PROJECT RISK MANAGEMENT(PM 595) CASE STUDY-WEEK5

FACULTY-PROFESSOR KARL HOGQUIST
DATE- 8APRIL2011

SUBMITTED BY HARKIRAN SINGH D03574960

"An important manifestation of effective risk management is getting a handle on the scope, volatilities, and severities of the risks one's company faces, then tailoring an appropriate set of risk responses. Risk managers have many types of risk treatments at their disposal. Every company's risk management "solution" will be unique because the exposures and risk appetites all differ. The key is to have a reasonable under-standing of how each treatment option works, alone and in combination with others, so that decisions are informed and results are less influenced by luck than by reason.
The risks that threaten a business are constantly changing and increase in complexity. That is why it is so important to have a viable risk management plan not only for our project but for the business as well. It is important that in developing our plan that we: (1) identify the threats or events that may affect the continuity of the project, (2) prioritize and set risk thresholds, (3) evaluate the tactics and the costs associated with the various proposed treatment plans for preventing or reducing the risks, (4) establish processes that will make us ready for regulatory audits, and (5) make informed decisions on how best to mitigate the risks of the project (Risk Readiness Assessment, 2005).
Risk identification, monitoring and resolution are key tools for successfully completing a project. Part of controlling a project during the management phase is to have an established risk management process. This process is a primary part of project planning and is kept current until project closeout. To be thorough and comprehensive our risk management plan must include the following items:

1. Risk methodology:

Risk methodology is the body of practices, procedures and rules that will be used to asses the risks of this project. The risk management process is used to ensure that the level, type and visibility of risk are identified to assure the success of the project. For our plan, we have used several techniques such as brainstorming, checklists, and reviewing past projects to identify the list of risks that need assessment. We then chose to use a qualitative method of ranking our risks to identify those risks that must be prevented, reduced, shared or accepted. Lastly, we developed specific risk action plans for those risks that were critical to the success of the project and required reduction of their impact.

2. Risk identification /categorization / response planning:
Risk identification determines what events might happen that could affect the objectives of the project and how probable they are likely to occur. The risk identification process must be comprehensive, as risks that have not been identified cannot be assessed, and their emergence at a later time may threaten the success of the project and cause unpleasant surprises (Cooper, Grey, Raymond, and Walker, 2004). We used the following criteria for deciding how to actually rank the risks:

Low Risk Characteristics:

The scope of the project is well defined and understood.
The business requirements are understood and straightforward.
The project sponsor is identified, committed and enthusiastic.
The readiness level within the project recipient and stakeholder departments for changes this project will create a high readiness (passionate and enthusiastic).

Moderate Risk Characteristics:

The project's major milestones and operational dates are firm, pre-established and missed dates may affect the business.
The project's dependencies on linkage projects are somewhat dependent, without linkage project deliverables, schedule delays possible.

High Risk Characteristics:

The total estimated effort hours are unknown. oUse a project management tool to control resource utilization. oHave a team member utilize weekly status report on progress against their assigned work plan activities. oUtilize team leaders to manage sub-teams. oOrganize team-building activities.

Project's duration is estimated at 12 months or greater. oBreak the project into smaller, shorter sub-projects. oIdentify clear milestones to check that the project is on schedule. oBe diligent using formal change management procedures. oRotate team members into different roles to keep up the interest level. oStrive to get ahead of schedule as early as possible. oInstill a sense of urgency from the start of the project. oOrganize team-building activities to build cohesion and reduce friction. oEnsure all major deliverables are formally approved so that the change management can be invoked afterward.

The project budget is not based on a proven successful cost estimation process. oRe-estimate the project using proven tools and experienced personnel. oRevise scope to fit within the funding available. oDo not start the project until a better budget can be established.

There will be a substantial change in the business processes, procedures and policies. oDocument all current policies and processes and ensure that they are correct. oCommunicate precisely how the new processes differ from the old ones. oCommunicate potential changes as far in advance as possible. oHave one person responsible for all process and policy changes. oCreate an aggressive communicate plan to keep customers engaged and informed.

The number of departments involved in the project is more than five. oEstablished a formal approval process. oCreate a steering committee to represent the entire stakeholder community. oKeep the sponsor engaged and ready to intervene n the various departments. oInclude representative from each department in requirements, quality assurance and testing. oInclude opportunities for people in the various departments to meet and interact. oWork with team on strict adherence to overall project objectives and priorities. oUse consensus-building techniques when possible.

The subject matter is not well-known by the project team. oTake as much training as practical and as early as possible. oSpend extra time understanding and documenting the requirements. oSet up approval process for requirements that require multiple subject-matter experts. oBuild extra time into the estimates for application analysis and design activities.

