self-Reflective of Management of Project course
Jessie 1
week5.pptxRisk and Procurement Management
Dr Paul Baguley
Class Slides
Contents
Definition of Risk
Context of Projects
Risk Management Process
Risk Id
Risk Assessment
Risk Evaluation
Cost Risk
Monte-Carlo Simulation
Management Reserve and Contingency
Risk Management by Procurement
Examples of Contracts to Manage Risk
Learning Objectives
Define Project Risk and identify stages of project risk management
Understand Risk Response Strategy Selection process using risk matrix
Identify characteristics of procurement routes and map risk allocation amongst project stakeholders
Appreciate a more risk informed procurement route selection
What makes project management a risky business
Organisations take risks to compete through projects making projects risky
Indeed risk appetite is the term used to describe the amount of risk an organisation is willing to take
And risk tolerance is the amount of risk an organisation can absorb
Risk is an important subject in APM BoK7 and PMBoK Guide (Chapter 11)
Institute of risk management; the Orange Book from the UK Gov
Communication between stakeholders in the project, suppliers and customer
VUCA (Volatility Uncertainty Complexity Ambiguity) environment
Risks in Projects
https://www.pmi.org/learning/library/top-50-projects-sydney-opera-house-11757
Lack of process and
Large budget over run
Safety regulations
O Ring
Safety disaster
Case: impact of culture on risk
The Nimrod Accident
Case: the conspiracy of optimism
Optimism bias is a known phenomenon which has been described as a psychological factor in estimators. In the defence industry it is recognised there is political pressure for projects to deliver more and cost less.
Activity: What projects do you know failed?
What projects do you know from your own experience which failed in some way and how did they fail? For example “Potters Bar safety disaster”
Definition of Risk and Uncertainty
Before ISO 31000 a working definition of risk was an event that may or may not happen
Uncertainty is variation in something that has happened
For example a machine breakdown may or may not happen
Schedule delay is variation in the delay schedule in terms of time
Risk is defined as an uncertain event or set of circumstances, that should it occur, will have an effect on achievement of one or more objectives, by APM Body of Knowledge 2012
ISO 31000 (2018) definition of risk
ISO 31000 defines risk as the effect of uncertainty on project objectives
Note 1 to entry: an effect is a deviation from the expected. It can be positive, negative or both, and can address, create or result in opportunities and threats
Note 2 to entry: Objectives can have different aspects and categories, and can be applied at different levels
Note 3 to entry: Risk is usually expressed in terms of risk sources, potential events, their consequences and their likelihood
Project objectives are influenced by the iron triangle and trade-off space between cost, quality and time
This means that cost risk, schedule risk and quality risk and performance risk are upfront considerations in project management
The concepts of risk and uncertainty are at the centre of the ISO 31000 definition
Lets consider this example from the Astute submarine project and BAE Systems where uncertainty and risk is defined by them for this particular company and project context
10
The Astute Opportunity and Risk System Structure
This diagram shows the relationship between risk and objectives
Source: Fearson et al 2001
This is an advanced process map
However it is not that, that we are interested in,
Only to show how a risk event has affected
The project objectives
11
Journey to Work Scenario
Journey to university simple network diagram of activities
We will use a cost risk methodology and Monte-Carlo Simulation to estimate the journey time
Leave the House
Front Door to
Transport
Method of Transport
Arrive at University
Walk to Lecture Theatre
Star Wars Film Scenario
We are a Special Effects Supplier to Star Wars. We have specialist technology and software and labour able to deliver special effects deliverables
This is a deliberate open question
Definition of project risk
The project management institute defines project risk as: “an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives” (Pinto 2020)
The risk score is defined as probability multiplied by impact
Risk can be considered as having negative consequences and positive consequences
Positive impact is an opportunity with its own set of risk management terminology for management, for example exploit, or enhance
14
Consideration of Risk and Consequence
| <100% EVENT 100% PROBABILITY OF IMPACT i.e. uncertain event with definite impact | 100% probability of event 100% probability of impact This is described as a live issue which has certainly happened with certain consequence and has to be managed |
| <100% PROBABILITY OF EVENT <100% PROBABILITY OF IMPACT i.e. uncertain event with uncertain impact | 100% probability of event <100% probability of impact |
IMPACT
UNCERTAINTY
15
Academic types of uncertainty
Aleatory or random
Epistemic or lack of knowledge
Ambiguity can be one to many relationship
Vague concepts like warm weather for temperature
Project Context
Current Risk Management knowledge and methods and intellectual assets in the business
Organisation Cost Risk Policy, e.g. NASA
VUCA (Volatility Uncertainty Complexity Ambiguity)
PESTLE (Political Environmental Sociological Technological Legal Economic)
Environment in which the project takes place
Risk Management Definition
Risk analysis and risk management is a process that allows individual risk events and overall risk to be understood and managed proactively, optimising success by minimising threats and maximising opportunities and outcomes.
Source: APM BoK 7
Classic Risk Management Process
Communication
Did you know UK superstition was to predict the weather using seaweed
Risk Identification
Risk Assessment
Risk Evaluation
Risk Mitigation
Risk Control
Risk Identification
Use of Brain Storming in workshops with stakeholders
Risk Registers hold current and historical information about risk
Delphi method can be used to structure workshops to allow all opinions
Risks can be categorised into types of risks
Risk Breakdown Structures
Use of historical risk databases
Use of experts in panel discussions to jdentify risks is used in the civil aerospace sector
Activity: What are the risks?
For the Journey to work scenario?
Leave the House
Front Door to
Transport
Method of Transport
Arrive at University
Walk to Lecture Theatre
Activity: What are the uncertainties?
In the Journey to Work Scenario?
Leave the House
Front Door to
Transport
Method of Transport
Arrive at University
Walk to Lecture Theatre
Activity: What are the risks in the:
Star Wars Supplier scenario?
Definition of Risk Score
Risk has been defined as Probability multiplied by Impact
Probability and Impact can be measured qualitatively (assessment) or quantitatively (evaluation)
Risk multiplied by Impact can be quite crude and care must be taken with low probability and high impact or high probability and low impact risks
Types of Risk
Cost Risk
Safety Risk or Hazards
Schedule Risk
Business Risk
Operational Risk
Cash Flow Risk
Risk at different levels of the organisation
Project risk
Program risk
Portfolio risk
Risk siloing in organisation
Risk Breakdown Structures
Source: PMI
RBS types of
Risk example
Donald Rumsfelds
Unknown Unknowns or things we don’t know we don’t know
https://www.youtube.com/watch?v=GiPe1OiKQuk
There is interest in unknown unknowns as cost estimates are inherently
optimistic in not being able to predict everything in the future
Meteorite hitting a car
Risk Assessment Matrix
Probability
Impact
Rules related to Impact
What are the definitions of Low Medium and High Risk?
Low
Low
Medium
High
High
Medium
Activity: Assess your risks for journey to Uni
One of my risks could be a bicycle puncture
What is the qualitative assessment of this risk?
What level of probability?
What level of impact?
Bow Tie Diagram
Discussion: What are the definitions of Low Medium and High Risk?
Definitions of Low Medium and High are pre-defined by experts in the company in a look up table
What were your definitions of Low Medium and High?
Activity: What was your Low Impact definition for journey to Uni?
Risk Assessment and Risk Criteria Examples
Source: Blackwell 2020
33
Risk Response Planning
Risk Acceptance
Risk Reduction
Risk Transference
Risk Avoidance
Being Injured by Meeting a Bear in the Forest
Risk Avoidance is to walk around the forest
Risk Transference is to send someone else into the forest
Risk reduction is to get a big stick and a motorised scooter
Risk acceptance, okay then Mr Bear its just a scratch
Activity: How do you mitigate the tyre puncture?
Classify Risk Mitigation for these?
Risk Register
When a risk happens then there are secondary risk caused by the risk happening. These ripple through the project plan.
The risk mitigation strategy is the way the risk will be managed and adjusts the project plan
The risk score for the mitigated risk is different from the initial risk evaluation and is called the residual risk
Anticipated risks or known risks have contingency plans developed for them leading to a specific risk management budget for these plans.
Risk Proximity is when in the project life cycle the risk is anticipated to happen
Risk Register
| Risk Id | Risk Owner | Risk Score | Mitigation | Residual Risk | Contingency Plan and Budget | Risk Proximity |
Case: Hiding information
Mistakes are not something project teams want to own up to. In industry it can be the case that project teams will bias information given during data collection to smooth over mistakes, or hide mistakes completely
Cost Uncertainty
Three point estimating and cost uncertainty distributions
Probability
Cost
Optimistic
Pessimistic
Most Likely
Cost Uncertainty Distributions
Source: NASA CEH
Cumulative Density Function
Source: NASA CEH
Simple Monte-Carlo Model
Equation is (Amount of Labour multiplied by Labour Rate) plus (Amount of Material multiplied by Material Cost Rate) is equal to cost
Probability
Cost
Optimistic
Pessimistic
Most Likely
Probability
Cost
Optimistic
Pessimistic
Most Likely
Probability
Cost
Optimistic
Pessimistic
Most Likely
Probability
Cost
Optimistic
Pessimistic
Most Likely
X
X
Plus
(
(
)
)
=
Treat discrete risks as a separate consideration to the uncertainty in the distributions
Bad Weather
Materials Lost in a Fire
Crane breaks down
Monte-Carlo Model Demo
Using NSF excel model or @Risk
The Cost Risk distribution is the output of Monte-Carlo
Negotiation takes place around the percentiles
Palisade @Risk
Time to University Model
Output for Time to Uni
Lets negotiate about when the lecture starts
Lets negotiate about when the lecture starts 80 percent chance won’t exceed 59 minutes Contingency is about 9 minutes
30% chance won’t exceed
80% chance won’t exceed
47 minutes
59 minutes
Lets Build a Model using @risk
Case: Output cost risk distribution being symmetric
One company paid for an expensive cost risk analysis only to be presented with a symmetric cost risk output distribution. Experienced risk consultants spotted straightaway that cost risk output is always skewed so that high cost has a higher probability because of low probability high impact risks
Advanced Modelling using Correlation
In advanced modelling then the correlation between the risks is considered.
The risk happening in the wing deliverable is correlated with the risk in the fuselage deliverable
Source: NASA CEH
Contingency
Contingency can be calculated as the difference between the 80th percentile and 50th percentile. This is for anticipated risks.
Another method is to multiply the cost by a percentage, for example 15% of the cost as contingency
Unanticipated risks are covered by a pot of money called the management reserve
Cost
Cost plus contingency
Cost plus contingency plus management reserve
Example Contracts
Fixed Price
Cost Plus
Target Cost Framework
Joint Ventures
Case: The Saturn V Rocket
The astronauts of the Saturn V rocket going to the moon took note that they were sat on top of a rocket delivered by contractors on Fixed Price contracts!
Project Alliances
Schedule of Rates
Bill of Quantities
BOOT / DEBFO
(Build, own, operate, transfer / design, build, finance, operate arrangements
Fixed Price Contracts
Activity schedule
Lump sums
Milestone Payments
Frameworks
Strategic Outsourcing
Target Cost Contract
Management Contract
Cost reimbursable
Fee-based arrangements
Joint
Venture
Companies
Uncertainty and Complexity
Time Scale
1 Year
2 Year
5 Year
25 Year
Source: APM BoK 2019
Different forms of contracting
Interesting Background Reading
Pinto, J.K. (2020). Project management : achieving competitive advantage. Fifth edition, Global edition. Harlow, England: Pearson. Chapter in risk
Association of Project Management APM BoK 7 on risk
NASA Cost Risk Methodology in Appendix G of the NASA Cost Estimating Handbook of 2020 ( https://www.nasa.gov/offices/ocfo/nasa-cost-estimating-handbook-ceh)
Project Risk Analysis and Management (PRAM) guide APM
Project Management Institute PMI Body of Knowledge chapter on risk BoK
Parekh, S., Roy, R. and Baguley, P., 2008, May. Uncertainty in Cost Estimation at the Bid Stage: An Introductory Industry Review. In Cranfield Multi-Strand Conference: Creating Wealth Through Research and Innovation (Vol. 6, p. 216).
