1

PROJECT RISK MANAGEMENT Prepared By:Debdip Das Debdip.das@gmail.com CHAPTER 1 2 CHAPTER 2 15 CHAPTER 3 30 CHAPTER 4 44 CHAPTER 5 57 CHAPTER 6 73 CHAPTER 7 89 CHAPTER 8 105 CHAPTER 9 129 CHAPTER 10 143

PM0007-Unit-01-Understanding Risk in Projects

Unit-01-Understanding Risk in Projects Structure: 1.1 Introduction Learning Objectives 1.2 Definition 1.3 Risk Management Process 1.4 Creating a Risk Management Plan 1.5 Risk Management Responsibilities 1.6 Case Study 1.7 Summary 1.8 Terminal Questions 1.9 Answers 1.1 Introduction This unit covers the aspects related to typical risks associated with projects and their management. Typically, projects are a set of activities with a defined objective. These activities generally involve a unique set of tasks that need to be carried out in a defined environment. Achieving the defined objectives through successful completion of these activities make a project successful. However, all projects are prone to certain uncertainties that might hamper the project progress. These uncertainties have an impact or an effect on the objectives and are termed as project risks. Risk is the probability of occurrence of an event which can hinder the project goals. While some of the risks are trivial, others could make a significant difference in the way projects are executed. Thus Risk Management is recognised as an essential process in any organization. Risk Management focuses mainly on minimising threats and maximising opportunities. It plays a very important role in optimising the objective achievements. Ideal Risk Management minimises the spending and maximises the reduction of the negative effects of risk.

Hence, one of the key areas requiring proactive management within projects is risk. Risk in a project arises from a wide range of sources and has a broad scope of possible effects on the project. Given that the two dimensions associated with any project are the tasks to be performed and the risks inherent in the project environment, it is a key success factor for every project manager to predict and manage the project risks well. Risk management is therefore a process of identifying and assessing risks in a project. Additionally, it also entails ensuring that effective measures are planned and implemented to minimise the occurrence of these risks and to deliver the project in line with defined objectives. Learning Objectives: After reading this unit, you will be able to: Outline the definition of risk Explain the Risk Management process Identify risks associated with a project and classify them as per the risk management process 1.2 Definition Risk is defined as a positive or negative effect of uncertainty on objectives. The identification, assessment, and prioritisation of risk are therefore considered as risk management. Risk management is adopted widely to maximise the realisation of opportunities or to prevent the effect of unfortunate events. Thus risk can be defined as: The effect of uncertainty on objectives (whether positive or negative). Or The chance of something happening that impacts project objectives. A project manager must anticipate and handle risk efficiently by: Identifying potential risks. Initiating proactive measures to avoid risks. Managing consequences effectively, if risks do occur. For this purpose, project managers must follow a methodology or a process for managing risks. You will get more insight into this subject in the subsequent sections.

1.3 The Risk Management Process Projects face many risks. Managing these risks is therefore an integral part of any project management. Risk management helps you to identify and address the risks facing your business and in doing so you achieve your businesses objectives. There is a wide convergence and international consensus on the various elements for risk management process. The risk management process is: Supported by growing range of capable tools and techniques An accepted process worldwide A research base for academics Implemented across many organisations A Risk Management Process describes the steps you need to take to identify, monitor, and control risk. Risk management process helps you: Identify critical and non-critical risks Quantify the impact of the risk Document each risk in depth by completing Risk Forms Log all risks and notify management of their severity Take action to reduce the likelihood of risks occurring Reduce the impact on your business, should risk eventuate Risk management becomes even more significant if your project aims to enter into new business areas such as launching a new service or targeting a new market. In such scenarios, your standard risks are: Emergence of new technologies that make your product redundant. Competition following your suit. As a project manager, you must envisage such risk occurrences and put in place effective measure to thwart them. The best way to manage risks is by using a Risk Management Process. Most teams are subject to constant risk of meeting their objectives. The key to success lies in how you manage risks, by putting in place a clear Risk Management Process. The risk management method in the context depends on methods, definitions, and goals that vary widely according to various business segments:

Project management Security Engineering Industrial processes Financial portfolios Actuarial assessments Public health and safety Generally, a risk management process involves following five phases that are depicted in Figure 1. This Risk management process shows you all the steps you need to take to implement Risk Management in your organisation. Using this risk management process to monitor and control risk, you can ensure you meet your team objectives.

Figure 1: Risk Management Process 1. Risk Identification: Risk Identification is a process of identifying the risks associated with your business activities in a methodical manner. Risk identification starts with the problem

source or with the problem itself. So after establishing the context the next step is to identify the potential risks. Analysis of Source: The target of risk management is the internal or external risk sources in the system. The stakeholders in a project, the employees in a company or the weather in the airport may be the best examples for risk sources. Analysis of Problem: Risks are deviation from assumption, it is essential to identify risks related to threats. The best examples are the accident and casualty threat, private information abuse, or money losing threat. The government legislative bodies, shareholders, and customers are few threats with various entities. Culture, industry practice, and compliance depend on the chosen method for identification of risks. There are number of ways by which you can go about identifying risks: 1. Risk identification by Objective-based: The event which prevents you from achieving an objective completely or partially is identified as risk and every project and organisations have these objectives. 2. Risk identification by Scenario-based: The scenarios are usually the ways to achieve an objective or to analyse the interaction of forces. Any scenario that triggers an undesired event is identified as risk. 3. Risk identification by Taxonomy-based: This risk identification is a breakdown of possible risk sources. 4. Risk identification by Common-risk checking: Many industries list out their known risks and share them. Each risk in the list can be checked for application to a particular situation. 5. Risk identification by Risk charting: This risk identification is done by listing Resources at risks and combining the above approaches. In this method of identification you can start with threat and identify the resource that will be affected or you can examine the consequences and then determine the combination of threat and resource.
After the risk identification, it becomes essential to assess the risks so that the right actions can be planned for the same. In the case of value of building loss or in the case of probability of an unlikely event occurring, it is easier to arrive at these quantities.

But statistical information is not accessible in all kinds of risks that might have occurred in the past, thus project managers are faced with this difficulty in assessing risks. To evaluate the rigorousness of the impact of risk is often difficult for immaterial assets. However, assessment of risk must produce information such that the information can be used by the management in an organisation to identify risks and prioritise risk management decisions. There are several theories for quantifying risk attempts. Out of the many different risk formulas that exist, the most accepted formula for quantification of risk is: Risk = Rate of Occurrence x Impact of the event

The financial benefits of risk management are independent of the formula used, although they are more dependent on frequency and how the risk assessment is executed. 2. Risk Probability: Assessing the probability of the occurrence of the risk is known as Risk Probability. The first problem in assessing the probability of project risks is the term itself. Probability has an accurate numerical meaning. The best method for assigning probability is measuring the relative frequency or likelihood of occurrence of an event, where the values lie between impossibility (zero) and certainty (one). The uncertainty dimension such as frequency, likelihood or chance is the major component of risk probability. 3. Risk Response: Being prepared on how to respond to the occurrences of risk is called as Risk Response. There are a few things you can do about a response to any risk, and the strategies are: Avoidance of Risk: The risk has to be avoided, do something to remove the risk. For example use another supplier. Avoiding risks also means loss in the potential gain for the organisations that retain or accept the risks which have been allowed. Possibility of earning profits is also avoided by not entering a business that may avoid the risk loss. Transfer of Risk: Risk has to be transferred, someone will be responsible. Possibly a vendor will be made responsible for a particularly risky part of project, a third party by outsourcing or an insurance company. The original risks are likely to still revert to the first party if the insurance company or contractor goes bankrupt or end-up in court. So practitioners and scholars alike, the insurance contract purchased is often called as a risk transfer Mitigation of Risk: The risk has to be mitigated. You need to take measures to reduce the impact or chance for the risk to occur. If the risks are related to availability of resources, make an agreement and sign-off for the available resource. Prevention of Hazard: Prevention of risks in an emergency refers to the hazard prevention. Elimination of hazards is the most effective stage of hazard prevention. If this is too long, too costly, or impractical then the second stage is mitigation of hazards which prevents hazards from occurring. Reduction of Risk: This method involves the reduction of likelihood of the loss of occurrence, or the severity of the loss. For example, sprinklers are designed to put out a fire to reduce the risk of loss by fire. This is not suitable because of the greater loss by water damage. By developing and delivering software incrementally, the modern software development methods reduce the risk. Retention of Risk: Involved the acceptance of loss. True self insurance falls in this category. Strategy for small risk is viable in risk retention, in which the cost of against risk insuring is greater over time than the sustained total loss. By default, all risks are not transferred or avoided. This includes risks which are very large can either be feasible or insured. A response in risk planning includes the approach and the strategy addressed by items. The actions include when it should be finished, who is going to do it, and what needs to be done.

4. Risk Measures: This is a process by which an organisation initiates measures to effectively deal with the consequences when the risk actually occurs. To understand this in a better way, you can use the two dimensional table given on page 8 wherein the risk is quantified. The impact and the probability of the risk must be evaluated in a simple scale of 1 to 4. The greater the number, the higher is the intensity and impact.

If the probability is more, and the impact is less, it is a medium risk. So, if impact is more, and probability is less, it is a high priority risk. Using this method, risk can be quantified to a certain extent. 5. Risk Tracking: Tracking and monitoring the effectiveness of your risk management approach is a very important process. To track risks, project managers should hold regular risk reviews to identify actions which are outstanding, probability of risks, and the impact of risk. This process helps in removing the risks that are no more valid and the new risks can be identified and added. This continuous monitoring of risks to determine any changes in its status, or if they turn into any issues is an essential part of risk management process. Any risk management process also requires running risk reviews regularly to identify and quantify risks. This enables you to track risks that have occurred and build mitigation plans thereby curbing their recurrence to the bare minimum. As a result the process of risk management will be useful in: Improving the decision-making, prioritisation, and planning. Helps you in allocating the capital and resources effectively. Anticipating what might have gone wrong and minimising the amount of fire-fighting that you may want to do. Preventing disaster and even serious financial loss in a difficult case scenario. Delivering your business plan on time and to budget it significantly improves the probability.

1.4 Creating a Risk Management Plan For applicable and effective controls for managing the risks a risk management plan should be created. Actual loss results, experience, practice will require changes in the plans. You must provide all information that can help in developing different possible decisions to handle the risk. Also, you have to update the risk analysis results and management plans periodically. The two primary reasons for this are: To assess whether the prior selected security controls are still appropriate and efficient. To assess the feasible risk level changes in the business environment in an organisation. There are seven steps in the risk management process planning that are explained below: Involve: The risk management planning must involve each individually in the team and request them to contribute at least ten potential risk items. Consequently, the person in the team will assume that the definite project risks are known already, and so it is not needed to be listed. Collate: Collecting the lists of project risks and compiling them into a single list with the duplicates removed is the second step in risk management. This will give you a complete list of possible risks. Asses: Assessing the probability or likelihood, impact or outcome, and detecting each item on the master list is the third step in risk management. By assigning each item on a numerical rating from 1 to 4 or subjective term like low, medium, high this assessment can be done. Group: Breaking up the planning team into different sub-groups and by giving a portion of master list to different sub-group is the fourth step in risk management. The caution signs can be identified by each sub-group for the assigned lists of projects. Thus every caution must be noted down even if it is minor one. Identify Actions: In this step, sub-groups have to identify feasible preventive actions for the intimidation (or threats) and try to enhance the action points for the opportunities. Create Contingency Plan: The sixth step in risk management is that the sub-groups have to create a contingency plan for most of the project risks in such a way that the plan should include

10

the actions where the risk may occur or trigger. The process in the risk management will not be so effective if the contingency plan is time consuming to address the risk. Assign: This is the final pace in planning the risk management process. This talks more about the determination of the owner of each risk in the list. The responsible person for watching out for triggers is the owner. The owner responds suitably if the triggers occur. Then the contingency plan is to be used by respective owners. Mostly, the project managers will be the owners of the risk. Evaluation of Plan and Reviewing Like any other plans, risk management plans need to be evaluated and reviewed on a regular basis. Actual loss results, experience and practice will require changes in the risk management plans. Thus you have to update periodically the risk analysis results and management plans. The two primary reasons for this are: To assess whether the prior selected security controls are still appropriate and efficient. To assess the feasible risk level changes in the business environment in an organisation. 1.5 Risk Management Responsibilities Every employee has a responsibility to be involved actively in risk management. It depends upon the role the employee plays in an organisation and their extent of involvement. In an organisation, project managers take risk management responsibilities. They have some key risk management responsibilities and they are: Identify and quantify the organisations risk factors. Adopt proper financial protection measures through risk transfer (to outside parties), risk avoidance, and risk retention programs. Develop and update a system for recording, monitoring, and communicating the organisations Risk Management program components and costs to management. Design insurance programs for coverage at the most reasonable cost. Establish Risk Management policies and procedures Active participation in reviewing and updating the organisational risk profiles. Ensure that the risks are identified, monitored, and managed on an ongoing basis in accordance with the process enlisted in the risk management plan document. It includes in ensuring the effectiveness of key controls in an organization.

11

Ensure that the risk assessment and mitigation techniques are overseen by coherent and consistent use of risk management by those personnel reporting to them. Make risk management a regular agenda item for team meeting, which can facilitate in risk identifications and management. Integrate Risk Management into Existing Management Process Integrating or adopting risk management into existing management processes is a major challenge for all project managers. Organisations must identify or design appropriate corporate infrastructure to ensure clear communication of risk issues, practices, and procedures throughout the organisation. They must ensure that risk management principles are integrated into the organisations governing structure and decision-making and reporting systems. A successful implementation of risk management is to merge risk management with the existing organisational processes like corporate planning, performance reporting, training development, etc. Aligning risk management vision and objectives with corporate objectives and strategic direction helps to make risk management meaningful and relevant to all employees. 1.6 Case Study Mount Wonder Park (MWP) is located just outside the city of Bangalore, Karnataka. This is an outdoor theme park which attracts more than 200 people daily. They have all types of rides, multiple selections of roller coasters, and a 15 acre water park for the visitors. The park is open starting near the end of April and stays open until the end of July which depends upon the weather. This is a very big theme park that anyone would definitely remember in time. Before this amusement park starts, there are many risks that they have to face with. In order for the MWP to operate fully, they need to develop a risk management program. This will be safer for the customer base as well as the staff and people involved with this amusement parks daily operations. People involved in the daily operation of the amusement park are the CEO, the employees working in the gates, artists performing the stunt shows. There are several areas that should be covered to avoid many risks in MWP. Challenge Find the areas of risks, go thorough the areas in detail, and explain how they can be dealt with. Self Assessment Questions 6. Risk is the effect of uncertainness on objectives, which can be _______ or ______. 7. Risk management process describes the process of identifying, ________ and _____ risks. 8. Risk reviews help to ___________ and _____________ risks.

12

9. There are _________ steps in risk management. 10. The risk management process involves _____________ phases. 11. Always the risk identification starts with the __________ source. 12. Risk Management Process describes the steps you need to take to _________, ________, and _____________. 13. The projects are a set of activities with ____________________. 1.7 Summary Risk management is all about being aware of unfavourable events that may happen as you go about your business in an organisation and taking steps to limit the chances of it occurring, or deciding that you accept that something may occur and that you are prepared for the consequences. A risk management process does not have to be complicated or time consuming to be effective. By following a simple, tested, and proven approach that involves seven steps taken at the beginning of each project, the project team can prepare itself for any kind of risks. Of course there will always be changes and there may still be surprises, but the end result is that they are fewer, that the team feels prepared and that the project is not taken off course. Although there are different methodologies for risk management, the core components of any risk analysis is made up of the following: Identify company assets Assign a value to each asset Identify each assets vulnerabilities and associated threats Calculate the risk for the identified assets Once these steps are completed, then the risk analysis team can identify the necessary countermeasures to mitigate the calculated risks, carry out cost/benefit analysis for these countermeasures and report to senior management their findings. Glossary Term Contingency plan Generic Risk Line Managers Description Possible plans which are developed by the business in an organization Main risk for all projects. Heads of development and marketing departments.

13

Revenue generating Risk Transfer Risk 1.8 Terminal Questions

Manufacturing and selling departments The insurance contract purchased is often called as a Risk Transfer The probability of occurrence of a disaster.

14. What is Risk Management? 15. What are different common methods of Risk identification? 16. What is Risk Tracking? 17. How to create risk management plan, implementation, and evaluation of plan? 18. What are the responsibilities in Risk Management? 1.9 Answers Answers to Self Assessment Questions 19. negative, positive 20. assessing, handling 21. identify, quantify 22. seven 23. five 24. problem 25. identify, monitor, control 26. defined objectives Answers to Terminal Questions 27. Refer to Para 1 of Definition. 28. Refer to Para 5 of Risk Management Process. 29. Refer to Para 9 of Risk Management Process. 30. Refer to Section 1.4.

14

31. Refer to Section 1.5. Copyright 2011 SMU Powered by Sikkim Manipal University .

15

PM0007-Unit-02-Identifying Risk in Projects

Unit-02-Identifying Risk in Projects Structure: 2.1 Introduction Learning Objectives 2.2 Identifying Project Risks 2.3 Methods for Risk Identification 2.4 Categories of Risks 2.5 Risk Breakdown Structure (RBS) 2.6 Risk Breakdown Structure for a Project 2.7 How to Use RBS 2.8 Examples of RBS 2.9 Uses and Benefits of RBS 2.10 Summary 2.11 Terminal Questions 2.12 Answers 2.13 Case Study 2.1 Introduction You would have studied about Identifying Risks in project in Unit 1 of Project Risk Management. It is one of the very important steps in project and risk management. Risk Identification is the process of discovering, describing, documenting, and communicating risks before they become problems and adversely affect a project. For effective risk management, accurate and complete risk identification is vital. Risks must be identified first in order to manage them effectively. The important aspect of risk identification is to capture as many risks as possible. All possible risks should be submitted during the risk identification process. Not all risks will be acted upon. The decision of handling each risk will be made by the

16

project members once more details are known about each risk. There are various techniques that can be used for risk identification. Useful techniques include brainstorming methods as well as systematic inspections and process analysis. It is essential to include key functional area personnel to ensure no risks go undiscovered, regardless of the technique used. Learning Objectives: After reading this unit, you will be able to: Identify Risks in a Project Explain Methods Used for Risk Identification Elucidate the idea of Risk Breakdown Structure (RBS) Describe how to Use RBS 2.2 Identifying Risks in Projects You can identify the Project Risks by the following ways: Establish those activities that should be part of project risks Adopt appropriate information collection techniques Review and discover examples of the contents of a risk register Compare types of causes of project risk with examples Highlight the risks and causes for a process, using existing process flowchart 2.3 Methods for Risk Identification The first step in determining which risks may affect the project is Risk Identification. Identifying risks present in a project is an art in itself. The chosen method of identifying risks may depend on culture, industry practice, and compliance. For example, brainstorming is a technique that is best accomplished when the approach is open or unstructured. Group members verbally identify risks which provide the opportunity to build on each others ideas. To achieve the desired outcome, it is essential to select participants who are familiar with the topics discussed, provide relevant documentation and a facilitator who knows the risk process to lead the group. A note-taker should be appointed to capture the ideas that are being discussed.

17

A number of Risk Identification methods are given below along with their advantages and disadvantages. As a project manager, you could use any or more of the methods given according to their fitment in the organisation. Detection Method Interviews Advantages Disadvantages

In a face to face meeting Requires lot of time sensitive matters are revealed quicker

Helps to involve people in risk management Brainstorming A lot of results in a short period

Everyone does not speak up freely in a group

Consulting Experts

Risks are shared with others It is difficult to plan and constantly get everyone together Independent view on matters Costs Sensitive information may be disclosed Risks that have already been solved may resurface

May have expertise not available in the company Study Project Old forgotten risks are often Documentation documented Insight in the working procedures of a project team Study Specialist Shows the state of art Literature knowledge and available solutions

Specialist Literature may be written for academic audience

Requires lot of time Acquisition cost Stakeholders Understanding the interests, Access to stakeholders Analysis attitudes and potential actions of stakeholders Finding an appropriate representative of interest groups. Research Find resource risks Availability of detailed Resources plans is necessary Review Find bottlenecks in the Focuses almost entirely Planning project plan. on schedule risks Research Find interfaces that could Interfaces are not always Interfaces cause risks easy to recognize Visit Locations First hand experience May require a lot of time increases understanding of the project environment

18

Research assumptions Checklists

Understanding crucial project assumptions Easy and quick to use Can contain a lot of project specific knowledge

Requires good analytical skills Results may be too general

Identification of Risks in project has the following advantages: Lowered cost and confusion Prioritization and stakeholder support Input for portfolio management Mitigation of project risks Setting expectations and establishing reserves Communication and control 2.4 Categories of Risks Categorising risks has the following advantages: Possibility to overview risks Identification of gaps that might have been ignored Easier identification of further risks Project risks can be categorised into many types. They are explained below. 1. Schedule Risk Schedule is a plan for an activity or event. In this category of risk, project schedule gets delayed when project tasks and schedule release risks are not addressed properly. Schedule risks have an affect on project, company performance, and may lead to project failure. It definitely has a negative impact on any organisations relationship with customers. Project schedules are often delayed due to one or a combination of the following reasons: Wrong estimation of project time. Resources like staff, systems, and skills of individuals are not tracked properly.

19

Failure in identifying complex functionalities and estimating the time required to develop those functionalities correctly. Unforeseen expansion in the project scope. 2. Budget Risk Budget is a sum of money allocated for a particular purpose. In this category of risk, an unresolved issue creates a requirement to redo the work. If this work is not done within the given timeframe when it is still possible to refine requirements and while keeping the changes within the scope of the project any changes would require additional funding. Budget Risks are often left unresolved due to one or a combination of the following reasons: Wrong budget estimation Cost overruns Project scope expansion 3. Operational Risk An operational risk is a type of risk arising from execution of a companys business functions. In this category of risk, Operational Risks occur due to improper process implementation, failed system or some external events risks. Some of the causes of Operational risks include: Failure to address priority conflicts Failure to resolve the responsibilities Insufficient resources Improper subject training No resource planning Lack of communication in team Infrastructure, such as power and network, failure 4. Technical Risk

20

Technical Risk is a measure of the uncertainty of meeting a requirement relating to some technical aspect of a systems engineering effort. In this category of risk, risks generally lead to failure of functionality and performance. Some of the causes of technical risks include: Continuous change in requirements No advanced technology available or the existing technology is still in initial stages Product is too complex to implement Difficult project modules integration 5. Social and Political Risk Social Risks occur due to actions of special interest groups, such as environmentalists and conservationists. 6. Market Related Risk Market Related Risks occur due to loss of product quality, lack of market information, and actions of third party. 7. Consumer-related Risk Consumer-related Risks occur due to loss of consumer appeal, health regulations, and actions of third party. 8. Physical Risk of nature Physical risks of nature occur due to extreme climatic and meteorological conditions. 9. Liability Risk Liability Risks occur due to legal actions against the organisation. Self Assessment Questions 1. Name any 4 types of Project Risks. 2. Project schedules are often delayed due to unexpected ___________. 3. Operational Risks occur due to ______________, failed system, or some external events risks. 4. Match the following:

21

Brain storming Quick to use Risk identification Rows and columns Checklists Interviews and Brainstorming Matrix Technique 2.5 Risk Breakdown Structure (RBS) A hierarchically organised depiction of the identified project risks arranged by category is called Risk Breakdown Structure. This arrangement of risk items into labelled rows and columns within a table is called Matrix. Risk Matrix is a tool used in the Risk Assessment Process; it helps in determining the severity of the risk of an event. Risk Breakdown Structure is based on the concept of the Work Breakdown Structure. It provides a means for the project manager and risk manager to structure the risks being addressed and/or tracked. The RBS is basically a hierarchically organized depiction of the identified project risks arranged by risk category. Although, many project managers and risk managers might have used some other methods for listing, identifying, assessing, and tracking risks in their projects e.g. spread-sheets, listing, time and again Risk Breakdown Structure has proven to be most useful. It helps you understand the risks completely and therefore enables you to better identify and assess the risks, and get into the depth of each risk, taking it to as many levels of identification as might be required. An example of how Risks are broken down into a matrix structure is given in the table below: Negligible High Moderate Low Low Low Marginal High High Moderate Low Low Critical Extreme High High Moderate Moderate Catastrophic Extreme Extreme Extreme Extreme High

Certain Likely Possible Unlikely Rare

The company or organisation then calculates up to what levels of Risk they can take with different events. This is done by weighing probability of the occurring against the cost to implement safety and the benefit that can be gained from it. For Example, The risk of being physically hurt may be made up of the hazard of being hit by a car, the risk of having a crane dropped on you and the risk of being caught in a stampede. As you know, each risk has probability and a consequence. Here, the probability of being hit by a car is much more than that of being crushed by a crane or a stampede. However the consequence of being struck

22

by a car is less than that of finding yourself under a crane. The same is depicted in the table below with a few other options as well: Negligible Busy market Marginal Car Crane Stampede Wind storm Volcano Critical Catastrophic

Certain Likely Possible Unlikely Rare

2.6 Risk Breakdown Structure for a Project The Risk Breakdown Structure for a generic Project is given in Table which explains each and every level of Risk Breakdown Structure with examples.

23

2.7 How to Use the RBS An RBS can be used in a variety of ways, once an organization or project defines it. Some of these facilitate the risk management process on a particular project, while others are relevant across projects. Risk Identification: The first step in determining which risks will/may affect the project is Risk Identification. It also provides documentation of the risk characteristics. The first level (Level 1) of the RBS can be used as a "sanity check" to make certain that all topics that might include risk are covered during the risk identification process. Using the RBS, an iterative process can be initiated that will persist throughout the project life-cycle. The applicability and frequency of this iterative process will be different in each phase of the life-cycle.

24

You can identify specific and generic risks by using Levels 2, 3 and below, for identifying specific and generic risks. This checklist can then become a part of the project manager/risk managers tool set for future projects. It also leads to quantitative risk analysis which should be "owned" by the Project Risk Manager. Interestingly, sometimes just identifying the risk itself will suggest the proper response that can be entered into the Risk Response Plan. Risk Analysis (Quantitative Risk Analysis): Risk analysis is the process by which the identified risks are placed in proper perspective within the RBS by categorizing the risks to the various levels Analysis involves the use of various techniques to prioritise the risk, determine the probability of a risk, and to calculate the impact of risk. Using the RBS, the project manager and the risk manager can create a "risk count" based on the priority, probability and impact of each risk. This can be done for each group of risks for each level of the RBS. Risk Breakdown Structure also provides an understanding into the analysis of the identified risks. Some of these understandings can be: Type of Risk exposure Dependency between risks Relationship between different risks Reason for risks Importance of risks 2.8 Examples of RBS One input you need when doing Risk Management Planning is a Risk Breakdown Structure. The following is an example Risk Management Breakdown. Technical - Requirements - Technology - Complexity - Quality - Performance

25

Management - Resources - Company Vision - Capital Organizational - Dependencies - Budget - Prioritization External - Contractors - Vendors - Customer Project Management - Estimating - Planning - Controlling - Communication Risk Breakdown Structures will be created as per the project scope and requirements. Using the above generic structure can serve as a base for projects to expand the risks while undergoing Risk Identification process. It can also serve as an input for Qualitative Risk Analysis where probabilities and impacts are assigned. The impacts can be classified as numerical or High, Medium, and Low. 2.9 Uses and Benefits of RBS The main uses and benefits of the RBS are outlined in the following paragraphs. Risk Identification Aid

26

The upper levels of the RBS can be used as a prompt list to ensure complete coverage during the risk identification phase. This is accomplished by using the RBS to structure whichever risk identification method is being used. For example, a risk identification workshop or brainstorm might work through the various elements of the RBS, perhaps at the first or second levels, encouraging participants to identify risks under each of the RBS areas. Similarly, the RBS major areas can be used to structure risk identification interviews, providing an agenda for discussion between the facilitator and interviewees. Using the RBS to structure the risk identification task provides assurance that all common sources of risk to the project objectives have been explored, assuming that the RBS is complete. The danger that this assumption is incorrect can easily be overcome by including a short additional risk identification effort for Other risks not covered by the RBS. Risk Assessment Risk assessment is a step in a risk management process. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat. The identified risks can be categorized by their source and allocated to the various elements of the RBS. This analysis depicts areas of concentration of risk within the RBS, indicating which are the most important sources of risk in the project. This can also be determined by counting how many risks are there in each RBS area. This kind of risk categorization into the RBS has a number of additional advantages for the assessment of risk exposure on the project. It: provides an understanding to the type of risk exposure on the project exposes the most significant sources of risk to a project reveals root causes of risks highlights areas of dependency between risks helps project managers to focus on risk response development for high-risk categories Comparison of Projects Previously created Risk Breakdown structures can be directly compared to the new projects since it is based on a common framework. As the risks are identified and structured in the same way, a direct comparison is helpful for projects. Risk Reporting

27

Reporting the status of project risk and reporting the progress of risk reduction actions is an important task in risk management. The Risk Breakdown Structure helps in this since it has detailed risk information on an individual project. Reports to senior management may include total number of risks or total risk count in each higher-level of Risk Breakdown Structure area, which can be combined with metrics or trend analysis and presented graphically. Even project teams can be informed of risks for their projects, by selecting relevant Risk Breakdown Structure areas for relevant each team member/project. Lessons Learnt The Risk Breakdown Structure can also be a common platform for analyzing risk-related information from each project once the project is complete. Analysis based on this structure helps to reveal risks that occur frequently, allowing generic risks to be identified and recorded for future reference, together with their effective responses. Accordingly, preventive responses can also be developed and implemented and referred for future projects. Self Assessment Questions State whether the following statements are true or false. 5. Risks are prioritized according to their potential implications for affecting the success of a project. 6. The upper levels of an RBS cannot be used as a quick reference to ensure complete coverage during the risk identification phase. 7. Risks identified can be categorized by their source by allocating them to the various elements of the RBS. 2.10 Summary Effective risk management demands that the project manager and risk manager fully understand the project risks. A successful risk management process also requires a good knowledge and understanding of the business objectives of the project. During risk identification, a large volume of risks can be identified. Simply listing these risks or putting them in a spreadsheet or database does not provide the in-depth understanding of the identified risks necessary to allow a solid risk response planning task. The RBS provides the tool necessary to assist in identifying risks, analyzing risk, creating a successful risk response plan, and it provides a vehicle for "deep-dives" into the complexity of the risk. Using a hierarchical RBS, similar in its design to the WBS, allows the project and risk managers the opportunity to carefully align the risks in proper categories, using a deep analysis on available time and resources. Glossary

28

Term

Description Mitigation in law is the idea that a party who has suffered Mitigation loss has to take reasonable action to minimize the amount of the loss suffered. Brainstorming is a group creativity technique designed to Brainstorming generate a large number of ideas for the solution of a problem 2.11 Terminal Questions 1. What are the advantages of identification of risks in Project management? 2. Write any 5 methods of Risk identification and list out their advantages and disadvantages. 3. What are the different types of Project risks? Explain in brief. 4. Explain the concept of Risk Breakdown Structure. 5. Write a generic Risk Breakdown Structure. 2.12 Answers Answers for Self Assessment Questions 1. Budget Risk, Social, Operational, Technical Risk 2. Project scope expansions 3. Improper process implementation 4. Brain storming Technique Risk identification Interviews and Brainstorming Checklists Quick to use Matrix Rows and columns 5. True 6. False 7. True Answers for Terminal Questions

29

1. Refer to Section 2.2 2. Refer to Section 2.3 3. Refer to Section 2.4 4. Refer to Section 2.5 5. Refer to Section 2.6 2.13 Case Study A recent survey found that potential applicants were experiencing considerable difficulty during the construction of a bridge in of the major cities of India. In addition, delays in application review and approval meant that approved applicants were unable to fully participate in this bridge constructing project. Because of insufficient people in this team, this project got delayed and also faced lots of issues as the construction stopped in between. This in turn troubled lots of people who were travelling through this way. Consider the above mentioned details and identify the risks involved during this construction project. Copyright 2011 SMU Powered by Sikkim Manipal University .

30

PM0007-Unit-03-Risk Analysis and Assessment

Unit-03-Risk Analysis and Assessment Structure: 3.1 Introduction Learning Objectives 3.2 Risk Analysis 3.3 Steps in Risk Analysis 3.4 Risk Assessment 3.5 Risk Assessment Cycle 3.6 Quantitative Methods of Risk Assessment 3.7 Qualitative Methods of Risk Assessment 3.8 Differences between Quantitative and Qualitative Risk Assessments 3.9 Summary 3.10 Terminal Questions 3.11 Answers 3.12 Case Study 3.1 Introduction By now you must be familiar with Identifying Risks in a project. After you identify the risks, the next step is analysing and assessing those risks. Learning Objectives: This unit of Risk Assessment and Analysis helps you get familiar with two important stages of Risk Management. After reading this unit you will be able to: Define Risk Analysis and Risk Assessment.

31

Explain the steps involved in performing Risk Analysis. Describe Quantitative and Qualitative Risk Assessments. Compare Quantitative and Qualitative Risk Assessments. 3.2 Risk Analysis Risk Analysis is a procedure to identify threats and vulnerabilities, analyse them to determine the exposures, and highlight how the impact can be eliminated or reduced. It is based on an ordered approach to thinking through threats, followed by an evaluation of the probability and cost of risks in the event of occurrence. It is usually conducted at the beginning of a project to compare two are more alternative scenarios, action plans, or policies. It usually results in a plan of action to avoid the risks or minimize their consequences in the event of occurrence. There are two types of Risk Analysis Quantitative and Qualitative Risk Analysis. i) Quantitative Risk Analysis Quantitative Risk Analysis provides mathematical estimates to allow organisations to understand risk exposure to people, business, the environment, markets or other areas of interest. The main characteristics of this type of analysis are: Mainly two elements are used in this approach: Probability and Likely Loss Result of Probability x Likely Loss is produced It has several drawbacks: - No accurate probability record probability is usually unique to case - Expected loss is hard to establish - Fairly limited use ii) Qualitative Risk Analysis Qualitative Risk Analysis is an analysis that analyses an organisations risks to threats, which is based on judgement, intuition, and the experience versus assigning real numbers to these possible risks and their potential loss margins. The main features of this methodology are: It is widely used It provides approximate potential loss/impact used No probability record is required

32

Risk level is often an outcome of this analysis 3.3 Steps in Risk Analysis To carry out a risk analysis we have to go through the following steps, i) Identify Threats: The first stage of a risk analysis is to identify threats facing your project. Threats may be identified as per the description given in Unit 2. This analysis of threat is important because it is so easy to overlook important threats. ii) Estimate Risk: After you have identified the threats your project faces, the subsequent step is to work out the likelihood of the threat being realised and to assess its impact. One method for this is to make your best estimate of the probability of the event occurring, and to multiply this by the amount it will cost you to set things right if it happens. This gives you a value for the risk. iii) Manage Risk: After you have worked out the value of risks your project faces, you can start to look at ways of managing them. When you are doing this, it is important to choose cost effective approaches in most cases, there is no point in spending more to eliminate a risk than the cost of the event if it occurs. Often, it may be better to accept the risk than to use excessive resources to eliminate it. Risks may be managed in a number of ways: By using existing assets: Here, existing resources can be used to counter risk. This might involve improvements to existing methods and systems, improvements to accountability and internal controls, changes in responsibilities, etc. By Contingency Planning: You might decide to accept a risk, but choose to develop a plan to reduce its effects if it happens. A good contingency plan allows you to take action right away, with the minimum of project control if you find yourself in a crisis management situation. By investing in new resources: Your risk analysis must give you the foundation for deciding whether to bring in additional resources to counter the risk. This can also include insuring the risk: Here you pay someone else to carry part of the risk this is mainly important where the risk is so great as to threaten your or your organisations solvency.

33

iv) Review: After you have carried out a risk analysis and management exercise, it may be worth carrying out regular reviews. These might involve formal reviews of the risk analysis, or may involve testing systems and plans suitably. The following diagram illustrates the process for Risk analysis:

34

Figure 1: Risk Analysis 3.4 Risk Assessment Risk Assessment is a step in project risk management process. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete circumstance and a recognized threat (also called hazard). Explanation: Risk assessment consists of an intended evaluation of risk in which assumptions and uncertainties are clearly considered and presented. Part of the difficulty of risk management is that measurement of both the quantities in which risk can be assessed potential loss and probability of occurrence can be very difficult to measure. The chance of error in the measurement of these two concepts is large. A risk with a large potential loss and a low probability of occurring is often treated differently from one with a low potential loss and a high possibility of occurring. Mathematically, both are of nearly equal priority in dealing with first, but in practice it can be very difficult to manage when faced with the scarcity of resources, mainly time, in which to conduct the risk management process. Self Assessment Questions 1. Risk Analysis is done at the beginning of a project or to compare two or more __________, ____________, and ____________. 2. Qualitative Risk Analysis provides ___________ to allow customers to understand risk exposure to people etc. 3. The first stage of a risk analysis is to identify _______. 4. __________ is the determination of quantitative or qualitative value of risk related to a concrete circumstance and recognized threats. 3.5 Risk Assessment Cycle The Risk Assessment Cycle is pictorially represented in the following diagram.

35

Figure 2: Risk Assessment Cycle The Risk Assessment Cycle has the following seven stages: 1. Set the Limits / Scope of the Analysis While doing Risk Assessment, the Limits/Scope of the Analysis should be set to provide the project manager very clear direction on what should be done. There are many instances where clear direction is lacking or the steps are unnecessarily confusing or ambiguous. 2. Identify Tasks and Hazards

36

Identifying Hazards is critical because if hazards are omitted the associated risks will remain unknown. A task-based approach to identifying hazards has been shown to be very effective and is recommended where applicable. After the hazards are identified you need to determine two things: Is the associated risk minor? If yes, fix it straight away and move on. Is there a Regulation, Advisory Standard, Industry Code of Practice or guidance material associated with this hazard? If yes, the Regulation must be followed. 3. Asses Risk (Initial) Initial Risk Assessment is very important step to find out the initial risks which consume more time. 4. Reduce Risk There is no point in assessing the risks of a project unless one plans to perform risk reduction. The risk reduction effort is always completed even though not every residual risk requires further risk reduction since the risk may already be acceptable. This implies that risk reduction is a necessary part of, and should be included in the overall risk assessment process. 5. Assess Risk (Residual) Assessment of Residual Risks is very important to make the risk assessment process complete. In a way it helps in reducing the risks. 6. Subjective Judgments need to be Accepted Subjectivity is a necessary part of risk assessment. Even in quantitative risk assessments subjective judgment occurs. However, the subjectivity does not diminish the value or credibility of the risk assessment process and subjective risk assessments do offer value. 7. Document the Results Documenting the Results obtained is very important for the future reference and use. This can be of help in upcoming projects. 3.6 Quantitative Methods of Risk Assessment Quantitative Risk Assessment is the use of calculable, objective data to determine asset value, probability of loss, and associated risk(s). It provides a quantitative estimate of the risks posed and helps in evaluating risk improvement methods so that risk can be reduced to acceptable levels. Quantitative Risk Assessment should be used on existing projects:

37

To make sure that the conditions have not deteriorated During the expansion of project scope Quantitative Risk Assessment should be carried out during the inception of new projects to determine: The amount of risk present in the project The quantification of risks and the plan to address them Quantitative Risk Assessment provides you with a number of methodologies for assessing identified risks. The objective of Quantitative Risk Assessment is to be able to prioritise which risks should the company plan to address immediately and which are less urgent and hence the company can move through the spectrum of urgent / important to non-urgent / non-important. Methodology 1: Under this methodology, Quantitative Risk Assessments include calculations of: Single Loss Expectancy (SLE) It is defined as the loss of value to asset based on a single security incident Annualized Rate of Occurrence (ARO) It is an estimate based on the data of how often a threat would be successful in exploiting vulnerability Annualized Loss Expectancy (ALE) From the above information ALE is calculated. It is a calculation of the single loss expectancy multiplied to the annual rate of occurrence, or how much an organization could estimate to lose from an asset based on the risks, threats, and vulnerabilities. It then becomes possible from a financial perspective to justify expenditures to implement countermeasures to protect the asset. Methodology 2: Another simplified but rigorous method for Quantitative Risk Assessments also exists. It is shown in the following diagram:

38

Figure 3: Risk Management Process In summary, the methodology contains the following steps: Set the Context Define the particular business or operational area. This may have reference to a particular industry context. Risks can be in any field, not just operational, or technical, or treasury for example. An operational risk might be the likelihood of a transport accident involving hazardous chemicals. A business risk might be a key customer changing supply to a competitor. Identify the risks Ideally done in a group environment, it is helpful to get a diverse range of ideas by mixing teams up, e.g. include the warehouse manager in the financial team. Determine how serious the risks are. Ask and write down what are the consequences if the identified risks take place. For example, could a fault in our operations lead to deaths? Could failure to manage margins send us bankrupt? Determine how likely the risks are.

39

Use facts and previous experience. Has it ever happened in this business? In this industry? If so, how often? What were the relevant causal factors? Do these factors apply in our situation? Determine how likely the company is to be exposed to the risks. Is it continuous or a once a year event which may be risky. Classify the risks. Risk = C x L x Econsequence x likelihood x exposure. A risk ranking index is useful. Highlight the high priority risks. The high priority risks are those with the highest CLE score and any identified high consequence risk. High consequence risks need to be mitigated no matter how low the likelihood is. Analyse the high priority risks. How can they occur? What can we do to prevent the event from happening, or if it happens how can we reduce the consequences? Write the action plan. The action plan should have as a conceptual basis, for each risk, in order of preference. Define and mention who needs to know about the risk profile and risk plans. Also mention how you plan to inform them. Review the action plan Reviews are done to check if the risks are being managed as planned and to know the status of improvements. Besides this, there are more complex systems (e.g. HAZOP, fault tree analysis, FMEA, HACCP) which can be used but these should be reserved for the appropriate situations. Criticisms of Quantitative Risk Assessment Barry Commoner, Brian Wynne and other critics have articulated concerns that risk assessment tends to be overly quantitative and reductive. For example, they argue that risk assessments ignore qualitative differences among risks. Some charge that assessments may drop out important non-quantifiable or inaccessible information, such as variations among the classes of people exposed to hazards. Furthermore, Commoner and OBrien state that quantitative approaches deflect attention from defensive or preventative measures. 3.7 Qualitative Method of Risk Assessment

40

Qualitative Risk Assessment decides on risk level using judgment, experience and technical knowledge. It is extremely subjective in nature and may not be bought in to by any medium to large scale organization. It uses models such as probability and consequence to assess risk. A good model reduces personal and individual biases/variations. Advantages: Qualitative Risk Assessment overcomes the challenge of calculating accurate figures for asset value, cost of control, and so on, and the process is much less demanding on staff. Qualitative risk management projects can typically start to show significant results within a few weeks, whereas most organisations that choose a quantitative approach see little benefit for months, and sometimes even years, of effort. Disadvantages: The drawback of a qualitative approach is that the resulting figures are vague and some decision makers, especially those with finance or accounting backgrounds, may not be comfortable with the relative values determined during a qualitative risk assessment project. 3.8 Differences between Quantitative and Qualitative Risk Assessment Following table provides the differences between the Quantitative and Qualitative Risk Assessments: Quantitative Qualitative 1. Scientific studies & measurements 1. Semi-scientific or non-scientific 2. Comparison of results with limit 2. Judgment decisions values 3. Calculations can be complex and time 3. Results are dependent upon the consuming. quality of the risk management team that is created. 4. Risks are prioritized by financial 4. Not necessary to determine impact; assets are prioritized by financial values of assets. financial values. 5. Difficult to reach consensus 5. Easier to reach consensus 6. Necessary to quantify threat 6. Not necessary to quantify threat frequency. frequency. 7. No biasing decisions. 7. Professional and personal experiences biases. Self Assessment Questions 5. __________ and _______ is the second stage of Risk Assessment Cycle. 6. ________ handling is one of the hazards of Risk Assessment Cycle.

41

7. The _______ effort is always completed even though not every residual risk requires further risk reduction. 8. Assessment of _________ is very important to make the risk assessment process complete in a way it reduces the risk. 9. ______________ is an estimate based on the data of how often a threat would be successful in exploiting vulnerability. 10. The drawback of a qualitative approach is that the resulting figures are _________. 3.9 Summary Risk Analysis is a procedure to identify threats and vulnerabilities, analyse them to determine the exposures, and highlight how the impact can be eliminated or reduced. The two types of Risk Analysis are Quantitative and Qualitative Risk Analysis. Risk Assessment is a step in project risk management process. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete circumstance and a recognised threat (also called hazard). The applications of Risk assessment play a vital role in Risk Management in projects. Activity 1: Assume that you are a Project manager of a networking team and the team consists of eight members. You have to work on a project which involves providing network support for eight branches of an organisation across the world. You must identify potential risks for the planned project, complete a qualitative risk analysis for each specific risk you have identified. Play out scenarios that recognise overall areas of risk, and then identify specific risks and Collect metrics that quantify each of these risks in terms of calculating the cost of impact of each risk, and sort in priority order. Glossary Term Vulnerability Contingency Description The condition of being laid open to something undesirable or injurious. An event that might occur in the future, especially a problem, emergency, or expense that might arise unexpectedly and therefore must be prepared for.

3.10 Terminal Questions 1. What is Risk Analysis? Explain the types of Risk Analysis. 2. Give a brief explanation on carrying out a risk analysis. 3. Draw a flow chart for Risk Assessment Cycle and explain each step. 4. What are types of calculations used in Quantitative Risk Assessments? Explain.

42

5. What are the advantages and disadvantages of Qualitative Risk Assessment? 3.11 Answers Answers for Self Assessment Questions 1. Alternative scenarios, action plans, or policies 2. Mathematical estimates 3. Threats 4. Risk assessment 5. Identify Tasks, Hazards. 6. Manual 7. Risk reduction 8. Residual Risks 9. Annualized Rate of Occurrence 10. Vague Answers for Terminal Questions 1. Refer to Section 3.2 2. Refer to Section 3.3 3. Refer to Section 3.5 4. Refer to Section 3.6 5. Refer to Section 3.7 3.12 Case Study The Foreign Direct Investment (FDI) decision-making process emphasises strategic analysis over financial analysis. The priority given to strategic analysis is a major theme to emerge from this case study. Specifically, the foreign direct investment decision-making process of a Greek company in the Balkans is examined. The focus of interest lies in how risk was assessed and managed during the FDI decision process. Executives found political risk to be an important element to the decision, but were unable to express it numerically. The reason for this is that the

43

financial expression of risk was not seen to offer an adequate understanding of the concept. Previous findings, which suggest that risk is an important element of FDIs and is considered separately from the financial analysis, were endorsed. In practice, risk was considered during the first steps of the process and is expressed mainly qualitatively. The case study organisation reported here tried to reduce risk through gradual expansion strategies and by enrolling the participation of local partners and venture capital investors. Risk assessment and management are not studied separately, but as two inter-related tasks. These findings suggest that the focus for companies undertaking FDIs may be more on managing risk than attempting to make a sophisticated calculation of risk for inclusion in financial appraisals of FDI projects. Challenge: Identify the areas of risks from the above example and then identify specific risks in Foreign Direct Investment. Copyright 2011 SMU Powered by Sikkim Manipal University .

44

PM0007-Unit-04-Organising for Risk Management

Unit-04-Organising for Risk Management Structure: 4.1 Introduction Learning Objectives 4.2 The TQM Framework 4.3 Good Manufacturing Practices 4.4 Benchmarking 4.5 Process Maturity Models 4.6 Summary 4.7 Terminal Questions 4.8 Answers 4.1 Introduction By now you must be familiar with understanding, identifying, and assessing risk. This unit deals with various aspects required in Organising for Risk Management. Risk management is considered as the identification, assessment, and prioritisation of risks followed by coordinated and economical application of resources to minimise, monitor, and control the probability and/or impact of unfortunate events, or to maximise the realisation of opportunities. Risk evaluation allows you to determine the significance of risks to the business and decide to accept the specific risk or take action to prevent or minimise it. Once the risk is identified and evaluated, it needs to be addressed by the organisation. By adopting some of the popular quality frameworks, an organisation can get ready to handle risks. Some of these strategies are explained in this Unit. Learning Objectives: After studying this unit, you will be able to: Explain the Total Quality Framework and Good Manufacturing Practices

45

Explain the uses of Benchmarking in Risk Management Recognise some of the Process Maturity Models being used by organisations. 4.2 The TQM Framework Total Quality Management (TQM) is one of the widely used project management technique or approach. It is implemented to ensure that an awareness of quality is embedded in all project phases form start to end. The TQM is very much adaptable and infinitely variable. It is mainly applied in manufacturing operations, and has been used in this line for a number of years. It is recognised as a generic management tool, which is applicable in public sector organisations, and services. We see many evolutionary strands, having different sectors created by their own versions from the same ancestor. Total Quality Management requires regular review of all the phases in a project. The procedures must be well defined and standards should be properly developed. Implementation of TQM requires strict adherence with the plan to declare it a success. TQM is being practiced in manufacturing, marketing, engineering, research and development, sales, purchasing, human resource and other such sectors.

Figure 1: Total Quality Management As the framework name suggests, the first phrase in Total Quality Management is Total, which stands for complete involvement of all dependent variables of the system. Planning plays a very important role in executing TQM framework since it involves coordination among all entities. From the employees to management, everyone is involved and must be completely familiar with the process and committed towards it success. The second phrase of TQM is Quality. Quality adherence is the key ingredient for this framework. It requires that once a standard is established, it must never be dishonoured. This requires definite amount of training, so project team is well aware of the commitments required. To address this aspect, the projects not only need to adopt quality assurance practices, but also adopt a culture of commitment and carefulness among the project teams.

46

The third phrase of TQM is Management itself. In order to gain any benefit from the framework, the system must be managed appropriately. The appropriate management commitment and practices must be adopted to ensure that TQM is effective. Therefore the role of project management is to keep a constant watch over the use of TQM, once it is established. This is done to determine that the processes are being severely adhered, developed, implemented and correct measures are adopted, which are designed to correct any problems that might come up during the course of a project. TQM Implementation Framework The implementation of framework in Total Quality Management (TQM) requires integration in functions of organisation such as marketing, finance, design, engineering, production, and customer service etc. This helps in meeting the customer requirements and objectives of the organisation. The TQM in an organisation is viewed as a collection of all its processes. For continuous improvement of the process, the organisation strives to incorporate the knowledge and the experience of the project teams. Doing the things right the first time, and every time is the simple objective of TQM. Some of the common activities that help in creating the foundation for TQM framework are: Employee and senior management commitment Meeting customer requirements Development cycle time reduction Manufacturing flow is demanded/In time Team Improvement Reduced product and service costs Improvement in system facilitation Ownership in Line Management Empowerment and involvement of Employee Celebration and Recognition Challenging quantified goals and benchmarking Focus on improvement plans/on processes

47

Strategic plans incorporated specifically Projects will need to adopt some of the theories of TQM which are mentioned below: The Theory of Constant Improvement by TQM The TQM focuses on constant development in all tasks, from the planning of high level strategy, making of decisions, to execution of detail work elements. It branches from the trust that the errors can be kept away and defects can be stopped. Thus it brings in the non-stop improvement in results, taking into consideration all the work aspects, which result in consistent improvement in capabilities, people, processes and technology. There are five key areas that can lead to improvement in capability; they are technology, operations, supply generation, people capability, and demand generation. TQM does not just try to find the mistakes that people make, but mainly focuses that they are caused or permitted at least by defective systems and procedures. This means the core reason for such mistakes can be determined and removed, and recurrence can be stopped by brining in changes to a process. Implementation of Principles and Processes To assess the organisations current situation is the first step in TQM implementation. The TQM will be easier to implement, if the track record of an organisation is more effective in responding to the changes in environment, and if it has been successful in adapting itself to changing environment whenever required. If there is an historical reaction in an organisation and if there is no skill in improvement of systems, it becomes more difficult to adopt this framework. A comprehensive management program and development in leadership may be introduced if these conditions have to be overcome. To identify the current organisational functioning levels and the areas that need to be changed, a management audit could be helpful. Before the TQM is started, an organisation must essentially be ready for the same. TQM will not be effective if it has problems like weak administrative systems, uneven funding base, lack of managerial skill, or poor employee confidence. Creation of TQM implementation Framework A certain level of stress is most likely needed to initiate TQM. Need for a change must be felt by the project teams. A demand from consumers or stakeholders in improving the service quality can help in creating a sense of urgency which can mobilise the people to act and move towards TQM. The projects can then take the strategic decision in implementing TQM. One of the pioneers can take the charge to innovative ideas and show other people how TQM helps in getting into where they need to go. The success of implementation of TQM in an organisation depends on concentrating on eight key elements and they are: Ethics Integrity

48

Trust Training Teamwork Leadership Recognition Communication TQM Implementation Example Many companies have implemented TQM. Some of them are Ford Motor Company, Phillips Semiconductor, SGL Carbon, Motorola and Toyota Motor Company. To get an idea of how they go about such an implementation, you can go through the following real life scenarios: Implementation of TQM in automobile industry: In the 80s and early 90s Skoda was known for it poor quality and this in turn affected both the brand image and also sales of the company. Once the Volkswagen Group overtook it in 1994, strategies have been implemented to put quality back into the product and to put the customer first. However before understanding the concept of "total quality management" (TQM) one must define quality. Quality is said to be "the ability to satisfy, or even exceed, the needs and expectations of the customer" (Mullins 1998). This quote is far more contemporary than some of the older definitions of quality below as there is the broader understanding that quality should exceed the expectations of the customer and also indicates quality is intangible and the level of quality often changes. Here is another example to show that how Kawamoto, CEO of Honda, implemented TQM with the advice from the founder of the company, Soichiro. When TQM was implemented at Honda, production lines were reconfigured to speed the process and allow greater flexibility. Engineers were expected to create designs that could be manufactured more efficiently. Hondas new strategy, which the CEO describes as "customer focused", increased sales and improved profit. Self Assessment Questions 1. ________ allows determining the significance of risks to the business. 2. The implementation of framework in __________ is to seek integrated functions of organization. 3. The TQM in an organization is viewed as a __________.

49

4. To identify the current organizational functioning levels and the areas that need to be changed the ____________ will be a good assessing tool. 4.3 Good Manufacturing Practices Success of a Project greatly depends on adopting. Good Manufacturing Practices (GMP) and help the project meet the overall project quality, timeline, and cost objectives. GMP tries to bring a manufacturing organisation to a level where it can compete effectively in the world market. The World Health Organization (WHO) initiated the concept of GMP in the 1960s for high risk sectors like health, pharmaceuticals, food industry. GMP is that part of Quality Assurance which ensures that products are consistently produced and controlled to the quality standards appropriate to their intended use and as per specified requirements. GMP is nothing but adoption of such methods that try to ensure that quality is built into the organisation and the processes which are involved in manufacturing. The activities involved in achieving quality cover much more that the manufacturing operations themselves. GMPs are like policy programme implemented by manufacturers. They need a written programme, training programme, a maintenance schedule, and above all management commitment in providing funds, guidance, and human resources. Only when the management is committed to implement a programme, other components fall in place. Without this no amount of investment or external assistance can deliver results. Good Manufacturing Practices are enforced in United States by the FDA (Food and Drug Administration) United Kingdom by the Medicines and Healthcare Products Regulatory Agency (MHRA) Australia by the Therapeutical Goods Administration (TGA) India by the Ministry of Health, multinational and/or foreign enterprises For a GMP, there must be clear written specifications for the materials, the packaging, processing and testing, handling, storage, receipt and dispatch. Suitable infrastructure, location, equipment and trained employees must be made available to effectively implement a GMP program. It also requires regular audit and review of the GMP along with analysis of customer complaints and feedback. GMP must also be applied to sub contractors. In addition to these key aspects being addressed by any GMP program in an organisation, there are some practical aspects of GMP which need to be considered while adopting them. Adoption of GMP requires elaborate documentation of all the procedures and guidelines. Even results of procedures must be documented and analysed regularly. Also, to be able to implement GMP, the employees must be rigorously trained in GMP. Only then it can be effective. Though no two GMP compliance plans are the same, they are all based and operate on the same fundamental principles and laws. In addition to GMPs, other key regulatory requirements apply to stakeholders and they can affect the overall GMPs. For example, regulatory mishaps at any

50

point in the outsourcing chain can compromise the business objectives of all involved. Therefore it must be ensured that each stakeholder properly adheres to the additional regulatory stipulations for the GMPs to be fully effective. 4.4 Benchmarking The procedure of identification, learning, adapting, and measurement of practices and procedures by any organisation for performance improvement is called Benchmarking. It can also be defined as a standard or a reference point which is used in measuring or judging the quality. Benchmarking is a mutual learning process between groups of companies that focuses on particular operating practices. It also measures and results in determining the process which can be improved within the organisations. Benchmarking also helps in making it easy to identify gaps between where the organisation would like to be and where it actually is. Benchmarking facilitates the improvement in risk management process. It helps in identifying strengths and weaknesses in a risk management program. The benchmark recognises the improvement needs and the willingness to start making changes. Collection of data simply is not enough; it must be used for improvement. Benchmarking is also one of the modules of total quality management. Considered as a science more than an art. Benchmark never becomes an end to all process, but it is the beginning of change. We can say that benchmarking is more than a measuring tool; it is a tool to improve the performance. Goals and Mission of Benchmarking First we have to understand our goals and mission before the benchmarking process begins. Overall goals of an organisation will be supported by the risk management goals, thus the benchmarking will be related to goals of risk management. It is necessary to measure things so that it should indicate realisation of our goal. The organisation strategic objectives will be supported by benchmarking. The procedure in benchmarking is challenging, however the goal are attainable. One must know that there is an opportunity for improvement to benchmark. Different processes in Benchmarking Benchmarking is a structured process consisting of several steps. According to Margaret Matters and Anne Evans, the benchmarking process has five stages: 1. Plan the exercise 2. Form the benchmarking team 3. Collect the data 4. Analyse the data 5. Take action

51

1. Plan the Exercise: This step involves identifying the strategic intent of the business or process to be benchmarked. Many times the input to this stage is the companys mission statement. Next, choose the processes to be benchmarked. This includes identifying various products produced by the benchmarked company, and asking your company if using this process will create positive results. Then identify the customers expectations. Finally, determine the critical success factors to benchmark; these factors are links to successful business results. 2. Form the Benchmarking Team: This step involves selecting team members from various areas of the organisation. All members should cooperate and communicate with one another for the best results. Three main teams can be assigned in the overall group- The Lead team, Preparation team, and Visit team. The Lead team is responsible for maintaining a commitment to the process throughout the organisation; the Preparation team can carry out a detailed analysis; and the Visit team handles the benchmarking visits, if any. 3. Collect the Data: This step involves gathering information on the best practice companies and their performances. This step allows a company to realise the extent of improvements available. Site visits are important to collect data, because they give an in-depth understanding of the processes. 4. Analyse Data: This step involves determining how your company relates to the benchmarked company. It helps to identify performance gaps and possible causes. 5. Take Action: This step determines what needs to be done to match the best practice for the process, so that changes can be determined and implemented. Different companies have their own benchmarking methods. But whatever method is used, the major steps include measuring the performance of the best-in-class relative to critical performance variables such as cost, productivity, and quality. Limitations of Benchmarking Although benchmarking is very effective overall, it does have limitations. The main problem with benchmarking is the focus on data and not the processes used to make that data. Benchmarking should be used as a guide, not for statistical precision. For the benchmarking process to be successful, an organisation needs to fulfil some requirements: Senior management interest and support A solid understanding of the organisations operations and requirements for improvement Openness to change and to new ideas Willingness to share information with benchmarking partners

52

Dedication to ongoing benchmarking efforts 4.5 Process Maturity Models The term process means performing a set of operations for a particular task. Process maturity is an indication of to what extent a process has been developed and completed. It also tells about the capability of continuous improvement during the quantitative measurement and the response. A process maturity model can be described as a collection of processes that indicate certain aspects of maturity in an organization. A process maturity model will consist of the following parameters: Maturity level of the processes Key Process areas Key practices A maturity model can be used for comparison and as an aid to understanding organisation processes. CMM is one of the well known process maturity models which is used for software development processes. The processes have different barriers at each of the levels. Each levels barriers must be overcome, if growth has to be made to the next level of maturity. Given below are some of the key features of each level in a most commonly used process maturity model framework which is published by Software Engineering Institute (SEI) and is based on Watts Humphreys principles. Initial or Ad Hoc Level 1 In an organisation the level 1 come across number of problems because of the implementation of ineffective project management. Primarily we see no understanding in a process of formal management techniques, and process. Normally the cost of implementation of the process is not considered. There is no internal experience or proficiency in executing risk management, or even when attempting for considering the related risk management in business procedures and programs in an organisation. The high level management in such a state will not be approachable to anyone. The culture in an organisation is not committed to quality and the concept of professionalism is lacking. Repeatable Level 2 In the organisation, the level 2 has many numbers of projects that are efficiently planned and apply risk management process in different methods. In this level wherever it is necessary, the risk management has been seen in addition with the activity that is undertaken. Use of any procedure in project management is restricted to some major or important projects.

53

Here it is noted that few organisations will opt to remain in level 2 since it provides flexibility from one project to another. This approach is not completely wrong. The changeover to level 3 must only be undertaken if the benefits are valuable to the cost and the attempt involved. Defined Level 3 The level 3 is most likely adequate for all most all organisations, in which the procedures are essential and are constantly and regularly related to most or all projects. This maturity level in particular helps in identifying, assessing and managing improbability and it is constructed into all the business procedures and activities of the organisation. Managed Level 4 A non-stop procedure improvement is necessary to stay at Level 4 or any other level. Without such a procedure it is possible to shift down the maturity model framework and dive to a minor level or ability. A Level 4 organisation will be exposed well managed processes and systems. Optimized Level 5 At this level, when organisations have reached their optimum level of process maturity, they must deliberately pursue process optimization/ improvement. As all other quality models, this model also advocates constant analyses and improvements.

54

Figure 2: The Five Levels of Process Maturity Model Self Assessment Questions 5. ___________ helps the project meet the overall project quality, timeline, and cost objectives. 6. _________ is a mutual learning process between groups of companies that focuses on particular operating practices. 7. Benchmarking is a structured process consisting of several steps. The first step is ________. 8. The main problem with benchmarking is the ________ and not the processes used to make that data.

55

9. Process Maturity Models describes the capability of continuous improvement during the ___________ and the response. 4.6 Summary To bring in better Risk Management in projects, we need to adopt some technique or model. Some of the models explained above directly help in managing risk. The TQM advocates constant improvement in all aspects of a project. Adoption of Good Manufacturing Practice is an essential procedure used worldwide for controlling and managing manufacturing of products. Benchmarking process helps in measuring the performance of a company against the best in the industry. And process maturity models provide a platform to organisations for performing their tasks in the most organised manner. 4.7 Terminal Questions 1. Describe TQM framework with a flow chart. 2. What are the different activities takes place in the foundation of TQM? 3. Explain TQM implementation framework. 4. What are the Goals and Missions of Benchmarking? 5. Explain different levels in risk management maturity. 4.8 Answers Answers for Self Assessment Questions 1. Risk evaluation. 2. Total Quality Management. 3. Process collection. 4. Management audit. 5. Good Manufacturing Practice. 6. Benchmarking. 7. Plan the exercise. 8. Focus on data. 9. Quantitative measurement

56

Answers for Terminal Questions 1. Refer Para 4.2 2. Refer Para 4.2 3. Refer Para 4.2 4. Refer Para 4.4 5. Refer Para 4.5 Activity 1 Understand the need for Good Manufacturing Practices (GMP) in medical organisations and discuss the role of a Team Manager in making GMP a success in an organisation. Copyright 2011 SMU Powered by Sikkim Manipal University .

57

PM0007-Unit-05-Risk Handling Strategies

Unit-05-Risk Handling Strategies Structure: 5.1 Introduction Learning Objectives 5.2 Risk Handling Strategies 5.3 Objectives of Risk Handling Strategies 5.4 Risk Tracking (Monitoring) 5.5 Risk Acceptance 5.6 Risk Mitigation 5.7 Risk Transfer 5.8 Risk Avoidance 5.9 Contingency Reserves 5.10 Risk Process Implementation 5.11 Risk Documentation 5.12 Summary 5.13 Terminal questions 5.14 Answers 5.15 Case Study 5.1 Introduction Risk is an uncertain event which may cause an execution failure, possibility of loss, injury, disadvantage, or anything that has a negative impact on a program. It is a measure of the inability to achieve program objectives. Risk comprises two components, a probability of the event occurring and the consequence if the event occurs. The criticality of these two components determines the impact the risk has on a project.

58

Learning Objectives: By now you must be familiar with Risk Management Process, Risk Identification, and Risk Analysis and Assessment. This unit familiarises you with important concepts related to Risk Handling Strategies. After reading this unit, you will be able to: Define Risk Handling Strategies Explain the Objectives, Elements, and Benefits of Risk Handling Devise Risk Tracking and Risk Process Implementation Compare Risk Acceptance and Risk Transfer Assess the importance of Contingency Reserves Definition: Risk treatment is an ISO term that means the "treatment process of selection and implementation of measures to modify risk [ISO Guide 73]". 5.2 Risk Handling Strategies Risk handling is nothing but risk treatment. This involves identifying various options for treating risk, analysing those options, preparing risk treatment plans based on the assessments made, and implementing the plans. Some of the options available for risk treatment include: Retaining/accepting risk: Organisations identify potential risks and put effective controls in place to eliminate them. However, an element of risk can be retained if it is deemed acceptable to the organisation after putting controls in place. However, standby plans must be in place to manage/fund the consequences of the retained risk, should it occur. Reducing risk occurrence: Organisations devise comprehensive plans to reduce the risk occurrence to the bare minimum. The plans include policies and procedures, testing, technical controls, training of staff, preventative maintenance, supervision, contract conditions, quality assurance programs, audit compliance programs etc.

59

Figure 1: Risk Handling Strategies Mitigating consequences of risk occurrence: It is important to mitigate the consequences of the risk occurrence if it cannot be eliminated altogether. Some of the risk mitigating measures include effective contingency plan, disaster recovery and business continuity plans, off-site backup, public relations, emergency procedures and staff training etc. Transferring risk: Organisations can distribute the perceived risks to another involved party by the use of contracts, insurance, outsourcing, joint ventures or partnerships etc. Avoiding risk: Organisation can avoid risks completely, wherever practicable, by deciding not to proceed with the activity likely to throw risks. There are various factors that must be considered in choosing a risk handling strategy. Some of the factors include: Payoff (or gains) for undertaking the risk

60

Costs of risk management Extent of the impact of the risk 5.3 Objectives of Risk Handling Strategies Risk handling is a critical aspect in achieving fundamental and overall objectives of the project. It includes developing project objectives and communicating risk information to every stakeholder of the project in the organization. Strategies and objectives must be in alignment with overall organizational objectives. It is, therefore, very important to understand the objectives of the project clearly. After articulating the project goals and constraints, which are also agreed upon, comprehensive risk management plan is prepared to handle the risks effectively. This plan includes a common risk language and appropriate enablement through systems, tools, and skills. Well documented and comprehensive risk handling strategies achieve the following objectives: Perform accurate risk assessments. Establish risk handling priorities. Develop risk handling plans. Monitor the status of risk handling actions. Determine and implement appropriate risk management strategies. Elements of Risk Handling There are several other key elements in implementing an effective risk handling process and each is necessary for risk management planning. These key elements are: Risk Tracking (Monitoring) Risk Acceptance Risk Mitigation Risk Transfer Risk Avoidance Contingency Reserves Risk Process Implementation

61

Risk Documentation Another important element of Risk Handling is the preparation of effective risk handling strategies. Functional Specialists prepare risk handling strategies for the organisation. They adopt various strategies to achieve the stated goals. They identify high and moderate areas of risk, assign risk ratings, and determine recommendations. Based on that information, they create Risk Treatment Plans (RTPs). The process of producing the RTPs consists of a series of steps as explained here:

Figure 2: Creating Risk Treatment Plan Identify the events: The events can cause trouble are identified. Identify the assets: The assets of the organisation that are most prone to the potential risks are identified. Identify the impacts: The impact of the occurrence of a risk, or the probability of triggering other risks, is identified. Identify the threats: Threats that may arise out of the perceived risk and the extent of damage the threat can cause are identified. Produce the RTPs: This is the final step in producing the Risk Treatment Plans. Benefits of Risk Handling Strategies Risk handling strategies are normally level-of-effort tasks while being developed and give no true assessment of value. As such, it is difficult to exactly measure the benefits that accrue through implementation of risk management strategies. However, there are few tangible benefits of implementing effective risk handling strategies. Some of them include: Risks are perceived events. None of the identified risks may never ever occur. But the implementation of preventive risk handling strategies eliminates the probability of the risk

62

occurrence. Thus, even if the risks never occur, the costs of a well-planned mitigation strategy are worthwhile. In the event of a program suffering through a series of technical setbacks, effective documentation of list of risks mitigates some critical flaws present in the risk identification process. A mid-program lessons-learned session may bring to light why those risks were missed and how they might have been caught. Example for Risk Handling Strategy Risks always exist in construction projects and often cause schedule delay or cost overrun. Risk management is a key issue in project management. The first step of risk management is risk identification. It includes the recognition of potential risk event conditions in the project and the clarification of risk responsibilities. Multiple-case studies were done using a systematic analytical procedure to identify risks in highway projects in Taiwan, to recognize risk allocation by contract clauses, and to analyze the influence of risk allocation on the contractors risk handling strategies. The results show that the owner allocates risks by stipulating specific contract clauses into five kinds of risk allocation conditions. If a risk is more controllable by the contractor, the owner has a greater tendency to allocate the risk to the contractor. Risk allocation determines which kinds of risks the contractor would take and influences the contractors risk handling decisions. The analysis furthermore indicates that, if the probability of a certain risk event condition is uncontrollable, then with the increasing possibility of taking the risk, the contractors tendency of risk handling changes from actively transferring the risk to passively retaining the risk. In contrast, if a risk is controllable and certainly allocated to the contractor, the contractor tends to take the initiative to reduce the impact caused by the risk event rather than retain the risk. Self Assessment Questions 1. Organisations devise comprehensive plans to ___________ risks. 2. Name two objectives of Risk Handling Strategies. 3. Name few elements of Risk Handling. 4. Risk Treatment Plans are prepared based on ________ information. 5. Risks are _________ events. Activity 1: Consider that you are the Manager of a Project. Prepare a Project Risk Management Plan for your project. 5.4 Risk Tracking (Monitoring) Risk monitoring is not a problem-solving technique, but a proactive technique to observe the results of risk handling and identify new risks. Risk tracking (monitoring) systematically tracks

63

and evaluates the effectiveness of risk-handling actions against established metrics and develops further risk-handling options as appropriate. Results obtained from Risk Monitoring provide the basis for developing additional handling options and identifying new risks. Risks can change over time. Every action taken, or not taken, affects the basic facts each risk is derived from. Continually monitoring risks and reassessing their potential impact (repeating the risk identification, assessment and handling steps at periodic intervals) is essential for appropriately managing risks. The initial establishment of a management indicator system that provides accurate, timely and relevant risk information in a clear, easily understood manner is the key to risk monitoring. Hence, the indicator system must provide early warning of potential problems to allow management actions. The key to the monitoring process is to establish cost, schedule, and performance management indicator system. Successful risk monitoring depends on efficiently breaking the process of risk monitoring into small bits of information. This can range from basic monitoring knowledge to risk monitoring job aids such as templates and examples. 5.5 Risk Acceptance Risk acceptance lays down the ways in which to deal with the risk if it occurs rather than attempting to influence its probability or impact. Risk acceptance requires management decision to accept a given risk without further mitigation or transfer, for a period of time. Risk is accepted in two circumstances: 1. When risks are too low to bother protecting against or for which insurance and due diligence are adequate. 2. When risks require mitigation but instantaneous mitigation is not possible, or for which rapid mitigation is very expensive and hence risks are accepted for periods during which mitigation is undertaken. Risk acceptance depends on specific risk criteria such as standards, measures, or expectations and is used in making a judgement or a decision on the significance of risk to be assessed. Some of the risk criteria may include: Associated cost and benefits Legal and statutory requirements Concerns of stakeholders Risk acceptance makes sense only when risk mitigation costs are higher than the probable losses and when the pay-off is worth it. Risk acceptance implies that the organisations know what is at stake by taking up the risk, why they are taking it, what they do if and when the risks occur.

64

5.6 Risk Mitigation Risk Mitigation is deciding what to do about each of the risks identified. Risk Mitigation takes constraints and objectives into consideration and identifies, evaluates, selects, and implements options in order to set risk at acceptable levels. Risk Mitigation requires the organisation to establish plans and decision points enlisting what to do about each of the risks. It also includes the implementation of risk handling plans when decisions are made to execute them. A structured approach for developing a risk handling strategy should be developed. Risk mitigation reduces the risk by using safeguards to eliminate or reduce the likelihood of an event that can cause serious consequences. This involves reduction of threats, vulnerabilities, and consequences. It also involves reduction of the link between threats and vulnerabilities, between vulnerabilities and consequences, and reduction of consequences associated with event sequences. All mitigation leaves residual risk that eventually needs to be accepted, transferred, or avoided. The question is how much reduction is desired and how much is afforded by the mitigation strategy employed. Some risks may be considered potentially so damaging that the project chooses to avoid them completely, or they may seek to transfer the risk to another party more capable of accommodating the risk. Some low risks may be accepted with no further actions but other risks such as the practicality of budget, personnel, or time may be accepted for lack of credible alternative. This second class of accepted risks require contingency actions to be developed in case they occur. Many risk handling choices seek to mitigate the probability of the risk event or the scope of the consequence to an acceptable level. There can be situations that do not involve simple choices between clearly perceived alternatives. Some situations involve a whole series of interrelated issues that have to be faced and no one option is a clear choice. In such cases, an effective approach is to re-examine the risk and break it down to constituent parts because probably too much scope is covered under a single risk. This is a control process that allows you to stop a risk before it starts or bring it to an acceptable level. It identifies potential threats first so you and your team can take appropriate steps to keep the risk from triggering. A good way to mitigate risk is to set a contingency plan that deals with the risk when it occurs. However, it must be borne in mind that though risk mitigation minimizes the probability and impact, not all the risks can be mitigated and not all the risks should be mitigated. Risk mitigation tools include: 1. Vulnerability Analysis 2. Diversification 3. Hedging 4. Risk Abatement

65

Vulnerability Analysis: This is also known as vulnerability assessment. This process defines, identifies, and classifies the vulnerabilities. A company can protect itself against possible threats by being aware of its most vulnerable areas and the factors that affect its operations. An examination of a companys vulnerability quickly provides a rough picture of difficult-tomanage threats related to the companys operations. Identifying hazards and assessing their severity makes it easier to plan risk management control measures. Diversification: This is minimizing dependence on one particular parameter that is susceptible to future changes. Companies can diversify by investing simultaneously into two different assets, and not depending upon one supplier for all supplies. This greatly mitigates the risks that can arise out of dependency. Hedging: By hedging against any particular thing is most prone to change in the immediate future, the risks associated with such changes are hedged. Risk Abatement: Risk Abatement is yet another process of risk mitigation. It combines loss prevention and loss control to minimize a risk. This risk management strategy serves to reduce the loss potential and decrease the frequency or severity of the loss. Risk abatement is preferably used in conjunction with other risk management strategies, since using this risk management method alone will not totally eliminate the risk. 5.7 Risk Transfer Risk Transfer is the shifting of the risk burden from one party to another. Risk transfer implies ensuring that a third party shields the project either totally or in part from the impact of the risk event. Often, an identified risk can be transferred to a third party. By setting up your risk transference controls, risk does not go away completely. It only ensures that you have a team or outside source to handle the risk. A good risk response plan identifies the third party to whom certain risks can be transferred and also what you expect from them. Generally, risk transfer makes the best case scenario less good, the worst case scenario less bad. It also displaces the expected monetary value towards lower benefit. This approach is therefore to be preferred in the case where a bad worst case would cause more damage than the potential reduction in the best and expected values, as measured on the corresponding utility curves. 5.8 Risk Avoidance Risk Avoidance is avoiding the risk associated with a specific task, activity or project. It is a technique of risk management that involves taking steps to remove a hazard, engage in alternative activity, or otherwise end a specific exposure. Risk avoidance entails taking actions so that the risk event no longer impacts the project objectives. This can be achieved either through changing the way of carrying out the relevant activities or by modifying the objectives. Risk avoidance is a business strategy in which certain classes of activities or business processes are not undertaken because the risks are too high to justify the return on investment. A typical

66

example is a decision about the maximum value to be placed in a vault, at a site, or on a truck. This strategy avoids the aggregation of risks associated with placing excessive value in one place. Other similar avoidance strategies such as not opening offices in war zones or not doing business in certain localities are commonplace in business. If avoidance can be achieved for little or no cost by adopting a particular approach, it should obviously be taken. On the other hand, avoidance is mandatory if the potential impact remains unacceptable i.e. the impact falls beyond an acceptable point, as defined in the Risk Management Plan. To avoid risks, you can first identify them by past project experience and documentation of that experience. Analyze what risks may occur upfront at your project initiation meeting. Clarify if potential risks are low, high, or acceptable risks. If you can conquer any potential risk first, your response planning can help you avoid the risk altogether. Risk avoidance makes sense when the payoffs are less than the risk mitigation costs. Though risk avoidance seems to be the answer to all risks, avoiding risks may mean losing out the potential gains that would have accrued by accepting (retaining) the risk. Not entering a business to avoid the risk of loss also denies the possibility of making profits. 5.9 Contingency Reserves In a financially responsible organisation, contingency reserves refers to the amount of funds or other financial resources that is required to be allocated over and above the previously designated estimates to reduce the risk of overruns to an acceptable level. However, contingency reserves do not exclusively refer to monetary terms. It also can refer to a specific quantity of time in man hours that must be allocated above and beyond the previously determined quantity of hours. This can assure that any overtime or other unexpected hours of work required can be properly compensated for. Typically the contingency reserves, in terms of both finance and time, are determined at the outset of a project. However, as the project progresses, if it appears that the project requires additional funds or time allocation to complete, contingency reserves can be instituted or modified at any time to better prepare the organization for the possibility of their usage at some point in a projects life. Contingency reserves are funds allocated above the project budget. These funds are intended to be used when unexpected events occur and are designed to reduce the risks of cost overruns. Though it cannot account for everything unexpected and cover all unexpected costs, a properly created contingency reserve can facilitate smooth project execution even when costs go over budget. One way to define a good contingency reserve is through risk management processes. First, you need to identify the risks which can result in cost overruns. Then, you need to qualify the risks to identify the most critical ones, or those worth focusing on. Finally, you need to quantify those risks and express them in terms of financial impact on project budget and probability of their occurrence. The product of impact and probability is a monetary value called exposure. Exposure

67

is the amount of money you determine to cost you as the maximum impact of the risk. It varies from the amount of money that the realized risk event is going to cost you if it occurs. 5.10 Risk Process Implementation Implementation of risk management process is a new addition to the risk management process. It clarifies what ongoing actions should be taken beyond planning. It ensures the risk process is implemented in manner that provides benefit to the management team. Additionally, it tailors suggestion and provides best practices given the size and complexity of a program. This process step, similar to the Planning step, focuses on the process and not on the particular risks of a program. This step should be ongoing and focus on the performance of the overall process and how it is integrated with the other metrics programs that measure the management processes in a program. Risk process implementation requires clear objectives, proper planning and resourcing, effective monitoring and control, and finally clear success criteria. Hence, organizations attempting to implement a formal structured approach to risk management need to treat the implementation itself as a project. 5.11 Risk Documentation Risk documentation is the formal process of gathering, recording, reporting, and maintaining pertinent information needed to ensure successful risk management. The risk documentation includes all risk information that may be necessary for risk management of projects. A good risk documentation approach captures necessary information with respect to risk assessments, handling analysis and plans, and monitors results. It includes all plans, reports for management and decision authorities, and internal reporting forms. The risk documentation process includes basic documentation knowledge, associated tasks, job aids, templates, and samples. Risk Documentation Tasks: Risk documentation, sometimes overlooked as part of the entire risk management process, is a very important aspect of risk management. Tasks involved in risk documentation are explained and outlined in this area. Risk documentation includes data collected from: Planning Assessment Handling Monitoring activities

68

Risk documentation involves documenting the risk management process comprehensively. As such, information from a variety of source documentation related to risk management requires to be captured. Though, there is no required list of particular risk documents, some of the examples of source information include: 1. Risk management plans 2. Lists of identified risks 3. Risk assessment reports 4. Handling methods and techniques 5. Metrics for monitoring risks 6. Normal management documents, such as Earned Value Reports Successful reporting and documentation of risk management activities can be accomplished by creating: Risk Monitoring Documentation such as Program Metrics, Technical Reports, Schedule Performance Report, and Critical Risk Processes Reports Risk Management Plan Risk Information Form(s) Risk Assessment Report Risk Handling Priority List Risk Handling Plan of Action 5.12 Summary Risk handling is a critical aspect in achieving fundamental and overall objectives of the project. Risk Handling Strategies and objectives must be in alignment with overall organizational objectives. Risk handling is nothing but risk treatment. This involves identifying various options for treating risk, analysing those options, preparing risk treatment plans based on the assessments made, and implementing the most appropriate plans. As risks can change over time, it is essential to continually monitor risks and reassess their potential impact on the business processes and for managing risks appropriately and most suitably. Risk handling strategies are normally level-of-effort tasks and may not give true assessment of value. Hence, we cannot exactly measure the benefits that accrue through implementation of risk handling strategies. Some of the key elements for implementing an

69

effective risk handling process include Risk Tracking, Risk Acceptance, Risk Mitigation, Risk Avoidance, and Contingency Reserves. Risk monitoring is a proactive technique to observe the results of risk handling and to identify new risks. Risk acceptance involves management decision to accept a given risk. Risk Mitigation reduces the impact of the risk on a particular business or program process. Risk Transfer is the shifting of the risk burden from one party to another. Risk Avoidance results in avoiding the risk associated with a specific task, activity or project. Contingency reserves provide the funds or other financial resources required over and above originally allocated funds. This helps in reducing the risk of overruns to an acceptable level. Risk process implementation depends on defining clear objectives and measurable success criteria. Risk documentation is the formal process documenting risk handling strategies and includes all risk information that may be necessary for risk management. Good risk documentation captures necessary information which can be used by the organisation as a reference in project planning, risk management processes, and risk handling strategies. Self Assessment Questions 6. Risk tracking tracks and evaluates the effectiveness of risk-handling actions against __________. 7. Risk criteria include ___________ and ___________. 8. Risk Mitigation tools are __________, ________, and _______. 9. Risk Abatement combines ____________ and ___________ to minimize a risk. 10. Risk Transfer is __________ of the risk burden. 11. Risk Avoidance ensures ___________. 12. Contingency reserve refers to ___________ required to be allocated over and above the previously designated estimates to reduce the risk of overruns to an acceptable level. 13. Risk process implementation requires ________, _______, and ________. 14. Risk documentation is the process of _________________ needed to ensure successful risk management. 15. Risk documentation fundamentals provide the ______________. Activity 2: Consider that you are entrusted with creating a comprehensive Risk Plan for all the business processes of your organisation. Narrate your Risk Handling Strategies for different processes. Ensure that you classify and are clearly able to identify potential risks warranting Risk Mitigation,

70

Risk Transfer, Risk Acceptance, and Risk Avoidance. Create a Risk Documentation Plan that covers your Risk Handling Strategies comprehensively and provides a future guidance. 5.13 Terminal Questions 1. Explain Risk Handling Strategies. 2. What are the objectives of Risk Handling Strategies? 3. What is Risk Tracking (Monitoring)? 4. What is Risk Acceptance? Specify some of the risk criteria for risk acceptance. 5. What is Risk Mitigation? Explain the risk mitigation tools. 6. Differentiate between Risk Transfer and Risk Avoidance. 7. What is Contingency Reserves? How is it related to risk management? 8. What is Risk documentation? How essential is it in risk management? 5.14 Answers Answers to Self Assessment Questions: 1. reduce/mitigate 2. Perform accurate risk assessments, establish risk handling priorities 3. Risk Tacking, Risk Acceptance, Risk Mitigation, Risk Transfer 4. Identified high and moderate areas of risk, and risk ratings 5. Perceived 6. established metrics 7. associated cost and benefits; legal and statutory requirements 8. Vulnerability analysis, Diversification, and Hedging 9. Loss prevention and Loss control 10. shifting

71

11. that the risk event does not impact the project objectives 12. amount of funds or other financial resources 13. clear objectives, proper planning and resourcing, effective monitoring and control. 14. gathering, recording, reporting, and maintaining pertinent information 15. primary criteria for successful management Answers to Terminal Questions: 1. Refer to Section 5.2 2. Refer to Section 5.3 3. Refer to Section 5.4 4. Refer to Section 5.5 5. Refer to Section 5.6 6. Refer to Sections 5.7 and 5.8 7. Refer to Section 5.9 8. Refer to Section 5.11 5.15 Case Study The Road development authority of India due to increasing of traffic day by day had planned for the development of a national highway. Road projects however often confront many uncertainties due to factors such as the presence of interest groups, resource availability, the physical, economic and political environments, statutory regulations, etc. According to the senior managers of this department, Proper risk allocation in construction contracts will reduce the impacts of adverse conditions, and increase efficiency and effectiveness in management. Risk allocation upon risk handling strategies of road projects in India has not been satisfactorily established because of different interpretations of risk allocation between owners and contractors. This research highlights the significance of understanding proper risk allocation between contractual parties in Indian road projects. So it was Senior Mangers responsibility to assist Indian road contractors and employers to identify the risk sources inherent in road projects, understand their risk responsibilities, and improve their risk handling strategies so that they would optimize the scarce resources and enhance the socio-economic value of Indian road projects.

72

When these processes were followed as suggested by the seniors, the road contractors and employers could handle all the risk strategies and was successful in the development of national highway. Question: Create a Risk Documentation Plan that covers your Risk Handling Strategies comprehensively for the above given example. Copyright 2011 SMU Powered by Sikkim Manipal University .

73

PM0007-Unit-06-Monitoring and Controlling Risk

Unit-06-Monitoring and Controlling Risk Structure: 6.1 Introduction Learning Objectives 6.2 Overview of Risk Monitoring and Controlling 6.3 Risk Monitoring 6.4 Controlling Risk 6.5 Outputs of the Risk Monitoring and Control 6.6 Summary 6.7 Case Study 6.8 Terminal Questions 6.9 Answers 6.1 Introduction By now you must be familiar with risks and risk handling strategies. These risk handling strategies are for risks that are identified before the start of a project. But a project is also liable to encounter risks that are not identified; these risks need to be identified and then managed during the course of the project. Learning objectives: This unit describes the processes related to Monitoring and Controlling the Risks. After studying this unit, you will be able to: Define monitoring and controlling risks Evolve the methods used to monitor risk Analyse the need for monitoring risk

74

Devise the process of controlling risk Explain the methods of controlling risk 6.2 Overview of Risk Monitoring and Controlling Risk management is a process of identifying, analysing, planning and managing the identified risks in a project. As a project manager, during this process you: 1. Identify risks related to your project 2. Reveal new probable risks 3. Implement risk response plans 4. Monitor the risk response plans effectively This process will be successful only if a constant and careful monitoring of the implemented risk plans is done. Thus monitoring and control of risks is an essential phase of any risk management process. The inputs for risk monitoring and control phase can be: Risk catalogue Risk management plan Work performance information Performance reports Approved change requests

75

Figure 1: Risk Monitoring and Control Process Risk Catalogue The Risk catalogue contains the comprehensive list of all the probable risks in a project. The key inputs from this catalogue to the risk monitoring and controlling process are: The symptoms and warning signs of risk The bought into, agreed to, realistic, and formal risk responses Residual and minor risks Time and cost contingency reserves, and Low-priority risks. Risk Management Plan The Risk Management Plan explains the approach to a risk and how to manage the project risks. The plan describes how and when the risks should be monitored. Additionally the plan also provides guidance on budgeting for risk-related activities, thresholds, reporting formats, and tracking.

76

Work Performance Information Work performance information is the information related to the status of the scheduled activities in the project. By reviewing the work performance information, one can identify new risks in case they appear. When the performance of the scheduled activities is compared against the baseline, it becomes easy to determine if an emergency plan needs to be undertaken to bring the project back on track. Performance Reports Performance reports provide information related to the projects performance with respect to cost, scope, schedule, resources, quality, and risk. Bar charts, Scurves, tables, and histograms, are used in the performance reports to organise and summarise information such as earned value analysis and project work progress. Comparing actual performance against the baseline plans may reveal risks which may cause problems in the future. Approved Change Requests Approved change requests are the necessary changes to work methods, contracts, project scope, and project schedule. There are probabilities that changes can impact existing risk and give rise to new risk. Hence approved change requests have to be reviewed from the perspective of whether they will affect risk ratings and responses of existing risks, and or if a new risk is a result. 6.3 Risk Monitoring Risk monitoring is the process of systematically tracking and evaluating the performance of riskhandling actions against established metrics throughout the process of the project. This process also helps in developing further risk-handling options if required. Risk monitoring is one of the important elements of risk management; it is a process of tracking the success and status of the risk management tasks. Once the risk management plan is developed, risk monitoring involves the following: Systematically tracking the identified risks Identifying new risks in the project Handling the new risks Identifying risks that might be reduced or eliminated and need no coverage or a lesser level of coverage Capturing lessons learned for future risk assessment and allocation efforts Risk monitoring is a process that starts after the risk mitigation, planning, and allocation processes in the project. Periodic project risk reviews repeat the tasks of identification, assessment, analysis, mitigation, planning, and allocation. Regular project risk monitoring should be considered as an agenda item at all project development and management meetings. If unanticipated risk emerges or a risks impact is greater than expected, the planned risk response may not be adequate. At this point, the project team must perform additional response planning to control the risk.

77

Risk monitoring tasks can vary depending on project goals, but the following three tasks should be integrated into the risk plan: 1. Develop consistent and comprehensive reporting procedures 2. Monitor risk and contingency resolution. 3. Provide feedback of analysis for future risk assessment and allocation An effective risk management requires an effective reporting and review structure. Regular audits of performance and policies should be carried out to identify opportunities for improvement. The monitoring process should provide assurance that there are appropriate risk control in the organisations activities and that the procedures are understood and followed. A risk monitoring process should determine if: Any aspect of the risk analysis has changed and therefore should be repeated Any undesirable event defining a risk has actually occurred The other risk tasks are being performed effectively and efficiently The measures adopted resulted in what was intended The procedures adopted and information gathered for undertaking the assessment were appropriate Improvised knowledge would have helped to reach better decisions Lessons could be learned for future assessments and management of risks The progress of a project must be tracked and monitored throughout the course of the project. This will help in knowing the level of risk on a project can be monitored and controlled. Risks are assigned to risk owner(s) who will track, monitor, control and report the status and effectiveness of each risk response action to the Project Manager and Risk Management Team. The following are few tools used in risk monitoring: Risk Status Reports Risk register Issues Logs Risk evaluations

78

Risk audits Risk Status Reports Risk status reports provide genuine information related to risks in a project. They also communicate appropriate risk metrics to all stakeholders on the project. A project risk status report can include: The top ten risk in the project The consequences of the risk The number of risks resolved as of the report date The number of new risk items introduced since the last report The total number of current unresolved risk items The risk response progress The presence of unresolved risk items in the project The assessment of the probable cost of unresolved risk in comparison to the amount of risk reserve Risk Register Risk register or risk log is an essential tool in any project risk management. The risk register can be a simple document, spreadsheet, or a database system. This document is a means of recording the identified risks, their severity, and the actions steps to be taken to prevent or overcome these risks. The most effective design of risk register is a table, because it conveys more information than a document that runs into pages or information presented in a paragraph form. A risk register should be made available to the project stakeholders so they are able to see risks that concern them being addressed. Components of a Risk Register There is no particular standard list of components that should be included in the risk register. Some of the most widely used components are as follows: Dates: As the register is a document that is updated regularly, it is important to record the date that risks are identified or modified. Other dates that can be included are the target and completion dates. Description of the Risk: A brief description of the risk.

79

Risk type (business, project, stage): Classification of the risk, business risks are risks related to delivery of achieved benefits, project risks are risks related project management such as timeframes and resources, stage risks are risks associated with a specific stage plan. Likelihood of Occurrence: Provides an assessment on how likely it is that this risk will occur. Examples of classifications are: L-Low (<30%), M-Medium (31-70%), H-High (>70%). Severity of effect: Provides an assessment of the impact that this risk would have on the project. Counter Measures: Action to be taken to prevent, reduce or transfer the risk. This may include production of contingency plans. Owner: Individual responsible for the ensuring that this risk is appropriately managed and counter measures are undertaken. Status: Indicates whether this is a current risk or if risk can no longer arise and impact the project. Examples of classifications are: C-current or E-ended. Issue Log An issue log contains a list of ongoing and closed issues of a project. Issue logs can be used to: Monitor and control the issue status Report high priority issues to management Ensure that every issue is resolved quickly and efficiently The Issue log keeps a record of all issues within a project. It helps in monitoring the status of issues and tracking the actions taken to resolve them. By using an issue log effectively, the impact of issues on a project can be minimised, thereby increasing the chances of success. Risk Evaluations Risk evaluation is concerned with assessing probability and impact of individual risks, taking into account any interdependencies or other factors outside the immediate scope under investigation. Probability is the likelihood of a particular outcome actually happening (including the frequency of the outcome). For example, major damage to a building is relatively unlikely to happen, but would have enormous impact on business continuity. On the other hand, occasional personal computer system failure is fairly likely to happen, but would not usually have a major impact on the business. Impact is the evaluated effect or result of a particular outcome. Impact should ideally be considered under the elements of: Time

80

Quality Benefit People / resource Despite the fact that there are difficulties in risk evaluation, we need to carry out this task for the purpose of prioritisation. High priority risks require immediate handling whereas lesser priority risks may not require handling at all. Also there may be budgetary restrictions that may impact on the risks that can be handled. Due the all these reasons risks need to be measured in some form or another. There are various Quantitative and Qualitative methods of risk evaluation that can be used in risk management. Risk Audits Risk auditing provides an independent and objective opinion to an organisations management as to whether its risks are being managed to acceptable levels. Based on the results of the risk assessment, the internal auditors evaluate the effectiveness of how risks are identified and managed. They also assess other aspects such as ethics and values within the organisation, performance management, communication of risk and control of information within the organisation in order to facilitate a good governance process. Self Assessment Questions 1. __________ is a process of identifying, analyzing, planning and managing the identified risks in a project. 2. Risk catalogue contains the comprehensive list of all the _______ in a project. 3. _____________ is the information related to the status of the scheduled activities in the project. 4. Risk monitoring is a process of _________ and status of the risk management tasks. 5. Once the risk management plan is developed, risk monitoring involves ____ steps. 6. The _______ is a simple document, spreadsheet, or a database system. 7. Issue logs are used to order and organize the current issues by type and severity in order to prioritize issues associated with the ______. 6.4 Controlling Risk Risk control is a process of performing the risk management plan while, at the same time, ensuring that the plan is still valid. Risk monitoring control is performed at the concept phase of the project and ends at the closure phase. It should be included in the regular communication

81

process of the project. In particular, risk control is performed prior and during the risk event. It is performed whenever there are changes to the project scope or as scheduled. Risk control involves: Monitoring the risks throughout the project closely Revisiting the risk list periodically Verifying if the risks still valid or perhaps if a particular risk is no longer important. Uncovering additional risks from new events or change requests Updating the risk plans. The actions defined in the mitigation and contingency plans should be implemented as part of risk control. The Risk Owner is responsible for the implementation of these actions. Before any action is taken to accept, avoid, or mitigate the risk, the cost of the same must be carefully considered. It is likely that documenting your actions, stating why you made certain choices, and describing the results, provide a good record for understanding upcoming risks, risks in future phases, and any risks that might affect the next project. You may choose to accept one or more of the risks, and you may not be able to absorb others. Based on project scenario, you may decide that you can accept additional project expenses, but cannot accommodate schedule delays. Accordingly, you can focus your control efforts onto such risks which have a need tube controlled. After this step, controlling of risks involves the formation of specific strategies for risk control. These strategies can include acceptance of risk, avoidance of risk or mitigation of risk. Even if some of the risks are costly, they need to be accepted or mitigated, based on the status of the project. While in some cases, risks can be avoided and it can be eliminated entirely. In some cases, project managers may need to change project scope, modify project plans, hire additional resources, or adopt different technical solutions to avoid the risk. Risk mitigation can be adopted when the project seeks to minimize the potential impact of a risk through alternative solutions. Mitigation is a combination of acceptance and avoidance. Plans and schedules can be altered; specific actions can be taken to minimize the chance that a risk will occur. Documenting your actions, stating why you made certain choices, and describing the results, provide a good record for understanding upcoming risks, risks in future phases, and any risks that might affect the next project. Need for Alerts and Flexibility Risk management involves analysis and collation of lot of data related to risks. To be able to effectively use this data during the course of the project, these plans must be have some checkpoints or alert points defined so that appropriate risk control can be planned before the risk occurs. The objective of such alerts should be to help the management take timely actions to

82

avoid/mitigate the risks so that their impact can be reduced on the project. Without appropriate alerts, the risk identification, analysis and plans could be rendered ineffective. These alerts could be built as part of a regular assessment. The various parameters that constitute the alert should be checked to see if the alert is triggered. If the risk data is elaborate, you could also use on of the commonly available automated tools which can trigger the alerts as and when they occur. Once such alerts are in place, and they start giving the warnings, the organisation must be ready to take up the changes, if required, to control and avoid risks. In a world of increasing uncertainties, the ability to accommodate changes plays an important role in project risk management. The need for flexibility applies to many aspects: Capital investments Employees and business partners Organisational structures Project timelines Financial commitments Information systems The formulation and implementation of efficient flexibility strategies have become important aspects of risk management. If a project is ready for changes to manage and control the eventual risks, it can actually avert the impact of risks. For being able to do so, the management must be pre-informed of the likely changes that can happen to handle risks. Crisis Management Crisis management is a new field of management that includes forecasting of potential crises and planning to deal with them, for example, how to recover if your computer system completely fails. Organisations have the time and resources to complete a crisis management plan before they experience a crisis. Crisis management includes identifying the real nature of a current crisis, intervening to minimise damage and recovering from the crisis. Crisis management also includes identifying the threats and risks to an organisation and developing and implementing systems and strategies, which help in managing crises. A good crisis management gives your organisation competitive advantage. But protecting your organisations reputation, environment, key business assets, employees and other stakeholders is an ongoing challenge, especially, in such extreme, complex and constantly changing risks. Hence crisis management requires good and effective leadership.

83

To ensure an effective crisis management mechanism leadership support and involvement is absolutely essential. A leader must institutionalise the process of crisis management to anticipate, prepare and mitigate an impending crisis. Crisis Resolution the Ultimate Test Since crises are characterised by that dreaded element called surprise, so a strong emphasis on crisis resolution is part of crisis management. While no plan may manage a crisis but a practical plan and general preparedness for crisis may help in resolving crisis. Carefully designed crisis management plans might have been crafted and number of mock drills might have been conducted to ensure high levels of general preparedness, but that one critical decision which defines the organisational response and gives crisis resolution a specific direction and that affects the outcome and perception of stakeholders and general public in the big way depends on the values instilled by the leader over the years. A Trigger for Change Anticipating crisis is a part of strategic planning and risk management. Each crisis must be dealt with accurately by project managers, who also must consolidate the lessons learnt and communicate the same to the people for organisational learning and thus drive sense for initiating change in the organisation.

84

Figure 2: Trigger for Change The above figure shows the cycle of identifying crises, managing them, and more importantly extracting learning from the act of managing the crisis and communicating the learning as a trigger for initiating a change programme to overcome the crisis of the organisation and help organisation in better performance. 6.5 Outputs of Risk Monitoring and Control Outputs of the Risk Monitoring and Control process are produced continuously. In addition, outputs of the process are used to update project and organisational documents for the benefit of future project managers. The outputs of Risk Monitoring and Control are: Corrective action: This includes anything that brings the expected performance back in line with the project plan. Corrective actions consist of two types: contingency plans and workaround plans. A contingency plan is a provision in the Project Management Plan that specifies how a risk will be handled if that risk occurs. The plan may be linked with money or time reserves that can be used to implement the plan. A workaround plan is a response to a negative risk that was passively accepted or not previously identified.

85

Project change requests: Implementing a contingency plan or workaround frequently requires changing the risk responses described in the project management plan. Change requests are completed and submitted to the Integrated Change Control process. All requested changes must are documented, and that approvals at the right management levels are sought and obtained. Preventative Actions: Preventative actions assure the project follows the guidelines of the project management plan. Updated the risk response plan: Document the risks that occur. Risks that dont occur should also be noted and closed out in the risk response plan. It is important to keep this up-to-date, and it becomes a permanent addition to project records, eventually feeding into lessons learned. Updated Risk register/database: This is a repository for collection, maintenance, and analysis of data. It is used in risk management processes. Maintaining this register is very important for project records. An updated risk register has the outcomes from risk assessments, audits, and risk reviews. In addition it is updated with the resulting outcome of the project risk and risk response. The updated risk register is a key part of the historical record of risk management for the project and will be added to the historical archives. Updated the Organizational Process Assets: Organisational process assets should be documented in light of the risk management processes to be used in future projects. Documents as the probability and impact matrix, risk databases, and lessons-learned information, as well as all of the project files are archived for the benefit of future project managers. 6.6 Summary Risk monitoring and controlling is a process of identifying, analysing, and planning for new risks and managing these identified risks. Risk monitoring is a process that starts after the risk mitigation, planning, and allocation processes in the project. The tools used in risk monitoring are risk status reports, risk register, issues logs, risk evaluations, and risk audits. Risk auditing provides an independent and objective opinion to an organisations management as to whether its risks are being managed to acceptable levels. Risk monitoring control is performed at the concept phase of the project and ends at the closure phase. Crisis management includes identifying the real nature of a current crisis, intervening to minimise damage and recovering from the crisis. Glossary Term Contingency Thresholds Histograms Description An event that might occur in the future. The place or point of beginning. Graph using vertical or horizontal bars whose lengths indicate quantities.

86

Self Assessment Questions 8. ___________ is performed whenever there are changes to the project scope or as schedule. 9. The _______________ and _________________ of efficient flexibility strategies have become important aspects of risk management. 10. Crisis management includes identifying the real nature of a current crisis, intervening to minimize damage and _________. Are the following statements true or false? 11. Anticipating crisis is a part of strategic planning and risk management. 12. Workaround plans are planned responses to emerging risks that were not previously identified. 13. Risks that dont occur need not be noted and closed out in the risk response plan. 14. Organizational process assets should be documented in light of the risk management processes to be used in future projects. 15. The updated risk register is a key part of the historical record of risk management. 6.7 Case Study Indian organizations have seen a sea change in their business environments since 1991 when the first step toward liberalization was taken. Many have started investing in their Research & Development (R&D) activities with expectations to face foreign product and services. Driven by the need to reduce costs and cycle times, organizations have become increasingly focused on the performance of the key processes. Organizations recognize that the performance of core processes directly affects the ability to meet their goals for revenue growth, cost reduction and increased market share. Analysis of organization strategies and business processes indicate that in order to sustain their growth and profitability via product innovation, organizations must improve their R&D processes. Existing literature indicates the availability of various methods for R&D project management. Yet the uncertainty and risk associated with R&D projects make the implementation of these methods difficult. Further, dynamic process of the interaction between the R&D department, and the other departments makes the R&D project management process complicated and difficult to implement the conventional project management tools and techniques. It is found that Indian organizations require effective project monitoring and control system to improve the R&D effectiveness. Thus, there is a need to study the R&D project management processes of Indian organizations and develop appropriate project monitoring and control system for R&D projects. This research study attempts to fulfil this gap.

87

The objective of the research study is to examine the tools and techniques available for R&D project management processes i.e. R&D project selection, R&D project planning and R&D project monitoring and control and develop a framework for R&D project monitoring and control system for Indian organizations. This report is based on extensive literature survey in the area of R&D management and project management and case study of four Indian organizations. The tools and techniques for R&D project management are critically examined to find their appropriateness in Indian organizations. This study provides a framework for project monitoring and control system for R&D project. Question: List out the Risk monitoring and controlling methods which are used in the above mentioned case study. 6.8 Terminal Questions 1. Explain the process of Risk management with various steps involved. 2. Explain how Risk monitoring is one of the important elements of risk management. 3. What are the 3 different tasks involved during risk plan. Explain 4. What are Risk status reports? Why are they used? 5. Describe Crisis management in brief. 6. What are the outputs of Risk Monitoring and Control? 6.9 Answers Answers for Self Assessment Questions 1. Risk management. 2. probable risks 3. Work performance information. 4. tracking the success 5. five 6. risk register 7. project milestone 8. Risk control

88

9. formulation and implementation 10. recovering from the crisis 11. True 12. False 13. False 14. True 15. True Answers for Terminal Questions: 1. Refer Para 6.2 2. Refer Para 6.3 3. Refer Para 6.3 4. Refer Para 6.3 5. Refer Para 6.4 6. Refer Para 6.5 Copyright 2011 SMU Powered by Sikkim Manipal University .

89

PM0007-Unit-07-Strategic Risk Response Planning

Unit-07-Strategic Risk Response Planning Structure: 7.1 Introduction Learning Objectives 7.2 Strategic Risk Response Planning 7.3 Developing a Communication Plan 7.4 Balancing Short term Vs. Long Term Plans 7.5 Risk Models for Response Planning 7.6 Summary 7.7 Terminal Questions 7.8 Answers 7.9 Case Study 7.1 Introduction Risks are the integral part of the business environment and operations of any organisation. Hence, the risks must be tactfully dealt with proper risk analysis, strategic planning, and risk management. Given the fact that majority of planned models are deterministic in nature, most of the internal and environmental risks are to be considered qualitatively. The concept of strategic planning represents one major instrument of risk management which is a powerful tool of risk identification. This unit emphasises on the fundamental aspects of strategic risk response planning. This unit helps you learn all about a communication plan and how to develop it. It covers the layout of long term and short term goals. This unit also covers the risk models for response planning. Accomplishing the definite objectives through these models and methods helps you complete your project successfully. Learning Objectives: After studying this unit, you will be able to:

90

Define strategic planning Analyze the importance of a strategic plan Build up a communication plan Differentiate between Short term Vs. long term plans and balance them Explain risk model for response planning 7.2 Strategic Risk Response Planning The real value of creating a business plan is not in having the completed product in hand; rather, the worth lies in the process of researching and thinking about your project in a very systematic way. The act of planning that helps you think, study, research when not sure of the facts, and examine your ideas critically. It may consume your time now, but helps you avoid costly, and even disastrous, mistakes. Strategic risk response planning is a tremendous communication and marketing campaign. The making of a communication plan before strategic risk response planning begins with the start of the project. You can benefit immensely with a good communication plan that: Acts as a binding agreement. When you tell people that you are going to do a particular thing, having a communication plan or commitment in writing compels you to carry through with your efforts and you would also give the opportunity to others to provide you inputs. Assures you to take advantage of all opportunities, including on-going implementation. Helps keep the communication focused. Helps prevent unforeseen and unwanted surprises. 7.3 Developing a Communication Plan A communication plan promotes effective and efficient communications with different clients and major stakeholders in the project. It describes how the project communications takes place. A good communication plan generally includes the following fundamentals: 1. Communication objectives 2. Communication method and frequency 3. Target audiences 4. Key content for the communication A communication plan is a written document that describes:

91

what you want to accomplish with your organisation communications (your objectives) ways in which those objectives can be accomplished (your goals or program of work) whom your organisation communications are addressed to (your audiences) how you accomplish your objectives (the tools and timetable) how you measure the results of your program (evaluation) Communications includes any written, spoken, and electronic interaction with anyone. A communication plan comprises the objectives, goals, and tools for any and all types of communications, including but not limited to: episodic print publications like newsletters, brochures online communications like e-mail distribution list, website, and ETSAL meeting, status reports, conferences, and presentations media relations and public relations information marketing and sales tools legal and legislative papers incoming communications including reception methods and voice mail composition committee and board bulletins corporate identity resources including letterhead, logo, and envelopes surveys, audits, and inquiry assets and liabilities, invoices, ledgers, budgets, account, and annual reports signage, speeches, certificates and awards A good two-way communication among all stakeholders is the key for the success of any project. Good communication anticipates surprises, prevents duplication of effort, and helps reveal omissions and misallocations of resources early enough to permit corrections. Any audience who is a part of the project are involved in a communication plan. It includes the project managers, project sponsors, project stakeholders, team leads, and all team members. The primal matter for the communication plan usually comes from the following five main sources:

92

the association mission statement a communication audit membership surveys committee and leadership input discussions with other staff and departments How to Develop a Communication Plan Developing the communication plan involves many steps. Some of the important steps to develop an effective communication plan are explained here. Conduct a Research Communication Audit Assess the effectiveness of your current communications. Some organizations do outsource this work to expert firms, but the costs involved for a hired auditor can be too high. To conduct your own audits, find out: what each communication activity is designed to achieve what each member of the project is contributing in the way of communication how effective each activity is To get the answers you need to: brainstorm with communication staff discuss with other divisions, communication committee members, and departments interview the board and the chief staff executives survey the membership host focus groups and question the non-members Define the Objectives Armed with the information from your audit, define your overall communication objectives. The objectives are the outcome you want to achieve from your communication. These can include: centralization of the communication effort

93

increased employee teamwork improved product delivery member trustworthiness excellent service to members visibility for the organization and the industry or profession influence on government, media, consumers, and other audiences Define the Audiences List all the audiences that your association might contact, attempt to influence, or serve. Included on your list can be: members non-members consumers related associations adversarial associations educators federal, regional, and local governments related industries the media Define the Goals With affirmed objectives, consider available resources and classify a program of work for each objective. The objective includes general programs, products, or services that are used to attain the affirmed objectives. For example, if the objective is to develop member service, the target must include improved training for the member-service function, special communications directed for the first-time members, a reference manual for handling complaints, and continuing information for members. Identify the Tools

94

Identify the tools that are going to be used to accomplish the objectives. These tools can be anything from a simple leaflet to a flashy magazine. Do not overlook the less obvious tools such as cards, reports, posters, and web sites. Contrive ideas with other members. Establish a Timetable After identifying the objectives, goals, audiences, and tools, enumerate the results in a calendar framework that outlines roughly what projects will be accomplished and by when. Divide the objectives into logical time periods (quarterly, monthly, weekly, daily etc. Evaluate the Result Build a method into your plan for measuring the results. Your evaluation can take the form of monthly report on the work under progress formalized department reports for presentation at the meetings regular briefings from the department heads a year-end summary for the annual report All this information is included in a separate section, often referred to as the Communication Plan, of your project plan. Developing a communication plan takes effort. You should plan on three or four days the first time you do it. Once in place, the written plan will smooth your job all year long, earn you respect from the CEO and other staff, help set work priorities, protect you from last-minute demands, and bring a semblance of order to your chaotic job. Such is the case with successful communication planning. Even though you may have identified and analyzed your stakeholders and determined the most effective communications vehicles without a well developed and implemented communication plan, you may have a recipe for disaster. So develop an effective communication plan to ensure your projects success whatever may be the risks involved. 7.4 Balancing Short term vs. Long Term Plans Undoubtedly, your business is a permutation of short term goals and long-term plans, just like all businesses. Yet, one takes priority over the other at different times. From a simplistic perspective, the sales revenue gets a permanent gradual boost just because of the long term strategies built by the brand/company. A temporary, immediate revenue boost by giving buyers an incentive to purchase is created through short term strategies. By implementing both long and short term strategies in the arena, you can concentrate on immediate goals while building your business reputation and goodwill towards long term goals. Some examples of both types of strategies are included below. Shorter-term strategies:

95

1. Reduced price sales: Designed specially to increase revenue by encouraging customers to act. Putting a sale benefits you in the immediate term as it gives customers an incentive. But regular sales can erode the profit over time as customers get accustomed to wait for a sale instead of buying at full price. 2. Group offers: Intended effective strategy to introduce your products or services to a new set of customers or to give important groups a permanent discount. However, you must observe the business performance of these offers. For example, the sales increase should not offset the cost of constant price discounts. Longer-term Strategies: 1. Branding activities: High profile activities and advertising contributes to customers awareness and builds your business image, and ultimately creates customer loyalty. Successful branding can have a huge impact on market share, but it is a steady process. 2. Industry relationships: Building a healthy relationship with distributors and all others involved in the industry gives you the connections you need in the business. This decreases the quantity of risks involved and provides you a hedge against losses. In long term, this approach can extend connections to new customers and open new potential distribution channels. 3. Research and development: Investing in research makes you focus on the future sales. Conduct market research with some of your most valuable customers. Check if you are creating a product pipeline that meets their needs and ensures your future growth.

4. Publish content: Developing a stream of fresh content like blogs, posts, and newsletters results in quality traffic to your site, and also establishes you as an expert in your field. Commitment need not be intense, but do commit to publish something on a monthly/quarterly basis on your site to show visitors you are here for the long-term. Steps for Balancing Short-term Requirements with Long-term Goals There are various steps to balance short-term requirement with long-term goals. Some of them include:

96

Discussing with a higher authority to determine how much time you and your team should be allocating towards short-term issues versus long-term goals. Reviewing the work that you and the team have done in the past to determine what has been accomplished on both short- and long-term issues. Setting new guidelines if the balance is not right according to the priorities. Tracking the logs to decide how you and your team are spending your time. Evaluating whether you and your team are giving the proper time and attention to short-term requirements and long-term goals every two weeks and re-adjusting the focus appropriately if the balance is not right. Deciding the most important priority and making it your first priority when you face competing priorities. Planning your actions for any kind of urgency or emergency. Asking for team meetings to find out how you can make progress on long-term issues while addressing short-term needs. For example, a goal may be to develop a line of products for a new market. But then ask the team to figure out how to make progress on that goal while also developing some other products for existing markets. Together, long and short terms strategies help in minimizing the amount of risks and achieving the immediate goals and building your business reputation. A healthy balance of both strategies is critical for ensuring successful project execution. Self Assessment Questions 1. A ___________ promotes effective and efficient communications with different clients and major stakeholders in the project. 2. Good communication anticipates surprises, ________ of effort. 3. The first step in developing the communication plan involves conducting a ___________. 4. By implementing both __________, immediate goals while building the business reputation and goodwill towards long term goals can be concentrated upon. 5. The two short term strategies are ________ and _________. 6. In long term strategy, __________ helps building a healthy relationship with distributors and all others involved in the industry.

97

7. A healthy balance of both long term and short term strategies is critical for ensuring the _______ in the years ahead. 7.5 Risk Models for Response Planning Risk response planning is the procedure of developing options and plans to minimize the threats and maximize the opportunities. Risk response should be in line with the significance of the risk, cost-effective, and realistic. Generally, a mutual discussion needs to take place as response is best option. Before you begin risk response planning, you need the following inputs: Risk Management Plan It comprises the key components which help to yield response options. Roles and responsibilities from the risk management plan define who to act as the authority and who can be an owner of a risk. Risk analysis definitions precisely communicate the description of risk ratings for probability, impact, and urgency. Risk thresholds relate the stakeholders tolerance of high, moderate, and low risks. In general, definite thresholds specific to time, cost, and resource amounts are agreed to. Timing and schedules which specify the frequency and activities are also related as part of the risk management plan. Risk Register It contains the consequential risks from the identification, qualitative analysis, and quantitative analysis. The elements used are the priority list of project risks, list of short and long-term risks, modes in qualitative risk analysis, categorized risks, and a watch list of low priority risks. Objectives of Risk Response Widen the options and determine the actions to improve opportunities and minimize threats to project objectives Assign responsibility to individuals or parties for each risk response Risk response has to be realistic, timely, cost-effective, and proportional to the severity of the risk, owned by a party or a person and must be accepted by all parties involved. There are two main strategies to handle risks, negative risks and positive risks. The target of the plan is to minimize threats and maximize opportunities. Response Strategies for Threats (Negative Risks) There are four main response strategies when it comes to deal with threats. They are, Risk Avoidance, Risk Transfer, Risk Mitigation and Accept. 1. Avoid Risk avoidance involves varying the project plan to remove the threat to the project plan. This can be done by altering or reducing the scope of the project. Risk avoidance is done by: Altering the project plan to cut out the risk or the state that causes the risk in order to secure the project objectives from its impact. It involves planning different ways in which you can deal with

98

an event if and when it occurs, instead of trying to maintain its probability or impact. Depending on the project angle, this may be a strategy of choice in situations where the effects of a given risk may be known to be restricted in a manner which is competent and acceptable. Relaxing the related objective (extends the schedule, lessen the specification requirements, reduce scope). Not all risks can be avoided, but some risks can certainly be avoided. Examples of Risk Avoidance include: Adding resources or time Adapting a conventional approach instead of doing something new Avoiding an unknown subcontractor Clarifying requirements Developing communication Retrieving information Achieving expertise Shrinking the scope to avoid high-risk activities 2. Transfer Risk transfer involves shifting the impact of a risk event and the ownership of the risk response to a third party. This strategy is common with a financial risk exposure and involves payment of a risk premium to the party assuming the risk. Risk transfer is done by transferring the risk to a third party who is capable of shielding the project in whole or in part, from any risks which could endanger the project. Risk Transfer is most efficient in dealing with financial risks and always involves payment of a risk premium to the party acquiring the risk. Examples of risk transfer are: Usage of insurance, performance bonds, warranties and guarantees Contracts which are used to transfer liability for particular risks 3. Mitigate Risk Mitigation decreases the probability or impact of a potential risk even to a more acceptable level. This includes reducing the consequences of the risk. Mitigation involves adapting a less complex process, conducting extra test on the product, designing redundancy into a system, and devising a quality control or reconciliation. Risk mitigation is done to: Reduce the anticipation and/or impact of a risk to within a tolerable threshold. Mitigate the impact before the risk takes place to avoid dealing with the after-effects

99

Mitigate costs appropriate given the likely impact and probability of the risk. Examples of Risk mitigation include: Enforcing a new course of action that lessens the problem, e.g. adapting less complicated methods, conducting more seismic or engineering tests, or selecting a more stable supplier. Altering the status so that the chance of the risk occurring is reduced, e.g. increasing the resources or time of the schedule. Making a prototype for growth to lessen the risk of scaling up from a bench scale model. A mitigation response might address the risk impact by targeting linkages that verifies the impact severity, when it is not possible to reduce probability. For example, scheming redundancy into a subsystem may decrease the impact that results from a failure of the original component. 4. Accept Risk acceptance is done by deciding not to make any changes to the project plan in order to deal with a risk or where a suitable response strategy cannot be identified. This strategy can be applied for both negative and positive risks. There are two types of acceptance: Active acceptance: It includes creating an emergency plan to execute when risk occurs. An emergency plan is developed in advance to respond to the risks that crops up during the project. Planning would lessen the cost of an action. When risk such as missing intermediate milestones triggers, the risk should be defined and tracked. The normal risk acceptance response is to create an emergency allowance or reserve including amount of time, money and resources to account for known risks. The allowance should be structured by the impacts, computed at an acceptable level of risk exposure. Passive acceptance: It requires no action. The project team has to deal with the risk as and when it occurs. Response Strategies for Opportunities (Positive Risks) There are three main response strategies when it comes to deal with opportunities Share, Enhance, and Exploit. 1. Share Risk sharing comprises of sharing responsibility and accountability with another to facilitate the team the best chance of seizing the opportunity. 2. Enhance Risk enhancement amplifies the probability that an opportunity occurs by focusing on the trigger circumstances of the opportunity and anticipate the chances. 3. Exploit Risk exploitation is used on opportunities when the organization wishes to assure the opportunity is realized. Normally used by hiring the best experts or satisfying with the most technologically advanced resources that is available to the project team.

100

A risk contingency is used only when a risk is realized or impacting. A response plan is commonly executed when a condition or trigger event occurs. For example, missing an intermediate milestone. Risk Response Planning is the most vital risk management process. It places the plan in the project and how to deal with the risk. The outputs of Risk Response Planning are: Risk Register (updates) Risk Register updates of the suitable risk response are contained in this. The risk register is revised to reflect the results of the response planning process. Documenting a risk in detail should be qualified to the ranking of the risk (high risks in detail, low risks by listing). Risk Register contents include: Identified risks, their description like the area of the project affected, their causes and how they may affect project objectives Risk owners and people who are assigned with responsibilities Results from the qualitative and quantitative risk analysis methods Approved response strategies Specific actions to execute the response plan Budget and programme activities for responses Evidences and caution signs for risks occurrence Emergency plans with triggers and other allied emergency reserves Standby plan to fall back upon when the risk occurs Residual risks expected to be lasting after the strategy is implemented and accepted Secondary risks originating directly from implementing a risk response Project Management Plan (updates) Project Management Plan updates happen as response actions are added after being processed though integrated change control. The project management plan is revised to include the response activities including reflecting the impact on cost and schedule. Risk-Related Contractual Agreements These include Risk related contractual agreements for insurance, partnerships, and services generate specific responsibilities for each party. Contractual agreements are prepared to specify each partys responsibility for specific risks, which occur. These include agreements for insurance, services, and other items as suitable in order to avoid or mitigate threats.

101

7.6 Summary The essence of risk management is not in avoiding or deleting risk but deciding which risks to exploit, which ones to pass to investors and which ones to avoid or hedge. To exploit risk, you need an edge over your competitors. A conceptual model must be developed to assist in risk response strategic planning. The model must address the risks by evaluating and mapping the power dependency amongst the project stakeholders and their perceived utility of the project objectives. It should also address expected level of convenience during project execution and/or operation, and trade-offs between project cost to completion, time to completion and quality. Strategic risk response planning consists in influencing factors that define stakeholder utility thresholds, and thus, behaviour. The successful completion of any project depends fully on its strategies, planning, and management. Activity 1: Assume that you are the Project Manager for one of the marketing products which has a good brand name. Write a communication plan for publishing that particular product. Glossary Term Description An expression whose meaning cannot be determined from Ambiguity its context ETSAL Electronic Terms For Space Age Language Adversarial Acting against or in opposition Affirmed To declare positively Semblance A resemblance or copy Reconciliation removal of inconsistency Self Assessment Questions Are the following statements True or False? 8. Risk response planning is the procedure of developing options and plans to minimize the threats and maximize the opportunities. 9. Risk Register does not contain the consequential risks from the identification, but it contains qualitative analysis, and quantitative analysis. 10. The target of the risk response plan is to maximize threats and minimize opportunities. 11. A risk contingency is used only when a risk is realized or impacting. 12. Risk Response Planning is the most vital risk management process.

102

13. Risk Register reference is made to record the prioritized risks from qualitative and quantitative risk analysis. 14. Risk mitigation is done to increase the anticipation and/or impact of a risk to within a tolerable threshold. 15. During risk register updates, the risk register is revised to reflect the results of the response planning process. 7.7 Terminal Questions 1. What is communication Plan? Developing the communication plan involves many steps. Explain each one of them. 2. What are the steps for balancing short-term requirements with long-term goals? 3. Define Risk response planning. What are the inputs required to begin Risk response planning? 4. List out the main differences between Positive and Negative Risks. 5. Give a brief explanation on a. Risk Avoidance b. Risk Transfer and c. Risk Mitigation. 6. What are the outputs from Outputs from Risk Response Planning? 7.8 Answers Answers for Self Assessment Questions 1. communication plan 2. prevents duplication 3. Research-communication audit. 4. long and short term strategies 5. reduced price sales and group offers 6. industry relationships 7. Business prospers. 8. True 9. False

103

10. False 11. True 12. True 13. True 14. False 15. True Answers for Terminal Questions 1. Refer Para 7.3 2. Refer Para 7.4 3. Refer Para 7.5 4. Refer Para 7.5 5. Refer Para 7.5 6. Refer Para 7.5 7.9 Case Study Considerations for developing a communication plan for HIV prevention and AIDS mitigation in a village near Romania. Communication programs and activities are most successful when they are based on participatory research and planned systematically and strategically. Often the haphazard and ad hoc use of communication activities leads to top-down design and implementation and has a high chance of not effectively reaching the intended audiences simply because they had not been involved. The following process demonstrated how a communication plan for HIV/AIDS was developed, bearing in mind that it needs to be developed in close collaboration with all major "stakeholders" 11 (present at each and every design phase) and that they are merely a set of "guidelines". The HIV/AIDS Communication Strategy was developed with due consideration to culture, gender relations, power structures, religion/ spirituality, individual and government economic status. Some interesting qualitative research studies, carried out mainly amongst specific target groups in the field of HIV/AIDS, shed light on the complex issue of the systemic effects of the disease on peoples lives in a village near Romania, but clearly point to the need for more

104

qualitative action research to build a sound understanding of vulnerability and susceptibility to HIV/AIDS Qualitative information is also needed for message design and appeals development, as well as for focused materials production. There was need for a collaborative action research effort that is participatory in nature and involves program staff, communicators, researchers, community leaders and many more throughout the process of the study. This multi-level and multi-disciplinary research process will allow those involved to identify the multiplicity of problems and take advantage of the discussion forum to share knowledge and exchange ideas as well as to be proactive in the problem-solving process. The research forum itself becomes an important catalyst for change. Experience has shown that this is a learning process that enables people to reassess their own attitudes and behaviour and to learn from each other as well as from people interviewed. Once the research findings had broken down into manageable categories describing themes, subthemes, issues and communication problems, the planning process can begin. This implies the development of a coherent, integrated, problem-solving, location-specific communication system, which links each communication problem to a set of communication objectives, specific target audiences, messages and appeals, and a specific institutional communication channel and/or media channel and format. During this phase, a series of sub-action plans were developed in concert with the main communication plan. These had to include a media production plan, a training plan, field implementation and monitoring and evaluation. The most important factors to take into consideration when developing a national communication plan relate more to the overall approach and context than to the development of the plan itself. These include combination of long-term and short term interventions, Partnerships for combined efforts, Sensitive approach and Foster active participation of people living with and affected by HIV/AIDS, communities and households in processes of problem and needs identification, problem-solving and implementing responses. Question Describe how the communication Plan was developed and carried out through out the process? What are the steps followed? Copyright 2011 SMU Powered by Sikkim Manipal University .

105

PM0007-Unit-08-Tools for Managing Risk

Unit-08-Tools for Managing Risk Structure: 8.1 Introduction Learning Objectives 8.2 Risk Management Tools 8.3 Quality Control Tools 8.4 Probability Techniques 8.5 Flow Charts 8.6 Fishbone Diagram 8.7 PERT/CPM for Project Scheduling & Management 8.8 Project Insurance 8.9 Summary 8.10 Terminal Questions 8.11 Answers 8.1 Introduction Almost everything in todays business world involves a risk of some kind: customer habits change, new competitors appear, factors that are not in your control could delay your project. But initial risk analysis and risk management techniques can help to assess these risks and decide what preventive / corrective actions to take to prevent /minimise disturbance to project plans. Risk management tools help in managing project risks appropriately and give you an edge over your competitors. By now you are familiar with risks in a project and methods of risk management. This unit provides you an in depth knowledge about the tools used in the risk management process. Learning Objectives: After studying this unit, you should be able to:

106

1. Describe the importance of risk management tools 2. Explain the Quality Control tools 3. Explain the six risk management tools 4. Calculate the probability of risk events 5. Draw flow charts for processes

8.2 Risk Management Tools As you know Risk management is the act or practice of controlling risk. This process includes identifying and tracking risk areas, developing risk management plans, monitoring risks and performing risk assessments to determine how risks have changed. For a risk management process to be successful you need to use risk management tools. There are many risk management tools that help in identifying, assessing and handling risks. Different risk management tools are used for different projects based on the requirements. Using appropriate risk management tools to identify and handle risks helps in establishing an effective risk management process. Some of the risk management tools and techniques are: Quality Control Tools Probability Techniques Flow Charts Fishbone Diagrams PERT/CPM Techniques Project Insurance 8.3 Quality Control Tools Many companies use Quality Control tools to improve the quality of products, processes, and to manage risks. The Quality Control tools: Encourage and enhance teamwork as problems are addressed through groups Help to anticipate potential problems and improve quality Are essential tools in the continuous improvement of processes

107

Provide objective analysis of problems based on facts and data Provide greater customer satisfaction through superior quality and services There are seven Quality Control tools to manage risks. These tools are: Check Sheet Graphs Histogram Pareto Chart Cause and Effect Diagram Scatter Diagram Control Chart 1. Check Sheet Check sheet is a pre-designed format for collection of data; it encourages collection of data in an organised manner and grouping it into categories. A check mark is added for each example of a category. The marks are added to determine subtotals. A checklist is used to keep track of the parameters of an on going process. It can be used to track events and factors such as timeliness, reason for failure (appearance, performance, etc.); person accomplishing the task (sales calls per representative); complaints (customer complaints for each day of the month); and many other factors. The procedure to use it is to look at some preliminary data before developing the check sheet. This indicates what categories to use. The function of a check sheet is to present information in an efficient manner. This may be accomplished with a simple listing of items. Also, include information about who collected the data, the date and the total sample from which it was drawn. For example, a fertilizers company wants to check the weight of bags of fertilizers that are supposed to weigh 100 kg. The resulting checklist is shown in the following table. The checklist indicates that the machine is not filling all the bags within the specification. Fertilizer Bag Weight Check Sheet Lot No. : 503 Specification : Weight (Kg.) 98.00 98.50 Weigher : RTF 100kg. 1 Kg.Shift : 2 Tally 0 1111

Total 2 4

108

98.75 99.00 99.25 99.50 99.75 100.00 100.25 100.50 100.75 101.00 101.25 101.50 101.75 102.00 Table 1: Check sheet

11111111 111111111 11111 11111111 11111111111111111 11111111111111111111111 111111111111 11111111 111111111 1111 111 1111 11 1

8 9 5 8 17 23 12 8 9 4 3 4 2 1

The check sheet shows the weight of bags of fertilizers and the number of bags that have less or more than 100 kg of fertilizer. 2. Graphs Graphs are the visual representation of data; they are used to show comparison of visual representation of data collected. The most commonly used graphs are Bar charts, Line charts, and Pie charts. 3. Histogram Histograms are used to display the distribution of data by category. They provide a simple, graphical view of accumulated data, including its dispersion and central tendency. It is a more convenient and effective way of displaying data than a table of figures because it gives a visual indication of relationships. Histograms are used to observe whether data falls into a specific pattern or not. To use histograms, find the range of the data to be displayed. Arrange the data range in ascending order on the horizontal scale and the numerical findings on the vertical scale. Draw a bar for each category representing the value.

109

For example, a company produces a fertilizer in which a constituent A should be present more than 30 mgs in a cubic centimetre of volume. Quality control department is measuring the characteristics of the sample received from the reactor and displays it in a histogram. It might show the frequency with which various levels of defects turn up. A succession of histograms can be used for comparison. 4. Pareto Chart A Pareto chart is one of the special forms of bar chart which is intended to determine the most important factors in a situation. It is based on the idea that a few causes produce majority of variations. In most of the cases 20% of causes account for 80% of variations. Pareto chart is used when you want to determine the corrective actions that would yield the greatest quality benefits. It is a good way to set priorities and to focus on the quality efforts. To use Pareto chart, examine the data indicating the frequency with which each cause of a problem that occurs. List them from most to least frequent cause. Plot them on a bar graph. The left vertical scale indicates the frequency that each bar represents. The right vertical scale indicates the percentage of total occurrences that is covered by the sum of the causes. For each cause, add the per cent of problems that it accounts for to the per cent accounted for by the causes to the left to it and plot points against the right scale that represent this total. Connect these points with a line. For example, a travel company is analysing and prioritising complaints about quality received from its customers. The complaint data is as follows: Type of complaint Baggage delay Missed connections Lost baggage Poor cabin service Ticketing error Table 2: Complaint data By preparing the Pareto chart based on the above data, we can find out the relative magnitude of complaints and can identify the most important opportunity for improvement in quality of travel service. As shown in the Chart, 75% of customer complaints are related to baggage delay and missed connections only. Based on this finding, the airline staff can use cause and effect diagram to figure out the root causes of these two major problems. 5. Cause and Effect Diagram The Cause and Effect Diagram is used to associate multiple possible causes with a single effect. In a particular effect, the diagram is constructed to identify and organise possible causes for it. In other words, this diagram represents the relationship between a problem and its potential causes. Number 23 15 7 3 2

110

It deals with factors and not quantities. This type of diagram is useful in any analysis, as it illustrates the relationship between cause and effect in a rational manner. To use Cause and Effect Diagram, define the effect or problem that you are analysing. Write it down in a box on the right. List all possible potential causes on a separate sheet of paper without regard to relationships. Classify these causes by themes. Each theme represents a diagonal attached to the spine of the diagram. The individual causes are listed along the diagonal. Subbranches can be created to break down factors in the causes. Once you have constructed the diagram, you can go on to investigate the causes. You can compare them by setting up a Pareto diagram. For example, a company wants to look at the causes for data processing errors. The causes are organised according to the cause and effect diagram. Three main causes of the error were identified as, client, time and typist. Various reasons to cause defect at these three classes are identified by cause and effect diagram, which are to be corrected from source level to eliminate the data processing errors. 6. Scatter Diagram Scatter diagrams are graphical tools that show the relationship between two variables. The diagram creates a coordinate for each variable and then plots the occurrences where the values intersect. This type of diagram is used to find out the correlation between the variables. It is often used to find the causes of problems. To use Scatter Diagram, establish vertical and horizontal axes with appropriate scales. Usually, the horizontal axis is the one over which you have control. Plot each data point. The more closely the dots group along an axis, the stronger the correlation. The more scattered they are, the weaker the correlation. If you determine a correlation, statistical analysis can give a more accurate indication of the relationship. For example, a company wants to investigate whether the operators errors are related to volume of work. The number of errors per month is tracked for operators with different level of work volume. The values are entered on a scatter diagram. The relationship of the data points indicates a strong positive correlation. The more the volume of work, higher the errors.

7. Control Chart The control chart is means of monitoring a process according to tolerance limits. The control chart is the fundamental tool of statistical process control, as it indicates the range of variability

111

that is built into a system (known as common cause variation). The chart allows you to track the normal variations that indicate if a process is in control and to determine when it goes out of control. This chart is used for any process with frequent and measurable outcomes. Thus, a control chart helps you to determine whether or not a process is operating consistently or if a special cause has occurred to change the process variance. The use of statistical methods in a systematic manner to identify root causes of problem. To use control chart, take a random sample of outcomes and use statistical techniques to determine upper and lower control limits. These are not the same as specification tolerances. Rather, they are the values which, if the outcomes exceed them, indicate that the outcomes are not the result of random variation, but of some specific cause. Once the control limits have been determined, plot the outcomes over time or occurrence. If the data points fall outside these bounds, it represents variations due to special causes, which can typically be found and eliminated. If all the values are within the limits, then the process is under control. Example: An engineering company producing hardware components wants to control its shipping in order to have minimum inventory at its works using control chart.

Time is measured on the horizontal axis, which usually corresponds to the average value of the quality characteristic being measured. Two other horizontal lines represent the upper and lower control limits. These are chosen so that there is a high probability that sample values will fall within these limits if the process is under control or affected only by common causes of variation. If points fall outside the control limits or if unusual patterns, such as, shifts up or down, trends up or down, cycles and so forth exist, then there is reason to believe that special causes might be present. Self Assessment Questions 1. Many companies use ________ to improve the quality of products, processes, and to manage risks. 2. The Quality Control tools Provide greater ______________ through superior quality and services. 3. _______ is a pre-designed format for collection of data. 4. A Pareto chart is one of the special forms of bar chart which is intended to determine the most _______ in a situation.

112

5. The Cause and Effect Diagram is useful in any analysis, as it illustrates the relationship between ________ in a rational manner. Activity 1: Draw a Histogram for the following data: Data Range 0 10 10 20 20 30 30 40 40 50 8.4 Probability Techniques Risk is defined in two dimensions: uncertainty and the effect on objectives. It is common to use the terms probability and impact to describe these two dimensions. A typical twodimensional definition of risk in the realm of project risk management is An uncertain event or condition that, if it occurs, has a positive or a negative impact on a project objective[1]. An effective risk management requires assessment of risk considering both these factors. It is relatively simple to assess effect on objectives, since this merely requires defining the situation after the risk has occurred, and then imagining what happens: If this risk occurred, what would the effect be? Probability is not so easy however. Risk owners and project teams experience repeated difficulty in assessing the probability that a given risk might occur. Probability of Occurrence 0 10% 11 40% 41 60% 61 90% 91 100% Table 1: Probability of occurrence Probability techniques can be used to assess risk and identify consequences of the risk. Risk identification is the process of establishing the probability of occurrence of an adverse event and the consequences of the event. Risk estimation, consequently, is an estimation process, starting from the occurrence probability and ending at the consequence values. Probability of occurrence is the likelihood that a risk will occur. The risk rating is based on the probability of impact and the level of impact.

Frequency 1 3 6 4 2

Very unlikely to occur Unlikely to occur May occur about half of the time Likely to occur Very likely to occur

113

Figure 1: Risk event probability Frequent Occurs often in a project. Everyone is exposed to the risk and the risk is continuous. Likely Occurs several times in a project. All members are exposed to the risk and it occurs frequently. Occasional Occurs sometime in a project. All members are exposed to the risk and it occurs sporadically, or several times in a project. Seldom Possible to occur in a project. All members are exposed to the risk and there are remote chances of occurrence; expected to occur sometimes in a project. Unlikely Can assume will not occur in a project. All members are exposed to the risk and it occurs only very rarely. Risk event probability is the probability of occurrence of a risk event in the future. For example, when we assess the probability of occurrence of a risk, we are technically assessing a conditional probability; that is, 0 < Prob (A|B) < 1, where, A is the Associated Risk Event and B is the Condition Present. The following table provides a guide for assessing risk event probabilities. Risk Event Probability > 0 <= 0.05 > 0.05 <= 0.15 > 0.15 <= 0.25 > 0.25 <= 0.35 > 0.35 <= 0.45 > 0.45 <= 0.55 > 0.55 <= 0.65 Interpretation Extremely sure not to occur Almost sure not to occur Not likely to occur Not very likely to occur Somewhat less than an even chance An even chance to occur Somewhat greater than an even chance Rating Low Low Low Low Medium Medium Medium

114

> 0.65 <= 0.75 > 0.75 <= 0.85 > 0.85 <= 0.95 > 0.95 < 1

Likely to occur Very likely to occur Almost sure to occur Extremely sure to occur

High High High High

Table 2: Risk event probability If a risk event has probability equal to zero, then we say the risk event does not exist. If a risk event has probability of one, then we say the event is no longer a risk. 8.5 Flow Charts Flow charts are easy-to-understand diagrams showing how steps in a process fit together. This makes them useful tools for communicating how processes work, and for clearly documenting how a particular job is done. Furthermore, the act of mapping a process in a flow chart format helps you clarify your understanding of the process, and helps you think about where the process can be improved. A flow chart can be used to: Build a step-by-step picture of the process for analysis, discussion, or communication Define and analyse processes Define, standardise or find areas for improvement in a process Most flow charts are made up of three main types of symbols: Elongated circles, which signify the start or end of a process

Rectangles, which show instructions or actions

Diamonds, show decisions that must be made

115

Within each symbol you can write down what the symbol represents. This could be the start or finish of the process, the action to be taken, or the decision to be made. Symbols are connected to one another using arrows, showing the flow of the process. To draw the flow chart, brainstorming process tasks and list them in the order they occur. Ask questions such as "What really happens next in the process?" and "Does a decision need to be made before the next step?" or What approvals are required before moving on to the next task?" Start the flow chart by drawing the elongated circle shape, and labelling it "Start". Then move to the first action or question, and draw a rectangle or diamond appropriately. Write the action or question within the shape and draw an arrow from the start symbol to this shape. Work through your whole process, showing actions and decisions appropriately in the order they occur and link them together using arrows to show the flow of the process. Where a decision needs to be made, draw arrows leaving the decision diamond for each possible outcome, and label them with the outcome. Show the end of the process using an elongated circle labelled "Finish". After the flow chart is drawn, check if you have correctly represented the sequence of actions and decisions involved in the process. And then look at the steps identified and check whether work is duplicated or if it can be improved. Flow charts can quickly become complicated that you cannot show them on one piece of paper. This is where you can use "connectors" (shown as numbered circles) where the flow moves off from one page onto the other. By using the same number for the off-page connector and the onpage connector, you can show that the flow is moving from one page to the next. Example: This example shows part of a simple flow chart which helps receptionist route incoming phone calls to the correct department in a company:

116

Figure 2: Flow chart example Activity 2: Draw a flow chart depicting the process of activities involved in booking a railway ticket. 8.6 Fishbone Diagram The Fishbone diagram is also known as the cause and effect diagram or the root cause analysis or the Ishikawa[2] diagram. It is called the Fishbone diagram because the diagram resembles that of a fishbone. In simple terms, Fishbone is brainstorming in a structured format. This risk analysis technique uses graphical means to relate the causes of a problem in other words, to determine cause and effect. The diagram focuses on the causes rather than the effect. Because there may be a number of causes for a particular problem, this technique helps to identify the root cause of the problem in a structured and uncomplicated manner. The Fishbone diagram helps us to arrive at the root cause of a problem through brainstorming. The Fishbone diagram is used:

117

To analyse and find the root cause of a complicated problem When there are many possible causes for a problem If the traditional way of approaching the problem (trial and error, trying all possible causes, and so on) is time consuming If the problem is very complicated and the project team cannot identify the root cause The Fishbone diagram need not be used when the problem is small, team size is small, there is no time constraint and there are no communication gaps within the team. Here are the various tasks involved in constructing a Fishbone diagram: Define the problem Brainstorm Identify causes 1. Define the problem The first step is to define the problem for which the root cause has to be identified. Usually the project manager identifies and defines the problem. The project manager chooses the problems that are critical, that need a permanent fix, and that are worth brainstorming with the team. After the problem is identified, the project manager constructs the Fishbone diagram on a sheet of paper. The problem is defined in a square box to the right side of page. A straight line is drawn from the left to the problem box with an arrow pointing towards the box. The problem box now becomes the fish head and its bones are to be laid in further steps. At the end of the first step, the Fishbone diagram looks like:

Figure 3: Fishbone diagram-after step one 2. Brainstorm The team now conducts brainstorming sessions to identify the root cause of the problem. Brainstorming helps to gathers ideas from people who are potential contributors. Once the root causes of the problem are identified, they are categorised into six major categories Method, Man, Management, Measurement, Material and Machine.

118

Though the above are a few important problem categories, during the brainstorming session, the team is encouraged to come up with all possible categories. Categorising the results of brainstorming helps the team find the possible causes. Category Description Methods are ways of doing things or the procedures Method followed to accomplish a task. People are responsible for the problem. The problem may Man have been caused by people who are inexperienced, who cannot answer prompted questions, and so on. Management refers to project management; poor management decisions, such as upgrading two components Management simultaneously rather than deploying changes serially may cause technical problems. Measurement refers to metrics that are derived from a Measurement project. Problems may occur if measurements are wrong or the measurement technique used is not relevant. Material basically refers to a physical thing. Material may be Material the least likely cause, but it is a possible cause. A machine in software usually refers to the hardware, and Machine there are a lot of possibilities that a problem can be due to the machine, such as performance issues. Other possible categories include policies, procedure, technology, and so on. At the end of the preliminary brainstorming session, the Fishbone diagram looks like:

Figure 4: Fishbone diagram-after step two After the major causes (usually four to six) are identified, connect them as fish bones in the Fishbone diagram. They are represented as slanted lines with the arrow pointing towards the backbone of the fish. See Figure 4.

119

Sometimes it is difficult to arrive at a few major causes. The team may come up with a lot of causes, which makes brainstorming more difficult. In this case, the project manager can assign 10 points to each team member for each possible cause, and let them assign the rating (from 1 to 10, 10 being most likely cause) to each cause. After everyone in the team has rated the causes, the project manager totals each of the causes and ranks them based on their ratings. From the list, the top four to six causes are identified as major causes and connected as bones in the diagram. The diagram looks a little like the skeleton of a fish, hence the name Fishbone. 3. Identify Causes After the major causes of the problem are identified, each one of them is discussed in further detail with the team to find out the secondary causes. If needed, the secondary causes are further discussed to obtain the next level of possible causes. Each of the major causes is laid as a fishbone in the diagram and the secondary causes as "bonelets." The diagram now has a comprehensive list of possible causes for the problem, though the list may not be exhaustive or complete. However, the team has enough information to begin discussing the individual causes and to analyse their relevance to the problem. The team can use analytical, statistical, and graphical tools to assist in evaluating each of the causes. The Pareto principle is also used to find the elements that cause major problems and to list them as major causes in the Fishbone diagram. After the third step, the Fishbone diagram looks like:

Figure 5: Fishbone diagram-after step three Sometimes the Fishbone diagram can become very large because the team may identify many possible causes. This makes the diagram complex-looking. A simple and neat-looking Fishbone diagram may indicate that a thorough brainstorming is not done or that the team lacks sufficient knowledge about the problem domain. A good Fishbone diagram is one which is complete and has explored all the possibilities for a problem. The team should identify all possibilities to arrive at a good Fishbone diagram.

120

After the causes are identified and categorised, the action plan has to be decided. If one possible root cause is identified, then the action plan has to be derived to rectify it. Sometimes, it may be difficult to arrive at the root cause; there may be a few possible root causes. In this case, the action plan has to be drawn for each of the possible root cause. After the action plan is ready, the project manager can designate an individual or team to work on the plan and to rectify the problem permanently. If there are a few possible root causes, all the action plans are to be executed, and the most likely root cause is identified and fixed. 8.7 PERT/CPM for Project Scheduling & Management Basically, Critical Path Method (CPM) and Programme Evaluation Review Technique (PERT) are project management techniques, which were created out of the need for Western industrial and military establishments to plan, schedule and control complex projects. Planning, Scheduling and Controlling Planning, Scheduling (or organising) and Control are considered to be basic managerial functions. More than the technical benefits, PERT/CPM provides a focus around which managers can brainstorm and put their ideas together. CPM/PERT are useful in planning costs, scheduling manpower and machine time and can answer the following important questions related to a project: How long will the entire project take to be completed? What are the risks involved? Which are the critical activities or tasks in the project which could delay the entire project if they were not completed on time? Is the project on schedule, behind schedule or ahead of schedule? If the project has to be finished earlier than planned, what is the best way to do this at the least cost? The Framework for PERT and CPM Both these techniques follow six common steps, they are: Define the Project and all significant activities or tasks in the project. The Project (made up of several tasks) should have only a single start activity and a single finish activity. Develop the relationships among the activities. Decide which activities must precede and which must follow others. Draw the "Network" connecting all the activities. Each activity should have unique event numbers. Dummy arrows are used to avoid giving the same numbering to two activities. Assign time and/or cost estimates to each activity

121

Compute the longest time path through the network. This is called the critical path. Use the Network to help plan, schedule, monitor, and control the project. Each activity (or sub-project) in a PERT/CPM Network is represented by an arrow symbol. Each activity is preceded and succeeded by an event, represented as a circle and numbered. Following is an example PERT/CPM Network.

Figure 6: PERT/CPM Network In the figure 6, at Event 3, you can evaluate two predecessor activities Activity 1-3 and Activity 2-3, both of which are predecessor activities. Activity 1-3 gives an Earliest Start of 3 weeks at Event 3. However, Activity 2-3 also has to be completed before Event 3 can begin. Along this route, the Earliest Start would be 4+0=4. The rule is to take the longer (bigger) of the two Earliest Starts. So the Earliest Start at event 3 is 4. Similarly, at Event 4, you can evaluate two predecessor activities Activity 2-4 and Activity 3-4. Along Activity 2-4, the Earliest Start at Event 4 would be 10 wks, but along Activity 3-4, the Earliest Start at Event 4 would be 11 wks. Since 11 wks is larger than 10 wks, you can select it as the Earliest Start at Event 4. You have now found the longest path through the network. It will take 11 weeks along activities 1-2, 2-3 and 3-4. This is the Critical Path. The key concept used by CPM/PERT is that a small set of activities, which make up the longest path through the activity network control the entire project. If these "critical" activities are identified and assigned to responsible persons, management resources can be optimally used by concentrating on the few activities which determine the fate of the entire project. Non-critical activities can be re-planned, rescheduled and resources for them can be reallocated flexibly,

122

without affecting the whole project. Five useful questions to ask when you prepare an activity network are: Is this a Start Activity? Is this a Finish Activity? What Activity Precedes this? What Activity Follows this? What Activity is Concurrent with this? Some activities are serially linked. The second activity can begin only after the first activity is completed. In certain cases, the activities are concurrent, because they are independent of each other and can start simultaneously. This is especially the case in organisations which have supervisory resources so that work can be delegated to various departments which will be responsible for the activities and their completion as planned. When work is delegated like this, the need for constant feedback and co-ordination becomes an important senior management preoccupation. To make the Backward Pass, we begin at the sink or the final event and work backwards to the first event. In figure 5, at Event 3 there is only one activity, Activity 3-4 in the backward pass, and we find that the value is 11-7 = 4 weeks. However at Event 2 we have to evaluate 2 activities, 2-3 and 2-4. We find that the backward pass through 2-4 gives us a value of 11-6 = 5 while 2-3 gives us 4-0 = 4. We take the smaller value of 4 on the backward pass. Tabulation & Analysis of Activities After the network structure is created, you can tabulate the various events and calculate the Earliest and Latest Start and Finish times. You can also compute the Slack or Total Float, which is defined as the difference between the Latest Start and Earliest Start. There are two important types of Float or Slack. These are Total Float / Slack and Free Float / Slack. Total Float is the spare time available when all preceding activities occur at the earliest possible times and all succeeding activities occur at the latest possible times. Activities with zero Total float are on the Critical Path Total Float = Latest Start Earliest Start Free Float is the spare time available when all preceding activities occur at the earliest possible times and all succeeding activities occur at the earliest possible times. When an activity has zero Total float, Free float will also be zero.

123

There are various other types of float (Independent, Early Free, Early Interfering, Late Free, Late Interfering), and float can also be negative. From the example in figure 6, the tabulations are made as shown in the table below: Event Duration (Weeks) 12 4 23 0 34 7 13 3 24 6 Earliest Start 0 4 4 0 4 Earliest Finish 4 4 11 3 10 Latest Start 0 4 4 1 5 Latest Finish 4 4 11 4 11 Total Float 0 0 0 1 1

The Earliest Start is the value in the rectangle near the tail of each activity The Earliest Finish is = Earliest Start + Duration The Latest Finish is the value in the diamond at the head of each activity The Latest Start is = Latest Finish Duration Having computed the various parameters of each activity, you are now ready to go into the scheduling phase, using a bar chart known as the Gantt chart.

Figure 7: Grant chart Once the activities are plotted on a Gantt Chart (see figure 6), the concepts of Earliest Start & Finish, Latest Start & Finish and Float will become very obvious. For the example in figure 6, the Gantt chart is shown in figure 7. Activities 1-3 and 2-4 have total Float of 1 week each, represented by the solid timeline which begins at the latest start and ends at the latest finish. The difference is the Float, which gives the flexibility to schedule the activity.

124

The PERT (Probabilistic) approach So far you have studied about projects, where there is high certainty about the outcomes of activities. In other words, the cause-effect logic is well known. This is particularly the case in engineering projects. However, in Research & Development projects, or in Social Projects which are defined as "Process Projects", where learning is an important outcome, the cause-effect relationship is not so well established. In such situations, the PERT approach is useful, because it can accommodate the variation in event completion times, based on an experts or an expert committees estimates. For each activity, three time estimates are considered: The Most Optimistic The Most Likely The Most Pessimistic The Duration of an activity is calculated using the following formula:

Where te is the Expected time, to is the Optimistic time, tm is the most probable activity time and tp is the Pessimistic time. It is not necessary to go into the theory behind the formula. It is enough to know that the weights are based on an approximation of the Beta distribution. The Standard Deviation, which is a good measure of the variability of each activity is calculated by the simplified formula:

The Variance is the Square of the Standard Deviation. After the Standard Deviation and the Variance are calculated, risk analysis can be done. Before that you should be aware of two most important assumptions made by PERT. The Beta distribution is appropriate for calculation of activity durations Activities are independent, and the time required to complete one activity has no bearing on the completion times of the successive activities in the network. PERT assumes that the expected length of a project is simply the sum of their separate expected lengths. Thus the summation of all the tes along the critical path gives the length of the project. Similarly the variance of a sum of independent activity times is equal to the sum of their individual variances.

125

The probability of project completion by due date is calculated using the following formula:

Where, Z is the probability of completion, D is the due date, te is the Expected time and St is the standard deviation. 8.8 Project Insurance Now-a-days business is becoming competitive day by day due to liberalisation policies and globalisation. The business and industry is passing through the phase of bearing risk after risk. It is well said that Business is always associated with the risk factor. Effective risk management requires the evaluation of alternative plans and policies for reducing or controlling exposure to risks. However, due to the uncertainties involved in the analysing realworld business systems, even the most sophisticated risk management process may not be successful. The most dependable tool used in risk management is insurance. Besides the standard health, life, and possibly disability insurance, you need to look at the types of liability and property insurance you may need. Specialised insurance for particular risks in your business can also be necessary. For instance, if you have a chemical component of your production process, you may want special toxic risk insurance. Many people prefer a comprehensive policy that has a large deductible which reduces the cost of the policy. Hence it is necessary to get the right insurance coverage for your business. Make sure that you arrange for the insurance coverage before you start your business. This seems like common sense, but in the rush to get money coming in the door it is often put off. Your insurance and your contingency plans are your risk management system. Make it an annual commitment to review the system and update it as necessary. Involve your employees as much as possible in the risk management process; they can spot the flaws that can be tomorrows disaster. Insurance cover policy is normally utilised by the companies in the process of establishing project for the manufacturing or production activity of the organisation. Here the risk is insured against loss, damage, liability or expense for movement of goods. Also the goods required to be procured for the project are insured against risks of physical loss or damage that may be incurred during inland transit by Rail or Road. Under the preview of this policy, the risk of goods comprising plant & machinery items are insured for safe carriage by sea, rail, lorry, air, courier, post from suppliers warehouse to owners warehouse at project site, its storage and further handling up to erection at site. For example, Marine Insurance Policy can be taken for hundred and fifteen percent of the value of goods being imported. Once there are accumulations of many claims, it is all the more necessary to have the regular monthly meeting involving the affected parties and the insurance company to review about the claim settlement. Timely settlement of the claim will certainly add to supplement finance

126

requirement and replacement of damaged/lost goods can be done on ongoing basis till the project completion stage is reached. Self Assessment Questions 6. ______ can be used to assess risk and identify consequences of the risk. 7. A flow chart can be used to ________ processes. 8. The _______ is also known as the cause and effect diagram. 9. ________ helps to gathers ideas from people who are potential contributors. 10. _______, signify the start or end of a process in a flow chart. 11. The Fishbone diagram need not be used when the _______, ________, there is no time constraint and there are no communication gaps within the team. 12. CPM/PERT are useful in planning costs, _______ and machine time. 13. _________ the evaluation of alternative plans and policies for reducing or controlling exposure to risks. 14. Insurance cover policy is normally utilised by the companies in the process of establishing project for the _______ activity of the organisation. 15. Flow charts organise information about a process in a _______ and makes it clear who is impacted at every stage. 8.9 Summary In any organisation problem analysis and management tools are crucial to success. Risk management tools help in identifying, assessing and handling risks. The Quality Control tools encourage and enhance teamwork as problems are addressed through groups. Brainstorming is a process to gathers ideas from people who are potential contributors. Flow charts organise information about a process in a graphical manner and makes it clear who is impacted at every stage. The fishbone diagram helps in identifying the possible causes for an effect or problem. It can be used to structure a brainstorming session. It immediately sorts ideas into useful categories. The most dependable tool used in risk management is insurance. Glossary Term Intersect Correlation Axes Description To cut across or through. Qualitative correspondence between two comparable entities. Qualitative correspondence between two comparable entities.

127

8.10 Terminal Questions 1. What are the main purposes of risk management tools? 2. What are the 7 seven Quality Control tools to manage risks? Explain each one of them in brief. 3. Give a brief explanation on flow charts. 4. Explain fish bone diagram various tasks involved in constructing a Fishbone diagram. 5. Explain the Framework for PERT and CPM network. 8.11 Answers Self Assessment Questions 1. Quality Control tools 2. customer satisfaction 3. Check sheet 4. important factors 5. cause and effect 6. Probability techniques 7. Define and analyse 8. Fishbone diagram 9. Brainstorming 10. Elongated circles 11. problem is small, team size is small 12. scheduling manpower 13. Effective risk management requires 14. manufacturing or production 15. graphical manner

128

Terminal Questions 1. Refer Para 8.2 2. Refer Para 8.3 3. Refer Para 8.5 4. Refer Para 8.6 5. Refer Para 8.7

[1] Project Management Institute 2000, 127 [2] Named after its originator Kaoru Ishikawa, the Japanese quality pioneer Copyright 2011 SMU Powered by Sikkim Manipal University .

129

PM0007-Unit-09-Organisational Design and Project Risk

Unit-09-Organisational Design and Project Risk Structure: 9.1 Introduction Learning Objectives 9.2 Organisational Design and Purpose 9.3 Management of Needs and Requirements 9.4 Planning Shortcomings 9.5 Estimation Errors 9.6 Need for Documentation 9.7 Summary 9.8 Case Study 9.9 Terminal Questions 9.10 Answers 9.1 Introduction Organisation Design is a formal, guided development for integrating the people, information, and technology of an organisation. This process is implemented to match the organisation structure as closely as possible to the goal that the organisation seeks to achieve. Through the design process, organisations aim to ensure that the collective efforts of the members lead to better handling of risks. Typically, organisational design is adopted as an internal change under the guidance of an external channel. Managers and members work together to define the needs of the organisation and then create appropriate systems to meet defined needs most effectively. The channel encourages creative thinking and provides for a systematic procedure to be followed. While designing the organisation structure, key attributes need to be well laid out. Some of them include communication, cultural alignment, and transparency. Also, other areas such as definite goals and targets, talent retention, and vision are to be dealt while doing organisational design.

130

Based on extensive interactions with all important stakeholders, challenges and constraints across the set-up should be mapped. After analysing the impact of its intensity across the system, the team comes up with best solutions. They provide suggestions and recommendations for top level restructuring, improving specific business processes, and effecting organisational change. Learning Objectives: By now you must be familiar with risk identification, risk analysis, organising risk management, and various risk handling strategies and tools. This unit familiarises you with Organisational Design, and various associated topics such as management of needs and requirements, planning shortcomings, estimation of errors, and the need for documentation. After studying this unit, you will be able to: Explain organisation design and its need. Identify and manage the needs and requirements of an organisation. Assess all shortcomings in a project and plans. Estimate the errors in the project and initiate rectification measures. Appreciate the importance and need for documentation. 9.2 Organisational Design and Purpose Organisational design enables the organisation to improve its processes and achieve the main goals successfully. Organisation design is set in motion with the creation of a strategy which is a group of decision guidelines for the members to choose appropriate measures. The strategy is derived from clear and concise statements of purpose, vision, and organisations basic philosophy. Strategy combines the objectives of the organisation and focuses members towards actions designed to accomplish desired outcomes. The strategy encourages actions that support the purpose and discourages those that do not. Creating a strategy is planning and not organising. To organize, we must connect people with each other in meaningful and purposeful ways. Further, we must connect people with the information and technology necessary for them to be successful for a particular project. Organisation structure defines the formal relationships among people and specifies both their roles and responsibilities. Administrative systems govern the organisation through guidelines, procedures, and policies. Information and technology define the process through which members achieve the goals. Each element must support every other element of the process and together they must support and serve the organisations purpose. The purpose for which an organisation came into existence should be the foundation for everything its members do, including the choice of an appropriate way to organize. The idea is to build a way of organizing that best suits the purpose to be accomplished, regardless of the way in

131

which other, dissimilar groups are planned. Only when there are close similarities in desired outcomes, culture, and methods should the basic form of one organisation be applied to another with careful fine tuning. However, the patterns of activity that help one group in being successful may be dysfunctional for another group, and actually inhibit group effectiveness. To optimize effectiveness, the form of organisation must be matched to the purpose it seeks to achieve. Organisation design services include: Understanding objectives of change and the environment in which it takes place in the organisation. Understanding business activities such as processes, business association with vendors, volume of activities, and the levels of resources in the organisation. Advising development of new models for processes and interfaces and using them to define new structures, roles and relationships for offshore processes.

Figure 1: Organisation Design Services Project Risk in an Organisation There can be circumstances or events that render a project unsuccessful or only partially successful. If you consider such an event is likely to happen, such occurrence would be a risk. Identifying something as risk increases its visibility, and allows a proactive risk management plan to be put in place. This is part of the organisation plan. Risk management should start as early as possible. It should target to spot out and record the major issues that may affect the project including uncertainties and assumptions. As the project advances, the list of risks should be reviewed to ensure that it remains comprehensive. The project objectives are a critical reference for the project. They act as the definition of success for the project and the goals for the people involved in the project. The objective document should contain the project goal statement and a list of project deliverables. A face-to-face meeting with stakeholders is a good way to build the project objectives document. During this meeting, the project manager should ensure that everyones view is being heard and that everyone is

132

participating. After the meeting, he should prepare the objectives document and distribute for sign-off. This is one way to reduce the amount of risks that can occur in a project. 9.3 Management of Needs and Requirements Projects do not just happen; they need to be planned. They have a limited budget and must be completed within set deadlines. They usually come in addition to normal work or in a limited period where the project participants are released from their usual duties. Project managers plan for the project requirements phase followed by analysis, design, and implementation phases. However, many projects go wrong resulting in project failure. A key reason for this failure is that people have been unable to clearly identify or classify the project requirements. It can result in analysis and design phases either getting prolonged in duration or not producing the desired result. General Types of Requirements Requirement as a term is used usually to cover a number of levels of detail. As such, the naming convention used can be different. There are many types of requirements that a project and an organisation could have: Business Requirements: These requirements include business impact of a solution, cost benefit analysis, and integration within the general business environment. Business User Requirements: These requirements include expected business usage of the solution and its key characteristics. Functional Requirements: These requirements include detailed necessities of functionality expected, in particular user functions and user interaction. System (Non-Functional) Requirements: These requirements include expected operation of the solution of all non-functional areas and expectations covering things such as interfaces, availability, performance, backup, and restoration. Software Requirements: It requires some dedicated effort and time to define clear software requirements. The initial set of requirements should be derived from project initiation. As the project proceeds from there, further requirements are developed. [1] All requirements that are defined for the project or the organisation must be: Unambiguous: They should clearly state the point and avoid unclear or general statements. Specific: They should be specific to cover the point fully and avoid covering multiple needs in one requirement.

133

Testable: They should be verifiable. Test cases/scenarios are written to establish that this requirement has been implemented. Managing and balancing the requirements in relation to project, people and organisation goals is the main target of managing requirements. The people and performance model confirms that performance is a sum of employee Ability, Motivation, and Opportunity (AMO). Despite widespread evidence of this people-performance link within manufacturing and many service sectors, studies within the construction industry are limited. A recent research project explored the team deployment strategies of a large construction company. It set out to establish how a balance could be achieved between organisational strategic priorities, operational project requirements, and individual employee needs and preferences. The findings suggested that project priorities often took precedence over the delivery of the strategic intentions of the organisation in meeting employees individual needs. This move is found to be not sustainable in long term because of the negative implications that such a policy had in relation to employee stress and staff turnover. It is suggested that a resourcing structure that takes into account the multiple facets of AMO may provide a more effective approach. Such structure balances organisational strategic priorities, operational project requirements, and individual employee needs and preferences more appropriately in future. Documenting these requirements provides good requirements specification guidance. However, a problem can arise in the form of some practical limitations and resultant need to change the requirements to reflect what is really possible. As long as these changes are controlled and managed, then this phase should not result in any surprises. Though this alone does not assure a successful project, it is surely a step in the right direction. Self Assessment Questions 1. __________ is a process which is implemented to match the form of the organisation as closely as possible to the goal the organisation seeks to achieve. 2. During Organisation Design, _______ combines the objectives of the organisation and focuses members toward actions designed to accomplish desired outcomes. 3. The ___________ model confirms that performance is a sum of employee ability, motivation, and opportunity 4. __________ plan for the project requirements phase followed by analysis, design, and implementation phases. 5. __________ include detailed necessities of functionality expected, in particular user functions and user interaction. 6. Whenever software requirements are produced, they are documented into a ________ document.

134

9.4 Planning Shortcomings The key to a successful project lies in its planning. When undertaking any kind of project, you must create a project plan first. People fail to realize the value of a project plan to save time, money, and many problems. Projects are inherently complex and hence require a very careful planning without which the project can not succeed. A well-planned project can be actively controlled, to do so you must ensure that progress is visible. Projects are generally intangible and it is difficult to predict with certainty about how or when a particular process is likely to cause development problems. Projects can be affected by technical and managerial problems. Statistics show that more than 30% of all projects are never completed. Of those completed, only 9-16% meet their time and budget projections. Over half of the projects exceed the budget by 200%. Thus it becomes all the more essential to manage your risks and plan in ahead for the shortcomings so that you can help in reducing the project overheads. The success of a project depends on how the project is managed. There are shortcomings in different project management activities. Proper discussions and corrective measures for such shortcomings can help solve the issues. Some of the shortcomings include: change in project scope change in planning that includes estimation, scheduling, risk management, project control, progress monitoring and reviews, human resources management, teamwork, project managers and consultants project visibility work environment user involvement and management tools Less details on project strategy, project definition, value management, technology management Linkage with programs and portfolios. All these shortcomings derive from its intellectual perspective of project management essentially as an execution discipline of delivering a project on time, in budget, to scope. The shortcomings described above can lead to a strict focus on the execution of projects, which creates tactical tunnel vision within organisations. Such tunnel vision can help many organisations to implement formal project management processes to create a tactical mindset at a time when the strategic use of resources is vital to those organisations. This tactical thinking is exactly what is needed to ensure that things get done within a project. However, strategic thinking is also as important to ensure the optimal use of time, resources, and money to ensure that each project undertaken is aligned with organisations business strategy. 9.5 Estimation Errors

135

Estimation is a very important activity for projects. The complete budgeting and planning is allocated based on estimates. Any errors in estimates could lead to cost, time and effort overruns. Thus it is better to get familiar with the type of errors one could land up during estimation so that they can be overcome at the estimation stage itself. During planning, teams conduct the project estimates using either bottom-up or top-down estimates. Bottom-up estimates require an important investment in time to define scope and build an accurate estimate. Top-down approaches use similar estimates and rely on expert opinion to estimate duration at a high level. If you start collecting actual performance data and compare actual results against baseline estimates, you can achieve an analogous estimation tool that is based on bottom-up data from past projects. Estimating projects are always a heavy activity since the technology is complex, users frequently change their minds, and things often do not work out as planned. This is true whether it be any approach. Estimation error is the error caused by observing a sample instead of the whole project. Using the sample data does not match the results obtained from data involving the entire project from which the sample is derived. Hence, it presents a risk. Using a sample of 43 internal software development projects, correlation analysis and linear regression models are applied to test the project model and the hypotheses on the relations between the four dimensions. It was found that a high level of uncertainty is linked with higher effort of estimation errors. Increased use of estimation development processes, estimation management processes, and greater estimator experience are correlated with lower duration estimation errors. From a practical viewpoint, the exact findings can be used as guidelines for better duration and effort. Expectations regarding estimate accuracy can be effectively managed by implementing measures based on specific criteria. Some of such measures to reduce estimation errors include: Accounting for project uncertainty. Investing more in detailed planning. Selecting estimators based on the number of projects they managed rather than on cumulative project management experience. At the end of the project, organisations often spend time to document the lessons learnt. But few organisations measure their actual performance and record it for future estimation or guidance. One of the important reasons for inaccurate estimates is the strong tendency to perceive factors outside the respondents own control. Reasons for accurate estimates are typically the factors that are within the respondents own control and are determined by the estimators skill or experience. This bias in types of reason means that the collection only of project managers viewpoints do not yield balanced models of reasons for estimation error. Reasons for estimation error have tended to collect information from project managers only. It is advisable that organisation always combines the estimation error information from in-depth interviews with stakeholders in all relevant roles, estimation experience reports, and results from statistical analyses of project characteristics.

136

Given below are some tips to remove the top three project estimating mistakes: 1. Confirm all Assumptions (Trust No One) Client confusion often lands the project managers in a messy situation. Never accept a client or other project managers word as final. It is very much possible that clients sometimes are not clear about what they say. For example, if a client says that he has 25 32-bit Windows XP Professional workstations, do not assume it to be true until you visit the clients site and complete your own inventory. Otherwise, discovering a handful of 64-bit Windows Vista workstations late in a deployment can throw you in a situation where your client expects you to manage this changed configuration without extra cost. By eliminating these potential project loopholes, you can mitigate "known unknowns" or elements that can commonly trigger cost overruns. 2. Do not Expect Trouble-free Projects (Plan for Unknown unknowns) You have only certain amount of information upon which you can base project estimates. Since project cost estimates include time as well as material, it is important that time is allotted for unpredicted problems, changes, incompatibilities, and other issues. Since it is complicated to provide a simple standard or calculation that you can apply to all projects, you need to determine the bare minimum amount of time that is required to complete a project. Look for years of experience and real lessons learnt in completing similar projects; identify steps or stages that are likely to encounter trouble, and how long such delays might require to get resolved. Be sure to build appropriate time into original project planning documents, recommendations, proposals, and costs to accommodate inevitable problems. While you cannot compensate for all "unknown unknowns," you can at least take steps to responsibly plan to mitigate contingencies. 3. Specify Exactly What Estimates Include (Put it all in Writing) Miscommunication is easy. You may say to Clients that a project estimate includes the time, equipment, and software to deploy a new customized database. Clients do not distinguish between all the needs. State exactly which items are covered when building project estimates and proposals. Be sure to include all requirements clearly in a contract or project agreement and state additional labour, equipment, and software not covered by the projects cost estimate may be required to complete the project. For example, for a custom database roll-out state that the costs of a new server include one new server with a specific CPU, RAM, disk configuration, operating system, license count, and any additional software. That way, if a discrepancy arises when it is determined the client possesses no licenses; you are covered. If you do the homework discussed earlier; you can avoid the potential "known unknown." If you review dependencies carefully, allow time for unforeseen issues, and document the projects specifics in writing, you will be much better positioned to accommodate "unknown unknowns" when they arise. 9.6 Need for Documentation

137

Documentation is a vital need in the project management. There are many benefits to have proper documentation in place. Accurate documentation provides for easier usage and facilitates better communication and reviews. Hence, creating a well-structured and well-written document to make things simple is a must in project management now days. Aspects of Project to Document: Documentation shows that you know what you are doing, and even if you do not use complete material and documentation techniques, there is a historic record of project details. Most importantly documentation provides a learning base for removing similar mistakes in projects in future. Documentation also helps you guard against the risk of potential litigation. One of the most important aspects of running any business or organisation successfully is to ensure that you always have precise documentation of every single important transaction, process, and action that takes place. This enables you to have a clear reference point whenever anything is in question. In addition, the probability of processes and actions deviating from their expected results are very low. When there is a comprehensive database of documentation about the requirements and procedures that need to be implemented, every business process happens systematically. Some of the subjects and topics in the businesses need documentation on a regular basis. In general, the following aspects of a project should be documented: Basic usage is mostly covered in the main page. Greater advanced usage can be achieved by listing all matter in the documentation and giving examples on how to use them. Examples of usage to supply a working basic configuration file can be provided heavily. User interface, especially if it is not a common point-and-click one, can be added. This list can be extended further. But in general, a welldocumented program covers at least these in a readable fashion. Documentation should be written in such a manner so that anyone can read and understand it. Specifically, project documentation focuses on guiding the project team and readers to: Define the aim and background of the project Identify key deliverables and note milestone dates Assess quality, scope, resources, risk, training, and cost Document the technical parameters and technologies to be used Address the manner in which items are to be built or deployed Document any back-out or contingencies that could occur Communicate progress and update stakeholders

138

Documentation should be a part of evaluation and monitoring process of ongoing programs. It makes replication of successes possible, avoids pitfalls and reinvention of the wheel, and introduces particular programs and activities to each other. The best way to start documenting any process or complex project is to break the project down into manageable bite sized chunks. Managing a project as a whole can be vast; but by breaking it down into smaller sub-projects, you stand a much better chance to monitor and bring the project to an acceptable and successful closure. Proper documentation is critical to your projects success. Whether it is in the form of plain hardcopy documents, or in electronic form, you need to plan and develop project documentation before starting the project. Managers should anticipate the time required for developing such documents and update them whenever a change occurs. 9.7 Summary Organisation Design is a formal, guided development for integrating the people, information, and technology of an organisation. Through the design process, organisations aim to ensure that the collective efforts of the members are successful. Organisational design enables the organisation to improve its processes and achieve their goals successfully. To organize, we must connect people with each other in meaningful ways. Organisation structure defines the formal relationships among people and specifies both their roles and responsibilities. Understanding of requirements is the first phase in any project since all planning is based on these requirements. A key reason for project failure is that people are unable to clearly identify or classify the project requirements. Similarly, all possible shortcomings must be planned in different project management activities much beforehand so that they are tackled much before they occur. Proper discussions and corrective measures for such shortcomings can help solve the issues. Estimation errors generally occur due to the strong tendency to perceive factors outside the respondents own control. It is advisable that organisation always combines the estimation error information from in-depth interviews with stakeholders. Documentation is a vital need in the project management. There are many benefits to have proper documentation in place. Proper documentation is critical to your projects success. Hence, creating a well-structured and well-written document to make things simple is a must in project management. Glossary Term Cumulative Legitimacy Disputation Description Increasing by successive addition In accordance with law A controversial debate or discussion

Self Assessment Questions

139

State whether the following statements are True or False. 7. Projects are inherently complex and hence do not require a very careful planning without which the project can not succeed. 8. Proper discussions and corrective measures for such shortcomings can help solve the issues. 9. During planning, bottom-up estimates require an important investment in time to define scope and build an accurate estimate. 10. Defined process to remove errors causes errors in systems. 11. Client confusion often lands the project managers in a messy situation. 12. Accurate documentation provides for easier usage documentation and facilitates better addon modules. 13. Documentation does not help to guard against the risk of potential litigation. 14. Documentation should be written in such a manner so that no one can read and understand it. 15. Project documentation focuses on guiding the project team and readers to communicate progress and update stakeholders. Activity 1: You are a Project Manager in your Organisation. Your Organisation has bagged a prestigious project in IT domain, of which your Organisation does not have any previous project executions, and entrusted you with the responsibility to come out with a project plan. Prepare a comprehensive project plan that identifies potential estimation errors and suggest remedies for the same. Your project planning should be well documented highlighting the Project Estimate methods. Since this is the first project of this nature, highlight the relevance and importance of project documentation. 9.8 Case Study Time to market tailored products based on digitized customer information will be more important in electronic commerce. Econometric analysis of information technology investment and performance had been difficult given the lack of systematic data collected over time. A recent attempt to address this gap was initiated by William and Lorry who conducted three surveys of over 200 U.S. firms, collecting a rich data set of information on firms investments in several categories of information technology assets, as well as information about organisational parameters The first wave of these data, collected in 2000 and 2001, provides a crucial "before" baseline for many of the recent Internet-based changes in organisational performance and work. In this

140

project, they built on and extend this baseline by periodically surveying the organisations in the sample, as well as their emerging competitors. The initial efforts in the project went toward carefully defining a set of questions that are both interesting and researchable. After defining those questions, they developed and fielded two questionnaires. One was sent to CEOs and the other one was sent to the head of Human Resources in a matched sample of approximately 800 large U.S. firms. The third-party data set provided detailed information on IT hardware and software capital stocks for each of the firms in our sample. They investigated the influence of new technologies and business models on the ways firms use information technology. They analysed firms invested in IT for four different management objectives which were strategic, informational and transactional infrastructural. They explored the relationship between Investments in the different IT asset classes in the IT portfolio and different aspects of firm performance driven by a theoretical model linking asset class and performance metrics and investigated the business practices associated with superior (and inferior) returns from investments in the different IT asset classes in the portfolio. Updated measures used in previous research and, using those measures in the context of the 2003 survey datasets, refined the seven principles of the Digital Organisation and began analysis of the relationship between IT use and HR practices. Analyzed a sub-sample of the IT survey data, looking at the results in a specific industry (metal manufacturing). Constructed and formalized statistically the theoretical model of the organisational capabilities and practices that enable organisations to extract value from IT investments. Created six new measures of organisational IT capability from the IT survey data: internal IT use intensity, external IT use intensity, human resource capability, management capability, digital transaction intensity and internet capability. Analyzed the IT survey data testing the interactions between the six types of organisational capabilities and the four different asset classes of IT investment. Collected two panels of IT investment data from a sample of over 600 companies via a survey, and matched company observations in this survey sample to previously collected IT survey data and company financial data. Question: What are the methodologies used to perform Organisational design in the above mentioned IT project. 9.9 Terminal Questions 1. Give a brief introduction on Organisation Design.

141

2. What are the Needs and Requirements of the project management? 3. What are the key ingredients required for a project to be successful? 4. What are the tips to remove the top three project estimating mistakes? Explain in brief. 5. Explain how the documentation is a vital need in the project management. 9.10 Answers Answers for Self Assessment Questions 1. Organisation Design 2. Strategy 3. People and performance 4. Project managers 5. Functional Requirements 6. Requirements specification 7. False 8. True 9. True 10. False 11. True 12. True 13. False 14. False 15. True Answers for Terminal Questions 1. Refer to Section 9.1

142

2. Refer to Section 9.3 3. Refer to Section 9.4 4. Refer to Section 9.5 5. Refer to Section 9.6

[1] Information and Software Technology, Ofer Morgenshtern, Tzvi Raz and Dov Dvir, Butterworth-Heinemann Copyright 2011 SMU Powered by Sikkim Manipal University .

143

PM0007-Unit-10-Risk and Resistance to Change

Unit-10-Risk and Resistance to Change Structure: 10.1 Introduction Learning Objectives 10.2 Change 10.3 Objectives of Change 10.4 Imperatives for Change 10.5 Framework for Change 10.6 Why Change Fails 10.7 Resistance to Change 10.8 Accountability in Change 10.9 Summary 10.10 Terminal questions 10.11 Answers 10.12 Case Study 10.1 Introduction Change is necessary and inevitable. With each new day, customer and financial markets, the environment and almost everything else about our business scenario is changing. Managing any change initiative in such dynamic situations can sometimes be overwhelming. Sustaining a competitive advantage is increasingly complex as is the effect organisational change has on its people. Managers must understand the effects of change (strategic, technological and/or structural) on the organisation and its many parts, including projects and individuals. Workers tend to feel that the organisational change is either an outcome of their performance or an unnecessary whim of their management. Employees quickly move to blame management for

144

the loss of comfortable roles, tasks, seniority, income, and sometimes their jobs rather than accept the challenge of change. The organisations management is always held responsible by its employees and the other major stakeholders in business for undertaking changes in the business. Managing any change process is never easy and is a continuous part of organisational life. Learning Objectives: By now you must be familiar with all aspects of Project Risk Management. This unit familiarises you with aspects associated with change management whenever risks occur. It addresses various issues arising out of implementation of risk management policies/changes. It describes why organisations must implement the change, suggests framework for change, explains how and why change could fail, and how accountability and change are linked. After studying this unit, you will be able to: Define the importance of change in Risk Management Explain the objectives, types, advantages and drawbacks of change Analyse the imperatives for change Explain the framework for change Assess how and why change fails and analyse the reasons for resistance to change Elucidate the need for accountability in change 10.2 Change Almost all people are nervous about change. Many resist change either consciously or subconsciously. Sometimes these fears can have negative impact on them. In many cases, however, they come to realise that the change was for the better. The rate of change is rapid, particularly with the advent of the Internet and the swift deployment of innovative technologies and ways of doing business. Organisational change management requires understanding the sentiments of the target population and working with them to promote efficient delivery of the change. Organisational change management issues are often under-estimated or ignored entirely. Organisational change management is a vital aspect of almost every project. It should, therefore, be seen as a discrete and specialised work stream. Unfortunately, it is common to find that the human component of the project is not recognised as a separate element of the work. The project management team frequently has to do their best to ensure that a technological change is successfully implanted into the business. In the worst-case scenario, the project leadership do not

145

see this as part of their responsibility and blame the organisations line management when their new technical solution is not fully successful when put to use. There are two related aspects of organisational change that are often confused. Organisational change management is concerned with winning the hearts and minds of participants and the target population to bring about changed behaviour and culture. The key skills required in this are business psychology and people management skills. 10.3 Objectives of Change The objectives of change are: To know how people are meeting a given need now and alternative ways they prefer to meet that need. To develop new understanding of a target market by identifying what is important or potentially relevant. To identify why some customers prefer your product and others do not. To design better products and services and identify new opportunities. To assess the lives and environment of your customers, their motivations, their patterns of behaviour, perceptions, and desires. To identify the non-rational drivers of behaviour and put in place appropriate methods to address diverse behaviour patterns. To arrive at the things that everyone agrees on, and find the things that have a wide range of differing opinion. Types of Change Different types of change require different strategies and plans to effectively gain employee engagement and acceptance of change. There are three types[1] of change that occur most frequently in organisations, they are: developmental, transitional, and transformational. Organisational change management theories effectively support how to deal with developmental and transitional change, but are less effective at dealing with successfully implementing transformational change. A critical step in determining which approach to use in overcoming resistance to implementing organisation change is to determine which type of change the organisation is experiencing. Developmental Change Developmental change is a method of maintaining a competitive edge in business. It enhances or corrects existing aspects of an organisation, often by focusing on the improvement of a skill or

146

process. It may be either planned or emergent. When an organisation decides to improve its processes, methods or performance standards, then this process is considered as developmental change. This type of change should cause little stress to current employees as long as the rationale for the new process is clearly conveyed and the employees are educated on the new techniques. If an organisation decides to close a division to implement developmental change, and still finds little success, then employees may be more likely to accept the change. The employees would see that the company attempted different strategies before determining that closing the division was the only option. Transitional Change Transitional change replaces existing processes or procedures with something that is completely new to the organisation. It is, therefore, more intrusive than developmental change. The period when the old process is being dismantled and the new process is being implemented is called the transitional phase. Few examples of transitional change are: corporate reorganisation, merger, acquisition, creating new products or services, and implementing new technology. Transitional change develops a level of discomfort in employees because the outcome of the change is unknown. It may not require a significant shift in culture or behaviour. But it is more challenging to implement than developmental change. Employees may feel that their job is unstable and their own personal insecurities may increase. Educating employees on the new procedures allows employees to feel that they are actively involved and engaged in the change. This reduces the resistance to the change. Lewin (1951) conceptualised change as a three-stage process involving: Unfreezing the existing organisational equilibrium Moving to a new position Refreezing in a new equilibrium position Schein in 1987 further explored these three stages. He suggested that unfreezing involves: Disconfirmation of expectations Creation of guilt or anxiety Provision of psychological safety that converts anxiety into motivation to change Transformational Change Sometimes when organisations face emergence of radically different technologies, significant changes in supply and demand, unexpected competition, lack of revenue or other major shifts in

147

business, developmental or transitional change may not offer the solution they need to stay competitive. Instead of methodically implementing new processes, the organisation prefers to drastically transform the existing processes. Transformational change occurs after the transition period. Transformational change may involve both developmental and transitional change. It is common for transitional and transformation change to occur in turns. Categorising Change There are a number of ways in which change can be categorised. Most of them are related to the extent of the change. Planned versus Emergent Change Sometimes change is deliberate, a product of conscious reasoning and actions. This type of change is called planned change. In contrast, change sometimes unfolds in an apparently spontaneous and unplanned way. This type of change is known as emergent change. Change can be emergent in cases where: Managers make a number of decisions apparently unrelated to the change that emerges. The change is therefore unplanned. However, these decisions may be sometimes based on unconscious assumptions about the organisation, its environment and the future[2] and are, therefore, not as unrelated as they initially seem. External factors such as the economy, competitors behaviour, and political climate or internal features such as the relative power of different interest groups, distribution of knowledge, and uncertainty influence the change in directions beyond the control of managers. Even the most carefully planned and executed change programme can have some emergent impacts. Thus the two important aspects of managing change are to identify, explore and if necessary challenge the assumptions that underlie managerial decisions. Episodic versus continuous change Another distinction is between episodic and continuous change. Episodic change, according to Weick and Quinn (1999), is infrequent, discontinuous and intentional. Sometimes termed radical or second order change, episodic change often involves replacement of one strategy or programme with another. Continuous change, in contrast, is ongoing, evolving and cumulative. Also referred to as first order or incremental change, continuous change is characterised by people constantly adapting and editing ideas they acquire from different sources. The distinction between episodic and continuous change helps clarify thinking about an organisations future development and evolution in relation to its long-term goals. Few organisations decide unilaterally that they adopt an exclusively continuous change approach. They can, however, capitalise upon many of the principles of continuous change by being

148

flexible to accommodate and experiment with everyday contingencies, breakdowns, exceptions, opportunities, and unintended consequences that punctuate organisational life[3]. Advantages and Disadvantages of Change Change is usually good. It brings fresh ideas and opens up new doors for employees. But, change can also be bad if a strategy is either not put in place or effective. Change is necessary in all organisations. But, the way change is initiated can vary. It can be forced upon organisations by outside forces or just come from a realisation that the organisation may be falling behind the times. In this way, change management can be quite beneficial to an organisation. The changes made in an organisation in order to perform better, to manage risk and maintain a competitive edge, have both advantages and disadvantages. Advantages With the open communication and discussions that change management methodology promotes, all individuals (employees, stakeholders and customers) have a greater stake in the outcome since they have helped implement the plan. Change management: Allows organisations to compete with their rivals and develop new skills or products that bring higher profits Helps the change management teams or managers to effectively deal with any proposed new direction Helps individuals realise the need for change so that they accept it and move forward with the change Provides opportunity for an employee to try something new and gain new skills Disadvantages There are, however, some disadvantages to the change management methodology that has more to do with not properly following its processes. If resistance from employees is not effectively dealt with through communication, it can derail any project. Not understanding the culture of the organisation can allow rumours of incorrect or corrupting information about the change. Also, stakeholders and customers need to be kept informed about the change. If not, they may also resist the change, and clients may choose to go to another vendor. A bad change management plan can also negatively affect an organisation. While change can be risky, the benefits far outweigh the potential pitfalls. Change allows organisations to progress and stay on top of their industry in an uncertain market. Self Assessment Questions

149

1. Name the three types of organisational changes. 2. ________________ change is a method of maintaining a competitive edge in business. 3. According to Weick and Quinn (1999), _____________ change is infrequent, discontinuous and intentional 10.4 Imperatives for Change In organisations today, we constantly hear of the need for change, Change always seems new and appears going faster all the time, yet history is full of stories of non-stop change. Wars, too, have always been hotbeds of change. Innovations, both destructive and good, are abound. Organisations are ripped apart. Whole populations are changed forever. And change does not stop when people stop fighting in the streets; the battles just move to the boardroom, the office, and the factory floor. The bottom line is that many changes which may be real or imaginary, really affect peoples lives. The need for change does not mean a need for blindly firing people, especially those who have a deep understanding of the company and its operations. There is an oft-quoted statistic that around 80% of all change efforts, fail. People do not just do what they are told. They are not motivated just by money. If you are to change what they do externally, then you must also work hard at changing what they feel internally. Change is a capability, both of the organisation and its officers. The first place where change happens is in the minds of the organisations leaders and managers. Beyond this, change skill includes both the design of flexible organisations and the education of flexible people. Change is more than a capability: it is a competitive advantage. Those who can do the Red Queen sprint[4] and avoid the perils of the Reengineering[5] trap while motivating and energising their employees have a massive advantage that sustains them into the future. 10.5 Framework for Change Change is tough. To implement change in an organisation you need: To know what to change and what to keep To allocate the right resources in terms of:- Money - Time - People - Know how

150

A Change Management Framework is a model of the fundamental elements that are involved in the organisational change process. The framework describes an integrated management approach designed to achieve strategic objectives. This management structure consists of many factors that have to be considered when undertaking a major change. The Change Management Framework information can be arranged in the following five sections: 1. Understanding change 2. Overview of Change Management 3. Change Management implementation steps 4. Measuring change 5. Evaluating the results of change and Change Management 1. Understanding Change This section focuses on understanding change in ways that help meet change objectives. It strives to present elements that should be taken into consideration by anyone leading or supporting a major change. Change can be described as an event that occurs when something passes from one state or phase to another. Change can also be described as Incremental or Transformational. Incremental Changes: Small frequent changes that occur in organisations that impact the way individuals, groups, and organisations conduct tasks. Transformational Changes: Organisations that seek to reinvent themselves fundamentally and alter the way they conduct business and relate to their environment. Each major change requires sponsorship and commitment of resources. Each change can be a contributor to strategic objectives. Most change is difficult, but change be it system or process that is understood, and measured, and socializes well in advance is the change that is being actively managed. 2. Overview of Change Management This section provides a general overview of change management and all the activities in the process. In other words, change management is defined as, "the processes, the tools and techniques to manage the people involved in the change process, to achieve the required outcomes, and to realise the change effectively within the individual, the inner team, and the wider system[6]. Change management includes: Defining and instilling new values, attitudes, norms, and behaviours within an organisation that support new ways of doing work and overcome resistance to change.

151

Carrying out the activities that result in rapid adoption of the change, high rates of utilisation of the new method or process, improved proficiency of staff, and satisfaction with the sustainability of change. Building consensus among customers and stakeholders on specific changes designed to meet their needs better. Planning and implementing all aspects of the move from one organisational structure or business process to another, including strategies for each aspect of the change such as communications, managing stakeholders, risk, training, and transition. The objectives of change management are: To optimise change benefits To maximise the collective efforts of all people involved in the change To reduce the discomfort of the people experiencing change in an organisation To reduce the costs of change such as loss of productivity, loss of key staff, and absenteeism To reduce the risks by minimising unintentional change impacts 3. Change Management Implementation Steps According to Hiatt and Creasey, "Change management processes are most effective when they are flexible and can be scaled to fit the particular business need. No two changes require exactly the same process or same level of change management. Even the activities and roles do change. Applying a "one-size-fits-all" approach is simply not appropriate. Scaling your change management approach is one of the key activities you perform when you apply change management to a new project"[7]. The four phases of implementing change as a guideline or starting point in successful change management include: Getting Ready for change Designing the change Managing change activities Embedding the change This information should be tailored for different types of change being undertaken and each change initiative may vary in the amount of change management required.

152

4. Measuring the Impact of a Change Measuring the impact of a specific change in an organisation is difficult because there may be many factors contributing to the expected outcomes. These factors may not be taken into consideration when the initial program concept is being developed or during the planning stage. Also, the change-impacted area of the organisation may not have accurate historical metrics. In a system-wide change, different organisations record results differently using different measurements or indicators. However, it is very important from a management reporting perspective that a pre-determined measurement approach be put in place to ensure that what is measured is significant in terms of strategic goals, objectives, and outcomes. Measurement of the effects of a specific change on a program or organisation, in many cases, may need to be undertaken over a number of years. 5. Evaluating the Results of Change This section is devoted to the evaluation of two distinct sets of activities. These two areas identified for analysis in order to create knowledge and useful practices for future changes are: Evaluating the benefits of a change Evaluating the effectiveness of the change management activities Evaluating the outcomes of the change and change management activities is done to address any final outstanding areas of concern. It also helps in assessing the work done. For example, D.I.C.E. Framework D: The duration of the time the change programme is completed if it has a short life span; if not short, the amount of time between reviews of milestones. I: The project teams performance integrity. It is the ability to complete the initiative on time depends on members skills and is relative to the project requirements. C: The commitment to change displayed by the top management and staff affected by the change. E: The effort over and above the usual work that the change initiative demands of staff. This framework: Is a standard, quantitative, and simple framework Is a common language for change

153

Enables organisations to track the progress of projects over time, or before and after changes have been made to the project structure Enables senior management to assess the success of a project or a set of projects Provides a clearer picture of the projects strengths and weaknesses Enables frank conversations at all levels within the organisation Helps people do the right things 10.6 Why Change Fails The professional literature suggests that up to 75% of organisational change efforts end in failure. Why is organisational change so difficult? According to John Kotter of Harvard Business School, these are the six most common causes of failure: Failure to create a sense of urgency. If people do not understand why change is needed, then they continue to stay in their comfort zones. Failure to create a coalition for change. You have to get the movers & shakers on board at the beginning. Failure to understand the power of vision, and to communicate it powerfully through word and deed. Failure to remove obstacles to change. They hold you up, and exhaust the energy and resources. Failing to achieve quick wins. They prove it is not only possible, but relevant. Declaring victory too soon. If you do not keep at it, it vanishes overnight. Change has to become embedded, habituated, and part of the culture. Practically there are some reasons for failure of organisational change program. The following are some of the most common reasons why organisational change fails: Mis-starts: A mis-start occurs when a change is hastily implemented or attempted without sufficient commitment. Making change an option: When an organisation commits to a change, the message to its employees must be that the change is not an option but a necessity. Not involving those expected to implement the change: Employees need to be involved in the change process in two ways. First, their input and suggestions should be considered when planning the change. Secondly, after a change has been committed to, they should be involved in determining the means to achieve it.

154

Delegating to outsiders: Change is an inside job. Although outsiders like stakeholders or consultants might provide valuable ideas and input, people inside the systems must accept responsibility for the change. No change in reward system: Rewards, recognitions, and compensation for employees for their contributions add to the betterment of the change process. Leadership not walking the talk: For change to happen, everybody involved in the process must be involved. Leadership, however, must take the first steps. Change is aborted whenever leadership does not demonstrate the same commitment it expects from others. Not following up: The best planning is worthless if not implemented, monitored, and carried out. Responsibility must be clearly defined and the follow up is timely and intense. 10.7 Resistance to Change Resistance to change is the action taken by individuals and groups when they perceive a change as a threat to them. Resistance may take many forms, including active or passive, overt or covert, individual or organised, and aggressive or timid. By definition, people are affected by change that might take place due to project risks. A few comfortably accommodate any degree of change, but most people oppose it. The adoptions of new ideas involve altering human behaviour, and the acceptance of change. There is a natural resistance to change for several reasons. People resist change when the: Reason for the change is unclear Change threatens to modify established patterns of working relationships between people Benefits and rewards for making the change are not seen as adequate for the trouble involved Communication about the change is not sufficient Change threatens jobs, power, or status in an organisation Resistance to change is normal. The project manager should expect to encounter it and deal with it. Resistance to change can be reduced if the design of the projects approach takes into account the optimum style of addressing organisational change issues. In general, the employees are more supportive of the changes if they are part of the change process. The degree to which employees can be involved depends on the magnitude of the change. A straightforward non-controversial change may require no previous contact. If, for example, you are simply introducing a new set of expense codes you can publish the message "with effect from 1st April, new codes must be used as per the attached book". Conversely, if you are making huge changes to the job and lifestyle of the employees you need to work with them to gain their co-

155

operation. For example, if you wish them to re-locate voluntarily and re-train for substantially altered jobs. Handling Resistance Here are a few things that you can do to handle resistance, from kind and moral approaches to harsher end of gaining compliance. Facilitation: The best approach to create change is to work with the employees, helping them achieve goals that also align with the goals of the organisation. Education: When people resist change, it is necessary to educate them about the requirement for change so that they realise the need for change. Involvement: When people are not involved physically or intellectually, they are unlikely to be involved emotionally either. So, one of the best ways of getting people bought in is to involve them. Negotiation: When the other person cannot be persuaded easily, find out what he/she wants. Work out a mutually agreeable solution that works just for him/her and just for you. Manipulation: Manipulation means controlling a persons environment such that they are shaped by their surroundings. Coercion: Coercion is the practice of forcing another party to behave in an involuntary manner. This should only be used when speed is of the essence or when the other person resorts to public and damaging actions. When considering stakeholders who are opposing the change, do a deep analysis of their personality to give you better ability to manage their opposition and convert them to the cause of the change. However, the change management process is bound to succeed where people are respected and are involved in decisions, concerning their work life, and in environments where peoples capabilities are looked upon as assets to solve work-area problems. 10.8 Accountability in Change An effective change management process can have a positive impact on that organisation with respect to both the business and the employee performance aspect. In order to have a successful change management process, you need to have accountability. Responsibility is the understanding that something is yours to complete, while accountability is the actually taking ownership of your responsibility. This is the essence of accountability; being held accountable for your actions.

156

Without accountability, the change management process is doomed to failure. It just becomes another checkmark for auditing purposes. Without accountability, all the manpower and time spent in designing, implementing and documenting the change process is lost if everyone can just bypass the system. Need for Accountability in Change Management There are two important aspects of accountability in support of change management. First, monitoring of changes is critical to the success of the organisation and second, some sort of action must be taken when unauthorised changes are made. Without these two critical items, which are essential to accountability, it is very difficult to establish a culture of change management. Monitoring changes: Monitoring is a process of verifying if the change process is working as it should. Verification controls are not established to determine who you can or cannot trust, but rather to verify and enforce the process in order to increase performance. The concept that someone is watching most often modifies peoples. It makes them to be more careful and more apt to follow the rules. As a result of monitoring for changes, the number of unplanned changes decreases and the performance of the organisation increases. Repercussions for non-compliance: The second critical piece of enforcing accountability is to ensure there are repercussions when the process is not followed. A good repercussion could just be to remove their authority, administrative access, or possibly assign additional duties. Strict action should be taken in case of repeat occurrences of non compliance to adhere to the process. Everyone has to understand that failure to comply with the change management process will not be tolerated. The key to creating a successful culture of change management is accountability. The entire organisation needs to understand the need for being accountable. As employees understand the benefits doing a process correctly there are less unplanned outages and work. Without accountability, change management fails. 10.9 Summary Organisational Change Management is a vital aspect of almost any project. This change process, even though has many advantages, is mostly resisted. The resistance to a change process from the employees is due to unawareness and personal insecurities. Resistance is a key element in why change fails. Change is necessary in all organisations. With the open communication and discussions change management methodology promotes, individuals such as employees, stakeholders, and customers do have a greater stake in the outcome since they are part of implementation. A successful change is essential in creating a change culture.

157

Accountability is an essential factor of change management. Without accountability, the change management process is doomed to failure. Accountability is the key to a successful culture of change management. Glossary Term Accountability Change management Coercion Imperative Reengineering Description Responsibility to someone or for some activity Is a planned process for changing a core function or organisation of an enterprise The act of compelling by force of authority requiring attention or action The fundamental rethinking and radical redesign of business processes to achieve dramatic improvements in critical, contemporary measures of performance, such as cost, quality, service and speed. A reciprocal action or effect to an original action An individual or group with an interest in the success of an organisation in delivering intended results and maintaining the viability of the organisations products and services. Involving only one part or side

Repercussion Stakeholder

Unilateral

Self Assessment Questions 4. Change is more than a capability: it is a _______________. 5. The key to creating a successful culture of change management is _____________. 10.10 Terminal Questions 1. Define change management. 2. Define risk resistance / resistance to change 3. Briefly explain the three types of changes. 4. Explain the categories of changes. 5. Write down the advantages and disadvantages of change. 6. What are the objectives of Change Management? 7. What are the causes for failure of an organisational change program?

158

8. Why do people resist change? 9. Explain any five ways of handling resistance to change 10. What is the need for accountability in Change Management? 10.11 Answers Answers for Self Assessment Questions 1. Developmental change, transitional change and transformational change 2. Developmental 3. Episodic 4. Competitive advantage 5. Accountability Answers for Terminal Questions 1. Change management is defined as the processes, the tools and techniques to manage the people involved in the change process, to achieve the required outcomes, and to realise the change effectively within the individual, the inner team, and the wider system. 2. Resistance to change is the action taken by individuals and groups when they perceive a change that is occurring as a threat to them. 3. Refer Types of changes topic under section 10.3. 4. Refer Categorising of change topic under section 10.3. 5. Refer Advantages and disadvantages of change topic under section 10.3. 6. Refer Overview of Change Management topic under section 10.5. 7. Refer section 10.6. 8. Refer Resistance to change topic under section 10.6. 9. Refer Resistance to change topic under section 10.6. 10. Refer section 10.8. 10.12 Case Study

159

Megha Pvt. Ltd. is a small company, which manufactures plastic products such as mugs, buckets, and other household utility products. This company is situated in the industrial belt of the city and has typical labour needs. Since quite a few operations including packing of products are done manually, the company employs 80 workers on the shop floor. The company supplies its products to retailers in and around the city. It has a long production run and longer product lifecycles and therefore the management believes that the company is making fewer profits because of this. As a result, the top-management, decided to invest resources on automation to have shorter production runs and shorter product life-cycles. It has decided to introduce packaging machines to reduce semi-skilled and unskilled labour. The company has a poor record in industrial relations since workers in the past have had several problems pertaining to wages and working conditions. The union leader of the company is often pampered by management to get their way. He is a man who ranks very low in personal and professional ethics but has a way with people and is good at politics. He has a substantial influence with the workers who trust him and would act on his advice. But the management is aware that he may not be able to help much if the company thinks of retrenching workers. However, the management decided to speak to him regarding their decision to introduce automatic machines and subsequent lay off of workers. The union leader immediately sensed a good opportunity to make a big sum so he pretended that convincing the workers was a Herculean task and he would need at least 6 months time to do this. The management was however impatient to introduce automation and told him to convince workers within 3 months to help them implement the decision. He played his game and asked for a huge sum in reciprocation of his effort. The management was shocked at the price that the union leader wanted. They however knew that things would only get worse if they refused his proposal. Question: Was the managements method of introducing change in the company appropriate? Validate your response giving suitable reasons. References: 1. Project Risk Management Bruce T. Barkley McGraw Hill. 2. Project Risk management Chris Chapman, Stephen Ward John Wiley & Sons. 3. Identifying and Managing Project Risk Tom Kendrick AMACOM. 4. Project and Program Risk Management R. Max Wideman PMI. 5. Project Risk Management Guidelines, Managing Risk in Large Projects and Complex Procurements Dale Cooper, Stephen Grey, Geoffrey Raymond, Phil Walker John Wiley & Sons. 6. Reengineering the Corporation Hammer and Champy.

160

[1] According to Ackerman (1997) [2] Mintzberg, 1989 [3] Orlikowski, 1996 [4] Is a term used by biologists to describe the evolutionary necessity to evolve faster than ones competitors, predators, or prey. It is taken from Lewis Carrolls Through The Looking Glass (the sequel to Alice in Wonderland), where the Red Queen points out to Alice: "It takes all the running you can do to stay in the same place. If you want to get somewhere else, you must run at least twice as fast as that." [5] Adopted from Hammer and Champys famous book, Reengineering the Corporation. [6] Holger Nauheimer, the Change Management Toolbook, February 2005. [7] In the book Change Management, the people side of change Copyright 2011 SMU Powered by Sikkim Manipal University .