Where do risks (threats and opportunities) arise from?, presented by Lynn Stalker, 10th Oct 2016,...
-
Upload
association-for-project-management -
Category
Business
-
view
134 -
download
0
Transcript of Where do risks (threats and opportunities) arise from?, presented by Lynn Stalker, 10th Oct 2016,...
Where do risks (threats and opportunities) arise from
Presenter: Lynn Stalker CMIRM
Date: 10th October 2016
Does this sound familiar?• It’s late …• It wasn't supposed to do that ..• It doesn’t work …• It’s going to cost me how much more …• Have you listened to a word I’ve said ..• Oh, I see you’ve done it in that way, well ...
Late Delivery of Project / Over Budget?
This presentation is aiming to consider sources of risk (though this is not exhaustive) and where to use them.
2
Introduction• In all types of undertaking, there is a potential for events
that constitute opportunities for benefit (upside), threats to success (downside) or an increased degree of uncertainty
• For all types of organisations, there is a need to understand the risks being taken when seeking to achieve objectives and attain the desired level of reward– All projects have risks, whether that be a threat or an
opportunity, and these can come from a multitude of different external and internal sources.
3
Introduction Cont….• The purpose of using a variety of sources is to ensure that
the extent of unknown unknowns is as small as possible
• The first stage in identifying risks is to understand where the sources of risk can arise from. – Asking the following questions:
• Who are the parties involved?• What do the parties involved want to achieve?• How is it to be done?• What resources are required?• When does it have to be done?• Etc….
4
5
Risk Management Process Framework
What are the risks?How significant are they?What can we do? What will we do?
Define risk treatment strategy
Assessment/Quantification
Identification
Monitor and review
Define boundaries and objectives for evaluation
INITIATE PROJECTProject Definition Risk Management Focus
How are we doing?What happened?
Step 1 in the 5 step process, identification is the first and most significant phase of
the risk management process.
Why?
IDENTIFYWhat are the risks
Sources of risk
ASSESSLikelihood / impact
Ranking / Prioritisation
PLAN RESPONSESIdentify an devaluate
optionsPlan mitigation strategiesIMPLEMENT RESPONSESAssigned responsibilities
Monitor and review
MANAGE PROCESS
Hierarchy of Risk Registers• Operations
Routine activities of any organisation, processes, maintenance, asset care. Efficiency of operations, including disruption associated with people, processes and products
• TacticsTypically associated with projects (mitigators to programme / strategic risks), mergers, acquisitions and product developments. Effectiveness of processes, as well as significant risks to improvement including management of projects
• StrategiesSets out the long-term aims, missions and objectives of the organisationExample – Implementation of a new IT system
6
External Drivers / Sources• Financial Risks
– Accounting standards– Interest rates– Foreign exchange– Funds and credit
• Marketplace Risks– Economic environment– Technological developments– Competition– Customer demand– Regulatory requirements
• Infrastructure Risks– Communications– Transport links– Supply chain– Terrorism– Natural disasters– Pandemic– Cyber attacks
• Reputational Risks– Product recall– Public perception– Regulator enforcement– Competitor behaviour
7
Internal Drivers / Sources• Financial Risks
– Internal control– Fraud– Historical liabilities– Investments– Capital expenditure decisions
(capex)– Liquidity and cash flow
• Marketplace Risks• Research & development activities• Intellectual property• Contracts / commercial
• Infrastructure Risks– Recruitment– People skills– Health and safety– Premises– It systems– Sabotage
• Reputational Risks– Brand extensions– Board composition– Control environment– Brand quality– Contamination / activity release
8
9
Project Scope and Programme / Project Objectives
• Scope of work needs to be understood before risk identification occurs – Every project has goals that need to be clearly defined and
understood as to what is to be accomplished, to prevent a lack of understanding, misinterpretation and getting off track
– The project needs to be fit for purpose and not a business wish list (too many nice to have features)
Programme / Project Assumptions• Circumstances or events that need to occur for the programme /
project to be successful, but are outside the total control of the programme / project team– If you have any reason to believe the assumption may be broken or
unstable, then you should include as a risk.– If you have no reason to believe it will impact the scope, then no risk is
required– It is necessary to understand and test assumptions for the project by
asking these questions:1. Stability – Is the assumption accurate?2. Sensitivity – What impact does the assumption have?
Assumption Example: “No contamination or unforeseen ground conditions found during site investigation”
Risk Example: Whilst undertaking excavations historically important remains are unearthedOr: Whilst undertaking excavations ground contamination is detected
10
1111
Stakeholders
Etc….Regulators
Represent a major risk factor because they often display unexpected resistance
Risk Example: Uncertainty in the ongoing support from external stakeholders to proposed technical, engineering, business andpermissioning approaches impacts on master production schedule timescales
12
Regulators
Etc….
Compliance with all applicable rules and regulations, especially in highly regulated sectors, for example Nuclear, Banking
Risk Example:The organisation breaches its authorised discharge limitsThe Branch breaches its financial sanctioning authorisations
Emergent Risks
• Emergent risks are those that have not yet occurred but are at an early stage of becoming known and/or coming into being and expected to grow greatly in significance.
• They do not have the ‘track record’ of other better known, non-emergent, risks and usually arise in the longer term.– Low probability with catastrophic consequences– Emergent risks cannot often be easily identified or anticipated– These risks are more likely to have the major effect
13
Resources• Sharing of learning from experience or other
projects• Subject Matter Experts
– Where the opportunity arises, individuals not immediately involved in the project can be brought in to risk workshops
• project managers, • engineers or • operations resources. • Supply chain
– These individuals will be independent from the project, but will be experienced and qualified.
14
Processes
• Flowsheets• Drawings / diagrams• Fault trees• Process flow diagrams• Plant or process walk downs• Safety Workarounds
15
Risk Identification Techniques
• Questionnaires& checklists• Workshops & brainstorming• Inspections & audits• Flowcharts & dependency analysis• HAZOP and FMEA approaches• SWOT & PESTLE analysis• VMOST
16
Ground Rules for Using Sources
17
Key Points / Summary• Risk Management is a continuous process and as such should be
owned and managed by the programme / project on a routine basis• It is not a one size fits all process• It is not possible to know if all possible sources of risk are ever
identified, there will always be some unknown unknowns• Identifying risks will provide benefits to any organisation / programme
/ project by way of improvements in:– Successful delivery of change and increased operational efficiency– Reduced cost of capital– Assurance to stakeholders regarding management of risk and improved
decision making– Competitive advantage– Enhanced political and community support
18
Group Think
What information would I utilise at a risk identification meeting / workshop?
19
20
Any Questions ?
This presentation was delivered at an APM event
To find out more about upcoming events please visit
our website www.apm.org.uk/events