Risk, Issue, And Opportunity Management
Risk, Issue, and Opportunity ManagementProfessor David SwinneyDefense Acquisition UniversitySouth RegionApril 25th, 2017
Risk and Risk Mitigation-Our task as managers involves optimization—what arethe highest-payoff risk-mitigation investments we canmake with the resources available?I expect our managers to demonstrate that they haveanalyzed this problem and made good judgmentsabout how best to use the resources they have tomitigate the program’s risk.2
New GuideRisk, Issue, andOpportunityManagement Guidefor DefenseAcquisition Programs:January 20173
Overview DoD Risk Management Guidance Risk Management Issue Management Opportunity Management DAU Risk Management Workshop4
Risk, Issue, and OpportunityRelationship5
Risk, issue, or opportunity?Risk, Issue,orOpportunity?6
Risk, issue, or opportunity?Risk, Issue, or Opportunity?7
Risk?Risk, Issue,orOpportunity?8
Small Opportunities“If you don’t actively attack the risks,they will actively attack you.”Tom GilbPrinciples of Software Engineering Management“Bad news isn’t wine.It doesn’t improve with age.”Colin Powell“Opportunity is missed by mostpeople because it is dressed inoveralls and looks like work.”Thomas Edison9
RiskManagementOverview10
Risk Management – Whose job?Program managerChief engineerIntegrated Product Team LeadsEarned value managersProduction plannersQuality assuranceLogisticians11
Risk Management obstaclesI know what I’m doing .If I don’t know then no one can blame meIssues vs. risksWho is in charge?Going through the motions12
Risk and Issue Management Overview13
Risk Definition Risk is the combination of– the probability of an undesiredevent or condition and– the consequences, impact, orseverity of the undesired event,were it to occur. The undesired event may beprogrammatic or technical, andeither internal or external to theprogram.14
Risk Planning“Plans are nothing planning is everything”DDE15
Framing assumptions and groundrules Framing Assumptions Consider and document assumptions Assumptions may introduce risks if theyprove invalid Ground Rules Time frame - risk is evaluated “as of today”(not after planned mitigation, avoidance,etc.) Time of risk event - when risk hypotheticallywill occur WBS level – dig to low levels to identifycausal factors16
Aligning Government andContractor Risk Management Government, Prime Contractor andassociated Subcontractors should employconsistent Risk Management processes Share Risk Management information Integrate Risk Management with: Requirements DevelopmentDesign, Integration, and TestSystem Support and SustainmentSchedule TrackingPerformance measurementEarned Value Management (EVM)Cost EstimatingIssue Management; etc SystemsEngineering17
RiskIdentification18
Identifying Risk: What Can Go Wrong?Decorative ImageI cannot imagine any conditions which would cause a ship tofounder. I cannot conceive of any vital disaster happening tothis vessel. Modern shipbuilding has gone beyond that."Captain E.J. Smith, 1906, about the Adriatic(Captain of Titanic on the evening on 14 April, 1912)19
Risk IdentificationAll program personnel are encouragedto identify candidate risks.Cast your net wide at first! Do not ignore areas oreliminate ideas early in the process.20
Approaches to Risk IDC2 System Product based evaluation– Uses Work Breakdown Structure– Looks at system architecture– Identifies program relationshipsCOPRedBlueNeutral Process based evaluation– Focuses on processes used todefine, develop and test a system– Looks at internal organizationalprocessesPRODUCTFUNDINGDESIGNTESTTOP LEVELPRODUCTION– Risks from a customer and supplierpoint of view– Requires knowledge of customersand suppliers, or their inputs/timeFACILITIESLOGISTICS MANAGEMENTRepairandMaintainExecuteMissionPrepare Scenario based evaluationFunds Order Received, UnderstoodOrder Not ReceivedOrder Received, Not UnderstoodAttackRecover21
Risk Analysis22
Analyzing Risk: What Do Risks Mean? Estimate Likelihood/Consequence Technical Performance Schedule Cost Determine the Risk Level Use consistent predefined likelihoodand consequence criteria Government and Contractor shoulduse common framework Use Quantitative Data when possible23
A Weak Risk Statement Makes an overly general observation: Weak: If the high vacancy rate in engineeringstaff persists, then the program staffing will beinadequate. Identifies an issue rather than a risk: Weak: Fatigue cracks discovered in alreadyproduced vehicles may shorten service lifeunless remedied. Diverts focus from the program’scontrollable activities: Weak: If the program’s funding is withheld dueto poor test results, then the program schedulewill be jeopardized.24
Risk Statement FormsIF (some event)THEN (some consequence)WE MIGHT NOT (some promise)BECAUSE (some reason)THERE IS (some probability)THAT (some risk event) MAY OCCUR,RESULTING IN (some consequence)25
Root Cause DeterminationWe Might y?Why?Engine DoesNot StartGlow PlugFailedGlow PlugRemains OnAfter StartCounterfeitCircuit Boards26
Root Risk EventIfSome negative event occursPurchase CounterfeitCircuit Boards“Root Risk Event”ThenSomething bad may resultFail to MeetAvailabilityRequirements“Consequence”27
DoD Risk Reporting MatrixTailored to program - Programs can break out cost or consolidate28
Risk AnalysisRisks are characterized asHIGH, MODERATE, or LOWbased on rating thresholds.These Risk Level estimates help programsmanage risks and prioritize handling efforts.This difficult but important step in the risk managementprocess helps the program determine resource allocationand appropriate handling strategies.29
Expected Monetary Value Programs should compare cost burdened risk and cost ofhandling strategies. Cost exposure of a risk can be expressed as its EMV, which isthe likelihood of the risk multiplied by the cost consequenceof the risk if realized. Cost of the risk handling effort is then subtracted from the riskexposure to determine the “likely” return on investment (ROI).30
Risk Mitigation31
Four Fundamental StrategiesEliminate the risk event orconditionAvoidAct to reduce risk toan acceptable levelControlAcceptTransferAccept the level ofrisk (but continueto track)Assign riskresponsibilityanother entity32
Risk Mitigation ApproachesMultiple Development Efforts:Alternative DesignDesign of ExperimentsMockupsTechnology MaturationEarly PrototypingProcess ProofingRobust DesignDemonstrationEventsModels andSimulationReviews, Walk-throughs, andInspections33
Risk Engine DoesNot StartMitigate?Why?Why?Why?Glow PlugFailedGlow PlugRemains OnAfter StartCounterfeitCircuit rtifiedSupplierNot MyProblemChangeAvailabilityRequirementStart Engine inWarmedShelterMore SpareGlow Plugs34
Risk Burn-DownBurn-down plan consists of 6 steps, tied to the projectschedule, that allow the program to control and retirerisks1. Identify risk handling activities in a sequence2. Define specific risk handling activities with objective,measurable outcomes3. Assign a planned likelihood and consequence value toeach risk handling activity4. Estimate the start and finish dates for each risk handlingactivity5. Put risk handling activities into the program schedule6. Plot risk level versus time to show relative risk burndown/reduction contribution of each activityRISK PILE35
Mitigation Tracking Tool: Burn-down Chart“Burn-down Chart”Records the detailed stepsplanned for risk mitigation36
RiskMonitoring37
Risk Monitoring Answers the question:“How have the risks changed?” A means to systematically track andevaluate risk handling plans againstestablished metrics throughout theacquisition process Iterative and recursive - feeds info backthru risk handling, risk analysis, riskidentification, and risk planning steps aswarranted38
Example Risk Monitoring and Trend Matrix39
Risk Monitoring Expectations Regular status updates for any changes to likelihoodor consequence Regular schedule for PMO/Contractor review of risks Alert management when risk handling plans shouldbe implemented or adjusted Alert the next level of management when ability tohandle a risk exceeds the lower level’s authority orresources. Track actual versus planned implementation ofprogress Management indicator system over the entireprogram to monitor risk activity Review closed risks periodically to ensure their risk levelhas not changed40
IssueManagement41
IssueManagement42
Issues vs Risks Risks are potential future events An issue is an event or situation with negativeconsequences that has already occurred or iscertain to occur This distinction between an issue and a riskdifferentiates how they are managed.43
Risks and Issues Risks are Future Problems:Focus is on Future Consequences Can be “closed” only after successful mitigation throughcontrolling, avoiding, transferring, or accepting the risk Examples– IF the sole source provider of a critical component goes out ofbusiness, THEN the program will be delayed by 6 months– IF proprietary interfaces are used, THEN maintenance andsupport costs will likely increase as the program matures Issues are Current Problems:Focus is on Real-Time Consequences If the probability of occurrence is “near certainty” or if it hasalready occurred, it’s an issue Examples– Release of engineering drawings is behind schedule– Test failure of components reveals a design shortfall44
Issue Management Issue management applies resources to addressand reduce the potential negative consequencesassociated with a past, present, or certain futureevent. Issues may occur when a previouslyidentified risk is realized, or they may occur withoutprior recognition of a risk. In addition, issues mayspawn new risks. Issue management and opportunity managementare complementary to the risk managementprocess. Programs should take advantage of thecommon practices between issue and riskmanagement while recognizing and accountingfor the distinctive characteristics of each.45
Issue Management The key is to ensure proper focus onboth issues and risks so that attention oncurrent problems will not overtake effortsto manage risks and opportunities46
Issue Reporting Approved issues should be analyzed usingthe program’s risk managementconsequence criteria The program should evaluate the handlingoptions in terms of cost, schedule,performance, and residual risk,47
Issue Management Corrective Action Evaluate options in terms of cost, schedule,performance, and residual risk, and selectthe best option (or hybrid of options)consistent with program circumstances. The primary options for issues are: Ignore: Accept the consequences withoutfurther action based on results of acost/schedule/performance business caseanalysis; or Control: Implement a plan to reduce issueconsequences and residual risk to as low a levelas practical or minimize impact on the program.This option typically applies to high andmoderate consequence issues.48
Issue Tracking Track resolution of issues against acorrective action plan. Monitor the issue to collect actual versusplanned cost, schedule, and performanceinformation Feed this information back to the previousprocess steps Adjust the plan as warranted Analyze potential changes in the issue, its level,and potential associated risks. Program risk/issue register should includeissue tracking information.49
Issue Management Expectations As the probability of occurrence of a riskincreases, the program should anticipate therealization of the risk and put plans in place toaddress the consequences Does this issue create residual risk? (establish aformal risk when appropriate) Document your issue management process(This process may share elements with the riskmanagement process.) Develop a plan to address, track, and review issuesduring regular meetings and reviews. Track cost, schedule, and performance issues andreport to the appropriate management level basedupon the level of the consequence impacts50
OpportunityManagement51
Opportunity Management Overview Opportunity management identifies potentialbenefits to cost, schedule, and/orperformance baseline Opportunity management measures potentialprogram improvement in terms of likelihoodand benefits. Opportunities should be evaluated forboth advantages and disadvantages– opportunity may be overstated andcorresponding risks may beunderstated– all candidate opportunities should bethoroughly screened for potentialrisks52
Opportunity Management PurposeOpportunities Help Deliver Should-Cost Objectives53
Opportunity Forecasting Identifying opportunities starts withforecasting potential enhancements withinthe program’s technical mission andstakeholder objectives. As opportunities emerge, the program canshift focus toward understanding how totake advantage of opportunities whilecontinuing to manage risks and issues. Opportunity management measurespotential program improvement in terms oflikelihood and benefits.54
OpportunityManagementProcess55
Opportunity Identification Starts by forecasting potentialenhancements within the program’stechnical mission and stakeholderobjectives Start before program execution, butcontinue throughout the program life cycle Look for system or program changes thatyield reductions in total ownership cost. Example: adherence to a modular open systemsapproach or securing appropriate governmentrights to a technical data package can offeropportunities in sparing and competition formodifications.56
Risk vs Opportunity ManagementBoard Program Risk Management Board (RMB)typically also manages opportunities (or may establish a separate OpportunityManagement Board) Once candidate opportunities areidentified, the program RMB should: examine the opportunity assign an owner track it in the opportunity register57
Opportunity Analysis Opportunity Analysis: Perform a cost, schedule, and performancebenefit analysis for each opportunity Opportunities with sufficient potential should beevaluated relative to potential handling options. Applying resources to evaluate andimplement opportunities may reduceavailable risk handling resources Must be balanced against the potentiallikelihood of achieving the desired benefits,and the degree of value added in meetingexisting program requirements.58
Opportunity Handling Options Evaluate potential benefits (and risk) in terms ofcost, schedule, and performance, and select thebest option (or hybrid of options) Pursue now – Fund and implement a plan to realize theopportunity. (Determination of whether to pursue theopportunity will include evaluation of the return of anyinvestment when the opportunity would be realized, thecost, additional resources required, risk, and time tocapture.) Defer – Pursue/cut-in later; for example, request funds forthe next budget and request the S&T communitymature the concept. Reevaluate – Continuously evaluate the opportunity forchanges in circumstances. Reject – Intentionally ignore an opportunity because ofcost, technical readiness, resources, schedule burden,and/or low probability of successful capture.59
Opportunity Monitoring Collect actual versus planned cost,performance, schedule, and benefitinformation Feed this information back to the priorprocess steps Adjust the handling plan as warranted, Analyze potential changes in theopportunity level Examine potential risks and additionalopportunities that may be identified.60
Opportunity Management Sample61
Opportunity ManagementExpectations Implement an active opportunity identificationand evaluation process Evaluate and actively pursue high-returnopportunities to improve the program life cyclecost, schedule, and performance baselines. Programs review risks, issues, and opportunitiesduring regular program meetings Programs establish or integrate opportunitytracking and management mechanisms. Programs establish opportunity likelihood andbenefit criteria in line with program “shouldcost” objectives. Programs evaluate approved opportunitiesand manage any associated risks62
DAU RM WORKSHOP overview Risk Management Overview Risk Management Process PlanningIdentificationAnalysisHandling (Mitigation)Monitoring (Tracking)Tools Issue Management Opportunity Management Next Stepsa63
DAU Risk Management skMitigationPart 1LunchRisk ID Part1LunchMitigationRiskPart 2Risk ID Part2RiskMonitoringRiskToolsIntended to use actual Program Data with Intact Teams to jump-start /invigorate Risk Management activities to enable program success.64
Questions65
Review closed risks periodically to ensure their risk level has not changed . 41 Issue Management . 42 Issue Management . 43 Issues vs Risks Risks are potential future events An issue is an event or situation with negative consequences that has already occurred or is
Project Issue Management Process Project Issue Management Process Template, version 1.0 (03.15.12) ii 1 Introduction The Project Issue Management Process is followed during the Execution phase of the Project Management Life Cycle throughout the project; however, issues may be identified at any stage of the project life cycle.File Size: 258KBPage Count: 8People also search forissue management processcontemporary issue management:contemporary issue management: quizletdefine opportunity management processacquisitions the issue management proces asana project management templates
81. Risk Identification, page 29 82. Risk Indicator*, page 30 83. Risk Management Ω, pages 30 84. Risk Management Alternatives Development, page 30 85. Risk Management Cycle, page 30 86. Risk Management Methodology Ω, page 30 87. Risk Management Plan, page 30 88. Risk Management Strategy, pages 31 89. Risk
Risk is the effect of uncertainty on objectives (e.g. the objectives of an event). Risk management Risk management is the process of identifying hazards and controlling risks. The risk management process involves four main steps: 1. risk assessment; 2. risk control and risk rating; 3. risk transfer; and 4. risk review. Risk assessment
effective risk management. Risk management should occur throughout the lifecycle of the program and strategies should be adjusted as the risk profile changes. This guide describes strategies and processes for risk, issue, and opportunity (RIO) management that programs should begin early in
Tunnelling Risk Assessment 0. Abstract 1. Introduction and scope 2. Use of risk management 3. Objectives of risk assessment 4. Risk management in early design stages 5. Risk management during tendering and contract negotiation 6. Risk management during construction 7. Typical components of risk management 8. Risk management tools 9. References .
Risk Matrix 15 Risk Assessment Feature 32 Customize the Risk Matrix 34 Chapter 5: Reference 43 General Reference 44 Family Field Descriptions 60 ii Risk Matrix. Chapter 1: Overview1. Overview of the Risk Matrix Module2. Chapter 2: Risk and Risk Assessment3. About Risk and Risk Assessment4. Specify Risk Values to Determine an Overall Risk Rank5
Standard Bank Group risk management report for the six months ended June 2010 1 Risk management report for the six months ended 30 June 2010 1. Overview 2 2. Risk management framework 3 3. Risk categories 6 4. Reporting frameworks 8 5. Capital management 10 6. Credit risk 17 7. Country risk 36 8. Liquidity risk 38 9. Market risk 42 10 .
The central part of a risk management plan is a document that details the risks and processes for addressing them. 1. Identify and assess the Risks 2. Determine Risk Response Strategy Avoid the risk Transfer the risk Mitigate the risk Accept the risk 3. Execute a risk management plan 4. Monitor the risks and enhance risk management plan
