Introduction to Risk for Project Controls

Transcription

1 Introduction to Risk for Project Controls By Eukeni Urrechaga, PE

2 Quick view at Project Controls Project Controls, like project management, is much an art as it is a science. The secret of good project controls inside an Engineering, Procurement and Construction (EPC) environment is not just the tools used in the project, but the way the tools are set, used, maintained and how seriously the project team looks at it. The simplest definition for Project Controls (PC) is: A unit within an organization or project, tracking continuously the project s actual and planned conditions. This unit not only has the mission to inform management of current and potential variances between these conditions, but also to provide cause of the problem and potential solutions to reduce or eliminate the gap between them. (Refer to Diagram 1.1) Diagram 1.1 For a moment, let us look at PC as a sophisticated trip computer. During the planning phase, the trip computer will be connected to multiple information sources to provide you with choices of potential routes, time/date of arrival, fuel consumption, distance, Copyright 2012 Eukeni Urrechaga, PE Page 2 of 14

3 traffic, etc. In addition, this trip computer will inform you how your choices will impact your trip and while on route, it will continuously update status, location and accrued fuel cost. Depending on your previous choices and actual conditions (speed, route, traffic, weather, etc.), the computer will inform you the remaining duration, final distance of travel and cost when the trip is complete. By knowing the status every step of the way and how choices impact the remainder of the trip, the driver will be prepared to make informed decisions that are aligned with his priorities (time and/or cost). Diagram 1.2 Since each phase is equally important in an EPC environment and individual impacts can compromise the entire project, it is vital that schedules, cost, and risk are interconnected throughout all EPC phases. This strong and sensitive bond also requires real time connection to all phases simultaneously in order to perform timely analysis at the phase and overall project levels. Before diving into risk, it is essential to have a PC Foundation in place (Refer to Diagram 2.1), i.e. the Work Breakdown Structure (WBS), Cost Breakdown Structure (CBS), and Organizational Breakdowns Structure (CBS). These concepts are discussed in the Introduction to Project Controls Planning Course. Copyright 2012 Eukeni Urrechaga, PE Page 3 of 14

4 E CBS E WBS OBS CBS P WBS C P C OBS 2-D 3-D Diagram 2.1 Risk Risk in the EPC environment is defined, as en event that has the probability of happening, and could have either a positive or negative effect should the risk becomes a reality. It is also a state of uncertainty where some possible outcomes have an effect. Uncertainty is given due to limited knowledge and it is impossible to specifically state the outcome. For example a cause of risk may be requiring an environmental permit to perform the work or having limited personnel to perform the design component. The risk event is that the permitting agency may take longer that planned to issue the permit or the design personnel available for the project and assigned is not adequate. If these uncertain events occur, there might be an impact on the project that affects progress and performance. All project assume some level of risk and it is through risk management, where tools and techniques are applied to monitor and track those events that might potentially impact the outcome of the EPC project. Copyright 2012 Eukeni Urrechaga, PE Page 4 of 14

5 In the majority of the projects, the Risk Manager is the one ultimately responsible for the development and maintenance of the Risk Management Plan (RMP) while the PC plays an active supportive role. It is also not strange to have PC overseeing the development, integration, implementation, and periodic reviews of the RMP throughout the project s life cycle. Either way, PC should not be a stranger or have a passive position due to its intimate relation with cost, schedule, scope and risk itself. Planning Identification Analysis Monitoring Control Diagram 3.1 Risk management is an ongoing process that involves planning, identification, analysis, monitoring, and control. Many of these processes are updated regularly during the project s life cycle since new risk and risk variations can be identified at any given time. It is the objective of risk management to minimize or decrease the probability and impacts of events adverse to the project. On the other hand, any event that could have a positive impact should be pursued. It is crucial to plan, identify and manage risk from the beginning of the project since the capacity to reduce impact decreases with time. In a nutshell, if a team is not able to measure the pulse of a project, it may be too late to take corrective action or make objective decisions. Simple actions can create huge impacts (positive and negative) to a Copyright 2012 Eukeni Urrechaga, PE Page 5 of 14

6 project at an early stage; while more elaborated and aggressive actions can make little difference if the team has depleted the project s allowed duration (Refer to Diagram 3.2). Cont rollin g Cap acity Schedule Cont rollin g Cap acity Cost Cont rollin g Cap acity Risk Time Time Time Diagram 3.2 It is expected that the number of risks identified will increase as the project matures. When a risk is identified, it is first assessed to ascertain the probability of occurring, the degree of impact (schedule, cost, scope and quality) and then prioritize. Risk events may only impact a single phase, while others may affect the EPC across the board or in multiple categories, work groups, or disciplines. The probability of occurrence, number of categories impacted, and the degree (high, medium or low) to which these impact the project are the basis for assigning the risk priority. All identifiable risks should be entered into a risk register and documented as a risk statement. As part of documenting a risk, two other important steps need to be addressed. The first is the mitigation strategy that can be taken to lessen the probability of the event occurring. The second is the contingency plan or series of activities that should take place prior or when the event occurs. Mitigation usually has a cost associated to the project, and sometime that cost can exceed or be is relatively close to the cost of assuming the risk and incurring the consequences. It is important to evaluate the probability and impact of a risk against the mitigation strategy cost before deciding to implement a contingency plan. Contingency plans that are implemented prior the risk occurrence are preemptive actions intended to Copyright 2012 Eukeni Urrechaga, PE Page 6 of 14

7 reduce the impact or remove the risk in its entirety. Contingency plans implemented after a risk occurs can usually only lessen the impact. Like most things in business, negative impacts have financial repercussions and the question to be answered during project inception is how much is needed as contingency? And how much is the project ultimately willing to set aside? Under the risk management plan, the contingency plan should be evaluated with the following objectives: Reduce or maintain schedule duration Reduce or maintain existing risk Maintain quality of work Maintain scope of work Regardless of the type of impact (negative or positive), risk itself will always suffer some kind of variation while the schedule or cost may not necessary change. In other words, risk is very sensitive to impact while the schedule and cost have better absorption capabilities, especially if an effective PC platform is in place. Nevertheless, serious impacts (high or medium) may affect risk, schedule, cost, quality, and scope simultaneously. Risk Management Copyright 2012 Eukeni Urrechaga, PE Page 7 of 14

8 Risk Register The risk register documents the identified risks, the assessment of the root cause(s), area(s) or group(s) of the work breakdown structure (WBS) that is affected, the analysis of the likelihood of occurring and impact if it occurs. It also documents the criteria used to make these assessments and the overall rating of each identified risk by objective (cost, schedule, scope and quality). Importantly, it includes the risk triggers, response strategies for high priority risk and the assigned risk owner that will monitor the risk through the project s life cycle or while the risk exists. Risk Management Strategy As mentioned before, a risk manager or PC can lead the risk management plan. Either way, PC needs to ensure that a methodology is defined to add risk statements into the risk register and how these are interconnected with the PC foundation (this concept is expanded in the Introduction to Project Controls course). Below is a diagram representing the recommended methodology to be followed to manage risk: Description Type Probability Impact Identify Qualitative Prioritize Categorize Analyis & Ranking Quantitative Risk Response Contingency Plan Copyright 2012 Eukeni Urrechaga, PE Page 8 of 14

9 Identify Risk As risk is an event that in majority can prevent a project from progressing and performing as planned, it is important to identify risk as soon as possible since controlling capacity diminishes with time. For this reason, risk identification relies on multiple sources like PC, the manager, and anyone associated to the project. Some risks will be inherent to the project itself, while others will be a result of external influences that are completely outside of the control of the project team. Throughout all phases of an EPC project, a specific and recurrent topic of discussion should be risk identification. The intention is to instruct the project team in the need for risk awareness, identification, documentation and communication. Risk awareness requires that every project team member is conscious of what constitutes a risk to the project and what specific events or factors could impact the project in a positive or negative way. Risk identification consists in determining which risks are likely to affect and documenting the characteristics of each. Risk communication involves bringing risk factors or events to the attention of the risk manager. The risk manager and supporting team will review and log as necessary the risk statements under the risk registry (not all identified risks will warrant to be logged in the risk register). To properly communicate risk, all risk factors or events should be directed to the risk manager in a written form, preferably through a developed standard form that includes the following information: Description: Description of the risk factor event. For example a conflicting project or operational initiatives that place demand on project resources, design errors, weather, or construction mobilization. Location in the WBS: It is important to provide the work group location (WBS) associated with the risk. This will provide integration with the PC reporting framework, which will simultaneously associate it with the cost break down structure (CBS). Probability Score: The probability that the event or factor will occur. For example, a 50% chance that a vendor will not have the staff available for to perform the work. For analysis purposes a score should be applied depending on the probability as shown on table 1 Copyright 2012 Eukeni Urrechaga, PE Page 9 of 14

10 Table 1 Score Likelihood Likelihood Description 5 Imminent The event is almost certain to occur in most circumstances. 4 Very Likely The event will probably occur in most circumstances. 3 Likely The event might occur at some time. 2 Unlikely The event is not expected to occur. 1 Very Unlikely The event may occur in exceptional circumstances. Probability >90% 70% - <90% 30% - <70% 10% - <30% <10% Impact score: Impact is the degree (negative or positive) of ramifications (Refer to table 2). Since different impacts can affect a project, and impact score is used for analysis purposes; which is divided en 3 main components: o Schedule: The number of hours, days, weeks or months that a risk factor could impact the project. o Scope: The impact the risk will have on the envisioned accomplishments of the project. o Quality: A risk event that may result in reduction of the quality of the work or products that are developed. o Cost: The impact the risk will have on the project budget and cost at completion. Table 2 Score Impact Definition Degree 5 Extreme Threats: Loss of operation for more that 7 days; loss of life/fatalities; major financial loss that threatens the partnership existence; non delivery of partnership objectives; extensive coverage in local, national or international media; environmental disaster. Opportunities: New product, service or operation receiving national interest; huge financial services; national public interest. >50% Copyright 2012 Eukeni Urrechaga, PE Page 10 of 14

