Risk Management and Response Planning for Successful Project Execution
Developed by David Rühmkorf
In a time of growing global competition, the outcome of projects is crucial to an organization's business result. Despite this, many projects still suffer from postponements, scope changes, failures, and cancellations. These issues can stem from inadequate risk management practices in projects such as risk identification and decision-making.[1] The objective of project risk management is to enhance the likelihood of favorable outcomes and reduce the probability of potential risks to increase the chances of project success. The PMBOK® Guide describes that unhandled risk can result in deviations from the project strategy and hinder the accomplishment of the project goals. As a result, the outcome of a project is closely linked to the effectiveness of project risk management.[2]
One method that served already as an adequate tool in various areas for identifying risks is the FMEA (Failure Modes and Effects Analysis). By applying an FMEA the project team is able to detect potential risks before they occur, assess their impact on the project outcome, and implement appropriate measures to reduce or prevent them.[3] For an enhancing assessment of the measures and appropriate risk responses, a cost-benefit analysis can be carried out along with the FMEA. By conducting this additional method it can be checked to what extent the execution of the measure makes sense from an economic point of view with regard to the respective project.[4] Overall, it can be crucial for companies to combine these methods and integrate them into their project risk management processes in order to ensure the implementation of appropriate measures and thus achieve project goals and business results.
Contents |
Overview of methods
FMEA
FMEA is a systematic, qualitative method from risk management that is suitable for the identification, analysis and evaluation of risks. The aim of its application is to detect and prevent defects at an early stage in order to optimize product and process risks. Depending on the area of application, a number of different methods can be used in practice. The different types include design, system and process FMEA. A total of seven steps are considered for performing an FMEA. Each steps helps to further develop and to understand the risk profile of a product or a process. All seven steps are illustrated in Figure 1.
With the help of the FMEA, the identified risks can be evaluated and assessed. For the evaluation, the severity(s), occurrence(o) and detection(d) of the failures are considered.[3]
FMEA is a globally recognized method and has been applied for years in various fields, such as the automotive industry. Its use in various areas can help connect fields and increase the use of engineering tools, leading to reduced labor, time, and financial costs. By prioritizing defects based on reliable data, FMEA methods can enable efficient planning that maximizes improvement with reduced resource use. Proper use of FMEA can also significantly reduce risk on a project, promote team ownership in risk planning, and serve as a valuable resource for knowledge management and lessons learned on future projects. The following article will mainly focus on steps 5 and 6 of the FMEA taking into account the cost-benefit analysis.[1]
Cost-benefit analysis
A cost-benefit analysis is a method of data-driven decision-making and serves as a tool to weigh the expected costs and benefits of a project decision to assess whether it is reasonable from an economic point of view. Therefore it is a method that is mainly used in the business environment, by both large companies and start-ups. The fundamental principles and structure can be utilized in nearly any decision-making process, regardless of its commercial or non-commercial orientation.
If the analysis shows that the expected benefits exceed the projected costs, it can be argued that the decision has a positive impact. However, if the costs surpass the benefits, a company may want to reconsider the decision or the overall project.
There can be potential promising benefits from an economic perspective to performing such analysis before relevant organizational decisions are made. Conducting analysis can highlight important information, such as the organization's value chain, the ROI of a project, or the transparency of decisions.
The cost-benefit analysis consists of the following four steps:
- Step 1: Definition of the framework: Determination of the aims and objectives that the analysis tries to achieve. To be able to compare the two factors in an apropriate way, it is important to use the similiar units.
- Step 2: Identification of cost and benefit: For the identification and a better understanding of the costs and benefits, these can be subdivided into sub-areas such as direct or indirect.
- Step 3: Estimate values for costs and benefits: In order to compare the costs with the benefits, a value is calculated or assigned in the previously defined unit. In most cases, this is a monetary value.
- Step 4: Comparing values and determining conclusions: In the last step, the values are compared in order to determine which decision makes sense from an economic point of view.[4]
The importance of risk management in project success
Successful projects are of paramount importance for the long-term existence of companies and organizations. Certainly, statistics show that successful projects tend to be the exception. The Standish Group reports that of approximately 30,000 IT projects in the U.S., only 28% are on schedule and on budget, while nearly 63% are late and 49% are more expensive than planned. Moreover, the cost of failed projects amounts to $38 billion. This shows how much potential for the implementation and execution of projects exists.[5]
The reason for the high proportion of failed or sub-optimal projects can be attributed to various factors. One possible factor can be derived from the definition of a project. According to the PMBOK Guide, a project is “a temporary endeavor undertaken to create a unique product, service, or result”.[6] Due to the fact that a project is defined as something unique, high uncertainties can arise, which in turn can lead to various risks. For this reason, risk management is taking on an increasingly important role within project management.[7]
It is also stated in the Standard for Risk Management in Portfolios, Programs, and Projects that the inclusion of risk management is an essential component for the successful implementation of projects. To address risks, the standard outlines seven steps, including plan risk management, identify risks, perform qualitative risk analysis, perform quantitative risk analysis, plan risk responses, implement risk responses, and monitor risks. This article will focus especially on evaluating risks and plan risk responses.[2]
As already shown above, an FMEA can be used as a tool for the identification and evaluation of risks. Furthermore, this method considers both the probability and impact of a failure in addition to the detection, which is in line with PMI’s requirements for assesing risks.
After assessing and prioritizing each risk that the project team deems to be sufficiently relevant, the responsible persons have to plan and identify accurate risk responses to minimize the adverse effects on the project and its results. By implementing effective and appropriate risk actions, both individual and general project risks can be reduced. Risk responses should be adequate for the magnitude of the risk, cost-effective, and feasible within the project's context.[6] The actions for risk response can be divided into five categories escalate, avoid, transfer, mitigate and accept. Considering the five categories can help the team to better assess the failures and thus be able to develop appropriate actions.
The procedure for developing risk responses involves actions to address risks and their attributes, and incorporating them into relevant plans and budgets. There are three types of methods used in this process:
- Creative methods for determining possible responses
- Decision-support techniques for identifying the best potential response
- Implementation tools are utilized to execute the risk responses
Each of these categories of techniques can be applied to accomplish different goals. This article focuses on selecting the optimal response to align strategy with planning, where CBA is used as a supporting tool to evaluate the costs and benefits of different risk response options.[2]
Application of the tools
The application of the tools will focus on the evaluation of the risks and further on defining and assessing appropriate measures to reduce or prevent identified risks. As previously stated in the general overview of FMEA, the process comprises 7 different steps, with each step being fundamental for achieving a successful implementation. Even though the primary focus of this article is on steps five and six, the significance of each step in the execution process warrants a brief explanation.
The first step, planning and preparation, deals with establishing and defining basic framework conditions that are crucial for the application of the analysis. Tasks include developing a project definition, determining the scope of the analysis, and establishing a baseline for subsequent analyses. For the development of a definition, the project to be analyzed as well as the reason for its implementation are included.
The second part of the system analysis is the structural analysis. It is a methodology, with the help of which the project or system can be divided into elements, action steps, and cause elements. The system elements that have been divided into smaller parts are arranged in a hierarchical tree structure. The element represents the top level of the tree, followed by the individual action steps. The action steps describe the activity that has to be performed to achieve a specific result for the next step. The cause elements follow as the third and lowest level. These specify the previous action step, taking into account the categories according to Ishikawa.
The functional analysis forms the third level of system analysis and describes the tasks of the different system elements. Thus, one or more functions are assigned to each element, action step, and cause element. These can be derived with the help of information such as activities, environments, or times. To visualize the functional relationships, the determined functions can be represented as a tree or network, similar to the structural analysis.
In the next step, the failure mode, cause, and effect are identified as part of the failure analysis. Based on this, failure mode chains can be created. Each chain consists of the three error types already mentioned. The center point is the failure mode. From there, the cause and effects can be derived. The failure effect describes the possible impact on the internal or external customer, which can occur when the error arises. The failure mode refers to the function of the action step and describes potential negative deviations that can occur during application. The third category to be considered is the cause of the error. Here, the reasons for the occurrence of a failure mode are presented. The causes should be as comprehensive and complete as possible so that appropriate measures can be implemented to eliminate them.[3]
The purpose of the risk analysis is to evaluate the errors according to the severity(s), occurrence(o) and detection(d). Tables with a rating scale of 1-10 are used to assess the three categories.Based on the risk assessment, the risk priority number (RPN) can be formed as a measure for analyzing the risk. The RPN is calculated by multiplying the three categories s, o, and d and is between 1 and 1000. This means that the higher the RPN, the more necessary it is from a risk management point of view to consider a measure to improve the number. The RPN alone, however, is not a sufficient technique to draw conclusions for evaluating the risks due to the equal weighting of the categories. For the following reason, the FMEA Handbook has additionally introduced the action priority (AP). This method was created to assign different weights to the categories. In this case, severity is given the highest priority, followed by occurrence and finally detection. To evaluate individual risks, an AP table (Figure 2) was created with ratings of high, medium, and low. Especially, in the case of a high rating, the team should consider implementing measures to reduce the risk. Based on this change, the involved participants can make better decisions to prevent future problems.
For better comprehensibility, an example will be presented to further illustrate the step. In the scenario, the introduction of a new software tool into an invented company is considered. It is important to emphasize that both the errors and evaluations are only estimates and can vary depending on the company and the area of application. Due to the high volume of potential risks, the example contains only one risk, as can be seen in Table 1. This risk was assessed in accordance with categories s, o, and d and classified as high.
Failure Mode | Severity | Failure Cause | Failure Effect | Occurrence | Detection | RPN | AP | Preventive Action | Detection Action |
---|---|---|---|---|---|---|---|---|---|
Performance error | 9 | New software tool leads to slowdown in work processes | Incompatibility with existing systems | 7 | 6 | 336 | H |
Table 1: Example for applying an FMEA from
The final step of failure analysis and risk reduction is optimization. It involves implementing measures aimed at minimizing risks and improving the overall project. Furthermore, the measures introduced are checked for their effectiveness as part of the optimization process. For this purpose, measures must be defined that are specific, quantifiable, and feasible. Once the review is complete, it is important to re-evaluate the occurrence and detection categories.
For instance, the following three preventive action measures were developed as part of the scenario.
1. Compatibility tests with existing systems should be performed before introducing the new software tool.
2. Before the introduction, the code quality and the design of the new tool must be reviewed.
3. Specific performance requirements should be defined before the new tool is introduced.
4. Train employees to ensure that the tool can be used effectively and efficiently.
In the next step, a cost-benefit analysis can be carried out for the four measures to identify the best solution from a business perspective.
- Cost Benefit Analysis has to be implemented here with results
The last level is the documentation of results. The following step deals with the creation of a report. The aim of the documentation is to record the knowledge gained from the analysis for future decisions, discussions, or applications. The report should contain, among other things, the framework defined at the beginning, as well as the general approach. In addition descriptions of the derivation of the functions, the risk assessments, and the newly introduced measures.[3]
Limitations
In various cases, it can be difficult to predict all variables, especially in markets that are subject to frequent changes such as cost fluctuations and environmental influences. Furthermore, inaccuracies may arise when a project has a long time horizon, it may be difficult to make accurate predictions for the future, such as accounting for inflation. In addition, some decisions may be made for non-monetary reasons, in such cases cost-benefit analysis is inappropriate. For these reasons, it is important to consider other tools besides cost-benefit analysis when defining organizational strategies.
Annotated bibliography
References
- ↑ 1.0 1.1 Bahrami, Mahdi et al. (2012). Innovation and Improvements In Project Implementation and Management; Using FMEA Technique. Elsevier Ltd.
- ↑ 2.0 2.1 2.2 Project Management Institute (2019). Standard for Risk Management in Portfolios, Programs, and Projects.
- ↑ 3.0 3.1 3.2 3.3 3.4 AIAG & VDA (2019). FMEA Handbook.
- ↑ 4.0 4.1 Stobierski, Tim (2019). How to Do a Cost-Benefit Analysis & Why It’s Important. Harvard Business School Online. https://online.hbs.edu/blog/post/cost-benefit-analysis.
- ↑ Gomes, Cleber Willian (2012). FMEA to Improve the Project Management. SAE International.
- ↑ 6.0 6.1 Project Management Institute (2021). The Standard for Project Management and A Guide To the Project Management Body of Knowledge (pmbok® Guide). 7th Edition.
- ↑ Pritchard, Carl L. (2000). Advanced risk - how big is your crystal ball?. Paper presented at Project Management Institute Annual Seminars & Symposium, Houston, TX. Newtown Square. Project Management Institute. https://www.pmi.org/learning/library/advanced-risk-organizations-role-management-561