Pro-active: Risk and Opportunity Management

From apppm
Revision as of 16:26, 30 September 2017 by Kittymaumau (Talk | contribs)

Jump to: navigation, search

Contents

Abstract

Pro-active risk and opportunity management considers risk and opportunity events in a project with the purpose of mitigating the risk and enhance the opportunities before they occur. Risk events occur from uncertainties within a project whereas negative outcome is a risk for the project but positive outcomes can become opportunities for the stakeholders of the project. [1]

To gain risk control for a pro-active risk and opportunity management a process/model is used. First step in the process is to identify the risks, then assess the risks, treat the risks and at last review the treatment of the risks which result in risk control. The fourth step of the process, review, is done for analysing the success rate of the risk response/treatment.

Risk as definition is probability P times the impact I giving the formula:[2]

R=I\cdot P

Therefore is key elements in risk management to control the probability and impact that events will occur and have. For pro-active risk management the key is to predict and manage these two values, done with different models and methods described further in this article. The prediction will have the effect of mitigation of risks and enhanced opportunity events. This tool can be used in any project an example could be the new super hospitals being build in Denmark. Here the unpredicted cost overruns fund was initially at 7-8% as a result from a pro-active risk management analysis. This was later changed to 10-15% in the project process due to higher amount of unpredicted expenses.[3] This is known as reactive risk management, the opposite of pro-active, which taggels events in on-going projects and find solutions. Due to unknown unknowns pro-active risk management can not be perfect and adress every possible event.

The super hospitals case is a construction project but pro-active risk management is not limited to the construction industry. It can be used for any industry and project, due to it providing necessary analysis of complications that can occur. This article will explain the methodology of pro-active risk and opportunity management with an additionally amplification of the method in real cases.


Introduction

Figure 1. Four stages of classic risk management towards risk control.[4]

For risk management there is in general four stages to insure risk control the process is shown on figure 1. The four risk stages that form the risk control will be analysed with the perspective of pro-active risk and opportunity management. For the first face in risk control the identification of the subject/risk event must be specified. This leads to a list of expected events that could either be positive which becomes opportunities for the project if govern correctly or the events could be negative that will lead to risks for the project that is needed to be mitigated. This leads to assessment of the identified risk and opportunities which by analysis gives the managers possibilities of making a right decision when taking action towards enhancing opportunities and minimizing risks. With a good assessment the project manager can treat the risks and opportunities which is known as the third step in the process. Here a bad treatment can lead to project failure, cost overruns, time delays, lower scope quality etc. Therefore has the treatment a high influence in how well a projects life cycle is considered. With treatment being allocated to the project its effect will be reviewed in the fourth stage towards risk control. Here complications within the treatment will be identified and reviewed to determined whether the treatment was a success or failure leading to the project manager to either accept or reject the treatment. From this the identification of the treatments that was not fulfilling will be identified and the cycle will be repeated, as shown in the figure 1, thus leading to risk control. For the pro-active risk management perspective insurance of as few as possible surprises and cost overruns is key.

Project managers needs the tool of pro-active risk and opportunity management for mitigation of unwanted incidents, that can lead to numerous complications for the project and wanted opportunities to be exploited.


The first step, identification, will be addressed in the following.


Identify Risks

The identification of risks has the purpose to determine if risk events occur whether they are positive or negative for the project. [1] For positive outcomes the events will be known as "opportunities" for the project, whereas the negative events is known as "threats/risks" for the project. This can change the life cycle of the project process.[5] An opportunity can mitigate the time development of a certain product within the project. E.g. a technological system within a bank that handles clients return of interest in their saving accounts could developers discover a new method for handling the data that minimizes errors. An opportunity could also be material deliverables to a construction site where the collaboration of transport between two stakeholders would lead to a more cost beneficial outcome. Negative outcomes of events will be seen as threats or risks for the project e.g. cause cost overruns or time delays. A time delay could be if resource based managers can not deliver the resources for the scope due to the development team is delayed on the detail drawings. A resource based manager has to manage and are responsible for the delivery of resources to a project. Hereby will the identification help risk managers to locate the problem of the delay and begin assessing it. Identification analysis will only analyse where events could occur but the assessment and treatment of the events is further steps into the process of risk control. Additionally from the DS/ISO standard should the identification process involve many stakeholders within the project e.g. project customers, project manager, project team, senior managers, risk managers, clients, users etc [5]. Thus mitigating the chance of this process to oversee any events. The second step in pro-active risk management is assessing the risks that have prior to the project been identified.

Assess Risks

Figure 2. Impacts within a project with four project objectives.[4]
Figure 3. Probability and impact matrix.[6]

The assessment of the events that has been identified is to prioritize which risks are the most severe and should be dealt with immediately.[1][5] How to determine the priority is through analysis of the probability for the event occurrence and the impact it will have on the project objectives. [4] Which will lead to the risk given by the formula:[2]

R=I\cdot P

Time-frame and key stakeholders risk tolerance must be considered when the impact of the risk is determined. E.g. if a risk is analysed to directly affect the client or the main investors the impact of that risk will be considered high, compared to a risk that a smaller resource based manager in the project could experience. If key stakeholders in the project withdraws the funding it falls apart, whereas if a resource based manager experiences threats outcomes are often only time delays, scope quality or cost overruns related. This should of course be mitigated as much as possible but the effect on the project will be considerably less devastating.

