Journal Article Review
Project risk planning in high-tech new product development
Planificación de Riesgos en Proyectos para el Desarrollo
de Nuevos Productos de Alta Tecnología
Jorge Ayala-Cruz University of Puerto Rico, San Juan, Puerto Rico
Abstract Purpose – The purpose of this paper is to present the implementation and testing of a modified project risk management framework that integrates PMI’s framework with Monte Carlo simulation to improve the effectiveness in high-tech new product development (NPD) projects. Design/methodology/approach – The modified framework considers three bodies of knowledge: project management, risk management, and Monte Carlo simulation to produce an enhance project risk management framework. Its application is shown through a case study. Findings – Using the integrated framework in a recent case study project and prior NPD projects measures (as benchmarks), it was shown that it could help to enhance risk responses caused by task durations and costs’ uncertainties. The framework proved to be better than segregated generic best practices and was key in providing insight to the issue of early project risk assessment. Research limitations/implications – More experimental replications are required for enhancement effectiveness assertions of the framework, through the application of the framework to similar case studies. Furthermore, this could improve its reliability and soundness. Practical implications – Future directions for research could include case and empirical studies that include hypothesis’s testing, and the integration of optimization procedure for improved NPD project’s planning and execution. Originality/value – This paper outlines a way to close the gap of project risks management planning in NPD’s initiatives. It was motivated by a relatively new tendency in exploring integrated frameworks to deal with complex project risks issues. Keywords Project management, Risk management, New product development, CLADEA-2015 Paper type Research paper
Resumen Estructurado Propósito – La investigación presenta la implementación y demostración de un esquema modificado de gestión de riesgos para proyectos que integra el esquema propuesto por el Project Management Institute (PMI) con la simulación Monte Carlo para mejorar la eficacia de proyectos de desarrollo de nuevos productos (DNP) de alta tecnología. Diseño/metodología/enfoque – El esquema modificado considera tres áreas de conocimiento: gestión de proyectos, gestión de riesgos y simulación Monte Carlo, para producir un mejor esquema de gestión de riesgos del proyecto. Su aplicación se demuestra a través de un estudio de caso.
Academia Revista Latinoamericana de Administración Vol. 29 No. 2, 2016 pp. 110-124 © Emerald Group Publishing Limited 1012-8255 DOI 10.1108/ARLA-11-2015-0297
Received 25 November 2015 Revised 25 November 2015 Accepted 12 March 2016
The current issue and full text archive of this journal is available on Emerald Insight at: www.emeraldinsight.com/1012-8255.htm
110
ARLA 29,2
Resultados – Utilizando el esquema integrado en un reciente estudio de caso de un proyecto y previos proyectos de DNP como puntos de referencia, se demostró que el esquema podría ayudar a mejorar las estrategias de respuestas a los riesgos causados por la incertidumbre en la duración de las tareas y costos asociado a estos proyectos. El esquema ha demostrado ser más eficiente que aquellos propuestos como mejores prácticas genéricas, proporcionando un claro entendimiento sobre el tema de la evaluación de riesgos en la fase inicial de proyectos DNP. Limitaciones/implicaciones – Se requieren más repeticiones experimentales para mejorar la eficacia de las afirmaciones del esquema, a través de su aplicación a estudios de casos similares. Por otra parte, esto podría mejorar su confiabilidad y estabilidad. Implicaciones prácticas – Futuras investigaciones podrían incluir estudios de casos y estudios empíricos que incluyan pruebas de hipótesis e integración de procedimientos de optimización para mejorar la planificación y ejecución de proyectos de DNP. Originalidad/valor – El estudio describe una forma de cerrar la brecha en la planificación de gestión de riesgos de proyecto en la industria. Fue motivada por una relativamente nueva tendencia en la investigación de esquemas integrados para hacer frente a asuntos de riesgos en proyectos complejos. Palabras Claves Gestión de proyectos, Gestión de riesgos, Simulación Monte Carlo, Desarrollo de nuevos productos, CLADEA-2015 Tipo de papel Trabajo de investigación
1. Introduction During the last two decades, there has been an increasing number of published research on risk management in high-tech product development projects (Hobday, 2000). They showed numerous risk complexities presented in software design and system engineering projects, and in high-tech multi-project programs (Cohen et al., 2014; Gil and Tether, 2011; Midler and Silberzahn, 2008; Söderlund, 2004; Van Der Merwe, 1997). In these projects, risks are caused by uncertain elements within the tasks, tasks’ interdependencies, and the project’s structure. They manifest in events such as deviations in tasks’ durations, cost overruns, and inadequate resources allocations, and could be exacerbated by either internal or external sources (Ferns, 1991; Pellegrinelli, 1997).
