Chapter II Risk management and decision making A

Chapter II: Risk management and decision making A risk is the product of the probability of an event happening, and its consequences. The impact can be either positive or negative. However , we are essentially concerned with the possibility and treatment of negative events, so risk is defined as: a) An uncertain future event that will prohibit the project from achieving its goals and objectives within cost, schedule and performance constraints or more simply, b) The effect of uncertainty on achievement of objectives Thus, project risk management is “…the process involved with identifying, analyzing, and responding to risk. Risk is part of every project we undertake and the objective is always that to maximize the results of positive risk whilst minimizing the impact and consequences of negative events” 1

Components of risk • Three components of risk as set out in [5] are: 1. A future root cause (yet to happen), which, if eliminated or corrected, would prevent a potential consequence from occurring, 2. A probability (or likelihood) assessed at the present time of that future root cause occurring, and 3. The consequence (or effect) of that future occurrence. • A future root cause is the most basic reason for the presence of a risk. Accordingly, risks should be tied to future root causes and their effects. Each one of these components is present in every risk. Defining these components is the main objective for performing risk management. 2

2. 1. Project life cycle and Risk management • The term project life cycle is used as a management tool to improve a project's performance. The scope of life cycles differs among industries and diverse terminology with a various number of phases is used depending on the sectors. However, several terms are often used within one particular sector even though a number of phases can vary. Therefore, it is difficult to systemize and provide one common scope and definition of a project life cycle. 3

Cont … • Risk Management takes place continuously throughout the project, and can be characterized as follows. 4

Project lifecycle and risk identification Stage Activity Initial stage (conception) The period of conception is the period ranging from the emergence of an idea for a project to an initial formal statement outlining the needs of project users or sponsors. At this stage the wider strategic and financial risks should be considered, applied to the feasibility stage and form part of the formal statement regarding business needs. Startup and initiation This is the stage where a Business Case justifying why the project should take place is developed. It is a key stage for the establishment of the project risk management regime. In addition to an initial consideration of project risks, the status of existing projects and capacity within the University should be assessed as well as the resources needed for risk management. 5

Cont … Stages Activities Running the project This is the phase during which the project is undertaken. Attention should be paid to explicitly defining project benefits against which project performance can be measured. In addition, a projects benefits realization plan should be designed and introduced, as a mechanism for monitoring both the performance of individual or collective risk issues over time, and the effectiveness and appropriateness of selected risk mitigation mechanisms. Closure When a project is formally closed, the outputs from the project must be formally evaluated even though the benefits may not be established yet. This includes whether cost and timescales have been met, and also whether the products meet the acceptance criteria. The role of RM at this stage should include considerations about transfer into operational use, whether indeed the product is still required, and what to do about issues that were set aside as beyond project scope. 6

Risk categories • Risks can be grouped into Strategic and Operational Risks: the following list is not exhaustive but should give a good overview of the range of categories that can be considered within a risk analysis. 7

Cont …. • Strategic Risk Categories: 1. Strategic Fit 2. Relationships 3. External Political o Trade regulations and tariffs o Social welfare policies 4. Organizational Impact / Reputation 5. Economic Case o Interest rates o Money supply o Inflation o Energy cost 8

Cont … • Operational Risk Categories: 1. Technical and Operations o Technological change o Innovation (opportunity) o Research, Enterprise and 3 rd Stream activities o Estates and infrastructure 2. Internal Political o Stakeholder interest 3. Financial viability 4. Organizational management and human resources 5. Legal o Legislation o Environment protection o Employment law 9

Cont … 5. Procurement 6. Environmental 10

Critical Success Factors for a project • These are the key areas that, carry a high degree of importance in helping to assure the success of the project. They are a. staff experience b. Employee engagement c. Capital programmes d. Brand, image and reputation 11

Roles and responsibilities for risk management Concerned bodies Risk Management Role Project Board . Defines the overall risk appetite for the project investment decision. Reviews the project risk management plan (for Major projects only). Approves funding for project risk management. Monitors the overall project risk profile. Assures clarity of the sponsor’s management of risk accountabilities. Assists with assessing the risk context for the project. Monitors and acts on risks escalated up by the project manager under the direction of the sponsor 12

Cont … 13

Cont … 14

Risk management in the decision-making process 15

Cont … • RISK IN THE DECISION-MAKING PROCESS A risk is any event that could prevent the project from progressing as planned, or from successful completion. Risks can be identified from a number of different sources. Some may be quite obvious and will be identified prior to project kickoff. • Project Manager has overall responsibility for managing project risk. Project team members may be assigned specific areas of responsibility for reporting to the project manager. • Throughout all phases of the project, a specific topic of discussion will be risk identification. The intent is to instruct the project team in the need for risk awareness, identification, documentation and communication. 16

Cont … • Risk awareness requires that every project team member be aware of what constitutes a risk to the project, and being sensitive to specific events or factors that could potentially impact the project in a positive or negative way. • Risk identification consists of determining which risks are likely to affect the project and documenting the characteristics of each. • Risk communication involves bringing risk factors or events to the attention of the project manager and project team. 17

Cont … • The project manager identify and document known risk factors during creation of the Risk Register. It is the project manager’s responsibility to assist the project team and other stakeholders with risk identification, and to document the known and potential risks in the Risk Register. The project team will discuss any new risk factors or events, and these will be reviewed with the Insert Project Name Here project manager. 18

Cont … • At any time during the project, any risk factors or events should be brought to the attention of the project manager using Email or some other form of written communication to document the item. The project manager is responsible for logging the risk to the Risk Register. 19

Cont … • Notification of a new risk should include the following Risk Register elements: • Description of the risk factor or event, e. g. conflicting project or operational initiatives that place demands on project resources, unexpected study outcomes, delays, etc. • Probability that the event will occur. For example, a 50% chance that the vendor will not have an animal colony that meets the criteria available. • Schedule Impact. The number of hours, days, week, or months that a risk factor could impact the schedule. 20

Cont … • Scope Impact. The impact the risk will have on the envisioned accomplishments of the project. Delayed animal delivery may result in a reduction in the number of studies that can be completed within the contract period of performance. • Quality Impact. A risk event may result in a reduction in the quality of work or products that are developed. As an example, lack of funding caused by cost overruns may result in the reduction of the study size and impact statistical empowerment • Cost Impact. The impact the risk event, if it occurs is likely to have on the project budget. 21

Project Manager Risk Activity Responsibility • The responsibility for managing risk is shared amongst all the stakeholders of the project. However, decision authority for selecting whether to proceed with mitigation strategies and implement contingency actions, especially those that have an associated cost or resource requirement rest with the Project Manager who is responsible for informing the funding agency to determine the requirement for a contract modification. 22

Cont … • The following tables details specific responsibilities for the different aspects of risk management. • Risk Identification: All project stakeholders • Risk Registry: Project Manager • Risk Assessment: All project stakeholders • Risk Response Options Identification: All project stakeholders • Risk Response Approval: • Risk Contingency Planning; Project Manager(s) • Risk Response Management; Project Managers • Risk Reporting; 23

Risk Assessment • Risk assessment is the act of determining the probability that a risk will occur and the impact that event would have, should it occur. This is basically a “cause and effect” analysis. The “cause” is the event that might occur, while the “effect” is the potential impact to a project, should the event occur. 24

Cont … • Assessment of a risk involves two factors. First is the probability which is the measure of certainty that an event, or risk, will occur. This can be measured in a number of ways, but for the project will be assigned a probability as defined in the table below. 25

Cont … 26

Cont … • The second factor is estimate of the impact on the project. This can be a somewhat subjective assessment, but should be quantified whenever possible. The estimated cost, the duration of the potential delay, the changes in scope and the reduction in quality are in most cases factors that can be estimated and documented in the risk statement and then measured using the standard project management tools (i. e. project plan, budget, statements of work). Rather than detailed impact estimates the Risk Register contains five ratings for impact; 27

Cont … • • • Catastrophic (A) Regulatory/Compliance violations/issues Inability to validate data Withdrawal of product manufacturer Tainted product Materials breech Production delays Technical miscommunications Security/confidentiality breeches 28

Cont … • Critical (B) • A non-compliance finding resulting in process, or operational degradation • A security finding requiring immediate corrective action prior to continued operation • Reoccurring violation of any safety regulation resulting in serious injury • Production errors containing regulatory violations that pose direct consequence to the operation • Moderate (C) • Security finding requiring a Corrective Action Plan • Production element errors that may pose indirect consequences to the operation 29

Cont … • • • No regulatory action anticipated No compliance impact anticipated No evident security threat affected Minor errors in completed Company policy & procedures Production errors containing quality system and / or opportunities for improvement Negligible (E) No regulatory/compliance violation No security/confidentiality element affected On time production Validated experiments “Clean” product Properly executed communications 30