Facing the Dragon: Data-Driven Risk Management in Small to Midsize Organizations. Sonja Streuber, PMP

Size: px

Start display at page:

Download "Facing the Dragon: Data-Driven Risk Management in Small to Midsize Organizations. Sonja Streuber, PMP"

Vincent Walsh
5 years ago
Views:

1 Facing the Dragon: Data-Driven Risk Management in Small to Midsize Organizations Sonja Streuber, PMP

Sonja Streuber, PMP Risk Management & Risk Analysis, Project Management & Engineering, Six Sigma: 2000 2003 Agilent Technologies 2003 2009 Lockheed Martin 2009 2011 ITT Exelis 2011 present Valparaiso

2 Sonja Streuber, PMP Risk Management & Risk Analysis, Project Management & Engineering, Six Sigma: Agilent Technologies Lockheed Martin ITT Exelis 2011 present Valparaiso University 2012: Founded PMReboot Education, Certifications: Six Sigma Black Belt, Caterpillar Corp., 2012 PMP, Project Management Institute, 2010 M.S. (Systems Engineering), George Washington U M.A./ A.B.D. (English), UC Davis

3 Agenda Definitions Small/ Midsize Business Risks Virtual Ishikawa Method Data Driven Risk Management Summary

4 What is Risk? Risk: An uncertain, known or unknown, event or condition that, if it occurs, has an effect on project scope, quality, cost, schedule, or any other factor. PMBoK Chapter 11 Risk = (trigger + cause +) probability * impact 3/14/2013 4

5 Risk: ISO Definition According to the International Organization for Standardization (ISO), risk management should: Create value resources expended to mitigate risk should be less than the consequence of inaction, or the gain should exceed the pain Be an integral part of organizational processes Be part of decision making Explicitly address uncertainty and assumptions Be systematic and structured Be based on the best available information Be tailorable Take human factors into account Be transparent and inclusive Be dynamic, iterative and responsive to change Be capable of continual improvement and enhancement Be continually or periodically re-assessed IRM, A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO

6 Risk: PMBoK Approach Processes 1. Plan Risk Management 2. Identify Risks 3. Perform Qualitative RA 4. Perform Quantitative RA 5. Plan Risk Responses 6. Monitor & Control Risks You need: Risk Management Plan* Risk Register Taxonomy or RBS* Risk Ranking Matrix Criteria* *OPA PMBok 4 th ed Chapter 11

7 Risk and PM: The Reality Scope Stakeholders Quality Do you have the time? Should you make the time? Do you have the OPAs? Resources Schedule Budget Art courtesy of Jake Beckman at

8 low medium high Risk and Business Size Large Businesses Risk Management awareness communicated in periodic business reports (current financials, business outlook) Risk Management OPAs (PRM and BRM taxonomies, risk register templates, RMOs, tracking & mgmt software, ) Mid-Size Businesses Risk Management awareness communicated informally Tradeoff: $$ constraints vs. Risk Management OPAs and process implementation Risk in $$ Business Impact Probability of Occurrence Small Businesses???

9 Small Business Risk 50% fail in the first 5 years (U.S. Small Business Administration): Lack of experience Insufficient capital (money) Poor location Poor inventory management Over-investment in fixed assets Poor credit arrangements Personal use of business funds Unexpected growth Competition Low sales Michael Ames, Small Business Management Gustav Berle, The Do It Yourself Business Book Areas of risk that Influence project success Need to be managed

10 Small Business Risk: VIRT Tool #1: Virtual Ishikawa Technique (VIRT) Potential Root s Problem Statement Overinvestment in fixed assets Materials Poor credit arrangements Insufficient Capital Low Sales Mother Nature Competition Unexpected growth Measurement Poor Lack of Experience inventory Overinvestment mgmt in fixed assets Manpower Method Machine Personal use of business funds No or insufficient measurements taken Business Failure Risk Breakdown Structure with Quality Management origins Categories above from manufacturing; 5 Ss for service industry (Surroundings, Suppliers, Systems, Skills, Safety) See also: Rubin Jen, PMP, P. Eng., Visual Ishikawa Risk Technique (VIRT) An Approach to Risk Management

11 Small Business Prj Risk: VIRT Tool #1: Virtual Ishikawa Technique (VIRT) Potential Root s Problem Statement Integration Scope Time Cost Quality No or insufficient measurements taken to support response planning HR Communications Risk Procurement Project Failure Categories from PMBoK 4 th ed., p. 43 Step 1: Team Exercise during chartering, kick-off, tagups, etc.: What areas of risk do we see in each category? See also: Rubin Jen, PMP, P. Eng., Visual Ishikawa Risk Technique (VIRT) An Approach to Risk Management

12 Small Business Prj Risk: VIRT Step 2: High Impact (= 10) What areas could cause the ENTIRE project to FAIL? Potential Root s Problem Statement Integration Scope Time Cost Quality No or insufficient measurements taken to support response planning HR Communications Risk Procurement Project Failure Categories from PMBoK 4 th ed., p. 43

13 Small Business Prj Risk: VIRT Step 3: Medium Impact (= 5) What areas will cause SIGNIFICANT obstacles? Potential Root s Problem Statement Integration Scope Time Cost Quality No or insufficient measurements taken to support response planning HR Communications Risk Procurement Project Failure Categories from PMBoK 4 th ed., p. 43 Clearer than risk matrix; comprehensive view!

14 Small Business Prj Risk: VIRT Step 4: What risks are associated with these areas? Potential Root s Problem Statement Integration Scope Time Cost Quality No or insufficient measurements taken to support response planning R1 R2 R5 R4 R6 R3 HR Communications Risk Procurement R7 R8 R10 R9 Project Failure Categories from PMBoK 4 th ed., p. 43 Clearer than risk matrix; comprehensive view!

15 Small Business Prj Risk: DDRR Step 5: How likely will this risk occur? Tool #2: Probability Definition Probability Category Definition 10% Not likely Will effectively mitigate or avoid this risk based on standard practices Have usually mitigated this type of risk with 30% Low Likelihood minimal oversight in similar cases 50% Likely May mitigate this risk, but workarounds will be required 70% Highly Likely Cannot mitigate this risk, but a different approach might Cannot mitigate this type of risk; no known 90% Near Certainty processes or workarounds available For data-driven RM, you can t get around probability!

16 Small Business Prj Risk: DDRR Step 6: How much will this risk cost? Tool #3: Cost Analysis Impact Cost (Pre-Response) Cost impact of risk based on Impact Cost calculation Factored IC: Multiply by probability Step 7: How much response can we afford? Response Cost (Post-Response) Cost to respond to risk or cost savings from the opportunity Factored MC: Multiply by probability Do this for each risk on the Ishikawa chart! Revisit in team meeting to determine if impact still red or orange.

17 Small Business Prj Risk: DDRR Step 8: What data do we need to tell if the risk is still a risk? Tool #4: Integrated Measurement Plan Why? To ensure that we are approaching greater reliability in risk decisions by using tendencies to drive response steps. Saves response $$ because frequent measurements and tendency reviews allow for impact re-classification & strategy adjustments

18 Small Business Prj Risk: DDRR Goal: Integrated Data-Driven Risk Management TREND!

19 Small Business Prj Risk Mgmt Step 9-12: Update, review, update, review TREND!

20 Summary Given the high failure rate of small businesses (< 1000), disciplined, data-driven risk management is vital On a project basis Enterprise wide to identify trends that may impact business success. Tools do not need to cost much many are free (including Monte Carlo Tools)! Keep it visual! Keep analyzing, but avoid analysis paralysis! 3/14/

21 Questions? Sonja Streuber, PMP 3/14/