Companies planning new product development (NPD) projects, often underestimate these complexities and their potential consequences on their objectives. These projects face a wide variety of risks, hindered in very different ways, among various levels (Zacharias et al., 2008). Their lengthy relative durations, high costs, and the unbalanced requirement of resources makes the risk management process a necessity. On the market side, most new products that reach their targeted marketplace could have a relatively short time-span left based on patent protection expiration, low entry barriers, and substitutes’ strengths, creating additional pressures and uncertainties. Therefore, a thorough risk management exercise is needed to prepare for the effects that stemmed from these complexities.
Recent studies have tackled the issue from several angles. For example, setbacks caused by inappropriate dependencies’ assumptions and lack of coordination among task’s elements have Foster research in the understanding of the role of contracts’ on the project’s outcomes (Martinelli et al., 2014). The result has been an increase in the number of improved project risk management frameworks that integrate current best practices to tackle these and other project risk management issues.
This paper considers the integration of three bodies of knowledge (project management, risk management, and Monte Carlo simulation) to produce a modified project risk management analytical framework, suitable for NPD projects. It is centered on the risk management framework proposed by the Project Management Institute (PMI) linked to a Monte Carlo simulation procedure for risk assessment to analyzed
111
Project risk planning in
high-tech NPD
NPD project’s task elements uncertainties (Elmaallam and Kriouile, 2011; Project Management Institute, 2013). For the purpose of illustration, a case study of an NPD project conducted during 2012-2014 was used. For confidentiality, the name of the company is not revealed and will be referred as “The Company.” It contributes to the discussion of improving NPD project management, introducing a framework that considers stochastics behaviors within the tasks’ elements and among their dependencies. The presented study might also stimulate and facilitate the progress of such cross-disciplinary best practices discussions.
2. Theoretical background 2.1 Risks In general, a risk refers to a possible future event that could impact the successful completion of at least one intended objectives. This definition applies to either project and process based initiatives. Most authors in risk management recognized that there is a distinction between the uncertainty and risk, and have provided definitions of both based on a cause-and-effect behavior (Bellos et al., 2004). In the academic literature, risks definitions emphasized stakeholders’ attitude toward risk (Chapman and Ward, 1996; Turner and Müller, 2005). Furthermore, professional associations have their particular interpretations that take into account the primary activities of their affiliates. Due to these discrepancies, there is no accepted definition of the term “risk.” Therefore, in this study it was: used PMI’s risk definition (“[…] an uncertain event or condition that if occurs, has a positive or negative effect on one or more project objectives such as […]”); assumed a distinction of cause-and-effect; and included two other terms, event and issue, to appropriate address numerous concerns during risk’s assessment, as have been done by other authors (Mousavi and Gigerenzer, 2014; Rasmussen, 2013; Saunders et al., 2015).
Considering risk as a part of a cause-and-effect process, a cause is related to at least a task element’s uncertainty, such as duration, cost, quality inadequacy, resource availability, or task dependencies. In this process view, the risk is the concern that something would not be met or done (or something that could be a lost), and the effect is the consequence. For example, inadvertently a supplier over sighted the quality of a product (the cause); consequently, the production unit that received this product (e.g. parts, components, or services) had to use defectives products (the risk), resulting in a shortfall in the production unit’s productivity (the effect). While in this example the discussion only considered one cause and one effect, in reality, a risk might be the product of various causes and generate many effects (see Figure 1).
PMI distinguished between a risk and an issue. The simple distinction is that the former has not happened yet. The latter has already happened and might be the result of an unidentified risk, thus should be addressed at once. In the author’s experience, for all practical purposes, an identified high-impact risk should be considered an “issue” if it has a high probability of occurrence. Whatever the case may be, to be a successful project manager, risks have to be proactively planned. This proactive approach
Risk
Effect 1Cause 1
Cause 2
Cause n
Effect 2
Effect m
• • •••
•
Figure 1. Cause-and-effect risk’s process
112
ARLA 29,2
embraces three critical issues: first, it is impossible to account for all risks; second, it is not feasible to respond to all identified risks; and third, risks tend to decrease and impacts to increase as the project progresses (Yeo and Ren, 2009).
2.2 Frameworks Most risk management frameworks suggest sequential processes to assess, planning, and control hazards. The goal of these frameworks is to provide a set of guidelines based on best practices in the identification, categorization, and prioritization of risks. At this stage, most frameworks recommend using quantitative approaches to understanding further troubling risks. Once these processes has been completed, risk response strategies are recommended based on the likelihood (probability) and severity of consequences (impact) of the risk, some cost-benefit company policy, or some trade- off between risk response requirements and risk potential outcomes (de Carvalho et al., 2015; Guzman and Asgari, 2014). In most cases, these frameworks endorse using quantitative approaches in risk assessment to support the selection of risk response strategies (Guled et al., 2012).