Performance objectives are unclear. oPerformance objectives need to be in writing and agreed upon by the project team. oInsist that any change in expectations regarding performance objectives be issued as a formal Change Request.

The impact on the business procedure, process or organizational changes. oDocument the concerns that come out of a new organization and look for ways to mitigate the concerns. oCommunicate early and often about the potential for change and the business reasons for it. oInvolve representatives from all stakeholder areas in the organizational design and options. oGet human resources involved to deal with potential people issues

3. Risk Prioritization:

Risk prioritization is the overall assessment process of risk analysis and risk evaluation. Its purpose is to develop agreed priorities for the identified risks. This stage of the risk management process generates a prioritized list of risks and a detailed understanding of their impacts (Cooper, Grey, Raymond, 2005). There are many software programs that allow the user/project team to constantly update and reassess program risks based on the progress of risk mitigation plans. One of the more standard matrices that we have chosen to use to evaluate our plan is the 5 x 5 matrix. The rating is a function of two criteria; namely, impact or consequences and probability or likelihood of occurrence (Cooper, Gray, Raymond and Walker, 2004). A sample matrix might look something like the one below. This default setup uses a 5 by 5 risk matrix (likelihood and consequence). As an example if a risk was assessed with moderate consequence and probability that it was likely to occur, then it would fall into the "orange" category which would make it a medium to high risk. We used the following color coding to prioritize our risks:
Red = High risk
Orange = Medium high
Blue = Medium
Light Green = Medium Low
Dark Green = Low

4. Risk response tracking:

Risk response tracking must be implemented throughout the life of the project and includes these actions:
• Document all dates and the actions taken to mitigate the risk
• Document actions taken when the risk event occurred (contingency plan)
• Document any subsequent actions taken
• Incorporate this information into the Risk Response Plan

5. Risk Monitoring:

Monitoring the risk action plan is equally as important as monitoring the schedule so that you are ready for all contingencies. These steps must be taken:
• Ensure that all requirements of the Risk Management Plan are being implemented
• Assess currently defined risks as defined in the Risk Reponse Plan
• Evaluate effectiveness of actions taken
• Identify status of actions to be taken
• Validate previous risk assessment
• Validate previous assumptions
• State new assumptions
• Identify new risks
• Track risk response
• Establish communications

Continuous response tracking, monitoring, review and control of risks ensures both old and new risks are detected and managed and that the action plans are implemented and progressed effectively.
6. Risk Control:

The ability to control or mitigate the impact of the risks is the lifeblood of the project so to speak. Be prepared is the watchword of the day. The creation of risk action plans is vital to the control process, and for the purpose of this initial plan, we have included risk action plans for the risks that we assessed as high at the end of this document. To control risks the actions listed below must be present:
• Validate mitigation strategies and alternatives
• Take corrective action when actual events occur
• Assess impact on the project of actions taken (cost, time, resources)
• Identify new risks resulting from risk mitigation actions
• Ensure the Project Plan including the Risk management plan is maintained
• Ensure change control addresses risks associated with the proposed change
• Revise Risk Response Plan as needed
• Establish communications

7. Changes to the Risk Management Plan:

An aggressive and extensive change management plan needs to be in place for any project. Any change in the project directly and indirectly affects other portions of the project (charter, scope or schedule). If the engineering department decides to change something in the design of the product, this change needs to be communicated and approved by the sponsor and project manager. An effective change plan and process allows us to identify and respond to new risks that surface. We have created these steps for any changes to the Risk Management Plan:
1. Submit a change request form to Project Manager
2. Risk team will identify if change is a valid risk – identify risk by using the Risk Assessment Questionnaire and Risk Assessment Checklist
3. Risk team will then categorize risk – group the risk (s) into categories
4. Risk team will determine the impact of the change – assessment to determine the likelihood of occurrence
5. If risk is determined to be high, it will be a priority and a risk action plan will be prepared
6. The risk team will submit the results of the assessment to the project manger and sponsor for approval

8. Risk List including Probabilities, Impacts, Rankings, Rationale, and Treatments.

No risk management plan is complete without a listing of all risks identified for the specific project. For your convenience, we have attached a hyperlink here so that you may open our list of risks. This definition of treatments was found on the internet in the Risk Management Guide, 2006. The response/treatment can be described as:
1. Prevention:
Terminate the risk - by doing things differently and thus removing the risk, where it is feasible to do so. Countermeasures are put in place that either stop the threat or problem from occurring or prevent it having any impact on the project or business.
2. Reduction:
Treat the risk - take action to control it in some way where the actions either reduce the likelihood of the risk developing or limit the impact on the project to acceptable levels.
3. Transference:
This is a specialist form of risk reduction where the management of the risk is passed to a third party via, for instance, an insurance policy or penalty clause, such that the impact of the risk is no longer an issue for the health of the project. Not all risks can be transferred in this way.
4. Acceptance:
Tolerate the risk - perhaps because nothing can be done at a reasonable cost to mitigate it or the likelihood and impact of the risk occurring are at an acceptable level.

5. Contingency:
These are actions planned and organized to come into force as and when the risk occurs.
6. Risk Action Plans
These are the risk action plans for each risk that had a high ranking.
Element:
Internal Communications Risk:
Company has very poor communication processes in place.
Risk Register Number: 1
Likelihood: Likely
Impact: Major
Agreed Risk Level:High
Risk description (causes, consequences, implications):
The company does not include communications as a core competency. Failure to communicate effectively during the life of this project by the project team, the department staff and the management personnel can cause major disruptions on the project. Lack of proper communication can cause delays in the implementation of the project.
Current controls and plans:
To reduce this risk a very detailed communications plan will need to be developed. This plan will need to include how often the project schedule is updated, all changes to the risk management plan as they occur, detailed minutes of all project team meetings, a web site where the project team and all employees of the company can see daily progress reports, schedule slippages, and pertinent information
Risk Action Plan
Element: Human Resources
Risk: There are not enough people in the project to get a balance work habit going. This will cause the employees to get less motivated and will therefore not work as hard as a motivated employee would.
Risk Register Number:2
Likelihood:Almost Certain
Impact: Moderate
Agreed Risk Level:High
Risk description (causes, consequences, implications):
There will be no additional staff. As a result the team member may get burned-out or overwhelmed with the additional responsibilities of the new project. This will cause a lack of motivation and could potentially put the project behind schedule.
Current controls and plans:
The organization will need to develop programs or ideas on how to motivate the employees such as bonuses and team building activities to lessen the work load. Organization of team-building activities to build cohesion will help build self-esteem and it will help the team members to step in and help each other when one falls behind.
Additional recommended actions:
Have a competition between groups, this will create motivation because employees will be striving to do their best in order to win and they will learn to be team mates. Bonuses can be given out if the team performs well or beyond expectation. This could be based on no defects for the month, no absenteeism for the month, and team work has to be involved.
Responsibility:
The human resource manager needs to work with the project manager as well as team leaders on developing ways of motivating their employees. If this organization is union based, we also need to get the union leaders involved so that we are not violating any contract issues.
Risk Action Plan
Element- Resistance to change
Risk: New technologies, globalization, foreign trade, investments and constantly shifting marketplaces demand the need for flexibility, adaptation, and change. The downside to this is in an organizations employees. People by nature resist change. In a workplace environment, where familiarity is present with an employees set of tasks and processes, change becomes more difficult to introduce and accept.
Risk Registered number:3
Likelihood:Most likely
Impact:Major
Agreed Risk Level:High
Risk description (causes, consequences, implications):
There are basically three groups associated with a resistance to change. They are on an organizational level, group level, and individual level. The first group is on an organizational level. Many forces inside an organization make it difficult for the organization to change in response to changing conditions in its environment. One such force is that of power and conflict. The basis for this resistance is if a change within an organization benefits one group, but hurts another, the benefiting group will push hard for the change while the group that is hurt by this change will resist it and fight against it. The conflict between the two groups will slow down the change and may even prevent it from happening.But these kind of conflicts between the groups divert their attention from the main goal they suppose to achieve working in a team and this cause delays in getting the job done.
Differences in functional orientation are another area that may cause resistance to change. Different functions and divisions of an organization tend to see the source of a problem with “tunnel” vision. In other words, because of their own viewpoints, these divisions see problems as they see them rather than looking at the problem unbiased. The result is organizational inertia, because the organization must spend vast amount of time to secure an agreement about the source of the problem before it can even consider how to respond to it
Organizational culture is another resistance to change. Because an organizations norms and values causes people to react and operate in predictable ways, any disruption to these patterns of norms may cause people to be resistant to the changes Control and Actions
Participation and empowerment. Inviting your employees to participate in the change process gives them greater autonomy to change their work procedures and be involved in the decision making process. It may be worth organization while if they aren’t already doing so, to encourage your employees to share their skills and talents in order to facilitate the changes that are necessary. The old way of implementing change was the “this is the way its gonna be and you’ll like it” method. This method only angers people, and brings on resistance. Absenteeism and a high turnover rate is all that stems from this mindset of implementing change.

References:
George, J & Jones, G, Understanding and Managing Organizational Behavior, 2005, Prentice Hall Upper Saddle River, NJ

Schiffman, Stephan, The 25 Habits of Highly Successful Salespeople, 1994, Published by Adams Media Corporation