Transcript Planning for Risk

Planning for Risk and
Change
Geoff Leese Sept 1999 revised Sept
2001, Jan 2003, Jan 2006, Jan 2007,
Jan 2008, Dec 2008
(special thanks to Geoff Leese)
Risk and risk management
Much “risk management” focussed on
Health and Safety risks these days
 Topic is much bigger than that

 Business
risk
 Security risk
 Business continuity
Introduction

Is it worth doing?
 Cost/benefit

analysis
What might affect it if we go ahead?
 Risk
management
Cost-benefit analysis (1)
Cashflow projection
 Payback period

 Time

taken to “break even”
Return on Investment (Accounting Rate
of Return)
 average
annual profit/total investment*100
Cost-benefit analysis (2)

Present value
 value
in year t/(1+r)t
 “r” is discount rate as decimal value
Discount factor tables are available!
 Net Present Value of a project (NPV)

 Sum
of discounted values of all cashflows
for that project
Assessment of risk
Risk
Customer cancels contract
Supplier goes bankrupt
Budget exceeded by <= 20%
Budget exceeded by > 20%
Maintenance costs higher
than estimate
Response time targets not
met
Importance
High
Low
Low
Medium
Low
Likelihood
Low
Medium
Medium
Low
Low
Low
High
“Risky” projects less likely to start.
Apply “Risk premium” to discount rates for NPV
Expected Value
Sales
Optimistic
Net Annual
Income (I)
£800,000
Probability
(P)
0.1
Expected
Value (I*P)
£80,000
Most Likely
£650,000
0.6
£390,000
Pessimistic
£100,000
0.3
£30,000
Expected
Income
£500,000
Weighted average of all possible outcomes.
A useful measure for comparing contracts!
Risk Profile Analysis

Sensitivity analysis
 Vary
each factor (in turn) by + or - 5%
 Recalculate costs/benefits
 Indicates sensitivity of project to each
factor
 Helps with risk assessment

Monte Carlo Method? (see Cotterill. &
Hughes Chap 7)
Decision trees (1)
Improve or replace machinery?
Market will expand, or not expand?
Expansion
Improve
NPV (£)
-100,000
0.2
0.8 75,000
No expansion
D
Expansion
Replace
0.2
0.8
No expansion
250,000
-50,000
Decision trees (2)

Improve  (0.2*-100,000)
+(0.8*75,000)
 =£25,600

Replace
 (0.2*250,000)
+ (0.8*-50,000)
 =£10,000

Therefore choose Improvement!
Project Evaluation
Evaluate on economic,strategic and
technical grounds
 Assess all costs & income over lifetime
of project
 Discount accordingly
 Allow for uncertainty!
 Evaluate expected outcomes and choose
strategies

Risk management (1)

Estimation errors
 Use

historical data and keep records!
Planning assumptions
 State,

and be prepared to revise them!
Eventualities
 Identify,
and deal with them!
Risk management (2)
Hazard identification
 Risk analysis
 Risk prioritisation
 Risk reduction
 Risk monitoring

Hazard identification








Contract Factors (is it special or different?)
Customer Factors
Staff Factors
Project Methods
Technology Factors
Changeover Factors
Supplier Factors
Environment Factors
Consider for each phase or product!
Risk Analysis (1)
Risk Value = Likelihood * Impact
 Impact expressed as monetary values?

 Likely
to be difficult or impossible!
Likelihood AND impact expressed
using “arbitrary scale “ (1-10)
 Most likely - 10, least likely - 1
 Highest impact -10, lowest impact - 1

Risk Analysis (2)
Hazard
Likelihood Impact Risk Value
Sickness affecting critical
path activities
Production takes longer
than expected
Specification takes
longer than estimate
Sickness affecting noncritical activities
Changes to
requirements during
production
Product testing shows
up design deficiencies
5
7
35
5
5
25
3
7
21
7
3
21
2
8
16
1
10
10
Risk Prioritisation
Prioritise by risk value?
 Consider

 Confidence
in assessment
 Compound risks
 Number of risks
 Cost of action

Risk Reduction Leverage (RRL)
=
(RV(before) - RV(after))/risk reduction cost
 Use the same units!
Risk Reduction (1)
Hazard prevention
 Likelihood reduction
 Risk avoidance
 Risk transfer
 Contingency planning

Risk Reduction (2)

Personnel shortfalls
 get
the best, job matching, early
scheduling, personal development, team
building

Unrealistic estimating
 multiple
estimates, use of different
techniques, standardisation of methods,
use of historical data
Risk Monitoring
Assign INDIVIDUALS to monitor risks
 Part of “change plan”
 Use PERT techniques to assess potential
effects of uncertainties on project
schedule

3 way estimating
 Activity standard deviations
 Probability & “Z” values” (Cott. & Hughes)

Evaluation and Review
Projects should be reviewed on completion
 The risk management plan should be
reviewed at the end of the project .

 Risks
were successfully foreseen?
 Contingencies were properly planned for?
 Lessons to be learnt?
 Improvements to be made?
 should be built into the risk management plan
Change Control Plan
Vital part of the project plan
 Changes are almost inevitable
Example: the client originally asked for
sweetcorn on all sandwiches but now
wants sweetcorn on tuna only. What
changes will need to be made?
 Project roles should include a Project
Librarian, responsible for logging
change requests and responses.

Controlling Change
Risk of “scope creep”
 One big change? Lots of little ones?
 Poorly documented changes make
maintenance and enhancement difficult
 May comprise the integrity of the design
 May comprise the profitability and
deliverability of the contract

Change Control Plan
Change Request (CRF)
 Change Specification
 Change Analysis
 Costing & feasibility
 Change decision (Change Control Board)
 Change implementation & documentation

And the downside Perceived as bureaucratic, expensive &
time-consuming
 Likely to annoy users and may affect
their relationship with the company.
 Will definitely annoy production staff.
 Restricts responsiveness to user needs
 Emphasises costs and control rather
than user needs

Summary

Project evaluation
should we do it?
 How should we do it?


Risk management  what
COULD happen if we do?
 How will we cope if it does?

Change control
Further Reading
 http://www.rmri.co.uk/
 Link
to BSI risk management