RISK MANAGEMENTRISK MANAGEMENTAn OverviewAn Overview

DOE Order 413.3 & DOE Risk Management DOE Order 413.3 & DOE Risk Management Practices Guide CompliancePractices Guide Compliance

Presented ByDavid Rhodes

Mike StauffenbergENPRO Consulting, Inc.

Presented toThe East Tennessee Section

American Association of Cost EngineersJanuary 27, 2003

2

“Risk comes from not knowingwhat you are doing”

Warren Buffet (1930 - )

Risk Risk ManagementManagement

An IntroductionAn Introduction

4

RiskRiskIt’s Everywhere!It’s Everywhere!

Flying versus driving – which is safer?Flying versus driving – which is safer? Cancer risk – lifestyle to reduce cancer, other health risks?Cancer risk – lifestyle to reduce cancer, other health risks? Insurance (life, disability, auto, workers compensation, liability) – Insurance (life, disability, auto, workers compensation, liability) –

charge based on the potential for loss or riskcharge based on the potential for loss or risk Investment – riskier investments generally have higher returnsInvestment – riskier investments generally have higher returns Credit – whether you get a loan (personal or business) is based on Credit – whether you get a loan (personal or business) is based on

the risk of loss (ability to pay)the risk of loss (ability to pay) Probabilistic Risk Assessments – human health and Probabilistic Risk Assessments – human health and

environmental risk and safety assessments – Toxicology & Risk environmental risk and safety assessments – Toxicology & Risk Analysis Section – ORNLAnalysis Section – ORNL

Focus – Programmatic Risk Management and technical, cost, and Focus – Programmatic Risk Management and technical, cost, and schedule risk analysis, applies to large, complex capital projectsschedule risk analysis, applies to large, complex capital projects

"Our real risk is not that the market may go down tomorrow. Our real risk is "Our real risk is not that the market may go down tomorrow. Our real risk is that our dollars won't buy what we need to buy when we are older or disabled."that our dollars won't buy what we need to buy when we are older or disabled."

5

““Cleanup Costs Keep Rising”Cleanup Costs Keep Rising”Knoxville News SentinelKnoxville News Sentinel Front PageFront Page ArticleArticle

January 27, 2003January 27, 2003

K-25/K-27 Project Quotes:K-25/K-27 Project Quotes: The Company (BNFL) can not afford the The Company (BNFL) can not afford the financial riskfinancial risk on on

another project with so much uncertainty.another project with so much uncertainty.

John Christian, BNFLJohn Christian, BNFL With the With the risksrisks associated with these procurements, I think associated with these procurements, I think

bidders are going to take a hard look at the BNFL bidders are going to take a hard look at the BNFL experience.experience.

Jenny Freeman, ETEBAJenny Freeman, ETEBA Contaminated facilities will be well characterized and Contaminated facilities will be well characterized and

cleanup tasks will be well defined in the work plan. That cleanup tasks will be well defined in the work plan. That will reduce will reduce risksrisks to would be contractors. to would be contractors.

Steve Leidle, Bechtel-JacobsSteve Leidle, Bechtel-Jacobs There are There are risksrisks (K-25/K-27), we’ll have to assess those (K-25/K-27), we’ll have to assess those risksrisks

Jim Hall, WGIJim Hall, WGI

6

Why Risk Management?Why Risk Management?A Brief HistoryA Brief History

Nuclear power plant design/construction (1970 – 1980)Nuclear power plant design/construction (1970 – 1980)– Plagued by cost and schedule overruns (100% - 500%)Plagued by cost and schedule overruns (100% - 500%)– Monte Carlo methods for analyzing three variables for cost estimates only, Monte Carlo methods for analyzing three variables for cost estimates only,

emphasis on analysis, not managementemphasis on analysis, not management– Output used for developing contingency and reserves (better than a flat %, Output used for developing contingency and reserves (better than a flat %,

quantitatively based)quantitatively based)– GERTS – branching, conditional loops, decision trees (network based)GERTS – branching, conditional loops, decision trees (network based)

DoD – develops/practices state of the art (1980 – Present)DoD – develops/practices state of the art (1980 – Present)– Driven by massive acquisition of weapons systems of the 1980’sDriven by massive acquisition of weapons systems of the 1980’s– Pentagon brass continuously returning to the Pentagon brass continuously returning to the “Hill”“Hill” for more funding for more funding– 1986, GAO released 1986, GAO released “Technical Risk Assessment: The Status of Current “Technical Risk Assessment: The Status of Current

DoD efforts” DoD efforts” (bellweather report on risk management)(bellweather report on risk management)– Department of the Army (DOA) wrote first risk regulations in mid 1980’s, Department of the Army (DOA) wrote first risk regulations in mid 1980’s,

DoD policy, regulation, practices, and education continue to be DoD policy, regulation, practices, and education continue to be emphasized and followed by all DoD servicesemphasized and followed by all DoD services

Risk Management was developed from necessity, to manage Risk Management was developed from necessity, to manage (reduce) technical risk and cost/schedule overruns(reduce) technical risk and cost/schedule overruns

7

Risk Management DefinedRisk Management Defined3 Similar Perspectives3 Similar Perspectives

DOE (Risk Management Practices Guide):– RM (Risk Management) process applied over project life cycle– Enhance project success, increasing likelihood of project performance.

Decrease likelihood of cost overruns, schedule delays, compromises in quality and safety

DOD (Risk Management Guide for DOD Acquisition, 5th Edition):– RM – art/science of planning, assessing, and handling future events, ensure

favorable outcomes– Outcomes – favorable or unfavorable– RM alternative – Crisis management – limited options

PMI: (PMBOK, 2000 Edition)– RM – systematic process of identifying, analyzing, and responding to project

risk– Maximizing the probability and consequences of positive events and

minimizing probability and consequences of adverse events to project objectives

8

Compliance = MandatoryCompliance = MandatoryNot Voluntary!Not Voluntary!

OMBOMB– Circular A-109 – Major Circular A-109 – Major

System AcquisitionsSystem Acquisitions DOEDOE

– DOE Policy 413.1DOE Policy 413.1– DOE Order 413.3 DOE Order 413.3

Program/Project Program/Project Management for Management for Acquisition of Capital Acquisition of Capital AssetsAssets

– DOE PM Practices, DOE PM Practices, Chapter 8 – Risk Chapter 8 – Risk ManagementManagement

DoDDoD– DoDD 5000.1 – The DoDD 5000.1 – The

Defense Acquisition Defense Acquisition SystemSystem

– DoD 5000.2 – R – DoD 5000.2 – R – Mandatory Procedures for Mandatory Procedures for Defense Acquisition Defense Acquisition ProgramsPrograms

– Defense Acquisition Defense Acquisition DeskbookDeskbook

– Risk Management Guide Risk Management Guide for DoD Acquisition (5for DoD Acquisition (5thth edition)edition)

9

DOE Order 413.3 Requirements:DOE Order 413.3 Requirements:Implementing Risk ManagementImplementing Risk Management

During the Acquisition ProcessDuring the Acquisition Process– Risk identification and analysis must be performedRisk identification and analysis must be performed– Risks must be identified, analyzed, and determined to be Risks must be identified, analyzed, and determined to be

eliminated, mitigated, or manageable throughout project life eliminated, mitigated, or manageable throughout project life cycle (at each Critical Decision Point or CD)cycle (at each Critical Decision Point or CD)

– Component of Acquisition Plan. Prepared by:Component of Acquisition Plan. Prepared by: DOE Responsibility – DOE AwardDOE Responsibility – DOE Award DOE Primes Responsibility – Prime Awards (BWXT, UT/Batelle, DOE Primes Responsibility – Prime Awards (BWXT, UT/Batelle,

Bechtel-Jacobs, ORISE)Bechtel-Jacobs, ORISE) During Project Execution - Project Execution Plan (PEP)During Project Execution - Project Execution Plan (PEP)

– Risk Management PlanRisk Management Plan DOE Prime Contractors project management systems must:DOE Prime Contractors project management systems must:

– Identify, quantify, and mitigate project technical, cost and Identify, quantify, and mitigate project technical, cost and schedule risksschedule risks

– Risk mitigation strategies must be developed and implementedRisk mitigation strategies must be developed and implemented– TPC > $20M, must have a ANSI EIA-748 compliant Earned Value TPC > $20M, must have a ANSI EIA-748 compliant Earned Value

Management System (EVMS)Management System (EVMS)

10

Risk TerminologyRisk Terminology Assessable ElementsAssessable Elements – discrete entities against which a risk – discrete entities against which a risk

analysis can be performed (typically activity or work package level)analysis can be performed (typically activity or work package level) Monte CarloMonte Carlo - O - Outcomes of events determined by selecting random utcomes of events determined by selecting random

numbers subject to defined probabilities. Done on an iterative basis numbers subject to defined probabilities. Done on an iterative basis to determine statistical likelihoodto determine statistical likelihood

Risk Handling/MitigationRisk Handling/Mitigation - A strategy that decreases risk by lowering - A strategy that decreases risk by lowering the probability of a risk event’s occurrence or reducing the effect of the probability of a risk event’s occurrence or reducing the effect of the risk should it occur the risk should it occur

Probability DistributionProbability Distribution - A curve that shows all the values that the - A curve that shows all the values that therandom variable can take and the likelihood that each will occur random variable can take and the likelihood that each will occur

ContingencyContingency - The amount budgeted to cover costs that may result - The amount budgeted to cover costs that may result from incomplete design, unforeseen and unpredictable conditions, from incomplete design, unforeseen and unpredictable conditions, or uncertainties. The amount of the contingency is a risk-based or uncertainties. The amount of the contingency is a risk-based calculation. Based on known scope.calculation. Based on known scope.

RMPRMP – Risk Management Plan – Risk Management Plan Risk Level MatrixRisk Level Matrix – assigning qualitative values to event probability – assigning qualitative values to event probability

and consequences used to determine a quantitative risk factor and consequences used to determine a quantitative risk factor T&PRAT&PRA – Technical and Programmatic Risk Analysis – Technical and Programmatic Risk Analysis TPCTPC – Total Project Cost – Total Project Cost

11

Types of RisksTypes of Risks DOE risks categorized:DOE risks categorized:

– Technical Technical SafetySafety Environment Environment DispositionDisposition Support Support ProcurementProcurement

– ProgrammaticProgrammatic– CostCost– ScheduleSchedule

Technical Risk – impacts of developing a new design or Technical Risk – impacts of developing a new design or approachapproach

Programmatic Risk – disruptions affecting project Programmatic Risk – disruptions affecting project direction, outside the manager’s controldirection, outside the manager’s control

Cost & Schedule Risk – different and uniqueCost & Schedule Risk – different and unique– Indicators of project statusIndicators of project status– Other risks eventually result in cost and schedule risksOther risks eventually result in cost and schedule risks

Risk Risk ManagementManagement

Based on 413.3 & Based on 413.3 & DOE PM PracticesDOE PM Practices

13

Risk Management Process Risk Management Process ElementsElements

Risk Risk Management Management

PlanningPlanning

Risk Risk IdentificationIdentification

Risk Risk QuantificationQuantification

Risk Risk HandlingHandling

RiskRiskImpact Impact

DeterminationDetermination

Risk ReportingRisk ReportingAnd TrackingAnd Tracking

Risk Risk Management Management

14

Risk Management PlanningRisk Management PlanningScreening ProcessScreening Process

Does the project have potential for risk (scope, schedule, cost)?Does the project have potential for risk (scope, schedule, cost)? Establish the need for (and level) of Project Control and Risk Establish the need for (and level) of Project Control and Risk

ManagementManagement Project Risk Screening Process – Need for Project Controls?Project Risk Screening Process – Need for Project Controls?

– Done firstDone first– Establish Project Risk Screening CriteriaEstablish Project Risk Screening Criteria– ““Yes”Yes” response to potential for risk (any criteria) – Project Controls response to potential for risk (any criteria) – Project Controls

requiredrequired– Example Criteria (TPC > $4M, schedule uncertainty, long lead Example Criteria (TPC > $4M, schedule uncertainty, long lead

procurement items, multiple project/contractor interfaces, political procurement items, multiple project/contractor interfaces, political visibility, etc.)visibility, etc.)

Technical Risk Screening Process – Need for Risk Analysis?Technical Risk Screening Process – Need for Risk Analysis?– Establish Technical Risk Screening CriteriaEstablish Technical Risk Screening Criteria– ““Yes”Yes” response to potential for risk (any criteria) – Risk Analysis response to potential for risk (any criteria) – Risk Analysis

requiredrequired– Example Criteria (new technology, criticality potential, undefined Example Criteria (new technology, criticality potential, undefined

disposal methods, Cat. 1 nuclear material, complex design, etc.)disposal methods, Cat. 1 nuclear material, complex design, etc.)

15

Risk Management PlanningRisk Management PlanningRisk Management PlanRisk Management Plan

Documents strategies and procedures used to manage Documents strategies and procedures used to manage project riskproject risk

Developed during/as part of the PEP – section of your PEPDeveloped during/as part of the PEP – section of your PEP Living document, under Configuration ManagementLiving document, under Configuration Management Outline:Outline:

– IntroductionIntroduction– ActivityActivity– Risk Management Process ExecutionRisk Management Process Execution– ReferencesReferences– AppendicesAppendices

Reviewed/revised at CD points (413.3) and at least annuallyReviewed/revised at CD points (413.3) and at least annually Project Manager, with team personnel, are responsible for Project Manager, with team personnel, are responsible for

development and project team buy in development and project team buy in

16

Risk IdentificationRisk Identification Determines:Determines:

– Which events/activities are likely to affect the project (+ or -)Which events/activities are likely to affect the project (+ or -)– Documenting the activity impact (why is it a risk?)Documenting the activity impact (why is it a risk?)

Inputs:Inputs:– Activity or project descriptions (scope statements)Activity or project descriptions (scope statements)– Project Planning Documents (WBS, estimates, procurement plans)Project Planning Documents (WBS, estimates, procurement plans)– Historical Files (project files, experience, estimates, lessons learned)Historical Files (project files, experience, estimates, lessons learned)

Process Process – Skill/experience of project personnel, subject matter experts (SME’s), Skill/experience of project personnel, subject matter experts (SME’s),

and subcontractorsand subcontractors– Performed at lowest Performed at lowest assessable elementassessable element level in the project level in the project– Methods:Methods:

Risk Source Checklists/Category ListsRisk Source Checklists/Category Lists Process Flow ChartsProcess Flow Charts Risk/Activity TemplatesRisk/Activity Templates SME InterviewsSME Interviews Team BrainstormingTeam Brainstorming

Results – Risk Statements with corresponding basis. Transferred Results – Risk Statements with corresponding basis. Transferred to Risk Assessment Formto Risk Assessment Form

17

Risk QuantificationRisk Quantification

Definition interchangeable with Risk AnalysisDefinition interchangeable with Risk Analysis Determining Determining Probability of OccurrenceProbability of Occurrence, assessing the , assessing the

ConsequencesConsequences, and combining both to identify a , and combining both to identify a Risk LevelRisk Level Qualitative methodQualitative method

– Risk Level - Relative risk to the project Risk Level - Relative risk to the project (Low, Moderate, or High)(Low, Moderate, or High)– Uses Risk Level MatrixUses Risk Level Matrix

Quantitative methodsQuantitative methods– RF = (P X C), where,RF = (P X C), where,

RF = Risk FactorRF = Risk Factor

P = Probability of OccurrenceP = Probability of Occurrence

C = Consequence of OccurrenceC = Consequence of Occurrence– Other Quantitative MethodsOther Quantitative Methods

Expected monetary valueExpected monetary value Expert JudgmentExpert Judgment Simulation (Monte Carlo, discuss later))Simulation (Monte Carlo, discuss later)) Decision TreesDecision Trees

18

Risk ProbabilitiesRisk ProbabilitiesQuantitative & QualitativeQuantitative & Qualitative

19

Risk ConsequencesRisk ConsequencesQuantitative & QualitativeQuantitative & Qualitative

20

1.2 – Specialized Experience Risks Risk Rating Rationale 1.2.1 – Strategic Planning risk 1.2.2 – Specialty Technology risk associated with Ranges, UXO, Fuel Systems, Geobase & Geospatial 1.2.3 – QA/QC process risk 1.2.4 – Privatization and outsourcing risk 1.2.5 –CERCLA/RCRA remediation projects risk 1.2.6 – Cost/Schedule/ Budget Analysis risk 1.2.7 – P2 Initiatives risk 1.2.8 – Environment compliance risk 1.2.9 – EIAP risk 1.2.10 – Urban and regional planning risk 1.2.11 –Natural & cultural resource risk 1.2.12 –Partnering, facilitating, & stakeholder risk 1.2.13 –International, federal, state, and local regulations risk 1.2.14 – Training risk

Schedule Risk - Team has selected subcontractors that greatly expand our capacity to provide specialized experience and great breadth of expertise across all vital skill requirements. Team has assembled a team of 5500 personnel worldwide covering a multitude of labor categories and experience levels providing redundancy across vital skill requirements. In addition there is additional redundancy (labor talent) across team partners providing an extra level of backup. Team has the national and international presence, capacity, experience, and reputations to swiftly fill any voids should they arise. Team partners have decades of experience in the technical areas required.

Residual Risk Quantification – Acquisition PhaseResidual Risk Quantification – Acquisition PhaseRisk Level Matrix – Contractor ExampleRisk Level Matrix – Contractor Example

Nearly Certain 5 M M H H H

Highly Likely

4 L M M H H

Likely 3 L M M H H

Unlikely 2 L L L M H

Remote 1 L L L L M

1 2 3 4 5Pro

ba

bil

ity

of

Fa

ilu

re

Consequence of Failure

21

Risk Mitigation Strategy – Acquisition Risk Mitigation Strategy – Acquisition PhasePhase

Contractor ExampleContractor Example Potential Proposal Risks Potential Proposal Risks (Risk Identification)(Risk Identification) Impacts on Schedule Impacts on Schedule (Risk Identification)(Risk Identification)

Failure to propose an executable and Failure to propose an executable and effective approach toeffective approach to acquire/ maintain acquire/ maintain specialized staff expertise to respond to specialized staff expertise to respond to client’s “Center of Expertise” Requirements client’s “Center of Expertise” Requirements (Specialized Experience Staffing Risk)(Specialized Experience Staffing Risk)

Schedule Risk – Failure to deliver specialized, Schedule Risk – Failure to deliver specialized, experienced resources by suspense dateexperienced resources by suspense date

Risk Handling – Reduce/Mitigate

We eliminated the potential for high risk and replaced it with low-risk solutions:

Solution: Bring a Team that has significant depth across the SOW to make certain all suspense dates are met with the right specialized resources

Solution: Provide a Global Team with personnel assets positioned globally near client customersSolution: Demonstrate, through existing personnel resumes, the Team’s depth and breadth of experience across SOW .Solution: Implement a resource acquisition process in advance of the proposal submission to identify local personnel

and team resources that will relocate

Risk Handling – Reduce/MitigateWe will manage schedule risk to reduce the likelihood of its occurrence and minimize its effect on the program by:

• Maintain resource commitment schedules to ensure an available resource pool• Maintain benefit programs and salaries necessary to attract and retain employees and minimize turnover

effect on schedules• Implement management systems used on similar task order contracts to guarantee specialized,

experience resources are applied to meet schedule

New Risks Introduced - None Risk Impact to other areas - None Approach Manageable - Yes

22

Risk HandlingRisk Handling

Identification of course of action (or inaction) to effectively Identification of course of action (or inaction) to effectively manage an identified riskmanage an identified risk

All identified risks shall be handledAll identified risks shall be handled Risk handling actions selected after quantifying probable Risk handling actions selected after quantifying probable

impact (balance risk with factors such as cost and impact (balance risk with factors such as cost and timeliness)timeliness)

Risk response generally falls into one of four major Risk response generally falls into one of four major categories:categories:– Reduce or MitigateReduce or Mitigate– AcceptAccept– AvoidAvoid– TransferTransfer

23

Risk Handling - ResponsesRisk Handling - Responses

24

Risk Impact DeterminationRisk Impact Determination

Process of evaluating and quantifying the effect of Process of evaluating and quantifying the effect of risks on the project:risks on the project:

Add Incremental cost/schedule impact of risk handling Add Incremental cost/schedule impact of risk handling implementations – into baselineimplementations – into baseline– Reduce/Mitigate Response activitiesReduce/Mitigate Response activities– Avoid and Transfer Response activitiesAvoid and Transfer Response activities

Analyze Residual Risk – cost and schedule risks analyzed Analyze Residual Risk – cost and schedule risks analyzed and included in project contingency (risks remaining after and included in project contingency (risks remaining after Risk Handling)Risk Handling)– Assign cost and schedule Probability Distributions to each Assign cost and schedule Probability Distributions to each

Residual Risk at the Residual Risk at the Assessable ElementAssessable Element (activity) level (activity) level– Sum individual activity Probability Distributions statistically Sum individual activity Probability Distributions statistically

through a Monte Carlo processthrough a Monte Carlo process– Generates Cumulative Project Level Probability Distribution Generates Cumulative Project Level Probability Distribution

Profiles for cost and scheduleProfiles for cost and schedule– Establish cost and schedule contingencies at selected Establish cost and schedule contingencies at selected

confidence levelsconfidence levels

25

Assign Probability DistributionsAssign Probability Distributions

Probability DistributionsProbability Distributionsare assigned to each are assigned to each Assessable ElementAssessable Element or or Activity Activity

Multiple Probability Multiple Probability Distributions can be Distributions can be assigned that best model assigned that best model the cost/schedulethe cost/schedulevariability of the activityvariability of the activity

26

Run a Monte Carlo Risk AnalysisRun a Monte Carlo Risk Analysis

The risk analysis tool will iterate through the project model (network or cost estimate) aThe risk analysis tool will iterate through the project model (network or cost estimate) aspecified number of simulations (recommend 500 – 5,000) and may (depending on the specified number of simulations (recommend 500 – 5,000) and may (depending on the capability of the risk tool) employ network based operations research techniques such capability of the risk tool) employ network based operations research techniques such as conditional loops and conditional branching to model actual project conditionsas conditional loops and conditional branching to model actual project conditions

27

Generates Cumulative Project Cost & Generates Cumulative Project Cost & Schedule Contingency ProfilesSchedule Contingency Profiles

Says the project has a 50% Confidence of being completed at $6.0M and a 80% Says the project has a 50% Confidence of being completed at $6.0M and a 80% Confidence of being completed at $7.4M. The Difference ($1.4M) is held in Confidence of being completed at $7.4M. The Difference ($1.4M) is held in Contingency and allocated by the Project Manager into the baseline as the projectContingency and allocated by the Project Manager into the baseline as the projectneed arises. The project is funded at 80% ($7.4M) and the Budget Baseline need arises. The project is funded at 80% ($7.4M) and the Budget Baseline or authorization) is at 50% (or $6.0M). or authorization) is at 50% (or $6.0M).

28

Risk Reporting & TrackingRisk Reporting & Tracking

Risk Reporting - Documentation of the the Risk Risk Reporting - Documentation of the the Risk Management Process activities in a Risk Analysis Report, a Management Process activities in a Risk Analysis Report, a subset of the Risk Management Plansubset of the Risk Management Plan

Risk Tracking:Risk Tracking:– Active monitoring Risk Handling activities, evaluate new risks, Active monitoring Risk Handling activities, evaluate new risks,

and re-evaluate previous risksand re-evaluate previous risks– Monitors:Monitors:

Schedule accomplishment – applied to Risk Handling activitiesSchedule accomplishment – applied to Risk Handling activities Cost status, performance and EVMS metricsCost status, performance and EVMS metrics Test results (risky program activities)Test results (risky program activities)

– Risk Management metrics and status should be reported Risk Management metrics and status should be reported within the normal project reporting cycle (monthly, quarterly, within the normal project reporting cycle (monthly, quarterly, annually, etc.)annually, etc.)

Risk Tracking and Reporting tools and process should be Risk Tracking and Reporting tools and process should be defined in the RMPdefined in the RMP

29

Risk ToolsRisk Tools

Tool NameTool Name PublisherPublisher Contact InformationContact Information

@Risk@Risk PalisadePalisade www.palisade.com/www.palisade.com/

COBRACOBRA WelcomWelcom www.welcom.com/www.welcom.com/

Crystal Ball*Crystal Ball* DecisioneeringDecisioneering www.decsioneering.com/www.decsioneering.com/

Monte Carlo*Monte Carlo* PrimaveraPrimavera www.enproconsulting.comwww.enproconsulting.com

Pertmaster Pertmaster ProfessionalProfessional

Pertmaster LimitedPertmaster Limited www.pertmaster.com/www.pertmaster.com/

Risk+Risk+ C/S SolutionsC/S Solutions www.cs-solutions.comwww.cs-solutions.com

RiskTrakRiskTrak Risk Services & Risk Services & TechnologyTechnology

www.risktrak.comwww.risktrak.com

RiskMatrixRiskMatrix U.S. GovernmentU.S. Government darcy.norton@hanscom.af.mildarcy.norton@hanscom.af.mil

* * Referenced in DOE PM Practices Guide – Chapter 8 – Risk ManagementReferenced in DOE PM Practices Guide – Chapter 8 – Risk Management

30

Risk ReferencesRisk ReferencesReferenceReference PublisherPublisherDOE PM Practices Guide – Chapter 8 – DOE PM Practices Guide – Chapter 8 – Risk ManagementRisk Management

US DOE OECM (ME-90) US DOE OECM (ME-90) http://oecm.energy.gov/policies_guides/policies_index.htmlhttp://oecm.energy.gov/policies_guides/policies_index.html

Risk Management Guide for DoD Risk Management Guide for DoD Acquisition – 5Acquisition – 5thth Edition Edition

US DoD USD AT&L, DoD Defense Acquisition US DoD USD AT&L, DoD Defense Acquisition University (DAU) University (DAU) http://www.dau.mil/pubs/gdbks/risk_management.asphttp://www.dau.mil/pubs/gdbks/risk_management.asp

DoD PM Community of Practice (COP) DoD PM Community of Practice (COP) Risk Focus AreaRisk Focus Area

DAU/Navy Acquisition Reform Office (ARO)DAU/Navy Acquisition Reform Office (ARO)http://pmcop.ar.navy.mil/simplify/ev.phphttp://pmcop.ar.navy.mil/simplify/ev.php

Top 11 Ways to Manage Technical RiskTop 11 Ways to Manage Technical Risk

Office of the Assistant Secretary, NavyOffice of the Assistant Secretary, Navyhttp://center.dau.mil/Topical_Sessions_templates/http://center.dau.mil/Topical_Sessions_templates/Risk_Management/Reference_Materials/Risk-Navso-P-3686-Risk_Management/Reference_Materials/Risk-Navso-P-3686-11Ways.pdf11Ways.pdf

Risk Management e-LearningRisk Management e-Learning DAU Continuous Learning Center (CLC)DAU Continuous Learning Center (CLC)http://clc.dau.mil/kc/no_login/portal.asphttp://clc.dau.mil/kc/no_login/portal.asp

PPG#2 - RiskPPG#2 - Risk AACEAACEhttp://www.aacei.org/technical/ppgs/welcome.shtml#PPG2http://www.aacei.org/technical/ppgs/welcome.shtml#PPG2

PMI PMBOK – Chapter 11 – Project Risk PMI PMBOK – Chapter 11 – Project Risk ManagementManagement

PMI PMI http://www.pmi.org/info/default.asphttp://www.pmi.org/info/default.asp

PMI Risk Management SIGPMI Risk Management SIG PMI Risk Management SIG PMI Risk Management SIG http://www.risksig.com/index.htmhttp://www.risksig.com/index.htm

PMI BookstorePMI Bookstore Risk management book listingRisk management book listinghttp://www.pmibookstore.org/search.asphttp://www.pmibookstore.org/search.asp

31

Risk ManagementRisk ManagementRepresentative Project ExperienceRepresentative Project Experience

Acquisition (proposal) Risk Analysis – confidential DoD Acquisition (proposal) Risk Analysis – confidential DoD client ($150M global environmental procurement)client ($150M global environmental procurement)

Proctor & Gamble Risk Analysis – New Bounty Paper Towel Proctor & Gamble Risk Analysis – New Bounty Paper Towel Manufacturing Process – Failure Analysis & Profit/Loss Manufacturing Process – Failure Analysis & Profit/Loss ModelModel

Westinghouse DoD Contract – UHF Agile Filter Production Westinghouse DoD Contract – UHF Agile Filter Production Risk Analysis and Profit/Loss ModelRisk Analysis and Profit/Loss Model

DOE-Fernald RI/FS Technical/Cost/Schedule Risk AnalysisDOE-Fernald RI/FS Technical/Cost/Schedule Risk Analysis DOE-ORO ER and WM Technical/Cost/Schedule Risk DOE-ORO ER and WM Technical/Cost/Schedule Risk

AnalysisAnalysis HAZWRAP standard project plan Risk Analysis templateHAZWRAP standard project plan Risk Analysis template

32

Why Have a Risk Management Why Have a Risk Management Program?Program?

ComplianceCompliance – required by DOE Policy and Orders – required by DOE Policy and Orders Risk Based Resource AllocationRisk Based Resource Allocation – assign critical/competing – assign critical/competing

resources to most critical risk activitiesresources to most critical risk activities Justify Risk Contingency FundsJustify Risk Contingency Funds – quantitative justification and – quantitative justification and

basis for allocation of contingency funds, less likely to be re-basis for allocation of contingency funds, less likely to be re-allocated by DOE or contractor managementallocated by DOE or contractor management

Early Risk IdentificationEarly Risk Identification – enables early identification and – enables early identification and communication of risks so handling can occur prior to communication of risks so handling can occur prior to threatening mission successthreatening mission success

Common Risk PracticeCommon Risk Practice – Enables projects across the enterprise – Enables projects across the enterprise to consistently apply a common set of risk management to consistently apply a common set of risk management practicespractices

Monitor Risk TrendsMonitor Risk Trends – Provides executive dashboard type – Provides executive dashboard type picture of project risk trends, encouraging early corrective picture of project risk trends, encouraging early corrective management action and decision makingmanagement action and decision making

33

OverviewOverview Founded in 2000Founded in 2000 Principals have 20+ years experience each in Principals have 20+ years experience each in

major DOE, DOD and private sector project major DOE, DOD and private sector project managementmanagement

Areas of specialization:Areas of specialization:– Enterprise/Traditional Project ManagementEnterprise/Traditional Project Management– Management ConsultingManagement Consulting– System Implementation & IntegrationSystem Implementation & Integration– TrainingTraining

Primavera Solution Provider (PSP):Primavera Solution Provider (PSP):– Only PSP located in Tennessee, certified in 7 adjoining Only PSP located in Tennessee, certified in 7 adjoining

statesstates– 1 of only 3 firms in southeast recently certified by 1 of only 3 firms in southeast recently certified by

Primavera to train/consult on their enterprise project Primavera to train/consult on their enterprise project management software, P3e and TeamPlaymanagement software, P3e and TeamPlay

34

Project Management ConsultingProject Management Consulting

Alstom PowerAlstom Power Emergency Response Exercise Planning – Y-12Emergency Response Exercise Planning – Y-12 BCLDP Optimized PEP – Batelle-ColumbusBCLDP Optimized PEP – Batelle-Columbus Paducah DMSA Project Plan – WESKEMPaducah DMSA Project Plan – WESKEM DUF6 Proposal Schedule – Confidential ClientDUF6 Proposal Schedule – Confidential Client Corps of Engineers Project Management Business Process Corps of Engineers Project Management Business Process

(PMBP) Implementation – Confidential Client(PMBP) Implementation – Confidential Client Construction Schedule Re-Baseline – New Orleans Channel Construction Schedule Re-Baseline – New Orleans Channel

Bridge - PCSBridge - PCS ePM ImplementationsePM Implementations

– Principal Financial GroupPrincipal Financial Group

– EntergyEntergy

35

Risk Management TrainingRisk Management Training 2 ½ Day training course, taught at New Horizons (Cedar Bluff) or 2 ½ Day training course, taught at New Horizons (Cedar Bluff) or

at your facility (5 or more students)at your facility (5 or more students) Based on compliance with DOE Order 413.3 and DoDD 5000.1 and Based on compliance with DOE Order 413.3 and DoDD 5000.1 and

DoD Risk Management Guide for DoD AcquisitionDoD Risk Management Guide for DoD Acquisition Learning Objectives:Learning Objectives:

– Understand basic elements of Risk ManagementUnderstand basic elements of Risk Management– Conduct risk assessments of cost, schedule, and performance Conduct risk assessments of cost, schedule, and performance

requirementsrequirements– Apply decision analysis in selection of risk handling options for Apply decision analysis in selection of risk handling options for

prioritized risk eventsprioritized risk events– Determine organizational structure to manage risksDetermine organizational structure to manage risks– Hands on exercises with risk management software to determine %’s Hands on exercises with risk management software to determine %’s

of program completion date and costs and Risk Level Matrix for of program completion date and costs and Risk Level Matrix for probability/consequence screeningprobability/consequence screening

– Software tool choicesSoftware tool choices Microsoft Project and Risk+Microsoft Project and Risk+ P3 and Monte Carlo P3 and Monte Carlo

36

Primavera System TrainingPrimavera System Training Certified to train/instruct on Primavera Enterprise (P3e), Certified to train/instruct on Primavera Enterprise (P3e),

TeamPlay, P3, and SureTrak project management softwareTeamPlay, P3, and SureTrak project management software Courses offered include:Courses offered include:

– Primavera Enterprise (P3e)Primavera Enterprise (P3e) P100 - Methodology Manager – 1 DayP100 - Methodology Manager – 1 Day P102 - Basic Course – 3 DaysP102 - Basic Course – 3 Days P106 – Advanced Course – User DefinedP106 – Advanced Course – User Defined

– Primavera TeamPlayPrimavera TeamPlay T100 – Methodology Manager – 1 DayT100 – Methodology Manager – 1 Day T102 – Basic Course – 3 DaysT102 – Basic Course – 3 Days T106 – Advanced Course – User DefinedT106 – Advanced Course – User Defined

– Primavera Project Planner (P3)Primavera Project Planner (P3) 601 – Planning and Scheduling with P3 – 3 Days601 – Planning and Scheduling with P3 – 3 Days 602 – Resource & Cost Analysis with P3 – 1 Day602 – Resource & Cost Analysis with P3 – 1 Day 603 – Managing Project Data with P3 – 1 Day603 – Managing Project Data with P3 – 1 Day

– Primavera SureTrakPrimavera SureTrak 401 – Introduction to SureTrak Project Manager – 2 Days401 – Introduction to SureTrak Project Manager – 2 Days

– Primavera ExpeditionPrimavera Expedition

37

ENPRO ContactsENPRO Contacts

David RhodesDavid Rhodes– (865) 966-9178 - Office(865) 966-9178 - Office– (865) 385-8401 – Mobile(865) 385-8401 – Mobile– drhodes@enproconsulting.comdrhodes@enproconsulting.com

Mike StauffenbergMike Stauffenberg– (865) 966-9178 - Office(865) 966-9178 - Office– (865) 719-7051 – Mobile(865) 719-7051 – Mobile– mstauff@enproconsulting.commstauff@enproconsulting.com