Considering pro-active risk management the goal is to analyse the identified risks before the project has begun with the benefit of cost savings. A golden rule within a projects process is that the earlier important decisions are made the greater the return of investment.[7]

The impact in the equation of risk can be considered in four categories cost, time, scope and quality as shown in figure 2. Already discussed is the cost and time influence in a project but the scope within the project must also be considered when investigating impact. Scope measures the hole process of producing a product. Risk that has a high impact can lead to the scope being effectively useless or unacceptable which the stakeholders must address. Furthermore is the quality of the project measured when observing impact. E.g. must the stakeholders be informed if a reduction of scope quality has been detected in the production, with the outcome of them approving or discarding the product.

The popular risk management tool probability/impact shown in figure 3. is used to assess risks. Observing the figure a high impact low probability is explained as rare catastrophe which e.g. cold be a weather storm that ruins scaffolding at a construction site and thereby delaying construction work. This is for a pro-active risk managers perspective very difficult to address but should be implemented pre-handedly in the unpredicted expenses account. For high impact high probability the figure describes this as a probable disaster where a risk manager prevent and mitigate these kind of events as much as possible.

Opportunities in a project that is realised in the early faces is the assessment used to provide the stakeholders with information of how well the opportunities can be exploited. Thus giving them an analysis of how to reach the opportunity and what it provides within the project.

From the analysis the stakeholders must chose the best treatment of the events.This is done by comparing treatments in the categories the most effective, has the highest chance of succes, the most cost benificial etc. Thus follows the treatment of risks.

Treat Risks

The third process step in controlling risks is the treatment, with the purpose of determining the actions needed to reduce the risks and enhance opportunities that have been analysed in the assessment. [5] The overall purpose for treatment of the risk is for the stakeholders to delegate the resources into the opportunities and risks found in the identification and assessment stages, thus achieving the highest possible return of investment. Possible actions for the stakeholders will be discussed in the risk control paragraph under risk responses. From DS/ISO it is stated: "Risk treatment includes measures to avoid the risk, to mitigate the risk, to deflect the risk or to develop contingency plans to be used if the risk occurs." [5] How well a treatment of risks is handled determines the projects success with the degree that the outcome of a bad treatment can lead to project failure. While a good treatment can lead to enhanced cost and time benefits and scope quality.


When the treatment has been chosen and the result of it conducted, the review is the next process. Hereby will the treatments succes be investigated this is furhter explained in the following.


Risk Review

Risk management is a constant process of the four stages with the control at focus. The next stage has a goal of reviewing/monitoring the treatment and update the risk register [4]. The monitoring of the treatment is for assurance of effectiveness and quality of that process. If mistakes were to occur in the treatment the monitoring process will have the purpose of detecting it thus providing the treatment to be fulfilled without incompletions or gaps. The update of the risk register is the link to back to the identification because here new risk and old will be identified and then analysed once again to insure the treatment was complete hereby providing risk control.

Opportunities within the project will have benefits of monitoring by insuring that the treatment was as optimal as possible. Furthermore reviewing the process could lead to additional opportunities to be exploited. It would also detect treatment that did not optimise the project and could be terminated for cost beneficial reasons.

The risk control is addressed in the following section this connects all the four stages in the process.

Risk Control

The objective to control risks is to mitigate the risks influences within a project by using the stages explained. Pro-active actions is modifying the process to avoid and reduce deviations from the original plan. Compared to corrective actions that handles current events which has caused deviation of the original project plan. [1]

For controlling a project for a pro-action risk and opportunity management a lot of aspects must be considered thus given examples of these. Pro-active risk management can be used to control the scope of the project with the purpose of smoothing the project process by maximising opportunities and minimising risks. Tools to do this: progress data, scope statement, work breakdown structure, activity list and change request. [1] Some of which are tools focused for the corrective actions within risk control. Additionally resource control would be carried out to insure availability thus the project work would not experience time delays. Tools used for this: project plans, staff assignments, resource availability, progress data, resource requirements, change requests and corrective actions.[1] A great addition that pro-active can provide a project is the scheduling control. Hereby will good planning provide fewer complications within the project. Complications such as stakeholders within the project can not work due to the lack of progress from another stakeholder e.g. in a construction project a electrician can install the electricity if the walls have not been finished. Tools used: project plans, schedule, progress data, change requests and corrective actions.[1] Cost control will be an ongoing monitoring of the risks of budget overruns. Such as altering the schedule will be costly due to the stakeholders demands e.g. if alternating the schedule to be more time efficient stakeholders will demand raise in investment for the extra labour. Tools to obtain this: project plans, budget, progress data, actual costs, forecasted cost, change requests and corrective actions.[1]

Quality control insures standards are being met, the objective of the project is obtained and reduce unwanted failures in the scope. For this tools can be used such as: Deliverables, quality plan, quality control measurements, verified deliverables, inspection reports, progress data, change requests and corrective actions.[1]


Risk control is done to mitigate the disruption that the project could encounter such as stated earlier. The tools to risk control is formulated: project plans, risk register, risk responses, progress data, change requests and corrective actions.[1] All these aspects for controlling will increase the possibility of project and risk controlling success

Figure 4. Inputs and outputs for risk control.[5]

DS/ISO defines the inputs and outputs for controlling risks as shown in figure 4. Here it is seen that the inputs for controlling is a collection of the prior stages in the process thus giving a risk control. The outputs is actions with the intent to mitigate damages to the project. E.g. could this be to diminish cost overruns, insure quality of the scope, effectiveness of the scheduling hereby mitigating time delays.

The different primary inputs and outputs for risk control is explained further[5]. Risk register is the primary output from the identification phase this benefits the risk control by sorting of the different events that from the phase as been indentified. With the register an overview is provided to the stakeholders that keeps the focus of the possible events.

Progress data is determined to insure that the treatment applied is working as wanted.

Project plans is an outcome of the risk control cycle which is the plans of action attributed from the stakeholders with in the project.

Risk responses is from the treatment of the risks phase, thus providing stakeholders with five choices of repsonse.[6] First Accept the risk simply accept that this risk can occur without further engagement, this is often chosen with risk that have a low probability. Second Eternalise the risk is deligating the risk to a subcontractor often done when the contractor has more experience or better knowlegde of the dependant risk. Third Mitigate the risk this is done to minimise the probability of the risk to occur often done by changing scope of the project. This is the most used response to risks and thereby one of the greatest reasons for pro-active risk management has such a high importance for the project manager. Fourth Insure or hedge against the risk this is done for risks such as fires where the impact will be high but the probability is low. This solution is not always available due to the insurance companies acceptance is needed. Fifth Delay the decision is done when more information is analysed to give a better outcome of the treatment.

The two outputs mentioned from risks control is elaborated on further. Change requests is the state where the outcome of the treatmnent has been decided to change a direction or decision from the original project plan. A simple example could be a firm producing televisions, that descovers the remote produced does not have sufficient possibilities for clients to control the television as wanted. A change request would then come from the product development team for including the features wanted. The second output from risks control is corrective actions which is an action taking within a firm for either manufacturing, systems, documentation or procedures to reasure quality of scope, be within budget and no time delays. E.g. could be a product resource that stops delivering here actions must be taken to either work more effecient or get a new delivery that the stakeholders has to accept the related cost. For both the outcomes mentioned from control risks would often be reactive risks management, thus meaning that pro-active risks management have limitations.

Figure 5. Poke Yoke example.[8]

A third risk control output is a pro-active risks management orientated aciton known as preventive actions[7] this is a action taken to prevent negative events. The action is based of analysis of the product or from managers experience. E.g. does the car company Toyota that has one of the worlds best developed production systems. Which has been under development since 1950's with the goal of effecient and fast production [8]. The production systems shows clearly how well a pro-active risks management can improve a companies value and effeciency. Solutions that has been made in the production of Toyota cars is e.g. Poka Yoke which insures that wrong assembling can not accur. This is done by making connections between two components imposible to do worng as shown in figure 5. Prevention action often have a high return of investement due to changes made in the early stages of a project is cheaper rather than later.


Limitation of the tool

References

  1. 1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 Geraldi, Joana and Thuesen, Christian and Stingl, Verena and Oehmen, Josef (2017) How to DO Projects? A Nordic Flavour to Managing Projects Version 1.0, Publisher: Dansk Standard
  2. 2.0 2.1 Dumbravă, Vasile and Severian Iacob, Vlăduț (2013) Using Probability – Impact Matrix in Analysis and Risk Assessment Projects, Publisher: Scientific Papers (www.scientificpapers.org) Journal of Knowledge Management, Economics and Information Technology
  3. Enhed for Byggestyring (2017) Paradigme for styringsmanual for Region Hovedstadens Kvalitetsfonds Byggeprojekter Version 3.0, Publisher: Region Hovedstanden
  4. 4.0 4.1 4.2 4.3 Geraldi, Joana and Thuesen, Christian (2017) Lecture from project management MEP-4, Publisher: Technical University of Denmark
  5. 5.0 5.1 5.2 5.3 5.4 5.5 5.6 Guidance on project management (2013) DS/ISO 21500 Version 2.0, Publisher: Dansk Standard
  6. 6.0 6.1 Winch, Graham M. (2010) Managing construction projects Version 2.0, Publisher: 2010 Blackwell Publishing Ltd and 2002 Blackwell Science Ltd
  7. 7.0 7.1 https://simplicable.com (website copy right 2002-2017) , Publisher: copyscape
  8. 8.0 8.1 Simonsen, Rolf (2017) Lecture from Planning and management in construction, Lean construction and last planner system, Publisher: Technical University of Denmark
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox