Prepared by : Neerav Shah Nikhil Soni Mnasim Hotelwala Mahesh Singh Siddharth Soni (97) (98) (86) (90)

(102)

What is Risk Management What is Integrated Risk Management Barriers to achieving integration Summary

to the security of the Nation from internal and external sources

to the safety of US citizens to administration of national policy through Federal Agencies

Risks

to the execution of Federal programs that provide security and civil services

to the continuity of US companies that contribute to economic prosperity

y Financial, Market, Investment, Credit y Health y Environmental y Business Compliance y Safety y Project (Types of Project) y Security (Cyber, Physical) y Mission Assurance
Supports Decision Analysis Portfolio Management Resource Allocation

GOAL: IDENTIFY /ASSESS THREAT MINIMIZE/PREVENT LOSS TAKE ACTION

Project Management Institute DoD Risk Management Guide

Establishes five core stages for project risk management: Planning, Identification, Analysis, Response, Monitor and Control. Standard practices and processes for OUSD AT&L programs. Generally augmented by Defense Acquisition University (DAU) practices. Requires risk-adjusted cost data be part of investment decisions and standard risk rating methodologies be applied to capital planning projects. Establishes standards for DoD and Intel Community Milestone Decision Authority Programs. Requires risk management information for Key Decision Points Establishes standards for creation of DoD program Work Breakdown Structures (WBS) in order to identify program risks at lowest program level. Establishes strategies and structures for implementing management controls, which include the processes for planning, organizing, directing, and controlling program operations

OMB Exhibit 300

National Security Space Policy

Military Standard 882 OMB Circular No. A-123

Risk is a measure of future uncertainties in achieving program performance goals and objectives within defined cost, schedule, and performance constraints. y ...an uncertain event or condition that, if it occurs, has a positive or negative effect on a project objective.
y

Likelihood of an event occurring. The consequence if such event occurs.

y The systematic application of management policies, standards, procedures,

and practices to the tasks of identifying, assessing, responding to, and monitoring risk y A structured, iterative process with defined scope and objectives y Proactive and anticipatory y Objective is to decrease the probability and/or impact of negative events OR increase the probability and/or impact of positive events

Risk Management needs to be integrated into an organization s decision making process

What is Risk Management What is Integrated Risk Management Barriers to achieving integration Summary

2006 Department of Defense (DoD) Risk Management Guide (RMG) states:

PMs should ensure their integrated risk management process includes all disciplines required to support the life cycle of their system (e.g., systems safety, logistics, systems engineering, producibility, in-service support, contracts, test, earned value management, finance).

y Integrated risk management is a continuous, proactive and

systematic process to understand, manage and communicate risk from an organization-wide perspective. It is about making strategic decisions that contribute to the achievement of an organization's overall corporate objectives. into a functioning or unified whole

y Integrate per Webster s Dictionary: to form, coordinate, or blend

Program Performance Combines previously disparate program analysis and execution into an actionable framework for the program manager Requires dialog and collaboration between engineering, scheduling and management groups Creates a total risk profile for programs to fully assess potential delays to delivery and increases in cost Program Investment Provides a framework to develop detailed plans for risk mitigation and identify associated costs Tracks progress of investment against specific mitigation activities Assists decision makers in prioritizing investment dollars against high impact risks and effects

Program Oversight Responds to government policy guidance and industry best practices in risk management Provides auditable trail of risks, cost changes and schedule progress for industry and government clients Creates transparency in developing program budget and reserve requirements when used prior to program start date

Characteristics
A clear and consistent Risk Management champion Requirements supported by leadership and stakeholders A close partnership with users and stakeholders Mature risk management processes Established thresholds and criteria for proactively implementing defined risk mitigation plans Resourced risk mitigation plans Periodic risk assessments Integrated data environments that maximize participation

Successful Approaches
A documented and mature risk

management process
Quantitative assessments of risk impacts estimated against cost and schedule baselines Defined risk filtration criteria Risk reduction at the lowest level of the organization A defined set of risk consequence definitions for performance, schedule, and cost Structured approached for communicating risk across multiple programs/organizational levels

What is Risk Management What is Integrated Risk Management What are the Barriers Summary

Barriers
Lack of a clear and consistent Risk Management champion Unclear or non-existent Decision rights Silos of analyses and reporting of different risk types Maturity  Technology, governance, process and people Communication internal and external to the program/organization Culture (How does the organization operate?) Perception of a risk manager and roles/responsibilities Every PM wants to do it their way Organizational barriers regarding focal point of risk management

What are Decision Rights?

The underlying mechanics of how and by whom decisions are truly made in an organization

Clear Decision Rights Result in  Clear decision-making authority results in effective and efficient decisionmaking Places decision rights with those with the knowledge and information to make the best decision Reduces the risk of poor decisions Reduces inefficient second-guessing

Unclear Decision Rights Causes  Unclear decision-making authority results in senior management involvement in too many issues  while lack of empowerment at the front-line can result in poor customer service and reduced employee satisfaction

Risk Analysis

Program Manager

Cost Analysis

Schedule Analysis

Decision

RISKS
- How does a risk to one program affect the delivery of other related programs? - Which external stakeholders have the ability to influence the success of one or more programs? - How can a successful risk mitigation strategy for one program be leveraged by other programs?

Enterprise Level

Program Level
- Is the project on track to meet or exceed its threshold requirements? - How do current risk levels impact the ability to meet critical schedule milestones? - Which design solution provides the optimal balance between capital and operating costs?

Project Level
- What are the technical performance risks associated with delivering a given requirement or capability? - How will assembly, integration, and test schedules be impacted by a given risk event? - What are the cost impacts of delays in subcontractor deliveries?

Subproject Level

Risks ultimately should be filtered to the lowest level possible for ownership and mitigation

y What is Risk Management y What is Integrated Risk Management y What are the Barriers y Summary

Questions
 What are most vulnerable areas of the business/organization/acquisition/program/project/capability and what are the key risks that these areas face?  Is there a systematic and comprehensive approach for identifying and assessing these risks and is it communicated?  Is there a consistent and well defined approach to risk prioritization?  Does the process add value to decision analysis or is it merely a reporting mechanism?  Are decision rights aligned appropriately with risk tolerance?

Level of risk assessed can determine required level of decision-making within the organization

Risk Management promotes a clear value proposition

Demonstrate how resources will be saved or more efficiently applied Demonstrate how information will be more widely shared

Integrate Cost, Schedule and Risk personnel

Creates understanding of information Defines linkages

Program input actively sought for framework development.

Establish working group or other forum Gather feedback prior to go-live Promotes buy-in Sustains participation

A clear and consistent risk sponsor.

COMMUNICATION

y Executive sponsorship does not use risk management as a blunt instrument y Management team must be informed and committed y Accurately size the risk management effort to the Project y Do not bury the risk management functions in the bowels of the

organizationPrivate sector companies have a CRO

y Cost Estimators, Schedulers, and Risk Management personnel collectively

make up the risk management core team

y Communication within Risk Management Core Team