During the last decade, most risk management frameworks has been developed based on ISO 31000:2009 principles and guidelines (D’Ignazio et al., 2011; Preda, 2013; Raydugin, 2012; Wiboonrat, 2011). This standard was published as a generic framework to safeguards a consistent approach to risk management, providing principles, framework, and a process for managing risk in processes and projects, as shown in Figure 2.
Table I shows several studies that have used project risk management frameworks based on ISO 31000:2009. As can be seen, some studies used all processes recommended by the standard (marked with an X). They confirm the lack of consensus regarding what methods should be utilized in a project risk management framework: only risk identification, risk analysis, and risk evaluation were utilized in all studies, and most centered on issues related to durations, costs, and tasks’ dependencies.
Risk management in projects has received a distinctive consideration by PMI. It is an integrative sequential process that accompanies a project in its initiation, planning, execution, control, and closure processes: Figure 3 shows the interaction perspective of
Establishing the Context
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
M o n ito
rin g a
n d R
e vie
w
C o m
m u n ic
a tio
n a
n d C
o n su
lta tio
n
Source: ISO 31000:2009 risk management principles and
guidelines
Figure 2. ISO 31000:2009 processes for
managing risk
113
Project risk planning in
high-tech NPD
these processes. Pekkinen and Aaltonen (2015), Sanz and Bernad Silva (2014), and Too and Weaver (2014) have discussed in detail its implementation. Many formal project risk management frameworks are extensions of PMI’s (Carbone and Tippett, 2004; Herroelen, 2014).
Some companies used ad hoc frameworks based on an array of standards, norms, or references, including those shown in the following Table II. Most of these frameworks
Sample studies
Communication and
consultation Establishing the context
Risk identification
Risk analysis
Risk evaluation
Risk response strategies
Monitoring and review
Oehmen et al. (2014) X X X X X X X Gangadharan et al. (2013)
X X X X
Perano (2012) X X X X X X Löhr and Khushnood (2012)
X X X X X X
Olechowski et al. (2012)
X X X X
Arnold (2013) X X X X X X Yashin and Semenov (2013)
X X X X X X
Maria-Sanchez (2012)
X X X X X
Table I. ISO 31000:2009 processes in project risk management
Risk Management
Planning
Risk Identification
Qualitative Risk Analysis
Qualitative Risk Analysis
Risk Response Planning
Risk Control
Figure 3. PMI’s PMBOK® risk management area of knowledge
114
ARLA 29,2
were developed for business continuity management, supply chain risk management, or enterprise risk management. Therefore, they focus on the organization’s primary interest risk management scope and where their operations are more vulnerable. They can be applied to both small and large scale operations, with convenient levels of data requirements.
2.3 Risk identification and categorization The risk identification process consists of identifying, profiling, and categorizing the potential risk events of the project and their consequences. Methods used in the identification of risks include brainstorming, cause-and-effect (Ishikawa), risk registers of completed projects, and several forms of expert opinion studies. The final selection of a particular identification method will rest on stipulated company policies, project member’s expertise, and project’s requirements. Once a risk has been identified, it is classified in a designated category for further consideration, accountability, and prioritization.
Although there is no consensus on the subject of project risk categories, some companies use generic categories contingent on the risk origin: internal and external. Because internal risks are based on decisions made by the company they can be better controlled, and in most cases are entrenched within and among project tasks’ elements. External risks are caused by external factors like political risks, natural disasters, human factors, and breakdowns in the supply chain, among others. Nevertheless, there is a tendency to view risks in a hierarchical structure depending on the risks sources (Hillson, 2003).
PMI recommends using a risk breakdown structure (RBS) as a categorization scheme. Other PMI’s categorizations are based on the work-breakdown-structure (WBS) while others combine the RBS with the WBS and the organizational breakdown structure. Keizer and Vos (2003) suggested the use of the following categories: technology, market, finance, and organization. Financial risks are related to cash flow, commercial viability, inflation, foreign exchange, and insurable resources. Market risks are associated with the customers and potential actions of competitors. Those related to
Code and name Publisher Scope
ISO 28000:2007 – supply chain security management system
International Organization for Standardization
Supply chain
ISO 31000:2009 – risk management (principles and guidelines)
International Organization for Standardization
General (non-specific)
ISO 22301:2012 – societal security business continuity management system
International Organization for Standardization
Business continuity
BSI 259999 and 31100 British Standards Institution (BSI)
Business continuity
Supply chain management framework Association of Operations Management (APICS)
Supply chain
COSO Committee of Sponsoring Organizations of the Treadway Commission
Enterprise
ASIS/BSI BCM.01:2010 business continuity management systems: requirements with guidance for use
ASIS and BSI for North America
Business continuity
Table II. Risk management
standards, guidelines, and
frameworks
115
Project risk planning in
high-tech NPD
product design and development, intellectual property, completion time, quality and performance are technical risks, and those related to political instability, attitude of the government toward particular type of projects are organizational (or political) risks. Organization risks are related internal processes, the project team, co-development with external parties, and supply and distribution.
2.4 Risk analysis Most risk analysis methods fall into two generic categories: quantitative or qualitative. Current practices use a mix of quantitative and qualitative methods and models, but at aggregate level subjective methods are preferred to estimate total risks. Quantitative risk methods are predominantly used when:
• it is essential to improve accuracy of the probability or impact of a risk; • developing a probability-based performance standards, as is the case when
organizations must objectively show that a proposed activity can meet a specified performance standard; and
• regulations, competitiveness goals, legal and compliance constraints, and internal issues require more rigorous measures (Cagliano et al., 2015).
Most quantitative methods (e.g. Monte Carlo simulation, cost risk analysis, decision analysis, value at risk method, earned value analysis, and network analysis) are based on proven scientific theories. Therefore, have been traditionally preferred over qualitative risk techniques (e.g. brainstorming, Delphi method, and scenario analysis), when accurateness is imperative.
After risk analysis, through quantitative and qualitative methods, risk are scaled based on the perceive impact and probability. This binomial is used for risk prioritizing, usually shown using a visual aid like heat-maps or impact-and- probability matrices.
2.5 Response strategies Once risks have been assessed and prioritized, cost-efficient response strategies are considered. Risk response strategies are expected to lessen adverse risks effects or increase positive risks, in the most effective and practical way. Figure 4 shows the generic strategies suggested by PMI for positive (opportunities) and negative (threats) risks. The particular action requires for responding to a risk will depend upon its nature. Contingent response strategies are those developed to be used in a predefined situation on a particular event, and fallback plans, frequently known as secondary plans, are those response actions that would only be delivered in case that the primary response strategy was ineffective.
Positive Risks
• Avoid • Exploit • Enhance • Share • Accept
Contingent Response Strategies or Fallback Plans
• Transfer • Mitigate • Accept
Negative Risks
Figure 4. PMI’s generic strategies
116
ARLA 29,2
In most projects, the preferred generic strategy for high-probability and high-impact risks is avoidance. Risks with low probability and low impact are dealt with mitigation strategies or are not thoughtfully planned for (acceptance strategy). In the latter, if the risk occurs, administrative and budget reserves are often used to confront it. Furthermore, it is often the case to make trade-offs between the cost of implementing a risk response strategy’s and the cost of living with it. As shown in Figure 5, response intensity (assigned resources, processes, and budget) should be suitable for each risk, and any deviation from this adequacy could result in a disproportionate risk response.
Concisely, risk prioritization has to be done before a response strategy is chosen. Risk analysts may establish a function for determining a risk level. Traditionally, to determine a risk level, risk analysts use two risk measures: risk probability, and risk impact, as shown below. The response level is an index presenting the intensity of risk response that should be used. Within a simple view, it can determine a response level as the following equation. It should be noted that a negative risk/response level refers to a threat while a risk/response level of a positive value refers to an opportunity:
Risk level ¼ risk probability � risk impact ¼ f risk measures; risk classes weighted factorsð Þ
Total normalized cost ¼ response probability � response impact intensity of risk response
Once the total risk response strategy cost has been normalized, its prioritization might change, as illustrated in Figure 6.
3. Methodology The study presents the application of a modified PMI’s project risk management framework to a case study. The framework is instrumental in providing insight to the issue of early medium-high probability and impact risks assessments (see Figure 7). Monte Carlo simulation was used to understand or confirm the impact of risks thought to have the greatest impact on the main project’s objectives.
90
80
70
60
50
40
30
20
10
0 0 20
T o ta
l N o rm
a liz
e d C
o st
40
Cost of Response Cost of Risk Total Cost
Inadequate Risk Response
Excessive Risk Response
60 Intensity of Risk Response
80 100 120
Figure 5. Cost of risk and
cost of response’s trade-off
117
Project risk planning in
high-tech NPD
The attention was drawn to the case because of the complex nature of NPD projects. The framework provided a useful tool used by project stakeholders to understand better the myriad of risks that can impact an NPD project. This framework uses both qualitative and quantitative techniques, providing a robust framework.
In the study, data were collected from several sources, to understand different aspects of the project at hand. Publicly available documents were reviewed for background information on the events leading up to the decision to venture into The Company’s industry and its activities since its establishment. Supporting records provided includes historical data and records of similar project performances over the past decade: in-depth, detailed data on nine projects including risk assessments, categorization, references, and recommendations. Finally, brief semi-structured interviews were conducted with some stakeholders seeking feedback on their experiences with the risk assessment process.
Risk impact Response impact divided by response resources
Very high
High Medium Low
A medium- level risk
A low- level riskR
is k
p ro
b a b ili
ty
R is
k p ro
b a b ili
ty
(a) (b)
Figure 6. (a) Risk level and (b) response level
“Residual” Lessons Learned PMO records
Project Statement
Establishing Context
Risk Management Planning
Meetings and Documents
Primary and secondary data and techniques
selection
“Satisfactory initial Risk Management
Plan”
No Yes
Work Breakdown Structure (WBS)
Organizational Breakdown
Structure (OBS)
Risk Breakdown Structure (RBS)
Risk Categories and Identification and Risk Register
Probability and Impact Analyisis
“Simulation required”
“Satisfactory Response”
Execution
Review of Risk Management Plan
and Register
Control
No
No
No
Yes
Yes
Yes
Scenario analysis
Risk Prioritization
Risk Response Planning
Figure 7. Framework for implementation projects risk assessment
118
ARLA 29,2
4. Case study analysis 4.1 Company setting The case study concerns a company that needed to expand its production line to compete in a fast-growing high-tech market. Only two companies were servicing the market, with proprietary and patent-protected products, and in 2011 both companies were serving 45 percent of the potential market. The Company had prior experience developing and marketing similar products, but with limited functionalities, which follows its low-cost niche strategy at the time. Each NPD project was structured in four major dependent phases: project administration, technical analysis, the development stage, and commercialization. In most projects, The Company uses these stages as a natural risk category outline. The expectations and project objectives were: that the proposed new product would be able to compete one-on-one with the other companies’ products, but at a lower price (using its experience producing low-cost products); complete the project (including commercialization) in less than 1.5 years; overrun costs could not be more than 20 percent of the assigned budget (prior projects had an average overrun of 7 percent); and comply with project’s metric baselines. Regarding the latter, these metrics measurements were selected to make some goals clearer, assigned actions, and defined consequences. Some metrics were: percent of requirement deficiencies at qualification testing, number of in-process design changes, number of prototype iterations, percent R&D resources/investment (total of new products plus sustaining and administrative), task completion vs plan, and time-to-market/time-to- volume (Crow, 2001; Vanek et al., 2008).
In the past, The Company risk management process was based on brainstormed lists of risks and response strategies based on the WBS, for each project phase. Each risk was assessed for its probability and impact, and a risk response plan was created. Among other issues, the process lacked an articulate structure and a scoring method for risk prioritization. Fortunately, when the framework was implemented, The Company had institutionalized a more structure risk approach (including risk identification and categorization), as a requirement for ISO 22301 (business continuity) certification. Nevertheless, the project management knew that the scope of the certification focusses more on supply chain management issues (even that some would overlap several project tasks) and was prepared to start digging into risky events and its consequences to the NPD project.
4.2 Risk identification and categorization The Company was aware of the endemic problem of cost, time-to-market, and tasks’ duration escalation on its NPD projects. Cost and duration estimations were complex, and managing the capital development and commercialization of these projects requires the coordination of a multitude of resources: organizational, technical, human, and natural. Being acquainted with these issues, The Company decided to base the risk identification and categorization in the four top-dependent phases mentioned previously.
In the identification process, 32 risks were identified. In all, 13 risks were classified as low-probability/low-impact, and a contingency budget was separated in case a threat materialized: consequently, no specific strategy responses were selected. Eight risks were regular tasks within many of The Company’s projects, which were considered “insignificant systematic exposures,” and again; no specific strategy responses were selected. In total, 11 tasks have risk’s constructs that became the focus of the risk management efforts, which are shown in the following table.
119
Project risk planning in
high-tech NPD
4.3 Risk analysis – Monte Carlo simulation Table III shows the impact on each of the 11 main risks selected by The Company’s project team. These figures were obtained by Monte Carlo simulation performed on the project model using the program @Risk. Historical data were used to estimate the statistical distribution and correlations of all tasks. The observed project’s output variables were the NPD project cost and duration. The variation of the output variable with changes in input parameters (the 11 tasks) helped both model validation and interpretation of results. The tornado graph in Figure 8 displays the input risk factors that have the greatest impact on the project’s duration. Three other similar analyzes were performed in the other output variables with their corresponding (and pertinent) input variables (accuracy, representativeness, productivity, etc.).
4.4 Risk response strategies As shown in Figure 8, “inadequate documentation,” “product doesn’t fit for purpose,” and “unreasonable project schedule and budget,” have the greatest impact on NPD’s
Category Task Risk Risk elements construct
Probability (1-5)
Impact (1-5)
Administration Align and confirm marketing strategies
Changing market conditions
Resources 3 4
Financial assessments
Inadequate metric measures gathering
Duration/accuracy 2 3
Initial NPD plan Inadequate documentation
Duration 2 5
Initial S&OP Lack of single point accountability
Duration 1 3
Technical Product prototype process
Product does not fit for purpose
Duration 3 5
Verify operational capabilities
Inadequate third- party performance
Resources/ productivity
1 3
Customer product testing
Inadequate test procedure elements
Resources/ representativeness
2 4
Development Selection of proper customer sample group
Lack of agreed-to user acceptance testing and criteria
Duration/ representativeness
2 3
Redefine product requirements
Poor production system performance
Duration 2 4
Commercialization Confirm product specification
Technical limitations of solution reached or exceeded
Duration/accuracy 1 4
Product capability against competitive response
Unreasonable project schedule and budget
Duration/yield 2 5
Table III. Risk elements identification
120
ARLA 29,2
project duration. On the former, once the causes of this risk were studied, the generic strategy avoid was chosen. As it happened, this task was delegated mainly to an “ad hoc” committee composed of personnel that works strictly at the PMO (there were budget and time control issues behind this decision), triggering a series of difficulties. Afterward, The Company decided to include this task into the project’s team responsibilities.
“Product doesn’t fit for purpose” risk elements were caused by assumptions made at the beginning of the project that were revised and changed throughout the project lifetime. If deviations arose, they were managed using administrative (including technical) reserves, established for this purpose. Suggestions based on changing task precedences were considered but finally rejected. The impact of “unreasonable project schedule and budget” was convoluted: squatter actual project schedule could lead to an increase over the budget (mainly to fast-track several tasks), and vice versa. To prepare for this task, The Company relies on some procedures: for example, benchmark studies, actual operation’s capabilities, and industry information. The primary concern for The Company was tying up financial resources by overallocation. The response strategy for this task’s elements was based upon a combination of transfer’s risks, using prearranged excess capacity of third-party companies to buffer any operational requirement: The Company operates at the expected schedule level and budget. This strategy implies a contingency reserve in case that risk was triggered. Adequate response strategies were chosen for other risks elements. All responses costs were normalized, prior their selection and inclusion in the risk register.
5. Conclusion Risk management using combined recognized generic frameworks, as PMI’s project risk management, and Monte Carlo simulation provides an effective way for assessing complex projects’ objective outcomes. Such approach leads to an analysis system where scenarios based on variabilities in task’s elements, could trace many possible consequences: the interaction between cost, schedule, and performance measures drives the analysis. Risk events are intrinsic in NPD projects, which are based on some assumptions and estimates that reflect the organization’s understanding of the current situation in the project formulation phase. However, events seldom go according to plan, so the project must adapt to an ever-changing environment.
The project risk management framework that includes Monte Carlo simulation provided a systematic process for identifying, analyzing, and responding to project risks.
0 10 20 30 40 50 60 70 80
Lack of agreed-to user acceptance testing and criteria
Inadequate third party performance
Lack of single point accountability
Inadequate metric measures gathering
Technical limitations of solution reached or exceeded
Poor production system performance
Inadequate test procedure elements
Changing market conditions
Unreasonable project schedule and budget
Product does not fit for purpose
Inadequate documentation
Figure 8. Risks with the
greatest impact on project’s duration
121
Project risk planning in
high-tech NPD
The modified framework effectiveness was demonstrated through a case study of an NPD project of a high-tech company. The revised framework presented in this study builds upon the existing literature and takes a more analytic approach to risk assessment. Based on similar NPD projects, The Company reduced the uncertainty of the project’s duration and cost. Future directions for research could include case studies or empirical studies that could include hypotheses testing, and the integration of optimization procedure for improved NPD project’s planning and execution.
References
Arnold, E.P. (2013), “Call for an effective alignment of program management and systems engineering risk management practices”, INCOSE International Journal, Vol. 23 No. 1, pp. 677-693.
Bellos, V., Leopoulos, V., Sfantsikopoulos, M. and Politechniou, I. (2004), “Cost uncertainty assessment and management: the integrated cost-risk analysis model”, WSEAS Transactions on Computers, Vol. 3 No. 4, pp. 1055-1061.
Cagliano, A.C., Grimaldi, S. and Rafele, C. (2015), “Choosing project risk management techniques: a theoretical framework”, Journal of Risk Research, Vol. 18 No. 2, pp. 232-248.
Carbone, T.A. and Tippett, D.D. (2004), “Project risk management using the project risk FMEA”, Engineering Management Journal, Vol. 16 No. 4, pp. 28-35.
Chapman, C. and Ward, S. (1996), Project Risk Management: Processes, Techniques and Insights, John Wiley, New York, NY.
Cohen, I., Iluz, M. and Shtub, A. (2014), “A simulation‐based approach in support of project management training for systems engineers”, Systems Engineering, Vol. 17 No. 1, pp. 26-36.
Crow, K. (2001), Product Development Metrics List, DRM Associates, Philadelphia, PA.
D’Ignazio, J., Hallowell, M. and Molenaar, K. (2011), “Executive strategies for risk management by state departments of transportation”, NCHRP Project, pp. 20-24.
de Carvalho, M.M., Patah, L.A. and de Souza Bido, D. (2015), “Project management and its effects on project success: cross-country and cross-industry comparisons”, Journal of Technology & Science, Vol. 15 No. 2, pp. 147-159.
Elmaallam, M. and Kriouile, A. (2011), “Towards a model of maturity for is risk management”, International Journal of Computer Science & Information Technology (IJCSIT), Vol. 3 No. 4, pp. 34-47.
Ferns, D.C. (1991), “Developments in programme management”, International Journal of Project Management, Vol. 9 No. 3, pp. 148-156.
Gangadharan, G.R., Kuiper, E.J., Janssen, M. and Luttighuis, P.O. (2013), “IT innovation squeeze: propositions and a methodology for deciding to continue or decommission legacy systems: grand successes and failures in IT: public and private sectors”, IFIP Advances in Information and Communication Technology, Vol. 4 No. 2, pp. 481-494.
Gil, N. and Tether, B.S. (2011), “Project risk management and design flexibility: analysing a case and conditions of complementarity”, Research Policy, Vol. 40 No. 3, pp. 415-428.
Guled, A.A., Dange, A.A. and Chawan, P.M. (2012), “Risk management frameworks”, Risk Management, Vol. 2 No. 2, pp. 123-157.
Guzman, A. and Asgari, B. (2014), “A cost-benefit analysis of investing in safety and risk engineering: the case of Oil & Gas transportation services by pipelines”, Management of Engineering & Technology (PICMET), 2014 Portland International Conference, IEEE, Portland, OR, pp. 1633-1645.
122
ARLA 29,2
Herroelen, W. (2014), “A risk integrated methodology for project planning under uncertainty”, in Pulat, P.S., Sarin, S.C. and Uzsoy, R. (Eds), Essays in Production, Project Planning and Scheduling, Springer, New York, NY, pp. 203-217.
Hillson, D. (2003), “Using a risk breakdown structure in project management”, Journal of Facilities Management, Vol. 2 No. 1, pp. 85-97.
Hobday, M. (2000), “The project-based organization: an ideal form for management of complex products and systems?”, Research Policy, Vol. 29 No. 7, pp. 871-893.
Keizer, J.A. and Vos, J.P. (2003), Diagnosing Risks in New Product Development, Federal Reserve Bank of St Louis, St Louis, MI, available at: http://search.proquest.com/docview/ 1698322128?accountid¼44825 (accessed May 12, 2015).
Löhr, K. and Khushnood, M. (2012), “What can standards standardize in international project management?”, Scientific Committee – Editorial Board, University of Latvia, Riga, pp. 152-164.
Maria-Sanchez, P. (2012), “Project and enterprise risk management at the California Department of Transportation”, in Banaitiene, N. (Ed.), Risk Management-Current Issues and Challanges, InTech Access Publisher, Lithuania, pp. 411-457.
Martinelli, R., Waddell, J. and Rahschulte, T. (2014), “Transitioning to program management”, in Demassey, S. and Neron, E. (Eds), Program Management for Improved Business Results, 2nd ed., Wiley, Hoboken, NJ, pp. 305-327.
Midler, C. and Silberzahn, P. (2008), “Managing robust development process for high-tech startups through multi-project learning: the case of two European start-ups”, International Journal of Project Management, Vol. 26 No. 5, pp. 479-486.
Mousavi, S. and Gigerenzer, G. (2014), “Risk, uncertainty, and heuristics”, Journal of Business Research, Vol. 67 No. 8, pp. 1671-1678.
Oehmen, J., Olechowski, A., Kenley, C.R. and Ben-Daya, M. (2014), “Analysis of the effect of risk management practices on the performance of new product development programs”, Technovation, Vol. 34 No. 8, pp. 441-453.
Olechowski, A., Oehmen, J., Seering, W. and Ben-Daya, M. (2012), “Characteristics of successful risk management in product design”, available at: http://dspace.mit.edu/handle/1721.1/78918
Pekkinen, L. and Aaltonen, K. (2015), “Risk management in project networks: an information processing view”, Technology and Investment, Vol. 6 No. 1, pp. 52-61.
Pellegrinelli, S. (1997), “Programme management: organising project-based change”, International Journal of Project Management, Vol. 15 No. 3, pp. 141-149.
Perano, M. (2012), “Project management and project risk management. Approach and empirical evidences in Alenia Aermacchi SPA: the risk model in Airbus A380 program”, available at: http://padis.uniroma1.it/handle/10805/1765
Preda, C. (2013), “Implementing a risk management standard”, Journal of Defense Resources Management, Vol. 1 No. 1, pp. 111-120.
Project Management Institute (2013), A Guide to the Project Management Body of Knowledge, Project Management Institute, Newtown Square, PA.
Rasmussen, S. (2013), “Risk and uncertainty”, Production Economics, Springer, Berlin and Heidelberg, pp. 163-180.
Raydugin, Y. (2012), “Consistent application of risk management for selection of engineering design options in mega-projects”, International Journal of Risk and Contingency Management, Vol. 1 No. 4, pp. 44-55.
Sanz, L.F. and Bernad Silva, P. (2014), “Risk management in software development projects in Spain: a state of art”, Revista Facultad de Ingeniería Universidad de Antioquia, Vol. 70 No. 1, pp. 233-243.
123
Project risk planning in
high-tech NPD
Saunders, F.C., Gale, A.W. and Sherry, A.H. (2015), “Conceptualising uncertainty in safety-critical projects: a practitioner perspective”, International Journal of Project Management, Vol. 33 No. 2, pp. 467-478.
Söderlund, J. (2004), “On the broadening scope of the research on projects: a review and a model for analysis”, International Journal of Project Management, Vol. 22 No. 8, pp. 655-667.
Too, E.G. and Weaver, P. (2014), “The management of project management: a conceptual framework for project governance”, International Journal of Project Management, Vol. 32 No. 8, pp. 1382-1394.
Turner, J.R. and Müller, R. (2005), “The project manager’s leadership style as a success factor on projects: a literature review”, Project Management Journal, Vol. 36 No. 2, pp. 49-61.
Van Der Merwe, A.P. (1997), “Multi-project management – organizational structure and control”, International Journal of Project Management, Vol. 15 No. 4, pp. 223-233.
Vanek, F., Jackson, P. and Grzybowski, R. (2008), “Systems engineering metrics and applications in product development: a critical literature review and agenda for further research”, Systems Engineering, Vol. 11 No. 2, pp. 107-124.
Wiboonrat, M. (2011), “Risk management in healthcare services”, paper presented at the World Congress in Computer Science Computer Engineering and Applied Computing, Las Vegas, NV, July 18-21, available at: http://weblidi.info.unlp.edu.ar/worldcomp2011-mirror/ SAM3081.pdf
Yashin, V. and Semenov, A. (2013), “The analysis of existing models and the ways of improvement of innovative projects and management processes”, Analysis, Vol. 2 No. 2, pp. 7-10.
Yeo, K.T. and Ren, Y. (2009), “Risk management capability maturity model for complex product systems (CoPS) projects”, Systems Engineering, Vol. 12 No. 4, pp. 275-294.
Zacharias, O., Panopoulos, D. and Askounis, D.T. (2008), “Large scale program risk analysis using a risk breakdown structure”, European Journal of Economics, Finance and Administrative Sciences, Vol. 12 No. 10, pp. 170-181.
About the author Dr Jorge Ayala-Cruz is a Consultant and a Professor with experience in operations and supply chain analysis, project management, and strategic topics in the private and public sector. He teaches courses related to operations/supply management, project management, risk-based thinking, management sciences, strategic management, and system thinking. He is an active Guest Lecturer in Latin America, USA, and Spain, and has held several administrative positions. For the past several years, he has been investigating issues related to risk management and resiliency, supervised studies in balanced scorecard’s operational metrics, and done field works in Latin America and Puerto Rico. Among others, has the following professional certifications: Project Management Professional (PMP), Master Project Manager (MPM), Risk Management Professional (PMI-RMP), Certified in Production and Inventory Management (CPIM), ISO22301- Business Continuity Implementer, and Certified Supply Chain Professional (CSCP). In 2009, he was conferred the recognition of the Fellow Member of the American Association of Project Management. Dr Jorge Ayala-Cruz can be contacted at: [email protected]
For instructions on how to order reprints of this article, please visit our website: www.emeraldgrouppublishing.com/licensing/reprints.htm Or contact us for further details: [email protected]
124
ARLA 29,2
Reproduced with permission of copyright owner. Further reproduction prohibited without permission.