Manage Risks
objectives inputs & outputs approach actions exceptions checklist texts
Objectives top
To Mitigate (identify and manage) Risks. (This is a Generic Process Step that is invoked from both Manage a Bid and Manage Projects). The invoking Process Step will set the specific context and, in particular, the choice of the appropriate Inputs and Outputs from those listed below).
Inputs and Outputs top
|
Inputs |
Outputs |
|
Risk Folder updated |
|
|
Bid Campaign Plan and Bid Plan updated |
|
|
Bid File updated |
|
|
PID, Project Plan, or Phase Plan / Stage Plan |
PID, Project Plan, or Phase Plan / Stage Plan (updated) |
|
Issues Folder updated |
Approach top
This activity is often called Risk Mitigation. It has four main activities, which are performed concurrently and continuously:
- identification
- quantification
- planning
- monitoring.
These activities will start at the beginning of a Bid, and continue until the end of the ensuing Project.
Identification
Identification serves simply to identify the Risks to which a Bid or a Project may be subject. This is essentially a creative activity - it demands imagination and lateral thinking. Relevant techniques include brainstorming, critical analysis, use of checklists, and comparison with previous Bids and Projects (both similar to and different from the one you have in hand now). As Risks are identified, they are entered into the Risk Folder which has two parts:
- a Risk Log which is a table of all the Risks that have been identified and which contains summary information about each Risk;
- a number of Risk Records, one for each Risk for which the information to be recorded will not fit into the space allocated in the Risk Log.
Identification of a new Risk, or a change in the nature of an existing one may also require a new Issue to be logged.
Quantification
Quantification is concerned with assessing the severity of each identified Risk. A Risk is quantified by estimating:
- the probability that the Risk will actually materialise. By its very nature, a Risk is something that is uncertain. This estimate gives an indication of the likelihood of the Risk becoming reality.
- the impact if the Risk does materialise. Some Risks, if they materialise, will have only a minor impact - perhaps just some inconvenience or a trivial amount of extra work. Other Risks will have a major impact, such as causing total failure of a Bid or Project.
The severity of the Risk is then the product of the probability and the impact:
- Risk severity = Risk probability * Risk impact.
Both probability and impact can be assessed on a scale of, say, 1 to 5, so that severity is assessed on a scale of 1 to 25.
Planning
The third activity, planning, decides how each Risk should be mitigated. This activity of course pays particular attention to the most severe Risks. Essentially, any Risk can be mitigated in two quite distinct ways:
- steps can be taken to avoid the Risk, so that it is less likely to materialise
- plans can be established for the action to be taken in the event of the Risk materialising, so as to contain the impact.
The first of these is termed an Avoidance Measure, while the second is termed a Contingency Measure. Note that the effect of an Avoidance Measure is to reduce the Risk’s probability, while the effect of a Contingency Measure is to reduce the Risk’s impact. So either measure will reduce the Risk’s severity, and the combination of the two could reduce it substantially.
Overall, the planning activity consists of:
- 1. identifying possible Avoidance and Contingency Measures, and entering them into the Risk Folder, along with an indication of where and how the measure is implemented (e.g. in a Contract or in a Bid/Project Plan) and the contingent resources (effort, money) needed for mitigation of the Risk should it materialise. This is again a creative activity requiring imagination and lateral thinking.
- 2. estimating the adjusted probability and impact values with the Avoidance and Contingency Measures in place. These values should of course be lower than the initial raw values (i.e. those that were originally entered into the Risk Folder, before the Avoidance and Contingency Measures were identified).
- 3. calculating the adjusted severity value by multiplying the adjusted probability and impact values.
All three values are entered into the Risk Log, and if there is one, the Risk Record.
Monitoring
The fourth activity, monitoring, consists of monitoring the emergence of new Risks, the success of Avoidance Measures, the changing probability and impact of each known Risk, the materialisation of each Risk, the application of the Contingency Measures, the expiry of Risks, and the management of any related Issues.
The Risk Folder and Issues Folder must be updated on a regular basis to reflect the changing situation (including the identification of new Risks). These updates will feed into the routine of Risk Management and the preparation of Status Reports. It may also lead to a review of the Bid or Project Plans.
Actions top
|
Item |
Responsible |
Action |
|
1 |
Risk Manager |
Risk identification: Enter all identified Risks into the Risk Folder. Where appropriate, log a new Issue |
|
2 |
Risk Manager |
Risk quantification: Assign each Risk a probability value and an impact value, and then calculate the severity as the product of probability and impact |
|
3 |
Risk Manager |
Risk planning: For each Risk of any severity, identify Avoidance Measures and Contingency Measures and enter them into the Risk Folder. Calculate the adjusted probability with the Avoidance Measures in place and the adjusted impact with the Contingency Measures in place. Calculate the adjusted severity |
|
4 |
Risk Manager |
Risk monitoring: Monitor the emergence of new Risks, the success of Avoidance Measures, the changing probability and impact of each Risk, the materialisation of each Risk, the application of Contingency Measures, and the expiry of Risks. Keep the Risk Folder and Issues Folder fully updated |
|
5 |
Risk Manager |
Follow this Process Step as a regular routine |
Exceptions top
None
Checklist top
None
Texts top
Risk Avoidance and Contingency Measures
Risk Avoidance Measures
One way of avoiding Risks to the company is by transferring them to somebody else. For example, Risks could be avoided by:
- passing them to a Customer through the Contract conditions, especially where these are in some sense tied in to a Customer default
- passing them to a Customer by getting the Customer to endorse the technical approach (in the Proposal, and as refined throughout the Project)
- passing them to a Customer by clearly documenting in the Proposal, all assumptions made about the RFP/ITT
- passing on to any Joint Bidders or Direct Suppliers, Risks associated with their non-performance.
- use of insurance, e.g. Export Credit Guarantee, forward buying/selling of foreign currency.
Risks can also be avoided in other ways. As a simple example, the probability of critical staff leaving during a project could be reduced by adopting a completion bonus scheme.
Risk Contingency Measures
Simple examples of Risk Contingency Measures include:
- a staff succession Plan – to reduce the impact of critical staff leaving a Project
- building float into the critical path of the Plan – to reduce the impact of slippage
- ensuring a second source for supplies – to reduce the impact of supply problems from the first source.
Allow time for Mitigation
Resources for mitigating Risks are of course very necessary. However there must be sufficient time allowed in the planning of Risk Mitigation for the implementation of the plan. It may seem very obvious, but it is a common mistake to allow far too little time for this.
Releasing contingency on expiry of Risks
Some of the Risks that have been identified will probably not materialise. When they are no longer any threat to a Bid or a Project, Risks are said to have expired. If a Bid or Project’s Budget provides Resources or money for mitigating a Risk, once it has expired, the associated contingency may be released. Then it may be applied to some other Risk, or identified as an additional contribution to reducing the costs of a Bid or the profit of a Project.