitation of the Tool ==
DS/ISO defines the inputs and outputs for controlling risks as shown in figure 4. Here it is seen that the inputs for controlling is a collection of the prior stages in the process thus giving a risk control. The outputs is actions with the intent to mitigate damages to the project. E.g. could this be to diminish cost overruns, ensure quality of the scope, effectiveness of the scheduling hereby mitigating time delays.  
+
The limitation of P-AROM is the need for preventive risk management. There will always be unexpected events within a project where a preventive action must be taken to get the project back on track. This means that P-AROM is not sufficient for stakeholders to invest in which means that risk management rely heavily on a good budget. Furthermore is the process of P-AROM costly due to the high amount of labour and hours to identify, assess and treat possible events. Due to the cost of risk management project with low budget can experience limitation in possible death of the risk management. Thus providing higher risks of uncertainties and limited options to exploit opportunities.
  
The different input and output for risk control is explained further<ref name="ISO"/>. '''Risk register''' is the primary output from the identification phase this benefits the risk control by sorting of the different events that from the phase as been indentified. With the register an overview is provided to the stakeholders that keeps the focus of the possible events.
 
  
'''Progress data''' is determined to ensure that the treatment applied is working as wanted.
 
  
'''Project plans''' is an outcome of the risk control cycle which is the plans of action attributed from the stakeholders with in the project.
+
== Annotated Bibliography ==
 +
'''How to do project?''': Covers the basics of project management with focus in projects and the four perspective of projects; purpose, people, complexity and uncertainty.
 +
'''Using Probability – Impact Matrix in Analysis and Risk Assessment Projects''': Had the focus of risk management with different tools such as impact/probability matrix with the R=I*P match model. The article further developed understanding of risk managements importance within projects and used tools to determined impacts measures of different risk events.
 +
'''Paradigme for styringsmanual for Region Hovedstadens Kvalitetsfonds Byggeprojekter''': This was a given article from a project leader within the new super hospitals being build in Denmark. It simply contains information of how the project is delegated with meetings, P-AROM, budget, scope etc.
 +
'''Lecture from project management MEP-4''': This was a power point from the bachelor course project management provided by DTU. The power point and lecture details the perspective uncertainty with definition, tools, how to react and the four stages towards risk control; identification, assessment, treatment and review.
 +
'''Guidance on project management''': Is from an DS/ISO standard that concentrates in explaining how that standard way of treating project management should be done. Furthermore definition of tools and perspectives within management is elaborated on. This source was used to better understand risk controlling.
 +
'''Managing construction projects''': This is a book on project management within constructions. Used in detail to understand risk responses and probability/impact matrix. The book itself covers a lot with in project management such as managing stakeholders, budget, scope, schedule etc.
 +
'''https://simplicable.com''': Was a source that described preventive actions and change request. With examples and definitions of the two.
 +
'''Lecture from Planning and management in construction, Lean construction and last planner system''': A lecture in the course Planning and management in construction provided by DTU. This lecture explained how P-AROM if beneficial for project and companies. Further elaborating on tools that was used in real cases.
  
'''Risk responses''' is from the treatment of the risks phase, thus providing stakeholders with five choices of repsonse.<ref name="MCON" /> First '''Accept the risk''' simply accept that this risk can occur without further engagement, this is often chosen with risk that have a low probability. Second '''Eternalise the risk''' is deligating the risk to a subcontractor often done when the contractor has more experience or better knowlegde of the dependant risk. Third '''Mitigate the risk''' this is done to minimise the probability of the risk to occur often done by changing scope of the project. This is the most used response to risks and thereby one of the greatest reasons for pro-active risk management has such a high importance for the project manager. Fourth '''Insure or hedge against the risk''' this is done for risks such as fires where the impact will be high but the probability is low. This solution is not always available due to the insurance companies acceptance is needed. Fifth '''Delay the decision''' is done when more information is analysed to give a better outcome of the treatment.
+
== References ==
  
The two outputs mentioned from risks control is elaborated on further. '''Change requests''' is the state where the outcome of the treatmnent has been decided to change a direction or decision from the original project plan. A simple example could be a firm producing televisions, that descovers the remote produced does not have sufficient possibilities for clients to control the television as wanted. A change request would then come from the product development team for including the features wanted.
+
<references>
The second output from risks control is '''corrective actions''' which is an action taking within a firm for either manufacturing, systems, documentation or procedures to reasure quality of scope, be within budget and no time delays. E.g. could be a product resource that stops delivering here actions must be taken to either work more effecient or get a new delivery that the stakeholders has to accept the related cost.
+
<ref name="Geraldi"> Geraldi, Joana and Thuesen, Christian and Stingl, Verena and Oehmen, Josef  (2017) How to DO Projects? A Nordic Flavour to Managing Projects
For both the outcomes mentioned from control risks would often be reactive risks management, thus meaning that pro-active risks management have limitations.
+
Version 1.0, Publisher: Dansk Standard </ref>
 +
<ref name="MEP4"> Geraldi, Joana and Thuesen, Christian (2017) Lecture from project management MEP-4, Publisher: Technical University of Denmark </ref>
 +
<ref name="ISO"> Guidance on project management (2013) DS/ISO 21500 Version 2.0, Publisher: Dansk Standard </ref>
 +
<ref name="MCON"> Winch, Graham M. (2010) Managing construction projects Version 2.0, Publisher:  2010 Blackwell Publishing Ltd and 2002 Blackwell Science Ltd </ref>
 +
<ref name="RegH"> Enhed for Byggestyring (2017) Paradigme for styringsmanual for Region Hovedstadens Kvalitetsfonds Byggeprojekter Version 3.0, Publisher: Region Hovedstanden </ref>
 +
<ref name="simpli"> https://simplicable.com (website copy right 2002-2017) , Publisher: copyscape </ref>
 +
<ref name="rolf"> Simonsen, Rolf (2017) Lecture from Planning and management in construction, Lean construction and last planner system, Publisher: Technical University of Denmark </ref>
 +
<ref name="dumb"> Dumbravă, Vasile and Severian Iacob, Vlăduț (2013) Using Probability – Impact Matrix in
 +
Analysis and Risk Assessment Projects, Publisher:  Scientific Papers (www.scientificpapers.org)
 +
Journal of Knowledge Management, Economics and Information Technology </ref>
 +
== Abstract ==
 +
'''Pro-active risk and opportunity management''' (P-AROM) considers negative and positive events in a project whereas risk and opportunities are the outcome of the events respectively. The purpose being mitigation of risks and enhancement of opportunities in the early phase of the project hereby gaining higher return of investment for the stakeholders. <ref name="Geraldi"/> Risk control is a tool used as P-AROM to fulfil its purpose. To obtain risk control a process with four stages is used. First step in the process is to identify the risks, then assess the risks, treat the risks and at last review the treatment of the risks which result in risk control. The fourth step of the process, review, is done for analysing the success rate of the risks responses/treatments.
  
[[File:Pokeyoke.png|300px|thumb|Figure 5. Poke Yoke example.<ref name="rolf"/>]]
+
Risk as definition is probability P times the impact I giving the formula:<ref name="dumb"/>
A third risk control output is a pro-active risks management orientated aciton known as '''preventive actions'''<ref name="simpli" /> this is a action taken to prevent negative events. The action is based of analysis of the product or from managers experience. E.g. does the car company Toyota that has one of the worlds best developed production systems. Which has been under development since 1950's with the goal of effecient and fast production <ref name="rolf" />. The production systems shows clearly how well a pro-active risks management can improve a companies value and effeciency. Solutions that has been made in the production of Toyota cars is e.g. Poka Yoke which insures that wrong assembling can not accur. This is done by making connections between two components imposible to do worng as shown in figure 5. Prevention action often have a high return of investement due to changes made in the early stages of a project is cheaper rather than later.
+
  
 +
<math>R=I\cdot P</math>
  
== Limitation of the tool ==
+
Key elements in risk management is to control the probability and impact that events will occur and have. For P-AROM the key is to predict and manage these two values, done with different models, tools and methods described further in this article. Which result in mitigation of risks and enhancement of opportunities that will insure cost and time benefits and increased scope quality.
  
  
 +
This tool can be used in any projects but with a high demand on cost, it is often seen optimal in medium to large project e.g. the new super hospitals construction projects in Denmark. The unpredicted cost overruns fund was initially estimated to 7-8$%$ of the budget as a result from a P-AROM analysis done for the projects in the capital region of Denmark. This was later changed to 10-15$%$ in the project process due to higher amount of unpredicted expenses <ref name="RegH"/>. Which is know as reactive risk management that do changes and solutions due to complications in a on-going project. Thus a limitation of P-AROM is that prediction of every possible scenario is impossible. P-AROM is not limited to the construction industry it can be used for any industry and project, due to it providing necessary analysis of complications that can occur.
 +
This article will explain the methodology of P-AROM with an additionally amplification of the method in real cases.
  
  
 +
== Introduction ==
 +
[[File:Classicrisk.PNG|450px|thumb|Figure 1. Four stages of classic risk management towards risk control.<ref name="MEP4"/>]]
 +
For risk management there is in general four stages to insure risk control the process is shown on figure 1. The four risk stages that form the risk control will be analysed with the perspective of P-AROM. For the first face in risk control the identification of the subject/risk event must be specified. This results to a list of expected events that could either be positive which becomes opportunities for the project if govern correctly or the events could be negative leading to risks for the project that is needed to be mitigated. Leading to assessment of the identified risk and opportunities which by analysis gives the managers possibilities of making a right decision when taking action towards enhancing opportunities and minimizing risks. With a good assessment the project manager can treat the risks and opportunities which is known as the third step in the process. A bad treatment can lead to project failure, cost overruns, time delays, lower scope quality etc. Therefore has the treatment a high influence in how well a projects life cycle is considered. With treatment being allocated to the project its effect will be reviewed in the fourth stage towards risk control. Here complications within the treatment will be identified and reviewed to determined whether the treatment was a success or failure resulting in the project manager to either accept or reject the treatment. From this the identification of the treatments that was not fulfilling will be identified and the cycle will be repeated, as shown in the figure 1, thus leading to risk control. The P-AROM perspective insurance of as few as possible surprises and cost overruns is key.
  
 +
Project managers needs the tool of P-AROM for mitigation of unwanted incidents, that can result in numerous complications for the project and wanted opportunities to be exploited.
  
  
 +
The first step, identification, will be addressed in the following.
  
  
 +
== Identify Risks ==
 +
The identification of risks has the purpose to determine if risk events occur whether they are positive or negative for the project. <ref name="Geraldi" /> For positive outcomes the events will be known as "opportunities" for the project, whereas the negative events is known as "threats/risks" for the project. This can change the life cycle of the project process.<ref name="ISO" /> An opportunity can mitigate the time development of a certain product within the project. E.g. a technological system within a bank that handles clients return of interest in their saving accounts could developers discover a new method for handling the data that minimizes errors. An opportunity could also be material deliverables to a construction site where the collaboration of transport between two stakeholders would lead to a more cost beneficial outcome. Negative outcomes of events will be seen as threats or risks for the project e.g. cause cost overruns or time delays. A time delay could be if resource based managers can not deliver the resources for the scope due to the development team is delayed on the detail drawings. A resource based manager has to manage and are responsible for the delivery of resources to a project. Hereby will the identification help risk managers to locate the problem of the delay and begin assessing it.
 +
Identification analysis will only analyse where events could occur but the assessment and treatment of the events is further steps into the process of risk control.
 +
Additionally from the DS/ISO standard should the identification process involve many stakeholders within the project e.g. project customers, project manager, project team, senior managers, risk managers, clients, users etc <ref name="ISO" />. Thus mitigating the chance of this process to oversee any events.
 +
The second step in P-AROM is assessing the risks that have prior to the project been identified.
 +
 +
== Assess Risks ==
 +
[[File:Impactassess.PNG|500px|thumb|Figure 2. Impacts within a project with four project objectives.<ref name="MEP4"/>]]
 +
[[File:Assessmentimpactprobability.PNG|400px|thumb|Figure 3. Probability and impact matrix.<ref name="MCON"/>]]
 +
The assessment of the events that has been identified is to prioritize which risks are the most severe and should be dealt with immediately.<ref name="Geraldi" /><ref name="ISO" /> How to determine the priority is through analysis of the probability for the event occurrence and the impact it will have on the project objectives. <ref name="MEP4" /> Resulting in the risk given by the formula:<ref name="dumb"/>
 +
 +
<math>R=I\cdot P</math>
 +
 +
Time-frame and key stakeholders risk tolerance must be considered when the impact of the risk is determined. E.g. if a risk is analysed to directly affect the client or the main investors the impact of that risk will be considered high, compared to a risk that a smaller resource based manager in the project could experience. If key stakeholders in the project withdraws the funding it falls apart, whereas if a resource based manager experiences threats outcomes are often only time delays, scope quality or cost overruns related. This should of course be mitigated as much as possible but the effect on the project will be considerably less devastating.
 +
 +
Considering P-AROM the goal is to analyse the identified risks before the project has begun with the benefit of cost savings. A golden rule within a projects process is that the earlier important decisions are made the greater the return of investment.<ref name="simpli" />
 +
 +
The impact in the equation of risk can be considered in four categories cost, time, scope and quality as shown in figure 2. Already discussed is the cost and time influence in a project but the scope within the project must also be considered when investigating impact. Scope measures the whole process of producing a product. Risk that has a high impact can result in the scope being effectively useless or unacceptable which the stakeholders must address. Furthermore is the quality of the project measured when observing impact. E.g. must the stakeholders be informed if a reduction of scope quality has been detected in the production, with the outcome of them approving or discarding the product.
 +
 +
The popular risk management tool probability/impact shown in figure 3. is used to assess risks. Observing the figure a high impact low probability is explained as rare catastrophe which e.g. cold be a weather storm that ruins scaffolding at a construction site and thereby delaying construction work. This is for a P-AROM perspective very difficult to address but should be implemented pre-handedly in the unpredicted expenses account. For high impact high probability the figure describes this as a probable disaster where a risk manager prevent and mitigate these kind of events as much as possible.
 +
 +
Opportunities in a project that is realised in the early faces is the assessment used to provide the stakeholders with information of how well the opportunities can be exploited. Thus giving them an analysis of how to reach the opportunity and what it provides within the project.
 +
 +
From the analysis the stakeholders must chose the best treatment of the events.This is done by comparing treatments in the categories the most effective, has the highest chance of succes, the most cost benificial etc. Thus follows the treatment of risks.
 +
 +
== Treat Risks ==
 +
The third process step in controlling risks is the treatment, with the purpose of determining the actions needed to reduce the risks and enhance opportunities that have been analysed in the assessment. <ref name="ISO" /> The overall purpose for treatment of the events is for the stakeholders to delegate the resources into the opportunities and risks found in the identification and assessment stages, thus achieving the highest possible return of investment.From DS/ISO it is stated: "Risk treatment includes measures to avoid the risk, to mitigate the risk, to deflect the risk or to develop contingency plans to be used if the risk occurs." <ref name="ISO" />.
 +
Possible actions for the stakeholders will be discussed in the risk control paragraph under risk responses.
 +
How well a treatment of risks is handled determines the projects success with the degree that the outcome of a bad treatment can result in project failure. While a good treatment can lead to enhanced cost and time benefits and scope quality.
 +
 +
When the treatment has been chosen and the result of it conducted, the review is the next process. Hereby will the treatments success rate be investigated which is further explained in the following.
 +
 +
 +
== Risk Review ==
 +
Risk management is a constant process of the four stages with the control as an outcome. The review stage has a goal of monitoring the treatment and update the risk register (explained under the risk control paragraph)<ref name="MEP4" />. The monitoring of the treatment is for assurance of effectiveness and quality of that process. If mistakes were to occur in the treatment the review process will have the purpose of detecting it, thus providing the treatment to be fulfilled without incompletions or gaps.
 +
The review will update the risk register herewith linking back to the identification stage by new and old risks will be identified and then analysed once again. Insuring the treatment was correctly completed thus providing risk control.
 +
 +
Opportunities within the project will have benefits from the review stage by insurance of the treatment was as optimal as possible. Furthermore reviewing the treatment could lead to additional opportunities to be exploited. It would also detect treatment that did not optimise the project and providing the stakeholders with the option of discarding for cost beneficial reasons.
 +
 +
The risk control is addressed in the following section which connects all the four stages in the process.
 +
 +
== Risk Control ==
 +
The objective to control risks is to mitigate the risks influences within a project by using the stages explained. P-AROM actions is modifying the process to avoid and reduce deviations from the original plan. Compared to corrective actions that handles current events which has caused deviation of the original project plan <ref name="Geraldi" />.
 +
 +
Controlling a project from a P-AROM perspective is the key to provide stakeholders with information usable for early decision making, with high return of investment benefits. The mangers want to successful control the project as well as possible to optimise return of investment.
 +
P-AROM can be used to '''control the scope''' of the project with the purpose of smoothing process by maximising opportunities and minimising risks. Tools to reach control of scope: progress data, scope statement, work breakdown structure, activity list and change request. <ref name="Geraldi" />
 +
Additionally '''resource control''' would be carried out to insure availability thus the project work would not experience time delays. Tools used for resource control: project plans, staff assignments, resource availability, progress data, resource requirements, change requests and corrective actions.<ref name="Geraldi" />
