Friday, August 29, 2008

A Pragmatic Model for Managing Project Risks (2)

After a two-week summer break, let’s get back to our pragmatic model for managing project risks.

First a few rules:
  • Apply 80/20 - By 80/20 we mean this model does not try to do everything. Instead we focus on the activities that yield the most results.
  • Optimize total cost of risk management – We try to optimize the cost of prevention, mitigation, transference and acceptance. We even allow passive acceptance as a valid response if it generates less cost that doing something else. Passive acceptance means doing nothing, and if those risks happen, they happen.
  • Target small and medium projects – A significant proportion of business and technology projects are small and medium projects. Well we admit that the definition is not clear. Let’s just say any projects less than US$ 1m value are considered small and medium. Our argument is there is no need to apply everything in those formal methods to these projects.

An outline of our pragmatic model is shown below:














We divide a project into three distinct phases: Concept/Approval, Kickoff, and Execution. We propose several key risk activities during these three phases.

Concept/Approval Phase

Business Risk Review
Key Activities
  • Business Case
  • Stakeholder Analysis
  • Scenario Analysis
  • NewspaperTest

Project sponsors and top management reviews the project’s business case, potential financial return, tangible and intangible benefits, and risks involved. Risks can come from financial impact, stakeholders’ responses, and potential damage to organization’s public image if anything goes wrong, and so on.

Particular attention, in my opinion, should be paid to negative publicity generated. There have been several recent business projects that went out of hand, eventually leading to extremely damaging responses.

A local supermarket chain launched an initiative to charge 50 cents for each plastic bag handed out to their customers. Customers’ feedbacks were extremely negative. There were even reports of sporadic instances that some customers quarreled with cashiers trying to get free plastic bags. The initiative was eventually cancelled one week later by the supermarket chain without proper explanation, resulting in even bigger outcry from the public. From a project management perspective, we would argue that implementation plan had not been well thought out (measures such as phase lead-in and publicity campaign were missing). More importantly, risk of possible poor publicity had not been highlighted to senior management. Had scenario analysis been performed, senior managers surely would have been brought to this likely outcome. The likely decision would have been a no-go.

The key objective of performing risk activities during this stage is to make go/no-go decision for the project.

To be continued…

Copyright © 2008 Knowledge Century Limited.

Posted by at No comments:

Saturday, August 9, 2008

A Pragmatic Model for Managing Project Risks

So now what? If our daily experience and even a research report shows that formal risk management methods are not applicable to small and medium size projects, are there any alternatives available?

Well let’s explore a pragmatic model for small & medium projects. First let’s consider a real life situation of moving you home.

Just say you bought a new apartment from a property developer 9 months ago. It’s scheduled to close 3 months later. You plan to move to the new apartment as soon as possible. What’d you do to minimize risks for this project?

Below is a list of typical tasks for your home relocation project:

  1. Hire a solicitor
  2. Negotiate and confirm a bank mortgage
  3. Perform pre-closing examination of the apartment
  4. Conduct formal closing
  5. Select and hire a contractor for minor renovation
  6. Contractor performs renovation
  7. Order and install utilities such as electricity, gas, phone, internet, TV
  8. Buy and deliver furniture
  9. Move to the new apartment


Examples of risk include:

  • Bank mortgage cannot be secured;
  • Apartment quality not up to expectation;
  • Developer postpones closing date;
  • Contractor fails to perform;
  • Renovation requires longer time due to contractor failure or unexpected events;
  • You are made redundant by your employer before closing;
  • You move to a new job, and so on.

There are also risks that are quite unlikely to happen, but still exist:

  • Developer bankrupt; bank withdraws mortgage;
  • Contractor sick or other accidents; and so on.

Typical approach for dealing with risks of this scale:

  • Gain as much knowledge and lessons learnt by talking to your friends who have previous experience or professionals such as property agents or solicitors.
  • Identify critical tasks and milestone dates (e.g., “Secure bank mortgage”, “Formal closing”, “Renovation complete”, “Move to the new apartment”). Try to schedule them in proper sequence and with as much buffers as possible.
  • For non-critical activities (such as “Buy and deliver new furniture”), try to schedule them with a large comfort margin or better with no dependency to other tasks.
  • During the project, monitor closely the progress of critical activities, and control them carefully.
  • Minimize changes (e.g. a new design proposed by your contractor in the middle of renovation, changing your job etc.) within the life cycle of the project.
  • For risks that are unlikely to happen (e.g. Developer bankruptcy), do nothing until they happen.

Note that (1) we start identifying risks and countermeasures by focusing on the WBS or task list; (2) we don’t apply a risk-by-risk analysis and response planning approach, instead we just apply an overall framework of careful WBS planning and close monitoring during execution; (3) we adopt reactive approach for those unlikely risks.

Hey, isn’t this common sense? Yes this is exactly the point we are trying to bring up. Risk management is not rocket science. Although there are all those formal methods, projects of smaller size only require some careful planning based on past experience and common sense. This is the first step to take away the myth surrounding risk management.

We’ll argue later that the same approach can be applied to projects in a business setting.

To be continued…

Copyright © 2008 Knowledge Century Limited.

Posted by at No comments:
Labels:

Monday, August 4, 2008

A Risk Management Research Report in Hong Kong (2)

Let’s continue with the results of the research paper. Interviews with the 25 experienced project managers revealed their FOUR risk response strategies – Control, Negotiation, Research, and Monitoring.


Control Strategies

Control Strategies

Descriptions


WBS

- Understanding requirements
- Assessing staff skills required, technology & solution etc.
- Detecting and negotiating over-ambitious target schedule

Progress Control

- Close monitoring and control of each task’s progress

Change Control

- Tightly controlling clients’ change requests, sometimes through contract T&Cs


Documentation

- Documenting all changes
- Controlling all documents for advantageous position in disputes


Reactive Problem Solving Strategies

- Increasing available person-hours (OT)
- Rescheduling and problem isolation


Negotiation Strategies

Negotiation Strategies

Descriptions


Change Control

- Assessing clients during pre-sales to determine the best approach
- “Hard” vs. “Soft” approach


Trust & Relationship Building

- Mitigation for all relationship risks
- Trying to put self into others’ shoes


Managing Client Expectations

- Recalibrating client expectations from the start
- Being honest


Balancing Cost, Schedule, and Scope

- Reprioritization of time, budget, or quality, e.g., postponing less critical req. to 2nd phase
- More resources or lower profits

Escalation

- Last resort

Team-building

- Building and maintaining commitment through lead-by-example & sharing decision making


Research Strategies

Research Strategies

Descriptions


Studying & Self Education

- Forming special team researching and studying new technology issues
- Requirement study trying to identify potential pitfalls in solution or technology


Monitoring Strategies

Monitoring Strategies

Descriptions


Constant Surveillance

- Paying special attention to potential problem areas identified during implicit assessment and evaluation of the project surroundings and contexts
- No preventive action
- Helping to shape negotiation strategies

In summary, these project managers:

  • Relied on contingencies built into the schedule (by pre-sales)
  • Applied broad project management strategies, regardless of specific risks identified

There is little evidence that they:

  • Revisited pre-sales risk checklist
  • Made own independent risk assessment


This is in complete contrast to formal Risk Management methodologies that emphasize on risk-by-risk analysis and response. Neither do the findings match recommended practices of proactive planning – Negotiation strategies, based on good relationship, were usually adopted in a reactive manner. Some practices such as Overtime (OT) are not completely in line with best practices.

There is NO risk quantification at all, as recommended by formal methods.

In the beginning of the research, it’s already established that this group of project managers were competent and knowledgeable in formal PM methodologies. So why were they not using formal risk methods? Is using broad risk strategies more effective than risk-by-risk approach for small/medium size projects?

To be continued…

Copyright 2008 Knowledge Century Limited.

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)