Risk Planning and Control
Risk Planning and Control
Upon successful completion of this module participants will learn to;
- Identify the risks of the project
- Rank the risks
- Perform qualitative risk analysis
- Develop risk response actions
- Develop contingency actions
- Develop the risk management plan for a project
Effort required – 30 minutes
Contents of a risk management plan
- Scope of the risk management plan
- Risk management strategy
- Roles and responsibilities
- Qualitative risk assessment
- Risk identification
- Risk document control
- Risk coding and risk breakdown structure
- Risk status
- Risk matrix
- Risk Response Categories for Threats or Opportunities
- Integration with Value Management
- Change Management
- Risk Register Quality Assurance
- Forms that may be used
- Quantitative risk analysis
- Cost and Schedule Risk Analysis
- Contingency and Reserves
- Integrated Analysis
- Forms that may be used
- Risk Management Schedule
- Key Performance Indicators (KPI)
- Closeout and Lessons Learned
- Reference Documents
- Risk Management Plan Revision Control
For most of us project risk management straightaway connects with risk identification, prioritization, response planning, contingency planning and implementation. What is really exciting is the fact that risk management landscape is fast changing or rather it must change as every day headlines bring new pointers that the future is on its way, and it feels like new risks and response strategies are around every corner. A virus outbreak like corona virus which is posing a major threat worldwide would not have made an entry into my force majeure clause before. So are the risks induced by climate changes and communication network disruptions.
Different types of risks
- Positive risks
- Negative risks
- Primary risks
- Secondary risks
- Residual risks
- Internal risks
- External risks
- Known risks
- Known unknowns
- Unknown – Unknowns
The risk management process
- Risk identification
- Qualitative risk analysis
- Quantitative risk analysis
- Risk response planning
- Contingency planning
Risk response strategies
- Risk avoidance
- Risk acceptance
- Risk transference
Emerging trends in risk management
So far, maximum usage of technology in construction project risk management were reported in;
- Employee training (tool box training, online talks, safety training, virtual reality training environments)
- Safety incident documentation
- Job hazard analysis
- Worker certification
The impact of emerging trends like artificial intelligence, machine learning, data analytics, cognitive learning etc are disrupting the risk identification and responses practices globally. They are making sweeping changes to almost everything including the way we plan, do, check and act on project risks. Based on my research and discussions with experts from the field, here is a list of emerging trends in project risk management;
Here are the 10 key emerging trends in Project Risk Management as per the recent report by Deloitte Consulting.
- Application of Artificial Intelligence
- Deployment of Pervasive controls – IoT to monitor and manage
- Behavioral sciences to improve risk related decision making
- Vigilance and resilience to complement prevention
- Broadening of range of risks – cyber attacks, climate change, geopolitical risks, terrorism, business disruptions, and more.
- Strategic high risk Innovations leads, regulations follow
- With increased predictability and tangibility, Risk becomes a performance enabler
- With the increase in external stakeholders reliance on Collective risk management increases
- Disruption dominates executive agenda because of increased rate of product, market disruptions
- With increased social networking, Reputation risks accelerates and amplifies
The Wrench Smart Project R&D team are forerunners in some of these trends and have helped some of their clients to capitalize on these trends. In this blog, I am mapping the industry insights / examples with the 10 emerging trends.
Some of the industry insights are from Mr. Aju Varghese, the Chief Technology Officer (CTO) of Wrench Business Solutions, who have already helped their clients with some of these trends, especially in the application of artificial intelligence and pervasive technologies for managing project risks.
- Artificial Intelligence and project risk management
“Application of Artificial Intelligence on huge amount of data will assist decision making”
According to Mr.Aju Varghese, CTO, Wrench Solutions;
Technology has disrupted conventions in many walks of life. In the use of electronic systems in project management also, innovations that could only imagined in yester years are already in practice. Advent of Natural Language Processing NLP allows humans to interact with data processing platforms using their natural language. Instead of using keyboards and mice, It is now possible to speak to computers. Instead of remembering a pair of login credentials, it is now possible to look into a camera to authenticate and authorize. All these necessitates processing of huge volumes of data in small time frames. Consider looking into the camera of a computer to login instead of typing the password and user name. Complex software algorithms are put to work to deduct the whole face image to the eyes and to the iris. Again, it is compared with pre-captured images to identify an individual. Thanks to the AI assisted computing infrastructure; this is possible in time frames measurable in milliseconds.
These technologies make the authentication and authorization process in project management seamless and access control gets fail-proof in real world scenarios.
- Pervasive technologies in project risk management
Applying ubiquitous technologies such as RFID, electronic camera surveillance etc. help reduce cost of project management at the same time make it zero risk. In a real-world example, infrastructure projects rely on large number of people on contract. Since these people on contract are not regular employees of the project organisation, there are no systems in place to monitoring their attendance and the work time. Stitching an RFID tag to their work uniforms and monitoring them using RFID sensors implement an inexpensive environment to monitor them all around the clock without the need of a human supervisor. Such technology assisted systems help reduce the risk of low worker utilization to near zero.
Another example is progress measurement. Conventionally, the project management team needs to rely on the field service to get the actual progress from site on a daily or weekly basis. For the field services team, work is of more importance than monitoring. Most often, the field services team either fails to report progress or reports incorrect/ not-latest progress. This will derail the project forecasting and eventually lead to failure of projects.
It is possible to automatically capture progresses for activities such as fencing, concreting, excavation etc automatically using intelligent cameras mounted on devices like drones. This averts the risk of project delays by bringing project progress information accurate to the minute.
Fujitsu has developed wearable tags that can detect whether users have changed location or posture, have fallen down, or are experiencing high heat. With the help of these tags, employers can—in real time—monitor employees’ working conditions or detect if they are carrying a heavy load or standing in a place where they might fall. The aim is to reduce the risks of injury at the workplace.
The integration wearable technology with Building Information Management (BIM) could provide real-time management of construction project that can increase employee safety and makes construction safer.
- Application of Behavioral sciences in project risk management
The product of your project can fail, if it is not habit forming, resulting in under utilization and user drop outs. Behavioral scientists can help to design and build habit forming products or services which generates traffic and revenue. It is expensive to acquire a customer, so it is important to keep customers using your product regularly resulting in additional business. Application of behavioral sciences while recruiting helps to reduce attrition and foster productivity.
“The ability to understand what products and how they can be used to inculcate habit-forming behaviors in your target customer base can lead to the design of a sustaining product,” stated best-selling author Nir Eyal.
Behavioral scientists know how & why habits form, which is one reason why you might consider hiring psychology majors as product managers. When your company growth flattens out or starts decreasing, behavioral scientists can figure out why.
Fujitsu has built a platform that uses psychological profiling to ramp up computer security in the workplace. This enterprise tool aims to identify workers who are most vulnerable to cyber attacks and also gives advice on how to sidestep them, based on their behavior while checking and sending emails, and browsing the web. This was developed after consulting social psychology experts and surveying more than 2,000 Japanese users, half of whom had experienced attacks, to determine which traits make some users more vulnerable to viruses, scams, and data leaks.
- Vigilance and resilience
“Vigilance and resilience complement prevention as leading practices. Organizations are realizing that 100 percent risk prevention is not feasible, so investment in vigilance (detecting risk events as they happen) and resilience (containing and reducing the impact of risk events) will increase.”
The most visible example of this is google maps, which helps to identify traffic congestion points real time and help the drivers to avoid those congestion points by suggesting alternate paths.
When I log in to google from a different location / machine it alerts about the possibility of a security breach which helps to protect my account from hackers.
Zeean, an open source project, taps the crowd to map the flow of materials across the world. Using this database, Zeean then attempts to help organizations analyze the economic impact of isolated events (for example, climatic catastrophes) on global supply chains through powerful visualizations, working to help organizations and governments achieve supply chain resilience in a cost-effective manner.
Cytora aims to provide real-time structured data on supply chain, operational, and geographic disruptions across multiple categories of risk, including factory fires and explosions, labor strikes, terrorism incidents, industrial accidents, and natural disasters for supply chain risk and corporate risk management. Alerts received within five minutes of an event breaking online seek to give organizations the opportunity to try to mitigate risks early and keep costs low.
- Broadening of risk transfer in scope and application
While creating this blog post, corona virus is playing havoc in China causing ripple effects across the world. The impact of this is yet to be analysed. If we observe closely the frequency of virus outbreaks have increased. This type of new risks calls for the broadening of risk transfer in scope and application.
“Risk transfer broadens in scope and application. Risk transfer instruments, such as insurance, contracts, and novel financial instruments, will increasingly be used by organizations to protect them from a wider range of risks – cyber attacks, climate change, geopolitical risks, terrorism, business disruptions, and more.“
Some of the largest medical device manufacturers like Boston Scientific, Medtronic, and St. Jude Medical are negotiating experimental deals with hospitals to take on performance-based financial risk for their implants. Such risk-sharing agreements are structured in a variety of ways. Some agreements may stipulate that the manufacturer return a percentage of the device’s price if it does not meet certain performance goals or fails within a set period of time. Under other agreements, a hospital pays more for a device that fulfills a manufacturer’s quality and economic claims.
- Innovation leads, regulations follow
“The marketplace will reward organizations that take on strategic, high-risk innovations—even if they fall outside the scope of existing regulations.”
Companies such as Google are investing in building autonomous cars ahead of a regulatory framework, driving regulators to strategically balance their priorities around promoting innovation and ensuring public safety. Amazon became a global giant and success story, even before the regulators thought of any regulatory frameworks for online stores to save the traditional brick and mortar ones. Sharing economy-based businesses, such as Airbnb and Uber, are growing rapidly by breaking away from traditional industry norms and established assumptions built into regulations.
- Risk becomes a performance enabler
“As risks become more measurable and tangible, organizations will be better able to determine an accurate upside value for risk—and encourage an appropriate level of risk-taking.”
Adobe’s Kickbox Innovation Workshop encourages innovation and risk-taking by providing the participating employees with seed money ($1,000 prepaid credit card), a step-by-step startup guide, and a 45-day period to experiment with and validate new ideas. Chief Financial Officers are using risk dashboards for driving strategic decision making, such as weighing M&A possibilities, developing new product lines, planning market entry strategy, and deciding on capital allocation. Advertising agency Grey gives out the Heroic Failure Award that honors new, unproven ideas that were failures in the market, thus rewarding and encouraging risk-taking among employees. Going by the global trends, the appetite for high risk – high reward projects are on the growth path as more and more organizations adopt blue ocean strategy for their business growth.
- Collective risk management
The concept of Beta testing of products within a limited set of chosen customers is one of the oldest prevailing forms of collective risk management in projects.
United Airlines is seeking to harness the power of the crowd to improve security of its software through a “bug bounty” program that will award miles to people for finding vulnerabilities. With this program, the company is following the steps of technology corporations like Google, Facebook, and Microsoft, which have their own bug bounty programs. These programs engage independent researchers, experts, and hackers to find potentially dangerous security flaws for a reward.
ThreatExchange, a social data exchange platform by Facebook, is being used by security professionals and researchers across the world to share cyber threat information.
Wikistrat, the crowd sourced consulting organization, uses interactive role-playing games that leverage a crowd of experts from all over the world for strategic forecasting. Wikistrat’s open source platform provides access to vetted crowd sourced expertise to address complex client issues and risks and to develop effective action plans.
Certain electric car manufacturers are testing out their product through call taxi operators before making them available to the general public.
- Disruption dominates executive agenda
Disruption dominates the executive agenda. The constant threat of disruption resulting from emerging technologies, business model transformations, and ecosystem changes will force executives to make significant strategic choices to drive organizational success.
Media companies such as HBO that were under the threat of disruption by online streaming players have now reinvented their strategies by adapting to the fast-changing business environment. They have embraced online streaming and have introduced a host of related offerings, thus posing competition to existing streaming content providers.
3D printing is transforming the health care sector, with many incumbents adopting 3D printing for manufacturing medical implants, dental products, and bio-printed tissues.
To counter the growing threat of car sharing companies like Zipcar, German automaker Daimler has launched its own car sharing service called car2go. Through car2go, Daimler aims to disrupt the disruptors like Zipcar not by copying their business models but by creating its own unique value proposition – a “roving” model in which its cars have no fixed spaces and can be parked anywhere to end a trip.
- Reputation risks accelerates and amplifies
To survive in a hyper-connected world dominated by mobile devices, social media, and evolving expectations from society, leaders will proactively address accelerated, amplified risks to their organizations’ reputations.
Indigo airlines which prohibited a particular passenger from flying in their airline has eroded its credibility in the public’s eye.
A media conglomerate fired its head of communications for an offensive personal social media post—which went viral in a matter of hours—in an effort to prevent further damage to its reputation.
Websites like Ripoff Report and Scambook offer online platforms for consumers to post complaints. Ripoff Report receives more than a million visits a week and generates several million dollars of revenues a year from firms that pay to resolve customer complaints.
Food safety incidents can cause significant reputation loss and revenue impact for food and beverage companies. The impact on a company’s reputation is often intensified due to the negative attention received through social media channels. Brands that are not prepared to respond to crisis face further scrutiny for moving too slowly when incidents occur.
Whether one like it or not, the impact of new technology, climate change, social networking etc are forcing organizations to pursue programs / projects with higher risks some of which were non existent till recently. This creates amble opportunities / need to innovate procedures and systems to manage the emerging risks which are bigger in impact. Hence, organizations are relying on the application of emerging trends like artificial intelligence, pervasive controls, behavioral sciences, vigilance & resilience-based systems and collective risk management to manage their project risks.
- Identify five major risks from your project
- Rank them on a 1-5 scale where 5 is greater than 1, for both probability and impact
- Perform qualitative risk analysis by multiplying their probability with impact
- List them in the descending order of probability and impact
- For the top two risks, define risk response actions and contingency actions