Assessing Composite Residual Risk in projects

This is an interesting answer from Alan Ashton-Jeanes in repsonse to my LinkedIn question on Assessing Project Risk.

Alan wrote:

Risk is the main reason why projects exist. A dynamic approach to managing the risks affecting the project is an integral part of managing the project. It is the approach to risk management that should determine the value of the risk assessment approaches that feed into it.

I wish I could take it as read that the project will have one or more planned levels of residual risk exposure at the completion of each phase. DO THIS! If these targets are defined in measurable terms, then tracking of composite residual risk should use the same scales of measure. The assessment of the residual component of individual risks is then an extension of the approach to composite residual risk.

For example, the individual risk is viewed as the project's only risk and the project's composite residual risk measurement in that hypothetical case is taken as the individual residual risk measurement. An advantage of this approach is that composite residual risk is then equal, by definition, to the sum of the individual residual risk levels. A disadvantage is that multiplier effects (of one risk on another) are not naturally handled. However, by assessing the multiplier effects as individual risks, this disadvantage can be mitigated.

Another disadvantage is that the assessed risk levels are necessarily estimates, so there is uncertainty in the implicit or explicit range of values that applies to an individual risk, and hence (even more so) to the composite risk values. I find that using percentages helps here: an individual risk currently represents between, say, 4% and 12% of the phase completion target. You can only make interesting observations like this if you have numeric assessments, of course. That could be monetary value, other numbers such as mandays, or just "points".

HML or RAG approaches can easily be adapted by scoring the different levels. This needs to be done by reference to your targets for composite residual risk. If your target is "all risks Green", for example, then a Green risk makes zero contribution to the the project's residual risk, so it should have zero points. Conversely, if your target is "no risks Red", then each Red risk represents at least 100% of your risk quota. It is this type of feedback loop that leads me away from RAG and towards HML or genuine numbers. The RAG status is then some function of the relationship between the individual risk and the target.

To test or not to test for PM competency?

Question Details: Does anyone know of a simple Networks Skills/Knowledge test for Network-centric project managers?

Nigel Deighton wrote:
Einstein once said "imagination is more important than knowledge" he also said something along the line of "the level of knowledge that got us into this problem is insufficient to solve it" ............... a recommendation, when sorting the wheat from the chaff and talking about people IMHO people are the best at doing this.
As you can imagine I detest tests. They are designed to find out what you don't know rather than find out what you do know. How valuable is resourcefullness and knowledge to your group? Simply put how badly do you want to succeed?
Your team is key.

-------------------------------
Nigel,

Thanks very much. Almost poetic.

I understand where you coming from, but the fact remains that I have 20+ people who think they know something about managing networks projects and I don't have the time or luxury of putting them on a project to see if they're kidding themselves or not.
Nevertheless, I will keep in mind the point you make and try and rule with my heart rather than my head ocassionally.
BTW my wife has just finished reading a book called "Blink" by Malcom Gladwell. "Thinking without thinking" is the strapline. It mentions a Psychiatrist who could assess a couple coming to him for counselling within 15 minutes of meeting them; and predict almost with 100% reliability whether they would still be together in five years. I think I probably have a lesser talent for assessing Network PM's, but unfortunately I don't get to meet all the people face-to-face.

Regards
Rob Gourdie

The argument for Quantative (Financial) Risk Assessments on Projects

Question Details: How does your organisation assess project risk?
Chris Phillips-Maund (chris_phillips-maund@hotmail.co.uk) wrote:

Hi Rob,
I have used many methods over the years.
Normal process is:
Have a project risk register
Identify risks - through brainstorming/workshop
Analyse the risks - Rate for Impact, Rate for Probability
For all risks at and above Impact = Medium and Probability = Medium identify mitigation plan and contingency plan
Optional - identify scale of impact (cost or time) if risk becomes an issue
Review on a regular basis - review top risks/issues at least weekly
Escalate top 3 or 5 risks and issues (and action plans) to senior management

I hope this helps
Regards
Chris
--------------------------------------------
Chris,

Like so many others, you identify the standard way of managing risks and emphasise the importance of mitigation - nothing new there. However without being able to measure the 'impact' of the mitigation against the impact of the risk, how can you decide what is the best course of action?

In simple terms; if the impact of this risk materialising is $100k, but the only mitigation you arrive at actually costs $110k - why would bother? Why not let the risk materialise and pocket the $10K you didn't spend?

Also, when you are working on a project with (or often against) a client, it can be sensible to price up a weighted risk (ie. risk impact $1M, probability 10%, weighted impact $1M x 10% = $100k) and say that we can take that risk for the existing price of the project, or the client can keep that $1M risk and we will knock $100k off the price of the project. At the end of the day, in environments where you deliver projects for clients; it all about taking risk on their behalf.
Multiplex where predominantly hired to take the risk of cost over-runs and delays on the building of Wembley, not because they're good builders. [They're not builders at all, they sub all the work out and in doing so parcel up the risk for their subcontractors.]

The other benefit of using financial analysis is that, at the programme level, it is often very difficult to do anything about risk that is managed at the project level and below (apart from rubbing your hands together in a concerned fashion in front of the project sponsor). Using a 'risk budget' approach enables you at the programme level to put a risk budget aside (maybe it doubles as the salary bonus budget?) and use financial tools like Earned Value to track the programme risk profile. When you get to the end of the project there should be very little risk of anything else going wrong and your risk budget should be close to zero.

I see little value when my colleagues say a risk is rated as 'medium impact' and 'medium probability' - whatever that means to you may not mean the same to me and chances are you'll burn time trying to define each low/medium/high with every new project and client.
Appreciate your thoughts on this topic Chris.

Regards
Rob Gourdie

One Hundred Connections in my network on LinkedIn!!!

About six weeks ago, I decided that these social networking sites only work if you make an investment in them. I decided to put 15 minutes a day into sending invites, writing recommendations, asking and answering questions on LinkedIn. Well my network has taken off and grown from 26 connections to 100 (thank you Matthew Bovey for being #100)
I did take a fairly Open Networking approach, but I was surprised to find people, often through other people, who I knew from years gone by.
The other thing I have started to do, is to make this network work for me and put some of my work questions to my network, tapping their collective knowledge.
Now onwards and upwards to 200….

LinkedIn: Question: How does your organisation assess project risk?

LinkedIn: Question: How does your organisation assess project risk?
I would like a quick poll of the complexity of risk assessments for project risk. Does your company have a project risk register with Impact and Probability listed a High/Medium/Low? Or does it attempt to financially assess the impact (ie. put it in dollar terms) and then fund a separate project risk budget/trade risk funding with the client? I see both ends of the spectrum (and everything in between) being used in my organisation and would like to put the project risk management culture on a more professional footing. Please feel free to share you experiences of assessing project risk.

Tom Clark wrote:
We started to go down the route of financial impact and then using portfolio management techniques to look at your overall project investment. However, it is a leap for some PMs to make. Directionally I would advocate a dollar value approach, but backed up by a formal risk management training programme i.e. give the PMs the skill first, followed by the process - and then back this up with tools.

LinkedIn: Answers: Are you Prince 2 Certified? Share your experience.

LinkedIn: Answers: Are you Prince 2 Certified? Share your experience.:
My PRINCE2 Practitioner has just expired and I will be resitting it again soon.
Why?
Many projects and organisations need some tangible backstop to say they have hired a competent PM. Anybody can fudge their CV to make themselves sound like they know what the are doing (trust me, I think I've interviewed most of them!). So I would expect more and more to ask for either PRINCE2 or PMP certification.
I would also recommend that you have some real world experience under your belt before you sit the exam because the exam asks you to apply the principles to examples of projects
In my opinion; to be a good PM you need experience AND formal training in the 'science' of Project Management. I have heard many older PM's argue Experience against Training, and the fact is you need BOTH. They are often afraid of study and/or find being told how to modify how they do things as an afront to their ego. PRINCE is just a formal collaboration of best practise and it is easy to see the short comings of untrained (but highly experienced) PM's when you start asking the tough questions on formal scheduling techniques, stakeholder- and risk-management for example.
Finally, I am putting more emphasis on PMP these days as I work for a US based corporate in the UK, and PMP is the currency of PM's in North America.

What are people's thoughts about the book "Affluenza" by Oliver James?

What are people's thoughts about the book "Affluenza" by Oliver James?

I am hearing a lot about this new book recently here in the UK and wonder if people have read it and whether anyone has a strong opinion about it either way.
The basic concept is that in today's world the more we have the worse we feel. James background is in psychology and he explores why this is and what we can do to avoid picking up the 'viral motives' that make us unhappy.

I was thumbing a copy in a bookstore today and it compared the 'lot' of two individuals: One a successful 35yr old guy making $20M/yr living in Manhatten, who has a hollow life satisfied by high class prostitutes; and the cab driver who drove him to see the first guy. An imigrant, on a low wage, who had been mugged many times for his takings and who had a more positive outlook on life and thought things were pretty good. The argument is that affluence does not bring happiness, just an increased desire to have the things we haven't acquired yet.

Anyway, I would really like to know if this book has made a good or bad impression on anyone out there.

Watching life from the Slow Lane

Ankle
Originally uploaded by TheRobGourdie.

A rather inescapable fact about me at the moment, that is having a large impact on all aspects of my life, is my broken left leg. I thought I should mention it, as it is bound to be a factor in some strange behaviour at some point in the future.

Its well broken, as I smashed it during a training run for a Luge competition in Austria, back at the start of December. A compound (aka bones sticking out) fracture of my Tibia and Fibula, and a broken Femur (thigh bone). That has probably sealed the shortest most promising career of a Luger ever, having completed a week on the Calgary track and two runs in Igls. For my troubles I got: a helicopter ride to hospital; eight hours of surgery; four days in Intensive Care; and 16 days in hospital, oh and half a meccano set in my leg.

And he's off the mark...

Woke up, got out of bed, created Blog...

I have been putting some effort into building up my virtual networks through LinkedIn recently. So I started reading 'The Virtual Handshake' by Scott Allen and Dave Tetten, which prompted me to create this blog.

My intentions are to use this space to connect with as many people as possible, through common interests and ideas.

• From a professional perspective I will endeavour to find things that interest me (and the reader) on IT and Telecoms Programme Management.
• From a creative perspective I will use this space to muse about 'the next big thing' and see what reaction it gets.
• and from all other perspectives I will drop things here that I think are interesting, thought provoking or funny. I will try my best to follow my own rule "If its a sermon you want; go to church"

certa cito

Rob