White Paper. Risk Assessment

Similar documents
Unit 9: Risk Management (PMBOK Guide, Chapter 11)

RISK MANAGEMENT. Budgeting, d) Timing, e) Risk Categories,(RBS) f) 4. EEF. Definitions of risk probability and impact, g) 5. OPA

Full Monte. Looking at your project through rose-colored glasses? Let s get real.

For the PMP Exam using PMBOK Guide 5 th Edition. PMI, PMP, PMBOK Guide are registered trade marks of Project Management Institute, Inc.

Making sense of Schedule Risk Analysis

Association for Project Management 2008

Understanding goal-based investing

Earned Value Formulae

Project Management Professional (PMP) Exam Prep Course 11 - Project Risk Management

Project Risk Management

Use of the Risk Driver Method in Monte Carlo Simulation of a Project Schedule

Managing Project Risk DHY

LCS International, Inc. PMP Review. Chapter 6 Risk Planning. Presented by David J. Lanners, MBA, PMP

Every project is risky, meaning there is a chance things won t turn out exactly as planned.

M_o_R (2011) Foundation EN exam prep questions

Fundamentals of Project Risk Management

The Risky Business of. Risk Management

Construction projects: manage risk to achieve success

Measurable value creation through an advanced approach to ERM

Project Management for the Professional Professional Part 3 - Risk Analysis. Michael Bevis, JD CPPO, CPSM, PMP

Project Theft Management,

CASE STUDY DEPOSIT GUARANTEE FUNDS

International Project Management. prof.dr MILOŠ D. MILOVANČEVIĆ

Integrated Cost-Schedule Risk Analysis Improves Cost Contingency Calculation ICEAA 2017 Workshop Portland OR June 6 9, 2017

ENTERPRISE RISK AND STRATEGIC DECISION MAKING: COMPLEX INTER-RELATIONSHIPS

Stochastic Modelling: The power behind effective financial planning. Better Outcomes For All. Good for the consumer. Good for the Industry.

Project Management Certificate Program

Estimating Fallacies. Estimating Fallacies excessive detail does not help.

EFFECTIVE TECHNIQUES IN RISK MANAGEMENT. Joseph W. Mayo, PMP, RMP, CRISC September 27, 2011

// Measuring Risk Exposure through Risk Range Certainty (RRC) Overcoming the Shortcomings of Schedule Confidence Levels

An introduction to enterprise risk management

Risk Approach to Prioritising Maintenance Risk Factors for Value Management

Making Risk Management Tools More Credible: Calibrating the Risk Cube

Objectives. What is Risk? But a Plan is not Reality. Positive Risks? What do we mean by Uncertainty?

Modelling economic scenarios for IFRS 9 impairment calculations. Keith Church 4most (Europe) Ltd AUGUST 2017

Homeowners Ratemaking Revisited

Issue 3 Are your clients satisfied?

Technical note: Project cost contingency

Solvency Assessment and Management: Stress Testing Task Group Discussion Document 96 (v 3) General Stress Testing Guidance for Insurance Companies

Six steps to help secure your retirement

Embedding Stress Testing as Part of an Integrated Risk Management Framework

BAE Systems SCAF Presentation June BAE SYSTEMS 2013, all rights reserved Unclassified 31/07/2013 1

NEGOTIATION REVIEW. Negotiating Risk By Roger Greenfield. thegappartnership.com

Interagency Advisory on Interest Rate Risk Management

Guidelines on PD estimation, LGD estimation and the treatment of defaulted exposures

Project Risk Management

The Bomb Shelter Portfolio: Maximum Income with the Least Risk

Risk appetite frameworks: good progress but still room for improvement

ACCT323, Cost Analysis & Control H Guy Williams, 2005

Western Power Distribution: consumerled pension strategy

Three Components of a Premium

Managing the Uncertainty: An Approach to Private Equity Modeling

Special Considerations in Auditing Complex Financial Instruments Draft International Auditing Practice Statement 1000

NEW ZEALAND SOCIETY OF ACTUARIES PROFESSIONAL STANDARD NO. 91 ECONOMIC VALUATIONS MANDATORY STATUS EFFECTIVE DATE 1 JULY 2010

Robert and Mary Sample

Management Reserve Defined

Potential Financial Exposure (PFE)

GN47: Stochastic Modelling of Economic Risks in Life Insurance

Monte Carlo Introduction

Microeconomics. Lecture Outline. Claudia Vogel. Winter Term 2009/2010. Part II Producers, Consumers, and Competitive Markets

Extend the ideas of Kan and Zhou paper on Optimal Portfolio Construction under parameter uncertainty

DECISION ON RISK MANAGEMENT BY BANKS

Aon Retirement and Investment. Aon Investment Research and Insights. Dangers Ahead? Navigating hazards using scenario analysis.

Models of Asset Pricing

THE PMP EXAM PREP COURSE

Associate Wealth Manager AWM. Syllabus

Internal Model Industry Forum (IMIF) Workstream G: Dependencies and Diversification. 2 February Jonathan Bilbul Russell Ward

6 th September not protectively marked 1

EARNED VALUE MANAGEMENT AND RISK MANAGEMENT : A PRACTICAL SYNERGY INTRODUCTION

Risk Management User Guide. Prepared By: Neville Turbit Version Feb /01/2009 Risk Management User Guide Page 1 of 36

Binary Options Trading Strategies How to Become a Successful Trader?

Approximating the Confidence Intervals for Sharpe Style Weights

THE JOURNAL OF AACE INTERNATIONAL - THE AUTHORITY FOR TOTAL COST MANAGEMENT TM

1 Commodity Quay East Smithfield London, E1W 1AZ

RISK MANAGEMENT STANDARDS FOR P5M

Few would disagree that life is risky. Indeed, for many people it is precisely the element of

The Evolution of Risk Management and The Risk Management Process

Quantitative Risk Analysis with Microsoft Project

APPENDIX 1. Transport for the North. Risk Management Strategy

The purpose of this paper is to briefly review some key tools used in the. The Basics of Performance Reporting An Investor s Guide

Alternative VaR Models

Luke and Jen Smith. MONTE CARLO ANALYSIS November 24, 2014

Nagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0

YOUR GUIDE TO PRE- SETTLEMENT ADVANCES

Learning Le cy Document

Project Management Professional (PMP) Exam Prep Course 06 - Project Time Management

13.1 Quantitative vs. Qualitative Analysis

KEY GUIDE. The key stages of financial planning

Achieve PMP Exam Success Five-Day Course Syllabus

Risk Management & FMEAs. By Jay P. Patel, ASQ Fellow CEO & President QPS Institute

Public Trust in Insurance

SCAF Workshop Integrated Cost and Schedule Risk Analysis. Tuesday 15th November 2016 The BAWA Centre, Filton, Bristol

ADVANCED QUANTITATIVE SCHEDULE RISK ANALYSIS

A short guide to Capacity for Loss & Pre-Retirement Planning

RISK FACTOR PORTFOLIO MANAGEMENT WITHIN THE ADVICE FRAMEWORK. Putting client needs first

Donald L Kohn: Asset-pricing puzzles, credit risk, and credit derivatives

INSE 6230 Total Quality Project Management

Dangers Ahead? Navigating Hazards Using Scenario Analysis

BAE Systems Risk Opportunity & Uncertainty Modelling ACostE North West Region 4th September 2013

COPYRIGHTED MATERIAL. Index

Transcription:

Risk Assessment The assessment of risk is a very personal process, what is acceptable to one person may be far too risky for another to consider. The appreciation and assessment of risk and a person's decision making are heavily influenced by the way the mind works 1. A person s risk attitude is defined as their chosen state of mind with regard to those uncertainties that could have a positive or negative effect on a project s objectives. A range of possible attitudes can be adopted by a person towards the same situation, and these result in differing behaviours, which lead to different consequences, both intended and unintended 2. Risks at different levels The basic definition of risk is an uncertainty that matters. Risks always involve uncertainty, and matter because they have the potential to affect objectives. This means that each risk must be linked to at least one objective. Risk cannot be defined in a vacuum each time a risk is defined, there has to be something that is "at risk", which is our ability to achieve an objective. Organisations have different types of objectives, ranging from high-level corporate objectives down to detailed technical or operational objectives. Each type of objective can be affected by uncertainty. So where there are multiple levels of objectives, there are also multiple levels of risk. People who are interested in achieving objectives at each level need to know about any uncertainty that could affect their ability to achieve those objectives. Some suggested levels and risk classifiers are: Strategic risks are uncertainties that would affect achievement of strategic objectives Reputation risks are uncertainties that would affect reputational objectives Project risks are uncertainties that would affect achievement of project objectives Technical risks affect the achievement of technical objectives Environmental risks affect environmental objectives Safety risks affect safety objectives From this basis we can define a strategic risk as any uncertainty that if it occurs will affect achievement of strategic objectives. The distinctive characteristic of strategic risks is that they are linked to strategic objectives and this becomes important when considering risk ownership. Each risk should be owned by the person who owns the objective that would be affected. Therefore, strategic risks should have senior management owners, since these are the people who are responsible for achievement of strategic objectives of the organisation. In the same way, project risks are usually owned by people at the project level, and most technical risks are owned by technical staff. Identifying risks at different levels is easy; start with the objectives at that level, then look for the uncertainties that matter using the attributes discussed below. Factors Affecting Risk Assessment The assessment of risk is multidimensional; the PMBOK Guide focuses on Probability and Impact, but there are other important characteristics to consider, a more complete set of risk attributes include: 1 For more on neuroscience see: http://scienceblogs.com/cortex/ 2 For more on risk attitude see: http://www.risk-doctor.com/pdf-files/umranov04.pdf 1 www.mosaicprojects.com.au

Probability - How likely the uncertain risk is to occur 3. Impact - How significant the effect of the risk event would be if it actually happened, measured in time, cost and/or safety. Manageability - How easy is it to do something about the risk? We may decide that a mediumprobability/medium-impact risk that we can do nothing about is more risky than a highprobability/high-impact risk which is simple to deal with. Proximity - If the risk happens, how soon do we expect that to be? A risk that might happen tomorrow should be treated as more important than one which might not occur until next month or next year. Propinquity - How important is the risk to me personally, or to my team or our business? We are more sensitive to risks that affect us directly, and view risks to others as less important. Urgency - How much time do we have in order to implement an effective response to the risk? If we must act now to address the risk, we should give it higher priority than one where we have longer to respond. Detectability - How easy is the risk to detect as it is emerging? Easy to detect risks are easier to respond to than risks that just happen without warning. Relatedness - Is this risk related to other risks? A risk with complex links or dependencies with many other risks should be treated as higher priority than a simple independent risk. For more on these additional dimensions of risk assessment, see the Prioritising Project Risks guide published by the UK Association for Project Management (APM) 4. Because the effect of the risk is in the future, its affects have to be imagined and are therefore subject to a range of cognitive biases 5. Cognitive bias is a pattern of deviation in judgment that occurs in particular situations; we are all subject to an extensive range of observed biases, Wikipedia offers a comprehensive list 6. The assessment of risk has to be made on an aggregate basis (the overall riskiness of a project or program) and an individual basis. The three factors to consider are the organisation or individual s: Risk appetite - the overall level of risk an entity is willing to accept in anticipation of a reward 7. Risk tolerance - the total amount of risk an entity is able to withstand (ie, how much risk can it tolerate without undue stress or failure) Risk threshold - the level at which a single risk is considered to become unacceptable. Below this level the risk can be accepted and managed if it does not cause the overall risk profile to exceed the entities risk appetite or risk tolerance. Above this level the risk has to be removed or modified to make it acceptable. Assessing the impact of Variability and Events Assessing the Impact of a risk typically falls into one of two processes, assessing the affect of variability or assessing the consequences of an event. These assessment processes should not be confused. 3 For more on probability see: http://www.mosaicprojects.com.au/whitepapers/wp1037_probability.pdf 4 Full details at http://www.apm.org.uk/prioritisingprojectrisk.asp 5 For more on bias see: http://www.mosaicprojects.com.au/whitepapers/wp1069_bias.pdf 6 Wikipedia s list of cognitive biases see: http://en.wikipedia.org/wiki/list_of_cognitive_biases 7 An individual s risk appetite is assessed using Expected Utility Theory (or Utility Theory). It is a statistical methodology that incorporates a person s attitude toward risk into a decision making process. 2 www.mosaicprojects.com.au

Event impact. Some risks will either occur or not occur; eg, a test failure. Assessing the likely impact of this type of risk requires data and a calculation based on the probability of the event occurring and its effect on project objectives (usually time and cost). The expected value of the event is assessed by multiplying the impact by the probability. There is a 30% probability a test will fail and the rework will cost $5,000. The expected value of this event is 30% x -$5,000 = -$1,500.00 therefore a provision of $1500 to cover the expected loss is desirable. Whilst it is a good start, this assessment is relatively simplistic The cost of a test failure will fall in a range, it may be a simple fix that only needs a couple of hours to rectify and re-test, it may take several days to track down the root cause of the failure and complete the repairs; and within this range, some types of failure are likely to be more common that others. A Monte Carlo approach to assessment provides a better overview of the profile of any specific risk event. Allowances. Some risk events are virtually inevitable; you just do not know when they will occur. Inclement weather is normal, it rains, gets too hot, too cold or too windy to work depending on your location. Assessing appropriate provisions for this type of risk requires understanding the project s exposure to the risk and having access to historical data. A provision based on the normal/expected occurrence over the time of exposure. Variability. Assessing an appropriate allowance for the variability embedded in the estimating process is best done by using Monte Carlo. All processes are subject to normal variability, including estimating the duration and cost of project activities. The associated uncertainty as to exactly what this variability is, is not a property of the activity (which will take a definite length of time and cost an actual amount of money to complete) rather a property of our current knowledge of the activity. The fact we do not know enough about the activity to be sure of its outcome is exactly what we are trying to model by estimating a distribution for the range of probable outcomes using techniques such as Monte Carlo. The less we know about a task the less valid is any single-point estimate and the more important it is to use a range estimate. Chart produced by Acumen Risk 8 8 See: http://www.projectacumen.com/products/acumen-risk/ 3 www.mosaicprojects.com.au