 +
A great addition that P-AROM can provide for a project is '''scheduling control'''. Good planning will provide fewer complications within the project. E.g. in a construction project an electrician can not install modules and wiring if the walls have not been made. Thus a good planner will safeguard that the electrician is scheduled to work after walls have been set up.
 +
Tools used for scheduling control: project plans, schedule, progress data, change requests and corrective actions <ref name="Geraldi" />.
 +
'''Cost control''' is an on-going monitoring threw-out the project life cycle with the desire to mitigate budget overruns. E.g. altering the schedule for more time efficiency will be costly due to the stakeholders demands of raise in investment for the extra labour. Tools to obtain cost control: project plans, budget, progress data, actual costs, forecasted cost, change requests and corrective actions <ref name="Geraldi" />.
 +
'''Quality control''' insures standards are being met, the objective of the project is obtained and reduce unwanted failures in the scope. For this tools that can be used for delivering quality control: Deliverables, quality plan, quality control measurements, verified deliverables, inspection reports, progress data, change requests and corrective actions.<ref name="Geraldi" />
 +
These different control areas will help to a minimization of needed '''risk control'''. Risk control is done to mitigate the disruption and increase opportunities that the project could encounter as stated earlier. The tools to risk control is formulated: project plans, risk register, risk responses, progress data, change requests and corrective actions.<ref name="Geraldi" />
 +
Every aspect for controlling will increase the possibility for project success.
 +
 +
[[File:DSISO.PNG|500px|thumb|Figure 4. Inputs and outputs for risk control.<ref name="ISO"/>]]
 +
DS/ISO defines the inputs and outputs for controlling risks as shown in figure 4. The inputs for controlling is a collection of the prior stages outputs in the process thus achieving risk control. The outputs is actions with the intent to mitigate damages to the project. E.g. could this be to diminish cost overruns, insure quality of the scope, effectiveness of the scheduling resulting in mitigation of time delays.
 +
 +
The different primary inputs and outputs for risk control is explained further<ref name="ISO"/>. '''Risk register''' is the primary output from the identification phase this benefits the risk control by sorting of the different events that from the phase as been identified. With the register an overview is provided to the stakeholders that keeps the focus of the possible events.
 +
 +
'''Progress data''' is determined to insure that the treatment applied is working as wanted.
 +
 +
'''Project plans''' is an outcome of the risk control cycle which is the plans of action attributed from the stakeholders with in the project.
 +
 +
'''Risk responses''' is from the treatment of the risks phase, thus providing stakeholders with five choices of responses <ref name="MCON" />. First '''Accept the risk''' simply accept that this risk can occur without further engagement, this is often chosen with risk that have a low probability. Second '''Eternalise the risk''' is delegating the risk to a subcontractor often done when the contractor has more experience or better knowledge of the dependant risk. Third '''Mitigate the risk''' this is done to minimise the probability of the risk to occur often done by changing scope of the project. This is the most used response to risks and thereby one of the greatest reasons for P-AROM has such a high importance for the project manager. Fourth '''Insure or hedge against the risk''' done to prevent risks, such as fires, where the impact will be high but the probability is low. The solution is complicated due to the insurance companies acceptance is needed. Fifth '''Delay the decision''' is done when more information is analysed to give a better outcome of the treatment.
 +
 +
The two outputs shown in figure 4. is elaborated on further. '''Change requests''' is the state where the outcome of the treatment has been decided to change a direction or decision from the original project plan. A simple example could be a firm producing televisions, that discovers the remote produced does not have sufficient possibilities for clients to control the television as wanted. A change request would then come from the product development team for including the features wanted.
 +
The second output from risks control is '''Corrective actions''' which is an action taking within a firm for either manufacturing, systems, documentation or procedures to reassure quality of scope, be within budget and no time delays. E.g. could be a product resource that stops delivering. Actions must be taken to insure the project success by either working more efficient with the resources provided or get a new delivery where stakeholders has to accept the related extra cost.
 +
Both the outcomes would often be a reactive risks management thus meaning that P-AROM have limitations.
 +
 +
[[File:Pokeyoke.png|300px|thumb|Figure 5. Poke Yoke example.<ref name="rolf"/>]]
 +
A third risk control output, not shown on the figure, is a P-AROM orientated action known as '''Preventive actions'''<ref name="simpli" /> this is a action taken to prevent negative events. The action is based of analysis of the product or from managers experience. E.g. the car company Toyota has one of the worlds best developed production systems. Which has been under development since 1950's with the goal of efficient and fast production <ref name="rolf" />. The production system is a product of well performed P-AROM that has improved the companies revenue, market value and efficiency. Solutions that has been made in the production of Toyota cars is e.g. Poka Yoke which insures that wrong assembling can not occur. This is done by making connections between two components impossible to do wrong as shown in figure 5. Prevention action often have a high return of investment due to changes made in the early stages of a project is cheaper rather than later.
 +
 +
 +
== Limitation of the Tool ==
 +
The limitation of P-AROM is the need for corrective risk management. There will always be unexpected events within a project where a corrective action must be taken to get the project back on track. This means that P-AROM is not sufficient for stakeholders to invest in for assuring success, which means that risk management rely heavily on a good budget. The process of P-AROM is costly due to the high amount of labour and hours to identify, assess and treat possible events. Due to the cost of risk management project with low budget can experience limitation in possible depth of the risk management. Thus providing higher risks of uncertainties and limited options to exploit opportunities.
 +
 +
 +
 +
== Annotated Bibliography ==
 +
'''How to do project?''': Covers the basics of project management with focus in projects and the four perspective of projects; purpose, people, complexity and uncertainty.
 +
'''Using Probability – Impact Matrix in Analysis and Risk Assessment Projects''': Had the focus of risk management with different tools such as impact/probability matrix with the R=I*P match model. The article further developed understanding of risk managements importance within projects and used tools to determined impacts measures of different risk events.
 +
'''Paradigme for styringsmanual for Region Hovedstadens Kvalitetsfonds Byggeprojekter''': This was a given article from a project leader within the new super hospitals being build in Denmark. It simply contains information of how the project is delegated with meetings, P-AROM, budget, scope etc.
 +
'''Lecture from project management MEP-4''': This was a power point from the bachelor course project management provided by DTU. The power point and lecture details the perspective uncertainty with definition, tools, how to react and the four stages towards risk control; identification, assessment, treatment and review.
 +
'''Guidance on project management''': Is from an DS/ISO standard that concentrates in explaining how that standard way of treating project management should be done. Furthermore definition of tools and perspectives within management is elaborated on. This source was used to better understand risk controlling.
 +
'''Managing construction projects''': This is a book on project management within constructions. Used in detail to understand risk responses and probability/impact matrix. The book itself covers a lot with in project management such as managing stakeholders, budget, scope, schedule etc.
 +
'''https://simplicable.com''': Was a source that described preventive actions and change request. With examples and definitions of the two.
 +
'''Lecture from Planning and management in construction, Lean construction and last planner system''': A lecture in the course Planning and management in construction provided by DTU. This lecture explained how P-AROM if beneficial for project and companies. Further elaborating on tools that was used in real cases.
  
