Pro-active: Risk and Opportunity Management
Contents |
Abstract
Pro-active risk and opportunity management considers risk and opportunity events in a project with the purpose of mitigating the risk and enhance the opportunities before they occur. Risk events occur from uncertainties within a project whereas negative outcome is a risk for the project but positive outcomes can become opportunities for the stakeholders of the project. [1]
To gain risk control for a pro-active risk and opportunity management a process/model is used. First step in the process is to identify the risks, then assess the risks, treat the risks and at last review the treatment of the risks which result in risk control. The fourth step of the process, review, is done for analysing the success rate of the risk response/treatment.
Risk as definition is probability P times the impact I giving the formula:[2]
Therefore is key elements in risk management to control the probability and impact that events will occur and have. For pro-active risk management the key is to predict and manage these two values, done with different models and methods described further in this article. The prediction will have the effect of mitigation of risks and enhanced opportunity events. This tool can be used in any project an example could be the new super hospitals being build in Denmark. Here the unpredicted cost overruns fund was initially at 7-8% as a result from a pro-active risk management analysis. This was later changed to 10-15% in the project process due to higher amount of unpredicted expenses.[3] This is known as reactive risk management, the opposite of pro-active, which taggels events in on-going projects and find solutions. Due to unknown unknowns pro-active risk management can not be perfect and adress every possible event.
The super hospitals case is a construction project but pro-active risk management is not limited to the construction industry. It can be used for any industry and project, due to it providing necessary analysis of complications that can occur. This article will explain the methodology of pro-active risk and opportunity management with an additionally amplification of the method in real cases.
Introduction
For risk management there is in general four stages to insure risk control the process is shown on figure 1. The four risk stages that form the risk control will be analysed with the perspective of pro-active risk and opportunity management. For the first face in risk control the identification of the subject/risk event must be specified. This leads to a list of expected events that could either be positive which becomes opportunities for the project if govern correctly or the events could be negative that will lead to risks for the project that is needed to be mitigated. This leads to assessment of the identified risk and opportunities which by analysis gives the managers possibilities of making a right decision when taking action towards enhancing opportunities and minimizing risks. With a good assessment the project manager can treat the risks and opportunities which is known as the third step in the process. Here a bad treatment can lead to project failure, cost overruns, time delays, lower scope quality etc. Therefore has the treatment a high influence in how well a projects life cycle is considered. With treatment being allocated to the project its effect will be reviewed in the fourth stage towards risk control. Here complications within the treatment will be identified and reviewed to determined whether the treatment was a success or failure leading to the project manager to either accept or reject the treatment. From this the identification of the treatments that was not fulfilling will be identified and the cycle will be repeated, as shown in the figure 1, thus leading to risk control. For the pro-active risk management perspective insurance of as few as possible surprises and cost overruns is key.
Project managers needs the tool of pro-active risk and opportunity management for mitigation of unwanted incidents, that can lead to numerous complications for the project and wanted opportunities to be exploited.
The first step, identification, will be addressed in the following.
Identify Risks
The identification of risks has the purpose to determine if risk events occur whether they are positive or negative for the project. [1] For positive outcomes the events will be known as "opportunities" for the project, whereas the negative events is known as "threats/risks" for the project. This can change the life cycle of the project process.[5] An opportunity can mitigate the time development of a certain product within the project. E.g. a technological system within a bank that handles clients return of interest in their saving accounts could developers discover a new method for handling the data that minimizes errors. An opportunity could also be material deliverables to a construction site where the collaboration of transport between two stakeholders would lead to a more cost beneficial outcome. Negative outcomes of events will be seen as threats or risks for the project e.g. cause cost overruns or time delays. A time delay could be if resource based managers can not deliver the resources for the scope due to the development team is delayed on the detail drawings. A resource based manager has to manage and are responsible for the delivery of resources to a project. Hereby will the identification help risk managers to locate the problem of the delay and begin assessing it. Identification analysis will only analyse where events could occur but the assessment and treatment of the events is further steps into the process of risk control. Additionally from the DS/ISO standard should the identification process involve many stakeholders within the project e.g. project customers, project manager, project team, senior managers, risk managers, clients, users etc [5]. Thus mitigating the chance of this process to oversee any events. The second step in pro-active risk management is assessing the risks that have prior to the project been identified.
Assess Risks
The assessment of the events that has been identified is to prioritize which risks are the most severe and should be dealt with immediately.[1][5] How to determine the priority is through analysis of the probability for the event occurrence and the impact it will have on the project objectives. [4] Which will lead to the risk given by the formula:[2]
Time-frame and key stakeholders risk tolerance must be considered when the impact of the risk is determined. E.g. if a risk is analysed to directly affect the client or the main investors the impact of that risk will be considered high, compared to a risk that a smaller resource based manager in the project could experience. If key stakeholders in the project withdraws the funding it falls apart, whereas if a resource based manager experiences threats outcomes are often only time delays, scope quality or cost overruns related. This should of course be mitigated as much as possible but the effect on the project will be considerably less devastating.
Considering pro-active risk management the goal is to analyse the identified risks before the project has begun with the benefit of cost savings. A golden rule within a projects process is that the earlier important decisions are made the greater the return of investment.[7]
The impact in the equation of risk can be considered in four categories cost, time, scope and quality as shown in figure 2. Already discussed is the cost and time influence in a project but the scope within the project must also be considered when investigating impact. Scope measures the hole process of producing a product. Risk that has a high impact can lead to the scope being effectively useless or unacceptable which the stakeholders must address. Furthermore is the quality of the project measured when observing impact. E.g. must the stakeholders be informed if a reduction of scope quality has been detected in the production, with the outcome of them approving or discarding the product.
The popular risk management tool probability/impact shown in figure 3. is used to assess risks. Observing the figure a high impact low probability is explained as rare catastrophe which e.g. cold be a weather storm that ruins scaffolding at a construction site and thereby delaying construction work. This is for a pro-active risk managers perspective very difficult to address but should be implemented pre-handedly in the unpredicted expenses account. For high impact high probability the figure describes this as a probable disaster where a risk manager prevent and mitigate these kind of events as much as possible.
Opportunities in a project that is realised in the early faces is the assessment used to provide the stakeholders with information of how well the opportunities can be exploited. Thus giving them an analysis of how to reach the opportunity and what it provides within the project.
From the analysis the stakeholders must chose the best treatment of the events.This is done by comparing treatments in the categories the most effective, has the highest chance of succes, the most cost benificial etc. Thus follows the treatment of risks.
Treat Risks
The third process step in controlling risks is the treatment, with the purpose of determining the actions needed to reduce the risks and enhance opportunities that have been analysed in the assessment. [5] The overall purpose for treatment of the events is for the stakeholders to delegate the resources into the opportunities and risks found in the identification and assessment stages, thus achieving the highest possible return of investment.From DS/ISO it is stated: "Risk treatment includes measures to avoid the risk, to mitigate the risk, to deflect the risk or to develop contingency plans to be used if the risk occurs." [5]. Possible actions for the stakeholders will be discussed in the risk control paragraph under risk responses. How well a treatment of risks is handled determines the projects success with the degree that the outcome of a bad treatment can lead to project failure. While a good treatment can lead to enhanced cost and time benefits and scope quality.
When the treatment has been chosen and the result of it conducted, the review is the next process. Hereby will the treatments success rate be investigated which is further explained in the following.
Risk Review
Risk management is a constant process of the four stages with the control as an outcome. The review stage has a goal of monitoring the treatment and update the risk register (explained under the risk control paragraph)[4]. The monitoring of the treatment is for assurance of effectiveness and quality of that process. If mistakes were to occur in the treatment the review process will have the purpose of detecting it, thus providing the treatment to be fulfilled without incompletions or gaps. The review will update the risk register herewith linking back to the identification stage by new and old risks will be identified and then analysed once again. Insuring the treatment was correctly completed thus providing risk control.
Opportunities within the project will have benefits from the review stage by insurance of the treatment was as optimal as possible. Furthermore reviewing the treatment could lead to additional opportunities to be exploited. It would also detect treatment that did not optimise the project and providing the stakeholders with the option of discarding for cost beneficial reasons.
The risk control is addressed in the following section which connects all the four stages in the process.
Risk Control
The objective to control risks is to mitigate the risks influences within a project by using the stages explained. Pro-active actions is modifying the process to avoid and reduce deviations from the original plan. Compared to corrective actions that handles current events which has caused deviation of the original project plan [1].
Controlling a project from a pro-action risk and opportunity management perspective is the key to provide stakeholders with information usable for early decision making, with high return of investment benefits. The mangers want to successful control the project as well as possible to optimise return of investment. Pro-active risk management can be used to control the scope of the project with the purpose of smoothing process by maximising opportunities and minimising risks. Tools to do control of scope: progress data, scope statement, work breakdown structure, activity list and change request. [1] Additionally resource control would be carried out to insure availability thus the project work would not experience time delays. Tools used for resource control: project plans, staff assignments, resource availability, progress data, resource requirements, change requests and corrective actions.[1] A great addition that pro-active risks and opportunity management can provide for a project is scheduling control. Good planning will provide fewer complications within the project. E.g. in a construction project an electrician can not install modules if the walls have not been made. Thus a good planner will safeguard that the electrician is scheduled to work after walls have been set up. Tools used for scheduling control: project plans, schedule, progress data, change requests and corrective actions.[1] Cost control is an ongoing monitoring threw-out the project life cycle with the desire to mitigate budget overruns. E.g. altering the schedule for more time efficiency will be costly due to the stakeholders demands of raise in investment for the extra labour. Tools to obtain cost control: project plans, budget, progress data, actual costs, forecasted cost, change requests and corrective actions.[1] Quality control insures standards are being met, the objective of the project is obtained and reduce unwanted failures in the scope. For this tools that can be used for delivering quality control: Deliverables, quality plan, quality control measurements, verified deliverables, inspection reports, progress data, change requests and corrective actions.[1] These different control areas will help to a minimization of needed risk control. Risk control is done to mitigate the disruption that the project could encounter such as stated earlier. The tools to risk control is formulated: project plans, risk register, risk responses, progress data, change requests and corrective actions.[1] All these aspects for controlling will increase the possibility for project success.