Monte Carlo simulation involves running the project many hundreds (if not thousands) of times with different values selected for each element based on the range of options defined by the subject matter expert s (SMEs) for that element. This example looks at time. A similar analysis can be done for costs. The overall variability and contingencies are only part of the information available from a sophisticated Monte Carlo simulation. Another important output is the importance of specific risk events or types, usually displayed in a Tornado chart : This chart generated by Acumen Risk combines specific risk events and uncertainty in a single analysis. The risk tornado chart is used to report key risk drivers. This can be done simply by using metrics such as criticality, which reports how many times an activity falls on the critical path. The idea is that the more times the activity falls on the critical path, the more often it is going to be a risk driver. More sophisticated metrics consider the size or degree of impact on the finish date of the project. An activity can have a high criticality but only have a couple of days impact on the project; this is not as concerning as an activity that only falls on the critical path 30% of the time, but when it does has a six-month impact on the project finish date. This problem led to the development of the Schedule Sensitivity Index. Schedule sensitivity is a combined measure of how often and how big an impact an activity has on a given date. It is represented as a percentage and is calculated as: SSI = (Criticality Index x Task Standard Deviation) / Project Standard Deviation 4 www.mosaicprojects.com.au

This shows the correlation between the amount of uncertainty of an activity and that of the project completion but this is a difficult to understand concept and consequently SSI has proven to be of limited use. A better approach is to use a metric called Schedule Contribution Factor. This meaningful risk metric reports the biggest risk drivers in a schedule and their contribution to risk in terms of duration. Further, it separates contribution from uncertainty and contribution from risk events in order to clarify whether it is the activity scope/certainty or indeed a risk event impacting the activity that causes it to become a key risk driver. The Tornado chart above shows an example where the overall P50 risk exposure is 88 days and the top five drivers are listed in rank order. Site clearance is, on average, having a 28 day contribution to this 88 day risk exposure. Interestingly, only one of the 28 days is actually due to schedule uncertainty with the remainder coming from a risk event associated with hiring sufficient labour. In other words, while site clearance is the largest risk contributor, sharpening our pencil on the accuracy of the duration estimate will not fix the problem; in reality, the issue lies in not being able to hire sufficient labour (Risk #42 in the risk register). In a similar manner, the second two biggest risk-driving activities are both largely impacted by the same risk, fabrication yard constraints (risk #9). Conclusion It is important to ensure specific risk events are not included twice. The allowance for variability calculated using Monte Carlo and the allowances for specific events are combined to assess the overall contingency allowance that needs to be held in management reserves for the project. Determining the acceptable level of risk for a project based on the multiple dimensions discussed above and the level of contingency needed to make the project acceptable depends on the risk attitude of the decision makers. These processes should form part of an overall risk management 9 system. However, it is also important to recognise there are likely to be unpredictable events occur that cannot be assessed because we don t know what we don t know 10. Risk White Papers Mosaic s risk White papers are: Risk Management: http://www.mosaicprojects.com.au/whitepapers/wp1047_risk_management.pdf Types of Risk: http://www.mosaicprojects.com.au/whitepapers/wp1057_types_of_risk.pdf Risk Assessment: http://www.mosaicprojects.com.au/whitepapers/wp1015_risk_assessment.pdf Probability: http://www.mosaicprojects.com.au/whitepapers/wp1037_probability.pdf Our blog posts on risk are at: http://mosaicprojects.wordpress.com/category/project-controls/risk/ First published 17 th January 2010, augmented and updated. This White Paper is part of Mosaic s Project Knowledge Index to view and download a wide range of published papers and articles see: http://www.mosaicprojects.com.au/pm-knowledge_index.html 9 For more on risk management see: http://www.mosaicprojects.com.au/whitepapers/wp1047_risk_management.pdf 10 For more on unknown unknowns see: http://www.mosaicprojects.com.au/whitepapers/wp1057_types_of_risk.pdf 5 www.mosaicprojects.com.au

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback