Irm801 1 Introduction

University of Pretoria February 2013

IRM 801 1.1

1. Introduction to Project Risk Management

1.1 The need for project risk management

1.2 What is risk?

1.3 Risk concepts

1.4 What is risk management?

1.5 Risk models

1.6 Risk classification

1.7 Risk and life cycles

1.8 The bigger picture

1.9 Corporate Governance

1.10 Black Swans

1.11 Case studies

Jan-13 Slide 1 of 37

1.1 The Need for Risk Management

Jan-13

If something can go wrong,

it will go wrong!

Risk Management is about trying to prevent‘things’ from going wrong, or to reduce the

impact if 'things' do go wrong

Every project is risky! There is a chance that things won't go according to plan

(Murphy’s law, www.murphy.com)

Slide 2 of 37


IRM 801 1.2

System and Project Failures

� Many system/project 'failures‘ have occurred in the last century, e.g.� Tower of Pisa (~ 1200)

� Titanic (1912)

� Hindenburg (1937)

� LAMP Project (1997)

� Inyaka Bridge (1998)

� Millennium Bridge (2000)

� Centurion Mall (2004)

� Airbus A380 (2006)

� Heathrow Terminal 5 (2009)

� These failures had severe consequences for companies, projects and governments


The Need for Risk Management

� Companies are under increased pressure to deliver projects on time, on budget, and with satisfactory technical performance

� The outcomes of projects are a function of many parameters or variables

� Some variables can be controlled, others can't

� Risk cannot be eliminated, only reduced through effective risk management

� Two factors have a large influence on project risk, i.e. the uniqueness of the project, and the experience of the team



IRM 801 1.3

Experience of the Project Team

� In the movie, "Armageddon", an asteroid, which is on a collision course with the earth, must be blown to fragments to prevent earth destruction

� NASA decides to land a team of 'astronauts' on the asteroid, drill a hole, place a nuclear bomb, leave the asteroid, and detonate the bomb at a safe distance

� The project manager turned down the astronauts offered, and selected drillers from an oil rig to reduce the risk, based on their experience on drilling projects


1.2 Definitions of Risk

� Risk

� “Effect of uncertainty on objectives” (ISO 31000, 2009)

� "A measure of the probability and severity of adverse effects" (Haimes, 1998)

� 'A chance or possibility of danger, loss, injury, or other adverse consequences‘

� Project Risk

� "The cumulative effect of the probability of uncertain occurrences that may positively or negatively affect project objectives" (Pritchard, 2001)

� "An uncertain event or condition that, if it occurs, has a positive or negative effect on a project objective"(PMBoK, 2000)



IRM 801 1.4

1.3 Risk Concepts

� Risk depends on the perceptions of an individual or team

� Risk comprises 3 elements

� The risk event

� The probability of occurrence of the event

� The consequence should the event occur

� The Risk Value can be represented on a 2-D grid of probability (P) and consequence (C)

� Risk or Risk Value should be interpreted carefully!


Probability-Consequence Grid

Jan-13

Consequence

Pro

ba

bili

ty

Medium

Risk

Low

Risk

High

Risk

Increasing Risk

Medium

Risk?

Slide 8 of 37


IRM 801 1.5

Example: Risk Interpretation

Jan-13

Risk of Death(Air travel)

Risk of LosingMoney(Lottery)

Low probability buthigh consequence

High probability butlow consequence

Slide 9 of 37

Risk Interpretation

� Risk is part of our daily lives

� Everyone is confronted with risk and must learn to cope with it, e.g.

� purchasing some asset (house, car, computer, etc.)

� driving a car

� traveling overseas (plane crash, theft, SARS, etc.)

� investing money (shares, unit trusts, policy, etc.)

� Living in a house/flat

� Humans are gradually exposed to risk(s) as they grow up



IRM 801 1.6

Risk Interpretation

� People cope with risk through conscious and subconscious actions, e.g.

� making a career change

� braking to avoid a car accident

� People are willing to pay money to manage (reduce or transfer) risks, e.g.

� life/ health/ property insurance

� burglar alarm

� air bags and seatbelts in cars

� Risk management is about balancing risk and reward


1.4 What is Risk Management?

� Definitions

� 'An organized method for identifying and measuring risk and for selecting and developing options for handling risk' (Blanchard)

� 'The process of assessing risk, planning for it and reacting to it by developing documents and procedures that reduce risks, and by developing and nurturing experienced and skilled staff'(Camm)

� 'The activity of identifying and controlling undesired project outcomes proactively' (Smith & Merritt)



IRM 801 1.7

What is Risk Management? (Borge)

Jan-13(Refer Borge, Ch 1, for detailed discussion)

� "Risk management is a way to gain more power over events that can change one's life"

� "Good risk management can mean the difference between wealth and poverty, success and failure"

� "The experts can help you, but you cannot escape the responsibility of being the chief risk manager of your own life"

� "Risk management is not a magic formula that will always give the right answer; it’s a way of thinking that will give better answers to better questions"

� "The purpose of risk management is to improve the future, not to explain the past"

Slide 13 of 37

What is Risk (Smith & Merritt)

Jan-13

� Example of project risks� Risk management and product development� What is a risk?

� Uncertainty� Loss� Time Component

� Why companies fail in managing risk� The antithesis of risk management: Firefighting� How much risk management?� Risk as an ally� Attitudes toward risk

(Refer Smith & Merritt, Chapter 1)Slide 14 of 37


IRM 801 1.8

1.5 Risk Models

� Smith & Merritt defined a number of risk models

� Standard Risk Model

� Simple Risk Model

� Cascade Risk Model

� Ishikawa Risk Model

� Each model has certain benefits, as well as disadvantages

� The Standard Risk Model is preferred, but the simple risk model is adequate for most uses

Jan-13

(Refer Smith & Merritt, Chapter 2)

Slide 15 of 37

1.6 Classification of Risk

� Project risks are frequently classified to enable more effective management of the risks

� Different classification schemes are used

� The most important categories of risk derive from the 3 main project objectives, i.e.

� Technical

� Cost

� Schedule

� Another category, Programmatic risk, is also used by many authors



IRM 801 1.9

Some Technical Risk Sources

� System complexity

� Unproven technology

� Design problems and errors

� Construction mistakes

� Operating environment

� Material properties

� Evaluation/measurement problems

� Case Study: Tacoma Narrows Bridge Collapse

� Case Study: Challenger Shuttle Explosion


Programmatic Risk Sources

� Requirement changes

� Personnel availability and skills

� Change in priorities

� Delays in decision making

� Contractor stability

� Contractual problems

� Communication problems

� Lack of management support

� Inadequate equipment/facilities



IRM 801 1.10

Cost Risk Sources

� Unrealistic estimate or budget

� Exchange rate fluctuation

� Inflation

� Changes in legislation or regulations

� Inadequate cost reporting

� Test & evaluation failure

� Strikes for wage increases

� Changes in import duties

� Sensitivity to technical, schedule & program risk


Schedule Risk Sources

� Unrealistic task duration estimates

� Unforeseen activities

� Degree of concurrency

� Inadequate progress reporting

� Delays in decision making

� Multiple critical paths

� Logistic delays

� Late delivery from international suppliers

� Sensitivity to technical, cost & program risk



IRM 801 1.11

1.7 Risk and Life Cycles

Jan-13

Time

Example of a System Life Cycle

Design/Development

Construction/Manufacture

Operation/Maintenance

Phase-out

Determineneed

Conceptexploration

Detaildesign

Projectimplementation

Close-out Support

Example of a Project Life Cycle

Slide 21 of 37

Risk Trend in the Life Cycle

Jan-13

To

tal R

isk

Deficiency in one phase may influence the next phase, e.g.

• Poor design can influence construction or manufacture

• Poor construction can influence operation (low reliability)

Determineneed

Conceptexploration

Detaildesign

Projectimplementation

Slide 22 of 37


IRM 801 1.12

1.8 The Bigger Picture

Jan-13

Different views prevail on where project risk

management fits in

PRM

PM

PRM

PM

PRM

PM

(Source: Grey, 1995)

Slide 23 of 37

PRM and Project Management

� Project risk management can be seen as just good project management

� Risk management is everyone’s responsibility, but deserves special attention (like 'quality')

� Projects need a systematic approach to identify and manage threats - risk management

� A proactive approach is necessary - intuition not enough

� Attention should be given to risk before and during project - too late to add on when problems arise



IRM 801 1.13

RM, PM and PRM

Jan-13

Project Management (PM)

Financial

risk

Security

risk

Health

riskEnvironment

risk

Safety

risk

Risk Management (RM)

PRM

HRM

Quality

manage.

Procurement

manage.

Cost

manage.

Slide 25 of 37

1.9 Corporate Governance

� The King Report on Corporate Governance was published in 1994 and this was followed by the King II report in 2000

� Risk management is also addressed in this report

Jan-13

“Corporate governance is concerned with holding the balance between economic and social goals and between individual and communal goals…the aim is to align as nearly as possible the

interests of individuals, corporations and society”

(Source: Sir Adrian Cadbury, 1999, Corporate Governance Overview, World Bank Report)

Slide 26 of 37


IRM 801 1.14

The King II Report

� 3.1.1 The board is responsible for the total process of risk management, as well as for forming its own opinion on the effectiveness of the process. Management is accountable to the board for designing, implementing and monitoring the process of risk management and integrating it into the day-to-day activities of the company.

� 3.1.2 The board should set the risk strategy policies in liaison with the executive directors and senior management. These policies should be clearly communicated to all employees to ensure that the risk strategy is incorporated into the language and culture of the company.


The King II Report

� 3.1.3 The board must decide the company’s appetite or tolerance for risk – those risks it will take and those it will not take in the pursuit of its goals and objectives. The board has the responsibility to ensure that the company has implemented an effective ongoing process to identify risk, to measure its potential impact against a broad set of assumptions, and then to activate what is necessary to proactively manage these risks.



IRM 801 1.15

King II Report

� 3.1.5 The board is responsible for ensuring that a systematic, documented assessment of the processes and outcomes surrounding key risks is undertaken, at least annually, for the purpose of making its public statement on risk management. This risk assessment should address the company’s exposure to at least the following:

� physical and operational risks;

� human resource risks;

� technology risks;

� business continuity and disaster recovery;

� credit and market risks; and

� compliance risks


1.10 Black Swans

� A Black Swan event is an event with the following three attributes:

� It is an outlier, as it lies outside the realm of regular expectations, because nothing in the past can convincingly point to its possibility

� It has an extreme impact or consequence

� Human nature makes us concoct explanations for its occurrence after the fact, making it explainable and predictable

� A small number of Black Swans explain almost everything in our world

Jan-13

(Source: Nassim Taleb, The Black Swan, 2007)Slide 30 of 37


IRM 801 1.16

Examples of Black Swans

� The rise of Hitler and World War II

� 9/11 events in the USA in 2001

� Sinking of the Titanic in 1912

� Earthquake and tsunami in Indonesia in 2004

� Japan earthquake and tsunami in March 2011

� Great world depression in 1930's

� Discovery of penicillin in 1940's

� Invention of the transistor and IC in 1947

� Spread of the Internet in 1990's

� Diffusion of mobile phones across the worldJan-13 Slide 31 of 37

Worst Floods in History

Jan-13

0

100000

200000

300000

400000

500000

600000

700000

800000

900000

1000000

Yellow River, China

North China

Kaifeng, China

UK & Netherlands

Netherlands

Russia

Netherlands

Mekong Delta, South Vietnam

Manchuria

Foochow, China

Fatalities

Slide 32 of 37


IRM 801 1.17

Worst Earthquakes in History

Jan-13

0

100000

200000

300000

400000

500000

600000

700000

800000

900000

China

China

Syria

Sumatra Ira

nChina Ira

n

Japan

Turkmenistan

China

Pakistan

Shemakha Ira

nItaly

Peru

Portugal

Italy

Silicia

Iran

Italy

Fatalities

Slide 33 of 37

1.11 Case Studies: DoD Acquisition

� Extensive study of major defense systems acquisition programs in the USA was done during 1989/90

� Major systems acquisition budget > $130 billion per year (in 1980’s)

� Blue-Ribbon presidential commissions were appointed

� Packard Commission published their report in 1986



IRM 801 1.18

Findings of Packard Commission

� Results of investigations� Severe cost overruns of 50-

300% occurred

� Schedule slippage of 20-100% experienced

� Performance shortfalls 0-20%

� Severe shortfall in overall project performance

� Project risk management was adequately addressed

� High-level recommendations were made


North Sea Oil Projects

� The UK made major investments in North Sea oil projects in 1970's

� Investigation revealed that severe cost overruns occurred on many projects, e.g.� 20% of North Sea fields up to

200% overrun

� 30% of North Sea fields up to 100% overrun

� 50% of North Sea fields up to 50% overrun



IRM 801 1.19

The Sydney Opera House

Jan-13

Budget: A$ 7 million

Actual: A$ 102 million

Schedule: 4 years

Actual: 14 years

In 1965 the new government

and premier called the

project "the most stupendous

financial bungle ever"

Slide 37 of 37

Irm801 1 Introduction

Documents

Transcript of Irm801 1 Introduction