 
== References  ==
 
== References  ==
  
<references>
+
<references/>
 +
 
 
<ref name="Geraldi"> Geraldi, Joana and Thuesen, Christian and Stingl, Verena and Oehmen, Josef  (2017) How to DO Projects? A Nordic Flavour to Managing Projects
 
<ref name="Geraldi"> Geraldi, Joana and Thuesen, Christian and Stingl, Verena and Oehmen, Josef  (2017) How to DO Projects? A Nordic Flavour to Managing Projects
 
Version 1.0, Publisher: Dansk Standard </ref>
 
Version 1.0, Publisher: Dansk Standard </ref>
Line 131: Line 250:
 
<ref name="simpli"> https://simplicable.com (website copy right 2002-2017) , Publisher: copyscape </ref>
 
<ref name="simpli"> https://simplicable.com (website copy right 2002-2017) , Publisher: copyscape </ref>
 
<ref name="rolf"> Simonsen, Rolf (2017) Lecture from Planning and management in construction, Lean construction and last planner system, Publisher: Technical University of Denmark </ref>
 
<ref name="rolf"> Simonsen, Rolf (2017) Lecture from Planning and management in construction, Lean construction and last planner system, Publisher: Technical University of Denmark </ref>
== Annotated bibliography ==
+
<ref name="dumb"> Dumbravă, Vasile and Severian Iacob, Vlăduț (2013) Using Probability – Impact Matrix in
 +
Analysis and Risk Assessment Projects, Publisher:  Scientific Papers (www.scientificpapers.org)
 +
Journal of Knowledge Management, Economics and Information Technology </ref>

Latest revision as of 19:54, 17 November 2018

Developed by Nicolaj J. B. Thomsen


Contents

[edit] Abstract

Pro-active risk and opportunity management (P-AROM shorten for the sake of this articles length) considers negative and positive events in a project whereas risk and opportunities are the outcome of the events respectively. The purpose being mitigation of risks and enhancement of opportunities in the early phase of the project hereby gaining higher return of investment for the stakeholders. [1] Risk control is a tool used as P-AROM to fulfil its purpose. To obtain risk control a process with four stages is used. First step in the process is to identify the risks, then assess the risks, treat the risks and at last review the treatment of the risks which result in risk control. The fourth step of the process, review, is done for analysing the success rate of the risks responses/treatments.

Risk as definition is probability P times the impact I giving the formula:[2]

R=I\cdot P

Key elements in risk management is to control the probability and impact that events will occur and have. For P-AROM the key is to predict and manage these two values, done with different models, tools and methods described further in this article. Which result in mitigation of risks and enhancement of opportunities that will insure cost and time benefits and increased scope quality.


This tool can be used in any projects but with a high demand on cost, it is often seen optimal in medium to large project e.g. the new super hospitals construction projects in Denmark. The unpredicted cost overruns fund was initially estimated to 7-8% of the budget as a result from a P-AROM analysis done for the projects in the capital region of Denmark. This was later changed to 10-15% in the project process due to higher amount of unpredicted expenses [3]. Which is know as reactive risk management that do changes and solutions due to complications in a on-going project. Thus a limitation of P-AROM is that prediction of every possible scenario is impossible. P-AROM is not limited to the construction industry it can be used for any industry and project, due to it providing necessary analysis of complications that can occur. This article will explain the methodology of P-AROM with an additionally amplification of the method in real cases.


[edit] Introduction

Figure 1. Four stages of classic risk management towards risk control.[4]

Risk management is in general attained by four stages that leads to risk control this process is shown on figure 1. The four stages that form the risk control will be analysed with the perspective of P-AROM. The first phase is the identification of the event which is further specified. The outcome being a list of expected events that can either have a positive effect which is opportunities for the project if govern correctly, or the events can have a negative result leading to risks for the project that is needed to be mitigated. From identification the next phase is assessment of the identified risks and opportunities which by analysis gives the stakeholders possibilities of making a qualified decision, when taking action towards enhancing opportunities and minimizing risks. With a good assessment the risk managers can continue to the next phase which is treating the risks and opportunities. A bad treatment can lead to project failure, cost overruns, time delays, lower scope quality etc. Therefore has the treatment of the events a high influence on how well a projects success rate becomes. With treatment being allocated to the events its effect will be reviewed, being the fourth stage towards risk control. Here complications within the treatment will be identified and reviewed to determined whether the treatment was a success or failure, resulting in the stakeholders to either accept or reject the treatment. From this the identification of the treatments that was not fulfilling will be identified and the cycle of the four phases will be repeated, as shown in the figure 1, thus leading to risk control. From the P-AROM perspective insurance of as few as possible surprise events resulting in cost overruns, time delays and lower scope quality is key. Stakeholders benefits from the tool of P-AROM in mitigation of unwanted incidents that can result in numerous complications for the project and wanted opportunities to be exploited.

The first step, identification, will be addressed in the following.


[edit] Identify Risks

The identification of events has the purpose to determine whether they are positive or negative for the project[1]. Positive outcomes will be categorised as opportunities whereas the negative events will be considered risks for the project. This can change the life cycle of the project process[5]. An opportunity can e.g. mitigate the time development of a certain product within the project. This could be a technological system within a bank that handles clients return of interest in their saving accounts, the developers could discover a new method for handling the data with the positive outcome of minimizing errors. An opportunity could also be material deliverables to a construction site where the collaboration of transport between two stakeholders would lead to a more cost beneficial outcome. Negative events categorised as risks for the project could example cause cost overruns or time delays. E.g. of a time delay could be if resource based managers can not deliver the resources for the scope due to difficulties in the development team that causes delays on the detail drawings. Hereby will the identification help risk managers to locate the problem of the delay and begin assessing it. Resource based manager has to manage and are responsible for the delivery of resources to a project. Identification phase is only identifying possible events that could occur with the assessment and treatment being further steps into the process of risk control. Additionally from the DS/ISO standard should the identification process involve as many stakeholders within the project as possible e.g. project customers, project manager, project team, senior managers, risk managers, clients, users etc [5]. Thus mitigating the chance of this process to oversee any opportunities or risks. The second step in P-AROM is assessing the identified events.

[edit] Assess Risks

Figure 2. Impacts within a project with four project objectives.[4]
Figure 3. Probability and impact matrix.[6]

The assessment of the events that has been identified is done to gain knowledge of which risks and opportunities that should be prioritized[1][5]. How to determine the priority is through analysis of the probability for the events occurrence and the impact they will have on the project objectives[4]. When focusing on the risks the magnitude is given by the formula[2]:

R=I\cdot P

Key stakeholders risk tolerance are considered a higher priority when the impact of the risks is determined. E.g. if a risk is analysed to directly affect the client or the main investors the impact of that risk will be considered high compared to a risk that a smaller resource based manager in the project could experience. This is due to if key stakeholders in the project withdraws the funding as a result of a negative event the project could be terminated. Whereas if a resource based manager experiences negative events which can result in time delays, lower scope quality and/or cost overruns that hurts the project but does not terminate it.

Considering P-AROM the goal is to analyse the identified risks before the project has begun with the benefit of cost savings. A golden rule within a projects process is that the earlier important decisions are made the greater the return of investment[7].

The impact in the equation of risk can be considered in four categories cost, time, scope and quality as shown in figure 2. Already discussed is the cost and time influence in a project but the scope within the project must also be considered when investigating impact. Scope measures the whole process of producing a product. Risk that has a high impact can result in the scope being effectively useless or unacceptable which the stakeholders must address. Furthermore is the quality of the project measured when observing impact. E.g. must the stakeholders be informed if a reduction of scope quality has been detected in the production, with the outcome of them approving or discarding the product.

The popular risk management tool probability/impact matrix shown in figure 3. is used to assess risks. Observing the figure a high impact low probability is explained as rare catastrophe which e.g. cold be a weather storm that ruins scaffolding at a construction site and thereby delaying construction work considerable. This is for a P-AROM perspective very difficult to address but should be implemented pre-handedly in the unpredicted expenses account. For high impact high probability the figure describes this as a probable disaster where a risk manager prevent and mitigate these kind of events as much as possible.

Opportunities in a project that is realised in the early faces is the assessment used to provide the stakeholders with information of how well the opportunities can be exploited. Thus giving them an analysis of how to reach the opportunity and what it provides within the project.

From the analysis the stakeholders must chose the best treatment of the events. This is done by comparing treatments with focus on which is the most effective, has the highest chance of success, the one that is most cost beneficial etc. Thus follows the treatment of risks.

[edit] Treat Risks

The third process step in controlling risks is the treatment, with the purpose of determining the actions needed to reduce the risks and enhance opportunities that have been analysed in the assessment[5]. The overall purpose for treatment of the events is for the stakeholders to delegate the resources into the opportunities and risks found in the identification and assessment stages, thus achieving the highest possible return of investment. From DS/ISO it is stated: "Risk treatment includes measures to avoid the risk, to mitigate the risk, to deflect the risk or to develop contingency plans to be used if the risk occurs." [5]. Possible actions for the stakeholders will be discussed in the risk control paragraph under risk responses. How well a treatment of risks or opportunities is handled determines the projects success with the degree that the outcome of a bad treatment can result in project failure or zero budget benefits. While a good treatment of events can lead to enhanced cost and time benefits and scope quality. When the treatment has been chosen and the result of it conducted the next process is reviewing the outcome. Hereby will the treatments success rate be investigated which is further explained in the following.


[edit] Risk Review

Risk management is a constant process of the four stages with the control as an outcome. The review stage has a goal of monitoring the treatment and update the risk register (explained under the risk control paragraph)[4]. The monitoring of the treatment is for assurance of effectiveness and quality of that process. If mistakes were to occur in the treatment the review process will have the purpose of detecting it, thus providing the treatment to be fulfilled without incompletions or gaps. The review will update the risk register herewith linking back to the identification stage where new and old risks will be identified and then analysed once again. Thus insuring the treatment was a success and providing the project with risk control.

Opportunities within the project will benefit from the review phase by the insurance of the treatment was as optimal as possible. Furthermore reviewing the treatment could lead to discovering additional opportunities to be exploited. It would also detect treatment that did not optimise the project and providing the stakeholders with the option of discarding for cost beneficial reasons.

The review finishes the circle with the risk control as the wanted outcome. The control of risks is further addressed in the following section which connects all the four stages in the process.

[edit] Risk Control

The objective to control risks is to mitigate the risks and enhance the opportunities that influences the project by using the stages explained. Pro.active actions is modifying the process to avoid and reduce deviations from the original plan. Compared to corrective actions that handles current events which has caused deviation of the original project plan [1].

Controlling a project from a P-AROM perspective is the key to provide stakeholders with information usable for early decision making, with the benefit of high return of investment. P-AROM can be used to control the scope of the project with the purpose of smoothing process by maximising opportunities and minimising risks. Tools to reach control of scope: progress data, scope statement, work breakdown structure, activity list and change request [1]. Additionally resource control would be carried out to insure availability thus the project work would not experience time delays. Tools used for resource control: project plans, staff assignments, resource availability, progress data, resource requirements, change requests and corrective actions [1]. A great addition that P-AROM can provide for a project is scheduling control. Good planning will provide fewer complications within the project. E.g. in a construction project an electrician can not install modules and wiring if the walls have not been made. Thus a good planner will safeguard that the electrician is scheduled to work after walls have been set up. Tools used for scheduling control: project plans, schedule, progress data, change requests and corrective actions [1]. Cost control is an on-going monitoring threw-out the project life cycle with the desire to mitigate budget overruns. E.g. altering the schedule for more time efficiency will be costly due to the stakeholders demands of raise in investment for the extra labour. Tools to obtain cost control: project plans, budget, progress data, actual costs, forecasted cost, change requests and corrective actions.[1] Quality control insures standards are being met, the objective of the project is obtained and reduce unwanted failures in the scope. For this tools that can be used for delivering quality control: Deliverables, quality plan, quality control measurements, verified deliverables, inspection reports, progress data, change requests and corrective actions.[1] These different control areas will help to a minimization of needed risk control. Risk control is done to mitigate the disruption that the project could encounter such as stated earlier. The tools to risk control is formulated: project plans, risk register, risk responses, progress data, change requests and corrective actions.[1] All these aspects for controlling will increase the possibility for project success.

Figure 4. Inputs and outputs for risk control.[5]

DS/ISO defines the inputs and outputs for controlling risks as shown in figure 4. The inputs for controlling is a collection of the prior stages outputs in the process thus achieving risk control. The outputs is actions with the intent to mitigate damages to the project. E.g. could this be to diminish cost overruns, insure quality of the scope, effectiveness of the scheduling resulting in mitigation of time delays.

The different primary inputs and outputs for risk control is explained further[5]. Risk register is the primary output from the identification phase this benefits the risk control by sorting of the different events that from the phase as been identified. With the register an overview is provided to the stakeholders that keeps the focus of the possible events.

Progress data is determined to insure that the treatment applied is working as wanted.

Project plans is an outcome of the risk control cycle which is the plans of action attributed from the stakeholders with in the project.

Risk responses is from the treatment of the risks phase, thus providing stakeholders with five choices of responses.[6] First Accept the risk simply accept that this risk can occur without further engagement, this is often chosen with risk that have a low probability. Second Eternalise the risk is delegating the risk to a subcontractor often done when the contractor has more experience or better knowledge of the dependant risk. Third Mitigate the risk this is done to minimise the probability of the risk to occur often done by changing scope of the project. This is the most used response to risks and thereby one of the greatest reasons for P-AROM has such a high importance for the project manager. Fourth Insure or hedge against the risk done to prevent risks such as fires where the impact will be high but the probability is low. The solution is not always available due to the insurance companies acceptance is needed. Fifth Delay the decision is done when more information is analysed to give a better outcome of the treatment.

The two outputs shown in figure 4. is elaborated on further. Change requests is the state where the outcome of the treatment has been decided to change a direction or decision from the original project plan. A simple example could be a firm producing televisions, that discovers the remote produced does not have sufficient possibilities for clients to control the television as wanted. A change request would then come from the product development team for including the features wanted. The second output from risks control is corrective actions which is an action taking within a firm for either manufacturing, systems, documentation or procedures to reassure quality of scope, be within budget and no time delays. E.g. could be a product resource that stops delivering here actions must be taken to either work more efficient with the resources provided or get a new delivery where stakeholders has to accept the related extra cost. Both the outcomes would often be a reactive risks management thus meaning that P-AROM have limitations.

Figure 5. Poke Yoke example.[8]

A third risk control output, not shown on the figure, is a P-AROM orientated action known as preventive actions[7] this is a action taken to prevent negative events. The action is based of analysis of the product or from managers experience. E.g. the car company Toyota has one of the worlds best developed production systems. Which has been under development since 1950's with the goal of efficient and fast production [8]. The production system is a product of well performed P-AROM that has improve the companies value and efficiency. Solutions that has been made in the production of Toyota cars is e.g. Poka Yoke which insures that wrong assembling can not occur. This is done by making connections between two components impossible to do wrong as shown in figure 5. Prevention action often have a high return of investment due to changes made in the early stages of a project is cheaper rather than later.


[edit] Limitation of the Tool

The limitation of P-AROM is the need for preventive risk management. There will always be unexpected events within a project where a preventive action must be taken to get the project back on track. This means that P-AROM is not sufficient for stakeholders to invest in which means that risk management rely heavily on a good budget. Furthermore is the process of P-AROM costly due to the high amount of labour and hours to identify, assess and treat possible events. Due to the cost of risk management project with low budget can experience limitation in possible death of the risk management. Thus providing higher risks of uncertainties and limited options to exploit opportunities.


[edit] Annotated Bibliography

How to do project?: Covers the basics of project management with focus in projects and the four perspective of projects; purpose, people, complexity and uncertainty. Using Probability – Impact Matrix in Analysis and Risk Assessment Projects: Had the focus of risk management with different tools such as impact/probability matrix with the R=I*P match model. The article further developed understanding of risk managements importance within projects and used tools to determined impacts measures of different risk events. Paradigme for styringsmanual for Region Hovedstadens Kvalitetsfonds Byggeprojekter: This was a given article from a project leader within the new super hospitals being build in Denmark. It simply contains information of how the project is delegated with meetings, P-AROM, budget, scope etc. Lecture from project management MEP-4: This was a power point from the bachelor course project management provided by DTU. The power point and lecture details the perspective uncertainty with definition, tools, how to react and the four stages towards risk control; identification, assessment, treatment and review. Guidance on project management: Is from an DS/ISO standard that concentrates in explaining how that standard way of treating project management should be done. Furthermore definition of tools and perspectives within management is elaborated on. This source was used to better understand risk controlling. Managing construction projects: This is a book on project management within constructions. Used in detail to understand risk responses and probability/impact matrix. The book itself covers a lot with in project management such as managing stakeholders, budget, scope, schedule etc. https://simplicable.com: Was a source that described preventive actions and change request. With examples and definitions of the two. Lecture from Planning and management in construction, Lean construction and last planner system: A lecture in the course Planning and management in construction provided by DTU. This lecture explained how P-AROM if beneficial for project and companies. Further elaborating on tools that was used in real cases.

[edit] References

  1. 1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 Geraldi, Joana and Thuesen, Christian and Stingl, Verena and Oehmen, Josef (2017) How to DO Projects? A Nordic Flavour to Managing Projects Version 1.0, Publisher: Dansk Standard
  2. 2.0 2.1 Dumbravă, Vasile and Severian Iacob, Vlăduț (2013) Using Probability – Impact Matrix in Analysis and Risk Assessment Projects, Publisher: Scientific Papers (www.scientificpapers.org) Journal of Knowledge Management, Economics and Information Technology
  3. Enhed for Byggestyring (2017) Paradigme for styringsmanual for Region Hovedstadens Kvalitetsfonds Byggeprojekter Version 3.0, Publisher: Region Hovedstanden
  4. 4.0 4.1 4.2 4.3 Geraldi, Joana and Thuesen, Christian (2017) Lecture from project management MEP-4, Publisher: Technical University of Denmark
  5. 5.0 5.1 5.2 5.3 5.4 5.5 5.6 Guidance on project management (2013) DS/ISO 21500 Version 2.0, Publisher: Dansk Standard
  6. 6.0 6.1 Winch, Graham M. (2010) Managing construction projects Version 2.0, Publisher: 2010 Blackwell Publishing Ltd and 2002 Blackwell Science Ltd
  7. 7.0 7.1 https://simplicable.com (website copy right 2002-2017) , Publisher: copyscape
  8. 8.0 8.1 Simonsen, Rolf (2017) Lecture from Planning and management in construction, Lean construction and last planner system, Publisher: Technical University of Denmark
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox