Strategic Context of Project management (PM104)

Final Exams

Exams Questions:

1. What are the processes of Risk Management? Explain your answer using a case study.

2. What are the procedures for implementing TQM and the barriers? Explain your answer.

1
 Table of Contents
Page
1.0 Abstract .................................................................................................................................... 2
2.1 Introduction …………………………………………………………................................................................. 4
2.2 The Risks Management Process ............................................................................................... 4
3.1 Risks Management Techniques .................................................………………………………………...... 5
3.2 Definition of TQM ........................................................................................................ 6
3.3 Procedures for Implementing TQM ............................................................................... 5
4.1 Barriers to Implementing TQM ...................................................................................... 7
4.2 Conclusion ..................................................................................................................... 9

2
2.1 Introduction
In the face a volatile business world, the concept of risks has become extremely important to
business organizations. Various definitions have been proffered and various risks management
strategies suggested. In a more common sense, risk is when you take a chance at something which
can either turn out better for you or could result in negative outcome. In more technical term, risk is
the potential that a chosen action or activity (including the choice of inaction) will lead to loss
(which is an undesirable outcome). Whilst ISO 31000 (2009)/ISO Guide 73:2002 define risk as the
effect of an uncertainty on objectives, the IIA looks at risk as the possibility that an event will
occur, which will impact an organization's achievement of objectives. Risk taking remain a critical
component of every profit oriented business decision. Business managers need to weigh the
potential fallout of risky decisions and the consequence of not adopting a prudent risk mitigation
strategy. On the other hand, investors require some amount of guarantee that if they expose their
investments to an identified risks it will result to adequate returns on their investments (Merna,
2004).

2.2 The Risks Management Process

In itself, risk management literally refers to the process of identifying, assessing and controlling
risks arising from operational factors and making decisions that balance risk costs with mission
benefits. It broadly concerns with the systematic application of policies, processes and procedures
to the task of establishing the context, identifying and assessing risks, and then planning and
implementing actions to minimize threats and maximize opportunities in order to optimize plans in

3
a cost-effective way. An implementation of risk management practice can avoid a substantial
consequence of the failure to adequately identify and manage risk. In other words, identification and
assessment of risks within a system can play a vital role in planning effectively and strategically.

I would like to use my organization, the National Social Security and insurance Trust (NASSIT) as a
case study for this analysis. As a pension scheme, risk management process entails a description
of steps taken to identify, monitor and control. These steps is a dynamic process, which requires
the following:
 Commitment at the highest level of the Organization
 Trained and competent assessors and
 Total involvement at all levels of the organization

The risk assessment process is described in the flow chart below:

Establish Risks Management Context

Identify Risks

Evaluate Risks

Develop and Implement Risks Controls

Develop Management Strategy

Institute Monitoring System

Measure Monitoring Effectiveness by

reviewing and updating risk statuses

Risks management begins with establishing the context of the risk assessment. In the risk management
framework, the context is commonly thought of as the opportunity, strategy, outcome or process in which

4
stakeholders want formal analysis and assurance. Context here refers to the level in which management
feels the need to set strategy and assess risk. For risk assessment, the context must reflect the economic
value of the organization and the business model for creating value.

3.1 Risks Management Strategy

An organization must choose one of four basic strategies to control risks :

– Avoidance: applying safeguards that eliminate or reduce the remaining uncontrolled risks
for the vulnerability.
– Transference: shifting the risk to other areas or to outside entities
– Mitigation: reducing the impact should the vulnerability be exploited
– Acceptance: understanding the consequences and accept the risk without control or
mitigation
Risk Avoidance is the risk control strategy that attempts to prevent the exploitation of the
vulnerability. Avoidance is accomplished through:
– Application of policy
– Application of training and education
– Countering threats
– Implementation of technical security controls and safeguards

Risks Transference is the control approach that attempts to shift the risk to other assets, other
processes, or other organizations may be accomplished by
– Rethinking how services are offered
– Revising deployment models
– Outsourcing to other organizations
– Purchasing insurance
– Implementing service contracts with providers

Risk Mitigation is the control approach that attempts to reduce, by means of planning and
preparation, the damage caused by the exploitation of vulnerability. This approach includes three
types of plans:
– Disaster recovery plan (DRP)
– Incident response plan (IRP)
– Business continuity plan (BCP)
Mitigation depends upon the ability to detect and respond to an attack as quickly as possible.

5
Acceptance is the choice to do nothing to protect an information asset and to accept the loss when it
occurs. This control, or lack of control, assumes that it may be a prudent business decision to
– Examine alternatives
– Conclude the cost of protecting an asset does not justify the security expenditure

Risk control involves selecting one of the four risk control strategies for the vulnerabilities present
within the organization. If the loss is within the range of losses the organization can absorb, or if the
attacker’s gain is less than expected costs of the attack, the organization may choose to accept the
risk. Otherwise, one of the other control strategies will have to be selected.

3.2 NASSIT's Internal Risks Controls

The purpose of addressing risks is to turn uncertainty to the organization’s benefit by constraining
threats and taking advantage of opportunities. Any action that is taken by the organization to
address a risk is known as “internal Control” like in the case of NASSIT, a pension fund
organization. There are four key methods of addressing risks that are facing the Trust.
i. Tolerate - the exposure may be tolerable without any further action being taken
ii. Treat – a greater number of our risks are addressed in this way. We may continue with the
activity giving rise to the risk, the purpose of treatment is that action (control) is taken to
constrain the risk to an acceptable level. These constraints are further divided into their
particular purpose.
iii. Terminate – some risks will only be treatable or containable to acceptable levels by
terminating the activity giving rise to the risk. This option can be particularly important in
project management if it becomes clear that the projected cost/benefits relationship is in
jeopardy.
iv. Transfer – for some risks, the best response may be to transfer them. This might be done by
conventional insurance or it might be done by paying a first party to take the risk another
way. This option is particularly good for mitigating financial risks or risks to assets.

3.2 Risks Management Techniques

Table 3 provides the various techniques used in the risk assessment process for the 1 st Quarter of
2010.

Table 1: Risk Assessment Techniques Used at NASSIT

TECHNIQUE DESCRIPTION

Review of documentation Management and the relevant staff conducted reviews

6
 of their operations, operational manuals, policies,
system documentation, etc.

Face to Face/Group Discussions Risk Coordinators consulted with their relevant

constituencies to re-evaluate the risk profile. The
process was developed to function as an open in-house
communication process with input from both Risk
Coordinators/Officers and staff.

Vulnerability Sources Continuous contact with vulnerability sources like

customers and suppliers of goods and services
enhanced the identification of potential vulnerabilities.

3.2 Emergence and Definition of Total Quality Management (TQM)

Total Quality Management (TQM) was originally introduced as a quality management philosophy
with methods pioneered by experts like Deming, Juran and Crosby as a way to eliminate waste in
the use of resources. It mandated the involvement of all members of the organization to work
towards a common goal. As a result, it provided an ultimate way of quality thinking shared by all
personnel in the organization to meet the customers specified requirements ( Kanji et al., 2003). The
manufacturing industry happens to be the first industry to implement TQM in the middle of the
1980’s. It was thereafter adopted by other industries following its success in the manufacturing
sector. It was then used in service industries followed by the government (Yang and Christian,
2003). TQM is a philosophy aimed at achieving business excellence through the use and application
of tools and techniques, as well as the management of soft aspects, such as human motivation in
work (Juran and Gryna, 1980).

Berry (1991) defined TQM process as a total corporate focus on meeting and exceeding customer’s
expectations and significantly reducing costs resulting from poor quality by adopting a new
management system and corporate culture. Quality management is a long-term process that relies
on relative achievements through continuous improvement. Successful TQM implementation can
only come from radically challenging and changing the culture of the organization (Zairi, 1996).
Therefore, one may say that TQM is a philosophy, concept and powerful management approach. It
involves management and empowerment of people in order to create satisfied customers and
improve organizational performance.

3.3 Procedures for Implementing TQM

7
The starting stage in TQM implementation is to assess the organization’s current reality. Relevant
preconditions have to do with the organization’s history, its current needs, precipitating events
leading to TQM, and the existing employee quality of working life. If the current reality does not
include important preconditions, TQM implementation should be delayed until the organization is
in a state in which TQM is likely to succeed.

If an organization has a track record of effective responsiveness to the environment, and if it has
been able to successfully change the way it operates when needed, TQM will be easier to
implement. If an organization has been historically reactive and has no skill at improving its
operating systems, there will be both employee skepticism and a lack of skilled change agents. If
this condition prevails, a comprehensive program of management and leadership development may
be instituted. A management audit is a good assessment tool to identify current levels of
organizational functioning and areas in need of change. An organization should be basically healthy
before beginning TQM. If it has significant problems such as a very unstable funding base, weak
administrative systems, lack of managerial skill, or poor employee morale, TQM would not be
applicable.

Organizations that would like to be successful have figured out that customer satisfaction has a
direct impact on the bottom line and that creating a conducive environment which supports a quality
culture requires well structured and systematic process. Below are systematic steps to implementing
a quality management system that will help to bring the process full circle.

i. A Clear Vision
The staff of the organization need to know how their job is tied to organizational strategy and
objectives which makes it important that all employees understand where the organization is
heading to, what it hopes to accomplish and the operational principles (values) that will steer its
priorities and decision making. Having a process to educate employees during new employee
orientation and a communication process to help ensure that the mission, vision and value is always
in front of the people is a major first step.

ii. Identify Critical Success Factors (CSF)

This helps an organization to focus on those things that help it meet objectives and move a little
closer to achieving its mission. These performance based measures provide a gauge for determining
how well the organization is meeting objectives. Some example CSF:

8
  Financial Performance
 Customer Satisfaction

 Process Improvement

 Market Share

 Employee Satisfaction

 Product Quality

iii. Develop Measures and Metrics to Track CSF Data

Once critical success factors are identified, there needs to be measurements put in place to monitor
and track progress. This can be done through a reporting process that is used to collect specified
data and share information with senior leaders. For example, if a goal is to increase customer
satisfaction survey scores, there should be a goal and a measure to demonstrate achievement of the
goal.

iv. Identify Key Customer Group

Every organization has customers and understanding who the key customer groups are is important
so that products and services can be developed based on customer requirements. The mistake a lot
of organizations make is not acknowledging employees as a key customer group.
Example Key Customer Groups:

 Employees
 Customers

 Suppliers

 Vendors

 Volunteers

v. Solicit Customer Feedback

The only way for an organization to know how well they are meeting customer requirements is by
simply asking the question. There should be a structured process to solicit feedback from each
customer group in an effort to identify what is important to them. Organizations often make the

9
mistake of thinking they know what is important to customers and ask the wrong survey questions.
This this type of feedback is obtained through customer focus groups.

vi. Develop Survey Tool

Next develop a customer satisfaction survey tool that is based on finding out what is important to
customers. For example, customers might care more about quality than cost but if you are
developing a product and trying to keep the cost down and skimping on the quality, you are creating
a product that might not meet the needs of the customer.

vii. Survey Each Customer Group

Each customer group should have a survey customized to their particular requirements and they
should be surveyed to establish baseline data on the customers’ perception of current practice. This
provides a starting point for improvements and demonstrates progress as improvement plans are
implemented.
8. Develop Improvement Plan
Once the baseline is established you should develop an improvement plan based on customer
feedback from each group. Improvement plans should be written in SMART goals format with
assignments to specific staff for follow through.
Goals May Include Some of the Following:

 Process improvement initiatives, such as: Hold times when calling

 Leadership Development: Walk-the-Talk

 Management Training/Development: How to manage employees in a quality environment

 Staff Training/Development: Customer Service

 Performance Management: Setting expectations, creating job descriptions that support the
vision and holding staff accountable.

54. Barriers to Implementing TQM

Barriers to the implementation of TQM could include the following:
 Lack of Management Commitment
 Improper Planning
 Inadequate Resource for TQM
 Inability to Change Organizational Culture]

10
  Lack of team Work
 High Employee Turnover
 Poor Measurement Techniques
 Focus on Short term profits

4.2 Conclusion
For any business to grow and remain afloat the market management style is a key and Risk
management is basically the management style of managing the risks. It is so important that most
central banks are currently replacing Prudential Regulations with Risk management guidelines. Risk
is inherent in every business and every organization has to manage it according to its size and
nature of operation because without it no organization can survive in long run.

Whilst risks management remain important, the overall management system in place for every

organization is ultimate. This is where the issue of Total Quality Management (TQM) comes into

play. The advantages of TQM have been widely discussed, but the challenges of implementation

have received little attention. There are important strategic and systematic approach to

implementing TQM. Among many others it is important to make sure employees understand the

vision as well as their role in supporting it.

5.0 References
Gilbert, G. (1992). “Quality Improvement in a Defense Organization.” Public Productivity and
Management Review.
Hyde, A. (1992). “The Proverbs of Total Quality Management: Re-charting the Path to Quality
Improvement in the Public Sector.” Public Productivity and Management Review.
Martin, L. (1993). “Total Quality Management in the Public Sector,” National Productivity Review
Swiss, J. (1992). “Adapting TQM to Government.” Public Administration Review
Tichey, N. (1983). Managing Strategic Change. New York: John Wiley & Sons.
Hill Stephen, 1991. “Why Quality Circles Failed but Total Quality Management Might Succeed.”
British Journal of Industrial Relations.
Ishikawa, K, 1985.What Is Total Quality Control? The Japanese Way. Englewood Cliffs, New

11
Jersey, Prentice- Hall.
Smith, AK, 1993. “Total Quality Management in the Public Sector.” Quality Progress, June 1993

12