Journal Article Review

profilevkarri249312
out.pdf

Project risk planning in high-tech new product development

Planificación de Riesgos en Proyectos para el Desarrollo

de Nuevos Productos de Alta Tecnología

Jorge Ayala-Cruz University of Puerto Rico, San Juan, Puerto Rico

Abstract Purpose – The purpose of this paper is to present the implementation and testing of a modified project risk management framework that integrates PMI’s framework with Monte Carlo simulation to improve the effectiveness in high-tech new product development (NPD) projects. Design/methodology/approach – The modified framework considers three bodies of knowledge: project management, risk management, and Monte Carlo simulation to produce an enhance project risk management framework. Its application is shown through a case study. Findings – Using the integrated framework in a recent case study project and prior NPD projects measures (as benchmarks), it was shown that it could help to enhance risk responses caused by task durations and costs’ uncertainties. The framework proved to be better than segregated generic best practices and was key in providing insight to the issue of early project risk assessment. Research limitations/implications – More experimental replications are required for enhancement effectiveness assertions of the framework, through the application of the framework to similar case studies. Furthermore, this could improve its reliability and soundness. Practical implications – Future directions for research could include case and empirical studies that include hypothesis’s testing, and the integration of optimization procedure for improved NPD project’s planning and execution. Originality/value – This paper outlines a way to close the gap of project risks management planning in NPD’s initiatives. It was motivated by a relatively new tendency in exploring integrated frameworks to deal with complex project risks issues. Keywords Project management, Risk management, New product development, CLADEA-2015 Paper type Research paper

Resumen Estructurado Propósito – La investigación presenta la implementación y demostración de un esquema modificado de gestión de riesgos para proyectos que integra el esquema propuesto por el Project Management Institute (PMI) con la simulación Monte Carlo para mejorar la eficacia de proyectos de desarrollo de nuevos productos (DNP) de alta tecnología. Diseño/metodología/enfoque – El esquema modificado considera tres áreas de conocimiento: gestión de proyectos, gestión de riesgos y simulación Monte Carlo, para producir un mejor esquema de gestión de riesgos del proyecto. Su aplicación se demuestra a través de un estudio de caso.

Academia Revista Latinoamericana de Administración Vol. 29 No. 2, 2016 pp. 110-124 © Emerald Group Publishing Limited 1012-8255 DOI 10.1108/ARLA-11-2015-0297

Received 25 November 2015 Revised 25 November 2015 Accepted 12 March 2016

The current issue and full text archive of this journal is available on Emerald Insight at: www.emeraldinsight.com/1012-8255.htm

110

ARLA 29,2

Resultados – Utilizando el esquema integrado en un reciente estudio de caso de un proyecto y previos proyectos de DNP como puntos de referencia, se demostró que el esquema podría ayudar a mejorar las estrategias de respuestas a los riesgos causados por la incertidumbre en la duración de las tareas y costos asociado a estos proyectos. El esquema ha demostrado ser más eficiente que aquellos propuestos como mejores prácticas genéricas, proporcionando un claro entendimiento sobre el tema de la evaluación de riesgos en la fase inicial de proyectos DNP. Limitaciones/implicaciones – Se requieren más repeticiones experimentales para mejorar la eficacia de las afirmaciones del esquema, a través de su aplicación a estudios de casos similares. Por otra parte, esto podría mejorar su confiabilidad y estabilidad. Implicaciones prácticas – Futuras investigaciones podrían incluir estudios de casos y estudios empíricos que incluyan pruebas de hipótesis e integración de procedimientos de optimización para mejorar la planificación y ejecución de proyectos de DNP. Originalidad/valor – El estudio describe una forma de cerrar la brecha en la planificación de gestión de riesgos de proyecto en la industria. Fue motivada por una relativamente nueva tendencia en la investigación de esquemas integrados para hacer frente a asuntos de riesgos en proyectos complejos. Palabras Claves Gestión de proyectos, Gestión de riesgos, Simulación Monte Carlo, Desarrollo de nuevos productos, CLADEA-2015 Tipo de papel Trabajo de investigación

1. Introduction During the last two decades, there has been an increasing number of published research on risk management in high-tech product development projects (Hobday, 2000). They showed numerous risk complexities presented in software design and system engineering projects, and in high-tech multi-project programs (Cohen et al., 2014; Gil and Tether, 2011; Midler and Silberzahn, 2008; Söderlund, 2004; Van Der Merwe, 1997). In these projects, risks are caused by uncertain elements within the tasks, tasks’ interdependencies, and the project’s structure. They manifest in events such as deviations in tasks’ durations, cost overruns, and inadequate resources allocations, and could be exacerbated by either internal or external sources (Ferns, 1991; Pellegrinelli, 1997).

Companies planning new product development (NPD) projects, often underestimate these complexities and their potential consequences on their objectives. These projects face a wide variety of risks, hindered in very different ways, among various levels (Zacharias et al., 2008). Their lengthy relative durations, high costs, and the unbalanced requirement of resources makes the risk management process a necessity. On the market side, most new products that reach their targeted marketplace could have a relatively short time-span left based on patent protection expiration, low entry barriers, and substitutes’ strengths, creating additional pressures and uncertainties. Therefore, a thorough risk management exercise is needed to prepare for the effects that stemmed from these complexities.

Recent studies have tackled the issue from several angles. For example, setbacks caused by inappropriate dependencies’ assumptions and lack of coordination among task’s elements have Foster research in the understanding of the role of contracts’ on the project’s outcomes (Martinelli et al., 2014). The result has been an increase in the number of improved project risk management frameworks that integrate current best practices to tackle these and other project risk management issues.

This paper considers the integration of three bodies of knowledge (project management, risk management, and Monte Carlo simulation) to produce a modified project risk management analytical framework, suitable for NPD projects. It is centered on the risk management framework proposed by the Project Management Institute (PMI) linked to a Monte Carlo simulation procedure for risk assessment to analyzed

111

Project risk planning in

high-tech NPD

NPD project’s task elements uncertainties (Elmaallam and Kriouile, 2011; Project Management Institute, 2013). For the purpose of illustration, a case study of an NPD project conducted during 2012-2014 was used. For confidentiality, the name of the company is not revealed and will be referred as “The Company.” It contributes to the discussion of improving NPD project management, introducing a framework that considers stochastics behaviors within the tasks’ elements and among their dependencies. The presented study might also stimulate and facilitate the progress of such cross-disciplinary best practices discussions.

2. Theoretical background 2.1 Risks In general, a risk refers to a possible future event that could impact the successful completion of at least one intended objectives. This definition applies to either project and process based initiatives. Most authors in risk management recognized that there is a distinction between the uncertainty and risk, and have provided definitions of both based on a cause-and-effect behavior (Bellos et al., 2004). In the academic literature, risks definitions emphasized stakeholders’ attitude toward risk (Chapman and Ward, 1996; Turner and Müller, 2005). Furthermore, professional associations have their particular interpretations that take into account the primary activities of their affiliates. Due to these discrepancies, there is no accepted definition of the term “risk.” Therefore, in this study it was: used PMI’s risk definition (“[…] an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as […]”); assumed a distinction of cause-and-effect; and included two other terms, event and issue, to appropriate address numerous concerns during risk’s assessment, as have been done by other authors (Mousavi and Gigerenzer, 2014; Rasmussen, 2013; Saunders et al., 2015).

Considering risk as a part of a cause-and-effect process, a cause is related to at least a task element’s uncertainty, such as duration, cost, quality inadequacy, resource availability, or task dependencies. In this process view, the risk is the concern that something would not be met or done (or something that could be a lost), and the effect is the consequence. For example, inadvertently a supplier over sighted the quality of a product (the cause); consequently, the production unit that received this product (e.g. parts, components, or services) had to use defectives products (the risk), resulting in a shortfall in the production unit’s productivity (the effect). While in this example the discussion only considered one cause and one effect, in reality, a risk might be the product of various causes and generate many effects (see Figure 1).

PMI distinguished between a risk and an issue. The simple distinction is that the former has not happened yet. The latter has already happened and might be the result of an unidentified risk, thus should be addressed at once. In the author’s experience, for all practical purposes, an identified high-impact risk should be considered an “issue” if it has a high probability of occurrence. Whatever the case may be, to be a successful project manager, risks have to be proactively planned. This proactive approach

Risk

Effect 1Cause 1

Cause 2

Cause n

Effect 2

Effect m

• • •••

Figure 1. Cause-and-effect risk’s process

112

ARLA 29,2

embraces three critical issues: first, it is impossible to account for all risks; second, it is not feasible to respond to all identified risks; and third, risks tend to decrease and impacts to increase as the project progresses (Yeo and Ren, 2009).

2.2 Frameworks Most risk management frameworks suggest sequential processes to assess, planning, and control hazards. The goal of these frameworks is to provide a set of guidelines based on best practices in the identification, categorization, and prioritization of risks. At this stage, most frameworks recommend using quantitative approaches to understanding further troubling risks. Once these processes has been completed, risk response strategies are recommended based on the likelihood (probability) and severity of consequences (impact) of the risk, some cost-benefit company policy, or some trade- off between risk response requirements and risk potential outcomes (de Carvalho et al., 2015; Guzman and Asgari, 2014). In most cases, these frameworks endorse using quantitative approaches in risk assessment to support the selection of risk response strategies (Guled et al., 2012).

During the last decade, most risk management frameworks has been developed based on ISO 31000:2009 principles and guidelines (D’Ignazio et al., 2011; Preda, 2013; Raydugin, 2012; Wiboonrat, 2011). This standard was published as a generic framework to safeguards a consistent approach to risk management, providing principles, framework, and a process for managing risk in processes and projects, as shown in Figure 2.

Table I shows several studies that have used project risk management frameworks based on ISO 31000:2009. As can be seen, some studies used all processes recommended by the standard (marked with an X). They confirm the lack of consensus regarding what methods should be utilized in a project risk management framework: only risk identification, risk analysis, and risk evaluation were utilized in all studies, and most centered on issues related to durations, costs, and tasks’ dependencies.

Risk management in projects has received a distinctive consideration by PMI. It is an integrative sequential process that accompanies a project in its initiation, planning, execution, control, and closure processes: Figure 3 shows the interaction perspective of

Establishing the Context

Risk Identification

Risk Analysis

Risk Evaluation

Risk Treatment

M o n ito

rin g a

n d R

e vie

w

C o m

m u n ic

a tio

n a

n d C

o n su

lta tio

n

Source: ISO 31000:2009 risk management principles and

guidelines

Figure 2. ISO 31000:2009 processes for

managing risk

113

Project risk planning in

high-tech NPD

these processes. Pekkinen and Aaltonen (2015), Sanz and Bernad Silva (2014), and Too and Weaver (2014) have discussed in detail its implementation. Many formal project risk management frameworks are extensions of PMI’s (Carbone and Tippett, 2004; Herroelen, 2014).

Some companies used ad hoc frameworks based on an array of standards, norms, or references, including those shown in the following Table II. Most of these frameworks

Sample studies

Communication and

consultation Establishing the context

Risk identification

Risk analysis

Risk evaluation

Risk response strategies

Monitoring and review

Oehmen et al. (2014) X X X X X X X Gangadharan et al. (2013)

X X X X

Perano (2012) X X X X X X Löhr and Khushnood (2012)

X X X X X X

Olechowski et al. (2012)

X X X X

Arnold (2013) X X X X X X Yashin and Semenov (2013)

X X X X X X

Maria-Sanchez (2012)

X X X X X

Table I. ISO 31000:2009 processes in project risk management

Risk Management

Planning

Risk Identification

Qualitative Risk Analysis

Qualitative Risk Analysis

Risk Response Planning

Risk Control

Figure 3. PMI’s PMBOK® risk management area of knowledge

114

ARLA 29,2

were developed for business continuity management, supply chain risk management, or enterprise risk management. Therefore, they focus on the organization’s primary interest risk management scope and where their operations are more vulnerable. They can be applied to both small and large scale operations, with convenient levels of data requirements.

2.3 Risk identification and categorization The risk identification process consists of identifying, profiling, and categorizing the potential risk events of the project and their consequences. Methods used in the identification of risks include brainstorming, cause-and-effect (Ishikawa), risk registers of completed projects, and several forms of expert opinion studies. The final selection of a particular identification method will rest on stipulated company policies, project member’s expertise, and project’s requirements. Once a risk has been identified, it is classified in a designated category for further consideration, accountability, and prioritization.

Although there is no consensus on the subject of project risk categories, some companies use generic categories contingent on the risk origin: internal and external. Because internal risks are based on decisions made by the company they can be better controlled, and in most cases are entrenched within and among project tasks’ elements. External risks are caused by external factors like political risks, natural disasters, human factors, and breakdowns in the supply chain, among others. Nevertheless, there is a tendency to view risks in a hierarchical structure depending on the risks sources (Hillson, 2003).

PMI recommends using a risk breakdown structure (RBS) as a categorization scheme. Other PMI’s categorizations are based on the work-breakdown-structure (WBS) while others combine the RBS with the WBS and the organizational breakdown structure. Keizer and Vos (2003) suggested the use of the following categories: technology, market, finance, and organization. Financial risks are related to cash flow, commercial viability, inflation, foreign exchange, and insurable resources. Market risks are associated with the customers and potential actions of competitors. Those related to

Code and name Publisher Scope

ISO 28000:2007 – supply chain security management system

International Organization for Standardization

Supply chain

ISO 31000:2009 – risk management (principles and guidelines)

International Organization for Standardization

General (non-specific)

ISO 22301:2012 – societal security business continuity management system

International Organization for Standardization

Business continuity

BSI 259999 and 31100 British Standards Institution (BSI)

Business continuity

Supply chain management framework Association of Operations Management (APICS)

Supply chain

COSO Committee of Sponsoring Organizations of the Treadway Commission

Enterprise

ASIS/BSI BCM.01:2010 business continuity management systems: requirements with guidance for use

ASIS and BSI for North America

Business continuity

Table II. Risk management

standards, guidelines, and

frameworks

115

Project risk planning in

high-tech NPD

product design and development, intellectual property, completion time, quality and performance are technical risks, and those related to political instability, attitude of the government toward particular type of projects are organizational (or political) risks. Organization risks are related internal processes, the project team, co-development with external parties, and supply and distribution.

2.4 Risk analysis Most risk analysis methods fall into two generic categories: quantitative or qualitative. Current practices use a mix of quantitative and qualitative methods and models, but at aggregate level subjective methods are preferred to estimate total risks. Quantitative risk methods are predominantly used when:

• it is essential to improve accuracy of the probability or impact of a risk; • developing a probability-based performance standards, as is the case when

organizations must objectively show that a proposed activity can meet a specified performance standard; and

• regulations, competitiveness goals, legal and compliance constraints, and internal issues require more rigorous measures (Cagliano et al., 2015).

Most quantitative methods (e.g. Monte Carlo simulation, cost risk analysis, decision analysis, value at risk method, earned value analysis, and network analysis) are based on proven scientific theories. Therefore, have been traditionally preferred over qualitative risk techniques (e.g. brainstorming, Delphi method, and scenario analysis), when accurateness is imperative.

After risk analysis, through quantitative and qualitative methods, risk are scaled based on the perceive impact and probability. This binomial is used for risk prioritizing, usually shown using a visual aid like heat-maps or impact-and- probability matrices.

2.5 Response strategies Once risks have been assessed and prioritized, cost-efficient response strategies are considered. Risk response strategies are expected to lessen adverse risks effects or increase positive risks, in the most effective and practical way. Figure 4 shows the generic strategies suggested by PMI for positive (opportunities) and negative (threats) risks. The particular action requires for responding to a risk will depend upon its nature. Contingent response strategies are those developed to be used in a predefined situation on a particular event, and fallback plans, frequently known as secondary plans, are those response actions that would only be delivered in case that the primary response strategy was ineffective.

Positive Risks

• Avoid • Exploit • Enhance • Share • Accept

Contingent Response Strategies or Fallback Plans

• Transfer • Mitigate • Accept

Negative Risks

Figure 4. PMI’s generic strategies

116

ARLA 29,2

In most projects, the preferred generic strategy for high-probability and high-impact risks is avoidance. Risks with low probability and low impact are dealt with mitigation strategies or are not thoughtfully planned for (acceptance strategy). In the latter, if the risk occurs, administrative and budget reserves are often used to confront it. Furthermore, it is often the case to make trade-offs between the cost of implementing a risk response strategy’s and the cost of living with it. As shown in Figure 5, response intensity (assigned resources, processes, and budget) should be suitable for each risk, and any deviation from this adequacy could result in a disproportionate risk response.

Concisely, risk prioritization has to be done before a response strategy is chosen. Risk analysts may establish a function for determining a risk level. Traditionally, to determine a risk level, risk analysts use two risk measures: risk probability, and risk impact, as shown below. The response level is an index presenting the intensity of risk response that should be used. Within a simple view, it can determine a response level as the following equation. It should be noted that a negative risk/response level refers to a threat while a risk/response level of a positive value refers to an opportunity:

Risk level ¼ risk probability � risk impact ¼ f risk measures; risk classes weighted factorsð Þ

Total normalized cost ¼ response probability � response impact intensity of risk response

Once the total risk response strategy cost has been normalized, its prioritization might change, as illustrated in Figure 6.

3. Methodology The study presents the application of a modified PMI’s project risk management framework to a case study. The framework is instrumental in providing insight to the issue of early medium-high probability and impact risks assessments (see Figure 7). Monte Carlo simulation was used to understand or confirm the impact of risks thought to have the greatest impact on the main project’s objectives.

90

80

70

60

50

40

30

20

10

0 0 20

T o ta

l N o rm

a liz

e d C

o st

40

Cost of Response Cost of Risk Total Cost

Inadequate Risk Response

Excessive Risk Response

60 Intensity of Risk Response

80 100 120

Figure 5. Cost of risk and

cost of response’s trade-off

117

Project risk planning in

high-tech NPD

The attention was drawn to the case because of the complex nature of NPD projects. The framework provided a useful tool used by project stakeholders to understand better the myriad of risks that can impact an NPD project. This framework uses both qualitative and quantitative techniques, providing a robust framework.

In the study, data were collected from several sources, to understand different aspects of the project at hand. Publicly available documents were reviewed for background information on the events leading up to the decision to venture into The Company’s industry and its activities since its establishment. Supporting records provided includes historical data and records of similar project performances over the past decade: in-depth, detailed data on nine projects including risk assessments, categorization, references, and recommendations. Finally, brief semi-structured interviews were conducted with some stakeholders seeking feedback on their experiences with the risk assessment process.

Risk impact Response impact divided by response resources

Very high

High Medium Low

A medium- level risk

A low- level riskR

is k

p ro

b a b ili

ty

R is

k p ro

b a b ili

ty

(a) (b)

Figure 6. (a) Risk level and (b) response level

“Residual” Lessons Learned PMO records

Project Statement

Establishing Context

Risk Management Planning

Meetings and Documents

Primary and secondary data and techniques

selection

“Satisfactory initial Risk Management

Plan”

No Yes

Work Breakdown Structure (WBS)

Organizational Breakdown

Structure (OBS)

Risk Breakdown Structure (RBS)

Risk Categories and Identification and Risk Register

Probability and Impact Analyisis

“Simulation required”

“Satisfactory Response”

Execution

Review of Risk Management Plan

and Register

Control

No

No

No

Yes

Yes

Yes

Scenario analysis

Risk Prioritization

Risk Response Planning

Figure 7. Framework for implementation projects risk assessment

118

ARLA 29,2

4. Case study analysis 4.1 Company setting The case study concerns a company that needed to expand its production line to compete in a fast-growing high-tech market. Only two companies were servicing the market, with proprietary and patent-protected products, and in 2011 both companies were serving 45 percent of the potential market. The Company had prior experience developing and marketing similar products, but with limited functionalities, which follows its low-cost niche strategy at the time. Each NPD project was structured in four major dependent phases: project administration, technical analysis, the development stage, and commercialization. In most projects, The Company uses these stages as a natural risk category outline. The expectations and project objectives were: that the proposed new product would be able to compete one-on-one with the other companies’ products, but at a lower price (using its experience producing low-cost products); complete the project (including commercialization) in less than 1.5 years; overrun costs could not be more than 20 percent of the assigned budget (prior projects had an average overrun of 7 percent); and comply with project’s metric baselines. Regarding the latter, these metrics measurements were selected to make some goals clearer, assigned actions, and defined consequences. Some metrics were: percent of requirement deficiencies at qualification testing, number of in-process design changes, number of prototype iterations, percent R&D resources/investment (total of new products plus sustaining and administrative), task completion vs plan, and time-to-market/time-to- volume (Crow, 2001; Vanek et al., 2008).

In the past, The Company risk management process was based on brainstormed lists of risks and response strategies based on the WBS, for each project phase. Each risk was assessed for its probability and impact, and a risk response plan was created. Among other issues, the process lacked an articulate structure and a scoring method for risk prioritization. Fortunately, when the framework was implemented, The Company had institutionalized a more structure risk approach (including risk identification and categorization), as a requirement for ISO 22301 (business continuity) certification. Nevertheless, the project management knew that the scope of the certification focusses more on supply chain management issues (even that some would overlap several project tasks) and was prepared to start digging into risky events and its consequences to the NPD project.

4.2 Risk identification and categorization The Company was aware of the endemic problem of cost, time-to-market, and tasks’ duration escalation on its NPD projects. Cost and duration estimations were complex, and managing the capital development and commercialization of these projects requires the coordination of a multitude of resources: organizational, technical, human, and natural. Being acquainted with these issues, The Company decided to base the risk identification and categorization in the four top-dependent phases mentioned previously.

In the identification process, 32 risks were identified. In all, 13 risks were classified as low-probability/low-impact, and a contingency budget was separated in case a threat materialized: consequently, no specific strategy responses were selected. Eight risks were regular tasks within many of The Company’s projects, which were considered “insignificant systematic exposures,” and again; no specific strategy responses were selected. In total, 11 tasks have risk’s constructs that became the focus of the risk management efforts, which are shown in the following table.

119

Project risk planning in

high-tech NPD

4.3 Risk analysis – Monte Carlo simulation Table III shows the impact on each of the 11 main risks selected by The Company’s project team. These figures were obtained by Monte Carlo simulation performed on the project model using the program @Risk. Historical data were used to estimate the statistical distribution and correlations of all tasks. The observed project’s output variables were the NPD project cost and duration. The variation of the output variable with changes in input parameters (the 11 tasks) helped both model validation and interpretation of results. The tornado graph in Figure 8 displays the input risk factors that have the greatest impact on the project’s duration. Three other similar analyzes were performed in the other output variables with their corresponding (and pertinent) input variables (accuracy, representativeness, productivity, etc.).

4.4 Risk response strategies As shown in Figure 8, “inadequate documentation,” “product doesn’t fit for purpose,” and “unreasonable project schedule and budget,” have the greatest impact on NPD’s

Category Task Risk Risk elements construct

Probability (1-5)

Impact (1-5)

Administration Align and confirm marketing strategies

Changing market conditions

Resources 3 4

Financial assessments

Inadequate metric measures gathering

Duration/accuracy 2 3

Initial NPD plan Inadequate documentation

Duration 2 5

Initial S&OP Lack of single point accountability

Duration 1 3

Technical Product prototype process

Product does not fit for purpose

Duration 3 5

Verify operational capabilities

Inadequate third- party performance

Resources/ productivity

1 3

Customer product testing

Inadequate test procedure elements

Resources/ representativeness

2 4

Development Selection of proper customer sample group

Lack of agreed-to user acceptance testing and criteria

Duration/ representativeness

2 3

Redefine product requirements

Poor production system performance

Duration 2 4

Commercialization Confirm product specification

Technical limitations of solution reached or exceeded

Duration/accuracy 1 4

Product capability against competitive response

Unreasonable project schedule and budget

Duration/yield 2 5

Table III. Risk elements identification

120

ARLA 29,2

project duration. On the former, once the causes of this risk were studied, the generic strategy avoid was chosen. As it happened, this task was delegated mainly to an “ad hoc” committee composed of personnel that works strictly at the PMO (there were budget and time control issues behind this decision), triggering a series of difficulties. Afterward, The Company decided to include this task into the project’s team responsibilities.

“Product doesn’t fit for purpose” risk elements were caused by assumptions made at the beginning of the project that were revised and changed throughout the project lifetime. If deviations arose, they were managed using administrative (including technical) reserves, established for this purpose. Suggestions based on changing task precedences were considered but finally rejected. The impact of “unreasonable project schedule and budget” was convoluted: squatter actual project schedule could lead to an increase over the budget (mainly to fast-track several tasks), and vice versa. To prepare for this task, The Company relies on some procedures: for example, benchmark studies, actual operation’s capabilities, and industry information. The primary concern for The Company was tying up financial resources by overallocation. The response strategy for this task’s elements was based upon a combination of transfer’s risks, using prearranged excess capacity of third-party companies to buffer any operational requirement: The Company operates at the expected schedule level and budget. This strategy implies a contingency reserve in case that risk was triggered. Adequate response strategies were chosen for other risks elements. All responses costs were normalized, prior their selection and inclusion in the risk register.

5. Conclusion Risk management using combined recognized generic frameworks, as PMI’s project risk management, and Monte Carlo simulation provides an effective way for assessing complex projects’ objective outcomes. Such approach leads to an analysis system where scenarios based on variabilities in task’s elements, could trace many possible consequences: the interaction between cost, schedule, and performance measures drives the analysis. Risk events are intrinsic in NPD projects, which are based on some assumptions and estimates that reflect the organization’s understanding of the current situation in the project formulation phase. However, events seldom go according to plan, so the project must adapt to an ever-changing environment.

The project risk management framework that includes Monte Carlo simulation provided a systematic process for identifying, analyzing, and responding to project risks.

0 10 20 30 40 50 60 70 80

Lack of agreed-to user acceptance testing and criteria

Inadequate third party performance

Lack of single point accountability

Inadequate metric measures gathering

Technical limitations of solution reached or exceeded

Poor production system performance

Inadequate test procedure elements

Changing market conditions

Unreasonable project schedule and budget

Product does not fit for purpose

Inadequate documentation

Figure 8. Risks with the

greatest impact on project’s duration

121

Project risk planning in

high-tech NPD

The modified framework effectiveness was demonstrated through a case study of an NPD project of a high-tech company. The revised framework presented in this study builds upon the existing literature and takes a more analytic approach to risk assessment. Based on similar NPD projects, The Company reduced the uncertainty of the project’s duration and cost. Future directions for research could include case studies or empirical studies that could include hypotheses testing, and the integration of optimization procedure for improved NPD project’s planning and execution.

References

Arnold, E.P. (2013), “Call for an effective alignment of program management and systems engineering risk management practices”, INCOSE International Journal, Vol. 23 No. 1, pp. 677-693.

Bellos, V., Leopoulos, V., Sfantsikopoulos, M. and Politechniou, I. (2004), “Cost uncertainty assessment and management: the integrated cost-risk analysis model”, WSEAS Transactions on Computers, Vol. 3 No. 4, pp. 1055-1061.

Cagliano, A.C., Grimaldi, S. and Rafele, C. (2015), “Choosing project risk management techniques: a theoretical framework”, Journal of Risk Research, Vol. 18 No. 2, pp. 232-248.

Carbone, T.A. and Tippett, D.D. (2004), “Project risk management using the project risk FMEA”, Engineering Management Journal, Vol. 16 No. 4, pp. 28-35.

Chapman, C. and Ward, S. (1996), Project Risk Management: Processes, Techniques and Insights, John Wiley, New York, NY.

Cohen, I., Iluz, M. and Shtub, A. (2014), “A simulation‐based approach in support of project management training for systems engineers”, Systems Engineering, Vol. 17 No. 1, pp. 26-36.

Crow, K. (2001), Product Development Metrics List, DRM Associates, Philadelphia, PA.

D’Ignazio, J., Hallowell, M. and Molenaar, K. (2011), “Executive strategies for risk management by state departments of transportation”, NCHRP Project, pp. 20-24.

de Carvalho, M.M., Patah, L.A. and de Souza Bido, D. (2015), “Project management and its effects on project success: cross-country and cross-industry comparisons”, Journal of Technology & Science, Vol. 15 No. 2, pp. 147-159.

Elmaallam, M. and Kriouile, A. (2011), “Towards a model of maturity for is risk management”, International Journal of Computer Science & Information Technology (IJCSIT), Vol. 3 No. 4, pp. 34-47.

Ferns, D.C. (1991), “Developments in programme management”, International Journal of Project Management, Vol. 9 No. 3, pp. 148-156.

Gangadharan, G.R., Kuiper, E.J., Janssen, M. and Luttighuis, P.O. (2013), “IT innovation squeeze: propositions and a methodology for deciding to continue or decommission legacy systems: grand successes and failures in IT: public and private sectors”, IFIP Advances in Information and Communication Technology, Vol. 4 No. 2, pp. 481-494.

Gil, N. and Tether, B.S. (2011), “Project risk management and design flexibility: analysing a case and conditions of complementarity”, Research Policy, Vol. 40 No. 3, pp. 415-428.

Guled, A.A., Dange, A.A. and Chawan, P.M. (2012), “Risk management frameworks”, Risk Management, Vol. 2 No. 2, pp. 123-157.

Guzman, A. and Asgari, B. (2014), “A cost-benefit analysis of investing in safety and risk engineering: the case of Oil & Gas transportation services by pipelines”, Management of Engineering & Technology (PICMET), 2014 Portland International Conference, IEEE, Portland, OR, pp. 1633-1645.

122

ARLA 29,2

Herroelen, W. (2014), “A risk integrated methodology for project planning under uncertainty”, in Pulat, P.S., Sarin, S.C. and Uzsoy, R. (Eds), Essays in Production, Project Planning and Scheduling, Springer, New York, NY, pp. 203-217.

Hillson, D. (2003), “Using a risk breakdown structure in project management”, Journal of Facilities Management, Vol. 2 No. 1, pp. 85-97.

Hobday, M. (2000), “The project-based organization: an ideal form for management of complex products and systems?”, Research Policy, Vol. 29 No. 7, pp. 871-893.

Keizer, J.A. and Vos, J.P. (2003), Diagnosing Risks in New Product Development, Federal Reserve Bank of St Louis, St Louis, MI, available at: http://search.proquest.com/docview/ 1698322128?accountid¼44825 (accessed May 12, 2015).

Löhr, K. and Khushnood, M. (2012), “What can standards standardize in international project management?”, Scientific Committee – Editorial Board, University of Latvia, Riga, pp. 152-164.

Maria-Sanchez, P. (2012), “Project and enterprise risk management at the California Department of Transportation”, in Banaitiene, N. (Ed.), Risk Management-Current Issues and Challanges, InTech Access Publisher, Lithuania, pp. 411-457.

Martinelli, R., Waddell, J. and Rahschulte, T. (2014), “Transitioning to program management”, in Demassey, S. and Neron, E. (Eds), Program Management for Improved Business Results, 2nd ed., Wiley, Hoboken, NJ, pp. 305-327.

Midler, C. and Silberzahn, P. (2008), “Managing robust development process for high-tech startups through multi-project learning: the case of two European start-ups”, International Journal of Project Management, Vol. 26 No. 5, pp. 479-486.

Mousavi, S. and Gigerenzer, G. (2014), “Risk, uncertainty, and heuristics”, Journal of Business Research, Vol. 67 No. 8, pp. 1671-1678.

Oehmen, J., Olechowski, A., Kenley, C.R. and Ben-Daya, M. (2014), “Analysis of the effect of risk management practices on the performance of new product development programs”, Technovation, Vol. 34 No. 8, pp. 441-453.

Olechowski, A., Oehmen, J., Seering, W. and Ben-Daya, M. (2012), “Characteristics of successful risk management in product design”, available at: http://dspace.mit.edu/handle/1721.1/78918

Pekkinen, L. and Aaltonen, K. (2015), “Risk management in project networks: an information processing view”, Technology and Investment, Vol. 6 No. 1, pp. 52-61.

Pellegrinelli, S. (1997), “Programme management: organising project-based change”, International Journal of Project Management, Vol. 15 No. 3, pp. 141-149.

Perano, M. (2012), “Project management and project risk management. Approach and empirical evidences in Alenia Aermacchi SPA: the risk model in Airbus A380 program”, available at: http://padis.uniroma1.it/handle/10805/1765

Preda, C. (2013), “Implementing a risk management standard”, Journal of Defense Resources Management, Vol. 1 No. 1, pp. 111-120.

Project Management Institute (2013), A Guide to the Project Management Body of Knowledge, Project Management Institute, Newtown Square, PA.

Rasmussen, S. (2013), “Risk and uncertainty”, Production Economics, Springer, Berlin and Heidelberg, pp. 163-180.

Raydugin, Y. (2012), “Consistent application of risk management for selection of engineering design options in mega-projects”, International Journal of Risk and Contingency Management, Vol. 1 No. 4, pp. 44-55.

Sanz, L.F. and Bernad Silva, P. (2014), “Risk management in software development projects in Spain: a state of art”, Revista Facultad de Ingeniería Universidad de Antioquia, Vol. 70 No. 1, pp. 233-243.

123

Project risk planning in

high-tech NPD

Saunders, F.C., Gale, A.W. and Sherry, A.H. (2015), “Conceptualising uncertainty in safety-critical projects: a practitioner perspective”, International Journal of Project Management, Vol. 33 No. 2, pp. 467-478.

Söderlund, J. (2004), “On the broadening scope of the research on projects: a review and a model for analysis”, International Journal of Project Management, Vol. 22 No. 8, pp. 655-667.

Too, E.G. and Weaver, P. (2014), “The management of project management: a conceptual framework for project governance”, International Journal of Project Management, Vol. 32 No. 8, pp. 1382-1394.

Turner, J.R. and Müller, R. (2005), “The project manager’s leadership style as a success factor on projects: a literature review”, Project Management Journal, Vol. 36 No. 2, pp. 49-61.

Van Der Merwe, A.P. (1997), “Multi-project management – organizational structure and control”, International Journal of Project Management, Vol. 15 No. 4, pp. 223-233.

Vanek, F., Jackson, P. and Grzybowski, R. (2008), “Systems engineering metrics and applications in product development: a critical literature review and agenda for further research”, Systems Engineering, Vol. 11 No. 2, pp. 107-124.

Wiboonrat, M. (2011), “Risk management in healthcare services”, paper presented at the World Congress in Computer Science Computer Engineering and Applied Computing, Las Vegas, NV, July 18-21, available at: http://weblidi.info.unlp.edu.ar/worldcomp2011-mirror/ SAM3081.pdf

Yashin, V. and Semenov, A. (2013), “The analysis of existing models and the ways of improvement of innovative projects and management processes”, Analysis, Vol. 2 No. 2, pp. 7-10.

Yeo, K.T. and Ren, Y. (2009), “Risk management capability maturity model for complex product systems (CoPS) projects”, Systems Engineering, Vol. 12 No. 4, pp. 275-294.

Zacharias, O., Panopoulos, D. and Askounis, D.T. (2008), “Large scale program risk analysis using a risk breakdown structure”, European Journal of Economics, Finance and Administrative Sciences, Vol. 12 No. 10, pp. 170-181.

About the author Dr Jorge Ayala-Cruz is a Consultant and a Professor with experience in operations and supply chain analysis, project management, and strategic topics in the private and public sector. He teaches courses related to operations/supply management, project management, risk-based thinking, management sciences, strategic management, and system thinking. He is an active Guest Lecturer in Latin America, USA, and Spain, and has held several administrative positions. For the past several years, he has been investigating issues related to risk management and resiliency, supervised studies in balanced scorecard’s operational metrics, and done field works in Latin America and Puerto Rico. Among others, has the following professional certifications: Project Management Professional (PMP), Master Project Manager (MPM), Risk Management Professional (PMI-RMP), Certified in Production and Inventory Management (CPIM), ISO22301- Business Continuity Implementer, and Certified Supply Chain Professional (CSCP). In 2009, he was conferred the recognition of the Fellow Member of the American Association of Project Management. Dr Jorge Ayala-Cruz can be contacted at: [email protected]

For instructions on how to order reprints of this article, please visit our website: www.emeraldgrouppublishing.com/licensing/reprints.htm Or contact us for further details: [email protected]

124

ARLA 29,2

Reproduced with permission of copyright owner. Further reproduction prohibited without permission.