Pro-active: Risk and Opportunity Management

From apppm
Revision as of 10:20, 28 September 2017 by Kittymaumau (Talk | contribs)

Jump to: navigation, search

Contents

Abstract

Pro-active risk and opportunity management considers risk and opportunity events in a project with the purpose of mitigating the risk and enhance the opportunities before they occur. Risk events occur from uncertainties within a project whereas negative outcome is a risk for the project but positive outcomes can become opportunities for the stakeholders of the project.

To gain risk control for a pro-active risk and opportunity management a process/model is used. First step in the process is to identify the risks, then assess the risks, treat the risks and at last review the treatment of the risks which result in risk control. The fourth step of the process, review, is done for analysing the success rate of the risk response/treatment.

Risk as definition is probability P times the impact I giving the formula:

R=I\cdot P

Therefore is key elements in risk management to control the probability and impact that events will occur and have. For pro-active risk management the key is to predict and manage these two values, done with different models and methods described further in this article. The prediction will have the effect of mitigation of risks and enhanced opportunity events.

Introduction

For risk management there is in general four stages to ensure risk control the process is shown on figure 1. The four risk stages that form the risk control will be analysed with the perspective of pro-active risk and opportunity management.

Figure 1. Four stages of classic risk management towards risk control.[1]

For the first face in risk control the identification of the subject/risk event must be specified hereby will identify risks be analysed.



Identify Risks

The identification of risks has the purpose to determine if risk events occur whether they are positive or negative for the project. [2] For positive outcomes the event will be known as "opportunity" for the project, whereas the negative events is known as "threats" for the project. This can change the life cycle of the project process.[3] E.g. can an opportunity mitigate the time development of a certain product within the project or a delivery can be done more cost beneficial if two stakeholders within the project collaborate. Negative outcomes of events will be seen as threats for the project this can e.g. cause cost overruns or time delays. This can be resource based managers that can not produce a product because the detail drawings are delayed. The drawing department is delayed do to the client not being able to give early and precise instructions on what the product must fulfil. Hereby will the identification help risk managers to locate the problem of the delay and begin assessing it. Identification analysis will only analyse where events could occur but the assessment and treatment of the events is further steps into the process of risk control. Additionally from the DS/ISO standard should the identification process involve many stakeholders within the project e.g. project customers, project manager, project team, senior managers, risk managers, clients, users etc. [3] The second step in pro-active risk management is assessing the risks that have prior to the project been identified.

From DS/ISO the primary inputs of this face is the project plans whereas the primary outputs is risk register.[3]

Assess Risks

Figure 2. Impacts within a project with four project objectives.[1]
Figure 3. Probability and impact matrix.[4]

The assessment/analysis of the events that has been identified is to prioritize which risks are the most severe and should be dealt with immediately.[2][3] How to determine the priority is through analysis of the probability for the event occurrence and the impact it will have on the project objectives. [1] Which will lead to the risk given by the formula:

R=I\cdot P

Time-frame and key stakeholders risk tolerance must be considered when the impact of the risk is determined. E.g. if a risk is analysed to directly affect the client or the main investors the impact of that risk will be considered high compared to a risk that a resource based manager in the project could experience. This is due to the importance of the stakeholders if the investors in the project withdraws the funding and the project falls apart. Whereas if a resource based manager experiences threats the worst outcome could be time delays or cost overruns this should of course be mitigated as much as possible but the effect on the project will be considerably lower.

Considering pro-active risk management the goal is to analyse the identified risks before the project has begun with the benefit of cost savings. A golden rule within a projects process is that the earlier important decisions are made the cheaper it is to change.

The impact in the equation of risk can be considered in four categories cost, time, scope and quality as shown in figure 2. Already discussed is the cost and time influence in a project but the scope within the project must also be considered when investigating impact. Scope measures the hole process of producing a product with a high impact this can lead to the scope being effectively useless or unacceptable. Furthermore is the quality of the project measured when observing impact. E.g. must the client be informed of the reduction of quality with the purpose of approving the product or discard it.


From DS/ISO the primary inputs in the assessment is the risk register and project plans hereby giving the output of prioritized risks.

Opportunities in a project that is realised in the early faces is the assessment used to provide the stakeholders with information of how well the opportunities can be exploited. Thus giving them a analysis of how to reach the goal and what that goal then provides within the project.



Treat Risks

The third process step in controlling risks is the treatment with the purpose of determining the actions needed to reduce the risks and enhance opportunities that have been analysed in the assessment. [3] This stage put resources into the opportunities and risks found in the identification process and analysed in the assessment. Thus providing information of where the investment should be and how that investment will pay of. This stage in the process towards risk control measures the necessary treatment for risks. From DS/ISO it is stated: "Risk treatment includes measures to avoid the risk, to mitigate the risk, to deflect the risk or to develop contingency plans to be used if the risk occurs." [3] How well a treatment of risks is handled determines the projects success with the degree that the outcome of a bad treatment can lead to project failure. While a good treatment can lead to enhanced cost benefits and minimise the time schedule.

DS/ISO determines the input of the treat risk process as risk register and project plans with the outcome of risk responses and change requests.


Risk Review

Risk management is a constant process of the four stages with the control at focus. The next stage has a goal of reviewing/monitoring the treatment and update the risk register [1]. The monitoring of the treatment is for assurance of effectiveness and quality of that process. If mistakes were to occur in the treatment the monitoring process will have the purpose of detecting it thus providing the treatment to be fulfilled without incompletions or gaps. The update of the risk register is the link to back to the identification because here new risk and old will be identified and then analysed once again to ensure the treatment was complete hereby providing risk control.

Opportunities within the project will have benefits of monitoring by insuring that the treatment was as optimal as possible. Furthermore reviewing the process could lead to additional opportunities to be exploited. It would also detect treatment that did not optimise the project and could be terminated for cost beneficial reasons.

Risk Control

The objective to control risks is to mitigate the risks influences within a project by using the stages explained. Pro-active actions is modifying the process to avoid and reduce deviations from the original plan. Compared to corrective actions that handles current events which has caused deviation of the original project plan. [2]

For controlling a project for a pro-action risk and opportunity management a lot of aspects must be considered thus given examples of these. Pro-active risk management can be used to control the scope of the project with the purpose of smoothing the project process by maximising opportunities and minimising risks. Tools to do this: progress data, scope statement, work breakdown structure, activity list and change request. [2] Some of which are tools focused for the corrective actions within risk control. Additionally resource control would be carried out to ensure availability thus the project work would not experience time delays. Tools used for this: project plans, staff assignments, resource availability, progress data, resource requirements, change requests and corrective actions.[2] A great addition that pro-active can provide a project is the scheduling control. Hereby will good planning provide fewer complications within the project. Complications such as stakeholders within the project can not work due to the lack of progress from another stakeholder e.g. in a construction project a electrician can install the electricity if the walls have not been finished. Tools used: project plans, schedule, progress data, change requests and corrective actions.[2] Cost control will be an ongoing monitoring of the risks of budget overruns. Such as altering the schedule will be costly due to the stakeholders demands e.g. if alternating the schedule to be more time efficient stakeholders will demand raise in investment for the extra labour. Tools to obtain this: project plans, budget, progress data, actual costs, forecasted cost, change requests and corrective actions.[2]

Quality control ensures standards are being met, the objective of the project is obtained and reduce unwanted failures in the scope. For this tools can be used such as: Deliverables, quality plan, quality control measurements, verified deliverables, inspection reports, progress data, change requests and corrective actions.[2]


Risk control is done to mitigate the disruption that the project could encounter such as stated earlier. The tools to risk control is formulated: project plans, risk register, risk responses, progress data, change requests and corrective actions.[2] All these aspects for controlling will increase the possibility of project and risk controlling success


DS/ISO defines the inputs and outputs for controlling risks as shown in figure 3. Here it is seen that the inputs for controlling is a collection of the prior stages in the process thus giving a risk control. The outputs is actions with the intent to mitigate damages to the project. E.g. could this be to diminish cost overruns, ensure quality of the scope, effectiveness of the scheduling hereby mitigating time delays.

Figure 4. Inputs and outputs for risk control.[3]




Application

References

  1. 1.0 1.1 1.2 1.3 Geraldi, Joana and Thuesen, Christian (2017) Lecture from project management MEP-4, Publisher: Technical University of Denmark
  2. 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Geraldi, Joana and Thuesen, Christian and Stingl, Verena and Oehmen, Josef (2017) How to DO Projects? A Nordic Flavour to Managing Projects Version 1.0, Publisher: Dansk Standard
  3. 3.0 3.1 3.2 3.3 3.4 3.5 3.6 Guidance on project management (2013) DS/ISO 21500 Version 2.0, Publisher: Dansk Standard
  4. Winch, Graham M. (2010) Managing construction projects Version 2.0, Publisher: 2010 Blackwell Publishing Ltd and 2002 Blackwell Science Ltd
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox