Understanding the importance of risk in your IPS programme

Overview

Amongst the accepted project control disciplines is risk, issue and opportunity management. A risk is defined as ‘an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives’. An opportunity has a positive effect on project objectives – providing more effective project delivery. An issue is a risk with a probability of unity – a risk that has manifested itself into reality.

The international standard for risk management is ISO31000:2018. The purpose of ISO 31000:2018 is to provide principles and generic guidelines on risk management. ISO 31000:2018 seeks to provide a universally recognised paradigm for practitioners and companies employing risk management processes to replace the assortment of previous standards and methodologies that differed between industries, subject matter areas and regions of the world.

Qualitative & Quantitative Risk Management

Imagine yourself as an Integrated Product Support (IPS) project manager working on a design project, building a new component to be inserted into a control system. It is likely that certain things will not go according to plan during the project. To stay in control of the project, you need to carry out risk management activities before the design begins.

The risk management process includes four main steps: identifying potential project risks, analysing these risks, selecting appropriate risk responses and monitoring the project. There are two approaches to risk analysis - quantitative and qualitative. Qualitative risk analysis is the process of assessing individual project risk characteristics - the probability of occurrence and the impact they would have on a project if happening - against a rating scale.

The rating scale used for the analysis groups project risks into three or more categories according to their impact; for instance, low, medium and high. The risk can impact numerous project elements: budget, schedule, deliverables, scope or available resources. The risk probability can be evaluated using the same or similar categories. The rating scale can be customized to fit organizational needs and then used across all projects within an organization for consistency.

In addition to assessing risk against a pre-defined scale, the qualitative risk analysis can also group them based on their source, like market risks or regulatory risks, or effect, like causing delay or increasing costs.

Quantitative Risk Management represents the discipline which deals with the ability of a project or organization to quantify and manage its risk. This scientific approach to business is becoming increasingly critical in today’s world as organizations need to satisfy stakeholders who demand it. Quantitative risk management is a process for assigning a numeric value to the probability of an adverse event based on known risks and available, objective data. Probabilities can be expressed as a percentage up to 99.99% or as a probability between 0 and 0.9999. It is used to determine potential direct and indirect costs and schedule effects based on values assigned to the risk.

In relation to an IPS program the underlying aims of the quantitative risk activity will be to undertake cost and schedule risk analysis to enable the production of ‘S’ curves providing 3-point estimates of the cost and schedule effects of the risks within the IPS program.

The benefits to an IPS program

Risk management is a core approach that ensures any potential threats to the success of the IPS program are identified and dealt with before they undermine the project. For an IPS project manager, risk management is a key process for project control. Armed with a risk register and a committed team, the IPS project manager can plan for any eventuality.

Risk management has extensive benefits that can fundamentally change how a project management team makes decisions. The following are some of the benefits of a robust approach to IPS risk management:

• Under-performance is easier to detect. Risk management practices enable the identification of where IPS projects need attention. Good risk management provides the context for understanding the performance of a project and contributes to any health checks, peer reviews or audits.
• No surprises. Typically, project managers do not like surprises. A robust approach to managing risk allows teams to better communicate about project challenges in a timelier way. Risk management practices enable the team to identify concerns far earlier. Early awareness of potential problems means that the right people can intervene to mitigate a problem before it becomes too severe. It also avoids the ‘project manager as hero’ scenario, and firefighting, which is generally an expensive and high-effort way to address problems. Managing risks before they materialize makes for fewer sensational headlines but a smoother, more efficient and cost-effective way of manging the IPS project.
• Improved decision-making. Senior leaders have access to better quality and more helpful data which enables them to make better decisions more grounded in the reality of the IPS project. Being able to access risk information in real time through an IPS project management dashboard means that decisions are made based on the latest data, not a report that is already out of date before it reaches the project leadership team.
• Improved communication. Good risk management improves communication. It creates a focus discussion between project teams and key senior stakeholders, prompting them to discuss the difficult topics and deal with potential causes of conflict. Suppliers need to be involved in the communication, as risk responses necessarily touch on their activities. Including key personnel in risk management discussions can create more positive working relationships, because they will begin to understand that their success is tied to the success of the project and that there is willingness to work as a whole team. The communication can be framed in what is good for the overall project. An increase in dialogue, and the content of that dialogue, brings the team closer together as a working group.
• IPS budgets are more accurate. Project contingency budgets are often based on guesswork. Project risk management means that contingency budgets can be more accurately estimated and rely less on the professional estimates of the project team. By incorporating risk management into schedule planning and cost planning scenarios can be created to better inform the IPS project budget in terms of time, resource and money. Overall, this will lead to fewer cost and time overruns and better-quality plans.
  IPS Project success. Knowing that risk is being actively managed sets an expectation for project success. With the framework in place to deliver despite the known risks, and open communication about the IPS project’s challenges with senior managers, everyone begins work knowing that success is the expected outcome. This changes the whole mindset of the team, knowing they are working on something destined to deliver excellent results improves morale, supports productivity and engenders and environment for success.
• IPS Team focus. With IPS risks being actively tracked and managed, the project team can maintain a focus on the critical outcomes. Risk management supports this because it serves to highlight where project outcomes may not be achieved, focusing the team on what to do about that concern to get the project back on track. With risk management identifying the areas of challenge within a project, the team can move to deal with them, ensuring that actions are taken to mitigate the risk and deliver successfully. This prevents problems from being overlooked in the day-to-day work on a project.
• Effective IPS risk escalation. If an IPS project team cannot deal with a risk themselves, they will need to escalate it to senior management for advice and action. Clear risk management processes define when this should happen. A defined process ensures that important risks are seen and assessed by the right people at the right time, enabling timely action to better address a potential problem. The management team are not receiving alerts about every risk, which makes it easier for them to focus on what is important and what requires their attention.

Cost & Schedule Risk Analysis

Cost Estimate Risk Analysis (CERA) comprises an in-depth review of the risks and uncertainties that influence cost estimate outcomes, followed by an assessment of the contingency, estimate accuracy, and management reserve required to execute the IPS project.

Schedule risk analysis is a planning procedure that aims to improve the predictability and performance of a project. As a result, it helps project managers assess the likely impact of uncertainty and of individual risks on time to completion.

Granularity in the cost and schedule risk analysis process is achieved by undertaking Monte-Carlo simulation on the risk data held in the Risk Register. By simulating the various outcomes suggested by the data S curves are created which will enable a 3-point estimate to be created against selected confidence levels (commonly, 20%, 50% and 90%) to provide a pessimistic, most likely and optimistic view. The figure below is an example of a cost risk S curve; similar S curves can be created for schedule analysis.

Tools to assist

There are several proprietary risk and project management tools available and some add-ons for Microsoft applications. Some of the more capable tools have embedded risk management functions within them which automatically carry out Monte-Carlo simulation and provide the S curves.

Summary

Risk, Issue & Opportunity management are key tools in the armoury of an IPS project manager. Whilst much of the risk assessment can be undertaken qualitatively, use of quantitative techniques enables the production of cost and schedule risk estimates which provide greater clarity to the project and enables the project manager to identify challenges before they manifest themselves.