11 4 Major Threats: Loss of operation for more than 48 hours but less than 7 days; Extensive injuries and possible loss of life; severe financial loss that put partnership objectives at risk; significant impact on partnership objectives; damage reputation and extended local media coverage; major damage to local environment. Opportunities: Significant financial savings; long term partnership; improved services; major benefits to local community and the environment; 3 Significant Threats: Disruption to operation for limited time; short tem illness; injury or serious threat of injury, significant financial loss; partial failure to achieve partnership objectives; damage to reputation; moderate damage to local environment Opportunities: Financial savings; medium partnership arrangements in place; positive benefits to local community and the environment; substantial investment. 2 Marginal Threats: Some disruption to operations; minor injuries; some financial loss; little effect on delivering partnership objectives; possible damage to reputation; minor damage to local environment. Opportunities: Possibility of some financial savings; short-term partnership arrangement; some benefits made to local community and the environment; some investment made. 1 Negligible Threats: Little disruption to operations; no injuries; small financial loss; no effect on delivery of partnership objectives; no damage to reputation; no or insignificant environmental damage. Opportunities: No real opportunities. 25-<50% 5 -<25% 1 - <5% <1% Analysis: After risk identification a qualitative analysis can take place. A qualitative analysis attempts to rank the risks into high, moderate, and low classes based on their probability of occurring and impact on an objective. The product of the probability and impact score gives the rank giving a range between 1 and Copyright 2012 Eukeni Urrechaga, PE Page 11 of 14

12 Impact Probability Prioritize: Risk that meets the threshold criteria should be subject to a contingency plan. Every organization has a different threshold but in general practice the cutoff line is a rank of ten (moderate-high). A higher rank has a higher priority. Categorize: Depending on your organization or project setup, categories can be created to group and manager risk by specific criteria or area of expertise. There is no specific rule for categories but in general, use the ones that make sense to the project team (e.g. variations, discipline, area, market, political, etc.). Variation categories are employed to track cost, schedule, and risk of potential change orders. Variations are an imminent risk to the organization that will only diminish when impacts are placed under an executed change order. Contingency Plan: Risk statements that surpass the established threshold will be further analyzed to develop a contingency plan. Each risk statement will become a stand-alone document where a quantitative risk analysis and risk response action is established in detail. Look at it as a small proposal. Copyright 2012 Eukeni Urrechaga, PE Page 12 of 14

13 Quantitative analysis: A quantitative analysis attempts to estimate the cost associated to the risk. The technique used for cost analysis of complex projects is based on the WBS. The WBS breaks a complex project down into components, services, facilities etc., with each succeeding level going to a finer level of detail. WBS cost estimation builds on the WBS by simply attaching a cost to each element and summing to a total. For a quantitative risk analysis in project planning, experts in relevant areas are asked to specify a probability distribution for each part of the WBS and then simulation is used to estimate a probability distribution for the total project cost. Risk Response: The project should establish risk responses for risk events that have been determine to have a ranking of high (ranking above 10). The probability of the risk event and the impact will be the basis for determining the action to mitigate the risk. Evaluation of mitigation strategies differ from organization to organization, however a simple guide to initially evaluate mitigation strategies is to multiply the risk cost times the probability of occurrence. Mitigation strategies that cost more than the risk cost times the probability should be given serious consideration. Common mitigation strategies are as follow: o Avoidance: Change the project to avoid the risk. Change scope, objectives, etc. o Transference: Shift the impact of the risk to a third party (e.g. subcontractor or vendor). This technique does not eliminate the risk it simply shifts the responsibility. o Mitigation: This technique takes steps to reduce the probability and or impact of a risk. Taking early action, close monitoring, and additional testing are some examples. o Acceptance: This technique is acceptance of the risk and ramifications. This is full acceptance of schedule, cost, scope and quality impacts associate to the event. o Deferred: This technique is simply a determination to address the risk at a later time. There has been extensive development of methods for EPC project risk analysis over the past two decades. Starting from the need to coordinate and control large, technically complex projects and experts have developed several related methodologies to Copyright 2012 Eukeni Urrechaga, PE Page 13 of 14

14 estimate cost and schedule for these projects and to attach uncertainty estimates to these numbers. The methods have had varying degrees of use in different areas depending on the specialty of the EPC project. Copyright 2012 Eukeni Urrechaga, PE Page 14 of 14