microsoft power point simon final

2nd June 2009

Risk ManagementJonathon Simon, Senior Manager, Ernst & Young

2nd June 2009 Risk Management

Agenda654321

Critical success factors for managing risk

Good and bad risk management practice

The risk management lifecycle

What is risk management?

Risk – An EY context

Introduction

6

5

4

3

2

1

Communicating risk to stakeholders7

7


Introduction

Jonathon Simon

► Senior Manager in the Programme Advisory Services team within the IT Advisory practice for Ernst & Young.

► Project Management Institute (PMI) certified Project management Professional (PMP).

► Over 15 years industry experience in managing large projects.

654321 7

► Prior to joining Ernst & Young, worked for a global IT service provider as a Senior Project Manager fulfilling project and programme assignments for blue chip clients in the private sector.

► Current Chair of the UK PMI London Events Committee.


Risk – an EY context

► Ernst and Young is engaged globally in seeking to identify leading practices in the area of risk management.

► Our work with companies around the world suggests that there is a body of leading risk management practice emerging, but many companies are still doing little in this area.

► Our research has shown that, while strategic risks have become more important, companies have been focusing on the easier-to-manage area of operational risk.

► The implications for different sectors are blurred. Even within each sector, the risks for each company may vary.

► Most programs and projects encounter at least one of the following

► Cost and schedule overruns

► Schedule delays

► Defects

► Benefits not realised

► Project cancellations

► Loss of stakeholder confidence

► No matter what program or project is undertaken, appropriate control and management of risk is essential.

654321 7


Risk – an EY context

Cost overrunsUnanticipated

business impact

Loss of stakeholder confidence

Post completion defects

Project cancellations

Increased confidence

Enhanced capability

Unrealized benefits

Improved visibility and transparency

Increased predictability

Enhanced accountability

Schedule delaysRegulatory

non-compliance

Increase business value

of initiatives

Achievesustainable

changes

All too confusing and overdone…

Except when we get in trouble

Must do it…

but how do we do it better?

Keep us out of trouble Make our business better

Goal

654321 7


►Many types of risk exist in an organisation

►This presentation will focus on risks within projects

►A project risk is defined as the probability of an undesirable event occurring or a

desirable event failing to occur and the consequential impact of and on the project.

►Project risk management is a structured process that allows individual risk events and

overall project risk to be understood and managed proactively, optimising project success

by minimising threats and maximising opportunities. Association for project management

What is risk management?654321 7


The risk management lifecycle654321 7

Monitor and ControlRisks

Monitor and ControlRisks Risk PlanningRisk Planning

Respond to RisksRespond to Risks

Qualitative Risk Analysis

Qualitative Risk Analysis

Identify RisksIdentify Risks

Quantitative Risk Analysis

Quantitative Risk Analysis

Proximity

ProbabilityImpact

The 3 dimensions

of risk


Good and bad risk management practice654321 7

Good Practice Bad Practice

1. Clear risk responsibilities

2. Clarity of risk ownership

including senior sponsors

3. Shared understanding of how

risks will be managed

4. Effective methods of assessing

and escalating risks

5. Risks are monitored and good

quality information is captured

6. Risks are reviewed as an

integral part of performance

management

1. No clear responsibilities

2. Lack of risk ownership

3. No process for managing risks

4. No guidelines for managing

and escalating risks

5. No process for monitoring and

updating risks

6. Risks are not reviewed and

action is not taken to address

risks


3. Project Management

2. Programme Management

Corporate

Info

rms

Doing things

right

Doing the right

things

Knowing where to go

Outcome, BenefitFocus on the delivery of a strategic change to

the organisational state comprising a linked set of

projects and / or activities that are coordinated

and managed as a unit such that they achieve outcomes and realise benefits

Eg, delivery of games and legacy

Output, ProductFocus on the delivery of a unique set of

coordinated activities, with clearly articulated

start and end points, which is undertaken by an

individual or team to meet specific objectives

within defined time, cost and performance

parameters as specified in the business case

Eg, Construction of a new building

Dri

vers

Direction, StrategyFocus on a strategic enterprise level governance

of the delivery of an organisation’s complete

portfolio of transformational programmes and

projects to support the organisation’s strategic goals

There must be alignment and escalation from one level to another

Corporate, Programme and Project Risks

Integrated Risk Management654321 7


EY Case Study – Government Health Project

Situation…

► A government department running a programme supporting a significant government health initiative

► Risk management was performed at an operational and strategic level

► No defined process for risk escalation

► Lack of risk ownership at the executive board level

Consequence

► Risks were not addressed on a timely basis

► Lack of visibility of risks at a senior level

► Potential for the project to fail to deliver its scope of work within time and budget

Actions taken…

► Implemented a robust risk escalation process

► Developed a risk dashboard that communicated a high level summary of risks to executive board members

► Conducted analysis and developed mitigating actions to reduce risks to an acceptable level

► Embedded risks review within the project management processes

► Implemented a communications process for mitigating actions, timelines and ownership

Result

► Clear roles and responsibilities for risk management

► Project wide understanding of the process for managing risks

► Visibility of risks at a senior level and actioning of risks within acceptable timeframe

654321 7


Critical success factors for managing risk

► Be proactive - to be successful the organisation should be committed to addressing risk management proactively and consistently throughout the project.

► Conduct a regular risk assessment - that defines key risks and weights the impact on business drivers.

► Conduct scenario planning - for major risks identify and develop a number of operational responses.

► Evaluate your project’s ability to manage risks - ensure that the risk management process is linked to the actual risks that the business faces.

► Undertake effective monitoring and control processes - to give both early warning and improved ability to respond.

► Keep an open mind - about where the risks can come from.

654321 7


Communicating risk to stakeholders654321 7

KEY

Position on grid: priority and criticality of project

Priority - Proximity of time requirement for completion

Criticality - Ability of business to function without capability

Size of circle: degree of risk associated to project

Color of circle: current project status

3 Priority21

1

2

Criticality 3

3 Priority21

1

2

Criticality 3

L

HM

Focus management attention, project resource and reporting on:

• Projects which are time critical and impact ability to trade (top right

hand corner)

• Projects impacting on overall programme (large circles)

• Projects which are not on track (red circles)

Aim to push projects away from proximity to axis

L – Risk impact within project

M – Risk impact within IS

H – Risk impact to programme

R – Project late against plan (delay to critical path)

A – Project at risk of slipping

G – Project on track against plan

1 - Cannot operate without (no ability to trade)

2 - Workarounds available (limited ability to trade)

3 - Does not impact on ability to operate / trade

1 - Completion required for first wave of movement

2 - Workarounds available (inhibits movement)

3 - Completion not mandatory for movement

2nd June 2009

Questions?

microsoft power point simon final

Business