DS/ISO defines the inputs and outputs for controlling risks as shown in figure 4. The inputs for controlling is a collection of the prior stages outputs in the process thus achieving risk control. The outputs is actions with the intent to mitigate damages to the project. E.g. could this be to diminish cost overruns, insure quality of the scope, effectiveness of the scheduling leading to mitigation of time delays.
The different primary inputs and outputs for risk control is explained further[5]. Risk register is the primary output from the identification phase this benefits the risk control by sorting of the different events that from the phase as been indentified. With the register an overview is provided to the stakeholders that keeps the focus of the possible events.
Progress data is determined to insure that the treatment applied is working as wanted.
Project plans is an outcome of the risk control cycle which is the plans of action attributed from the stakeholders with in the project.
Risk responses is from the treatment of the risks phase, thus providing stakeholders with five choices of repsonse.[6] First Accept the risk simply accept that this risk can occur without further engagement, this is often chosen with risk that have a low probability. Second Eternalise the risk is deligating the risk to a subcontractor often done when the contractor has more experience or better knowlegde of the dependant risk. Third Mitigate the risk this is done to minimise the probability of the risk to occur often done by changing scope of the project. This is the most used response to risks and thereby one of the greatest reasons for pro-active risk management has such a high importance for the project manager. Fourth Insure or hedge against the risk this is done for risks such as fires where the impact will be high but the probability is low. This solution is not always available due to the insurance companies acceptance is needed. Fifth Delay the decision is done when more information is analysed to give a better outcome of the treatment.
The two outputs mentioned from risks control is elaborated on further. Change requests is the state where the outcome of the treatmnent has been decided to change a direction or decision from the original project plan. A simple example could be a firm producing televisions, that descovers the remote produced does not have sufficient possibilities for clients to control the television as wanted. A change request would then come from the product development team for including the features wanted. The second output from risks control is corrective actions which is an action taking within a firm for either manufacturing, systems, documentation or procedures to reasure quality of scope, be within budget and no time delays. E.g. could be a product resource that stops delivering here actions must be taken to either work more effecient or get a new delivery that the stakeholders has to accept the related cost. For both the outcomes mentioned from control risks would often be reactive risks management, thus meaning that pro-active risks management have limitations.
A third risk control output is a pro-active risks management orientated aciton known as preventive actions[7] this is a action taken to prevent negative events. The action is based of analysis of the product or from managers experience. E.g. does the car company Toyota that has one of the worlds best developed production systems. Which has been under development since 1950's with the goal of effecient and fast production [8]. The production systems shows clearly how well a pro-active risks management can improve a companies value and effeciency. Solutions that has been made in the production of Toyota cars is e.g. Poka Yoke which insures that wrong assembling can not accur. This is done by making connections between two components imposible to do worng as shown in figure 5. Prevention action often have a high return of investement due to changes made in the early stages of a project is cheaper rather than later.
Limitation of the tool
References
- ↑ 1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 Geraldi, Joana and Thuesen, Christian and Stingl, Verena and Oehmen, Josef (2017) How to DO Projects? A Nordic Flavour to Managing Projects Version 1.0, Publisher: Dansk Standard
- ↑ 2.0 2.1 Dumbravă, Vasile and Severian Iacob, Vlăduț (2013) Using Probability – Impact Matrix in Analysis and Risk Assessment Projects, Publisher: Scientific Papers (www.scientificpapers.org) Journal of Knowledge Management, Economics and Information Technology
- ↑ Enhed for Byggestyring (2017) Paradigme for styringsmanual for Region Hovedstadens Kvalitetsfonds Byggeprojekter Version 3.0, Publisher: Region Hovedstanden
- ↑ 4.0 4.1 4.2 4.3 Geraldi, Joana and Thuesen, Christian (2017) Lecture from project management MEP-4, Publisher: Technical University of Denmark
- ↑ 5.0 5.1 5.2 5.3 5.4 5.5 5.6 Guidance on project management (2013) DS/ISO 21500 Version 2.0, Publisher: Dansk Standard
- ↑ 6.0 6.1 Winch, Graham M. (2010) Managing construction projects Version 2.0, Publisher: 2010 Blackwell Publishing Ltd and 2002 Blackwell Science Ltd
- ↑ 7.0 7.1 https://simplicable.com (website copy right 2002-2017) , Publisher: copyscape
- ↑ 8.0 8.1 Simonsen, Rolf (2017) Lecture from Planning and management in construction, Lean construction and last planner system, Publisher: Technical University of Denmark