microsoft power point simon final
TRANSCRIPT
2nd June 2009
Risk ManagementJonathon Simon, Senior Manager, Ernst & Young
2nd June 2009 Risk ManagementPage 2
Agenda654321
Critical success factors for managing risk
Good and bad risk management practice
The risk management lifecycle
What is risk management?
Risk – An EY context
Introduction
6
5
4
3
2
1
Communicating risk to stakeholders7
7
2nd June 2009 Risk ManagementPage 3
Introduction
Jonathon Simon
► Senior Manager in the Programme Advisory Services team within the IT Advisory practice for Ernst & Young.
► Project Management Institute (PMI) certified Project management Professional (PMP).
► Over 15 years industry experience in managing large projects.
654321 7
► Prior to joining Ernst & Young, worked for a global IT service provider as a Senior Project Manager fulfilling project and programme assignments for blue chip clients in the private sector.
► Current Chair of the UK PMI London Events Committee.
2nd June 2009 Risk ManagementPage 4
Risk – an EY context
► Ernst and Young is engaged globally in seeking to identify leading practices in the area of risk management.
► Our work with companies around the world suggests that there is a body of leading risk management practice emerging, but many companies are still doing little in this area.
► Our research has shown that, while strategic risks have become more important, companies have been focusing on the easier-to-manage area of operational risk.
► The implications for different sectors are blurred. Even within each sector, the risks for each company may vary.
► Most programs and projects encounter at least one of the following
► Cost and schedule overruns
► Schedule delays
► Defects
► Benefits not realised
► Project cancellations
► Loss of stakeholder confidence
► No matter what program or project is undertaken, appropriate control and management of risk is essential.
654321 7
2nd June 2009 Risk ManagementPage 5
Risk – an EY context
Cost overrunsUnanticipated
business impact
Loss of stakeholder confidence
Post completion defects
Project cancellations
Increased confidence
Enhanced capability
Unrealized benefits
Improved visibility and transparency
Increased predictability
Enhanced accountability
Schedule delaysRegulatory
non-compliance
Increase business value
of initiatives
Achievesustainable
changes
All too confusing and overdone…
Except when we get in trouble
Must do it…
but how do we do it better?
Keep us out of trouble Make our business better
Goal
654321 7
2nd June 2009 Risk ManagementPage 6
►Many types of risk exist in an organisation
►This presentation will focus on risks within projects
►A project risk is defined as the probability of an undesirable event occurring or a
desirable event failing to occur and the consequential impact of and on the project.
►Project risk management is a structured process that allows individual risk events and
overall project risk to be understood and managed proactively, optimising project success
by minimising threats and maximising opportunities. Association for project management
What is risk management?654321 7
2nd June 2009 Risk ManagementPage 7
The risk management lifecycle654321 7
Monitor and ControlRisks
Monitor and ControlRisks Risk PlanningRisk Planning
Respond to RisksRespond to Risks
Qualitative Risk Analysis
Qualitative Risk Analysis
Identify RisksIdentify Risks
Quantitative Risk Analysis
Quantitative Risk Analysis
Proximity
ProbabilityImpact
The 3 dimensions
of risk
2nd June 2009 Risk ManagementPage 8
Good and bad risk management practice654321 7
Good Practice Bad Practice
1. Clear risk responsibilities
2. Clarity of risk ownership
including senior sponsors
3. Shared understanding of how
risks will be managed
4. Effective methods of assessing
and escalating risks
5. Risks are monitored and good
quality information is captured
6. Risks are reviewed as an
integral part of performance
management
1. No clear responsibilities
2. Lack of risk ownership
3. No process for managing risks
4. No guidelines for managing
and escalating risks
5. No process for monitoring and
updating risks
6. Risks are not reviewed and
action is not taken to address
risks
2nd June 2009 Risk ManagementPage 9
3. Project Management
2. Programme Management
Corporate
Info
rms
Doing things
right
Doing the right
things
Knowing where to go
Outcome, BenefitFocus on the delivery of a strategic change to
the organisational state comprising a linked set of
projects and / or activities that are coordinated
and managed as a unit such that they achieve outcomes and realise benefits
Eg, delivery of games and legacy
Output, ProductFocus on the delivery of a unique set of
coordinated activities, with clearly articulated
start and end points, which is undertaken by an
individual or team to meet specific objectives
within defined time, cost and performance
parameters as specified in the business case
Eg, Construction of a new building
Dri
vers
Direction, StrategyFocus on a strategic enterprise level governance
of the delivery of an organisation’s complete
portfolio of transformational programmes and
projects to support the organisation’s strategic goals
There must be alignment and escalation from one level to another
Corporate, Programme and Project Risks
Integrated Risk Management654321 7
2nd June 2009 Risk ManagementPage 10
EY Case Study – Government Health Project
Situation…
► A government department running a programme supporting a significant government health initiative
► Risk management was performed at an operational and strategic level
► No defined process for risk escalation
► Lack of risk ownership at the executive board level
Consequence
► Risks were not addressed on a timely basis
► Lack of visibility of risks at a senior level
► Potential for the project to fail to deliver its scope of work within time and budget
Actions taken…
► Implemented a robust risk escalation process
► Developed a risk dashboard that communicated a high level summary of risks to executive board members
► Conducted analysis and developed mitigating actions to reduce risks to an acceptable level
► Embedded risks review within the project management processes
► Implemented a communications process for mitigating actions, timelines and ownership
Result
► Clear roles and responsibilities for risk management
► Project wide understanding of the process for managing risks
► Visibility of risks at a senior level and actioning of risks within acceptable timeframe
654321 7
2nd June 2009 Risk ManagementPage 11
Critical success factors for managing risk
► Be proactive - to be successful the organisation should be committed to addressing risk management proactively and consistently throughout the project.
► Conduct a regular risk assessment - that defines key risks and weights the impact on business drivers.
► Conduct scenario planning - for major risks identify and develop a number of operational responses.
► Evaluate your project’s ability to manage risks - ensure that the risk management process is linked to the actual risks that the business faces.
► Undertake effective monitoring and control processes - to give both early warning and improved ability to respond.
► Keep an open mind - about where the risks can come from.
654321 7
2nd June 2009 Risk ManagementPage 12
Communicating risk to stakeholders654321 7
KEY
Position on grid: priority and criticality of project
Priority - Proximity of time requirement for completion
Criticality - Ability of business to function without capability
Size of circle: degree of risk associated to project
Color of circle: current project status
3 Priority21
1
2
Criticality 3
3 Priority21
1
2
Criticality 3
L
HM
Focus management attention, project resource and reporting on:
• Projects which are time critical and impact ability to trade (top right
hand corner)
• Projects impacting on overall programme (large circles)
• Projects which are not on track (red circles)
Aim to push projects away from proximity to axis
L – Risk impact within project
M – Risk impact within IS
H – Risk impact to programme
R – Project late against plan (delay to critical path)
A – Project at risk of slipping
G – Project on track against plan
1 - Cannot operate without (no ability to trade)
2 - Workarounds available (limited ability to trade)
3 - Does not impact on ability to operate / trade
1 - Completion required for first wave of movement
2 - Workarounds available (inhibits movement)
3 - Completion not mandatory for movement
2nd June 2009
Questions?