Download presentation
Presentation is loading. Please wait.
1
Risk Management
2
What is Risk? Webster’s (Risk) – The possibility of suffering harm or loss; danger. The different types of risk Personal risk - How will this risk effect the individual i.e. loss of job, health, family life, and their ability to identify and address risk Professional risk – Will people have the courage to identify and response to risk i.e. peer and or management pressure. What is the culture of your team, program, company? Program risk – Is the risk process so narrow that suboptimum program decisions are made to the detriment of business areas or company goals Company risk – Do you think of things short term or long term, do you look at the impact across the business (car versus horse drawn carriage, great for my program but hurts other business areas) Community risk – How do your decisions impact the community around you locally, regionally, nationally, planet earth (Enron, Mortgage crisis) Identification of the different types of risk may make the difference between success and failure for you, the team, the company, or even the nation in some cases
3
Consequences of Risk Negative Positive Personal Personal Loss of job
Lack of Promotion Pay freezes Emotionally destructive (fear, anxiety, passive) Company Loss of business Lower profits Lower stock price Reduced company viability Country (US – Oil no refiners, or alternate sources of energy) Lack of vision Short term focus Positive Personal Increased opportunities Promotions Pay increases Emotionally lifting (initiative, innovative, courage) Company Increased business Higher profits Stock price Increased market share/new markets Country (Canada – Oil tar sands, Dutch wind) Vision Long Term Focus
4
If Risk Management is important, how do we sell Risk Management to management?
You create a need for it!!
5
Program Performance Assessment
198 Program Attributes Assessed from Pre-Proposal thru Contract Completion Program Phases: Pre-Proposal Proposal Pricing delegation Contract requirements Technical performance Contract execution Contract change Survey Tool Performance Assessment: 9 = excellence in addressing key characteristics 3 = fair performance in addressing key characteristics 1 = poor performance in addressing Database Established
6
Risk Management Key to Success
What Was Done Well on Programs That Performed Well That Was Missing on Programs That Performed Poorly? Good program identified risk, assessment performed, integrated into program plan & tracked throughout life of program 2 areas 3 areas 5 areas Risk Management Area 2 Area 3 Area 4
7
Consistently Do Poorly on Problem Programs
Pre-Proposal Risk & requirements understood 4 other areas Proposal Risk mitigation plan in place 3 other areas Delegation 1 other area Contract Change Contract Execution & Technical Performance 11 other areas Risk analysis & mitigation plan 4 other areas Score of <4, Scale of 1-3-9 Perceived as Areas of General ATK Weakness
8
Program Management Survey Results
PMs that incorporate Risk Management Plan into their program – 78% Regularly use or implement risk management (monthly or less) – 50% PM’s that can find examples of previous program plans, risk analyses, schedules, etc.. to help me do my job – 44%
9
Program Management Process Rating
Q11) Which of the following items have you incorporated into your program(s)? (Check all that apply.) Many key elements of a Design Plan and Program Plan not applied to programs
10
Program Management Process Rating
Q12) How Regularly do you use or implement these items? (Check all that apply.)
11
What is Risk Management?
Definition of Risk Management: Risk management is concerned with the outcome of future events, whose exact outcome is unknown, and with how to deal with these uncertainties, i.e., a range of possible outcomes. In general, outcomes are categorized as favorable or unfavorable, and risk management is the art and science of planning, assessing, and handling future events to ensure favorable outcomes. The alternative to risk management is crisis management, a resource-intensive process that is normally constrained by a restricted set of available options. “ Risk Management Guide for DoD Acquisition, fifth edition, version 2, June 2003”
12
What is Risk Management?
Types of Risk Management: Hardware Feasible, stable, and well-understood user requirements and threat; A close relationship with user, industry, and other appropriate participants; A planned and structured risk management process, integral to the acquisition process; An acquisition strategy consistent with risk level and risk-handling strategies; Continual reassessment of program and associated risks; A defined set of success criteria for all cost, schedule, and performance elements, e.g., Acquisition Program Baseline (APB) thresholds; Metrics to monitor effectiveness of risk handling strategies; Effective Test and Evaluation Program; and Formal documentation
13
What is Risk Management?
Types of Risk Management: Software Risk Management Identify software risk. Estimate the time and resources required to develop new software, resulting in potential risks in cost and schedule. Test software completely because of the number of paths that can be followed in the logic of the software. Develop new programs because of the rapid changes in information technology and an ever-increasing demand for quality software personnel. People Needs/Desires Determine relationships Relative power/influence Trust
14
What is the Risk Management Process
15
Defenses are Never Perfect
What we don’t Know or don’t Believe Can and Will Hurt Us We perceive our ideal system of defenses like this. Mishap Potential losses (people and assets) But the reality is more like this. Source: James Reason, Managing the Risks of Organizational Accidents, 1997, p. 9
16
When Events Line Up, the Consequences Can Be Devastating
A Hole is a Risk – A Weakness In a Plan – Any Plan People Events Facilities Materials Process Design Defenses in depth Product Design Program Plan Requirements (unspoken & spoken) Mishap Adapted from : James Reason, Managing the Risks of Organizational Accidents, 1997, p. 12
17
Engineering and Process Design Close Holes
Ham and Swiss on Rye Voice of Customer (VOC) Requirements Definition Product Design Process Design Design FMEA / FTA Manufacturing Process FMEA Systems Engineering Process Control Peer Review To Close a Hole REQUIRES a Change – The Right Change at the Right Time Defensive Barrier Requirements Manufacturing Design Product Inspections Only Close Small Holes Engineering and Process Design Have High Leverage “Process” = ALL Processes, not just Hardware/Manufacturing
18
The Result is Mission Success
Where are the Holes? The Essence of Mission Assurance Eliminate the Holes Shrink the Holes Make sure the Holes don’t Line up The Essence of Risk Management Find/Define the Holes So That We Can … Eliminate, Shrink, etc… The Result is Mission Success
19
Risk Management Model Incident Management Plan Plan Manage Risk
Incidents Plan Plan Manage Risk Manage Risk Target Condition Current Condition
20
Risk Management If I know the risks I face, I can make better decisions If I know the risks up front, I can apply my resources in a planned manner rather than just reacting to problems with scarce resources A Key Role of a Leader is to Apply Resources at the DECISIVE Point and Time to Achieve Victory If I know the risks & appropriately mitigate the risks, I have more confidence that I will achieve Mission Success – I plug the holes in the Swiss Cheese
21
What Happened We found many Risk Management Tools
We found no inclusive and defined Process “How to Identify the Risks” was Missing All Levels, All People, Simple & Complex We defined the Principles We defined the Process Based on and consistent with the Principles We designed a simple tool to support the process
22
Emerging Risk Management Principles
Have a Plan IMP/IMS, Product/Process Design, Material Plan, etc. Actions to Mitigate Risks get Rolled Back into the Plan Understand the Plan/Process Look at each step/item in a methodical fashion Include the Right People Can be Very Difficult, but is Critical to Success Thorough Discussion and Review Risk Management is an Individual Behavior Control Change – Make Changes Proactively There is a Cost for every Mitigation – Plan The Resources Solid Cost/Benefit Decisions are Necessary Planned Use of Resources vs. Ad Hoc “Head in the Sand” Take Planned Action – Plan And Make Change Plan the work, work the plan Follow up Hold teams and individuals accountable
23
Risk Management Process Flow
*** The “ Map/Define ” step can use a number of Risk – An event that could happen to prevent me from reaching my Risk Levels Likelihood Severity Control Alternatives Identify options Identify resources Assess costs, benefits and impacts Plan actions Impacts Cost Schedule Performance tools such as process flow charts, program plans, goal. Integrated Master Plans, Design Trees, etc, to Condition – The reason this risk makes you uncomfortable. guide the risk identification effort. Consequence – The result if the risk event happens. Given a current Severity – The measure of the magnitude of the effect of the risk event condition and (consequence) on Cost, Schedule, Technical Performance, AUPC, & desired end state Safety. Risk Identification Likelihood – The subjective measure of probability that the risk event will occur. FMEA, PFMEA, FMECA - type methodology Risk Assessment Brainstorm voc For each step - Evaluate risks Map/Define potential risks feature, define for each step - for probability Risk No the process – 6 M ’ s, 3 W ’ s of occurrence Risk Tracker Requires ID critical feature with & Success multi - and severity of Action? features *** Criteria disciplinary consequence team Yes EAC Reviews Periodic Program Risk Risk Tracker Review Update the Plan IMP/IMS Design Process Budget Plan actions to Determine root reduce probability, Identify and Communicate the Risks Update reduce severity, Perform Actions causes of the Assess Risks (Reviews, Boards, Process or plan contingencies (Work the Plan) risk or further to the Plan Change Control, etc.) Plan understand risk Risk Handling 10/16/06
24
8/30/06
25
Planning & Resource Allocation
Have a Plan, Work the Plan, Follow-up on the Plan Risk Management is Dependent on having a Plan The “Plan” is the “IMP/IMS” for a Program, the “Design” for a Product or Process, the “BOM” for Materials, etc. The process looks at each step in the plan to Identify Risks All Risk “Handling” Actions must be worked back into the Original Plan for application of Resources and Follow-up (IMP/IMS, Design, etc.) Planned Use of Resources is Critical to Effective Management of the Process Resources are Always Limited so Planning is necessary to Assure that Risk “Handling” Actions will actually be Implemented Leaders Allocate Resources – It is Inappropriate to merely bully subordinate and supporting organizations to implement Change without Allocating Sufficient Resources
26
The Process is Universal and Necessary
Risk Management is universally applicable to and necessary in all parts of our processes. Too often it is only used at the Program level. People Events Facilities Materials Process Design Defenses in depth Product Design Program Plan Requirements (unspoken & spoken) Mishap Adapted from : James Reason, Managing the Risks of Organizational Accidents, 1997, p. 12
27
Accountability From Bottom to Top
Executive Management ATK Customer Pull Program Manager Customer Functional Leadership Supporting Organizations Teams IPT’s Functional Teams Individuals Designers Builders Given a sound process and training, Risk Management is an individual behavior. The process linked with the right behavior = Success. This individual behavior is the foundation of Risk Management.
28
View from the Top How Leadership Views, Discusses and Responds to Identified Risks will Determine the Effectiveness of Handling Plans and will Determine Future Willingness to Identify Risks.
29
Risk Management Process Focus
Implement a thorough risk management process Keep reporting simple Focus on reducing or eliminating risk through proactive risk management and initiating risk mitigation activities Minimize the temptation to “accept” risk
30
Risk Management Process & Responsibilities
RM, TD IPT Leads Any Stakeholder RM, TD IPT Leads TD, RM IPT Leads TD, RM IPT Leads RMB, RM IPT Leads
31
Weekly Inputs to Risk Assessment
Design, Manufacturing Capability Assessment Risk Management Board Trade Studies Lessons Learned Inclusion into Risk Tracker RMB Co-chaired by xxx RMB Members: RMB Advisors: RMB Facilitators: Requirements Walkthrough Analysis DFM/DFA’s Opportunity Data Base Risk Clarification & Clean up GN&C / Aero / SW / GPS Program Office Systems Engineering Systems Design Integration Test & Evaluation Electrical Mechanical Program Office (continued) Contracts Finance Quality Materials Production Transition Alliant Techsystems Proprietary
32
The Benefits of a robust Risk Management Process
How can you make risk work for you It is a common trait of management to award people who put out fires more then they do the people who do things the right way such that you do not have fires. Unfortunately it is also true that the people who put out fires may have gathered the kindling and lit the match that started the fire in the first place through poor risk management or no risk management Good risk management helps give you visibility for doing the right things It highlights the risks It identifies the consequences It enables healthy discussion on strategies and actions for addressing risk It enables the individual to get the credit for doing the right things the first time
33
The Benefits of a robust Risk Management Process
Actual Benefits from following “Good Risk Management Practices” Schedule It highlights the critical path Identifies what is driving the critical path Gets people talking and addressing the risk It gives you time to address the risk Money It gives you a forum to discuss money in a non threatening manner It provides reasons for making money available Reference viewgraph 3
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.