6/20/2018

RISK.2929
Improving Risk Management
effectiveness by testing
Risk Relevance
James Arrow DRMP FRICS

PLEASE USE
MICROPHONE FOR
ALL QUESTIONS
AND COMMENTS!

1
 6/20/2018

Speaker Bio
James Arrow, MoRP DRMP FRICS
Project Risk SME & Lead Associate at Booz Allen Hamilton.
Project Management professional and Chartered Quantity
Surveyor with more than 20 years of experience.
Broad range of Industrial / Commercial Engineering,
Procurement, and Construction (EPC) experience working
with Fortune 500 contractors and Owner organizations
– Market sectors include oil and gas, aerospace,
mining, power generation, government operations,
pharma and IT Program Management.
Currently providing executive advisory support in the
deployment of Enterprise Risk Management solutions for
clients headquartered in Houston.
Recent experiences include the development of Risk
Management capability improvement plans, the
deployment of state-of-the-art risk analysis solutions
including the development of network-enabled asset
tracking platforms designed to enhance construction
productivity planning and control on large capital projects.
Something you don’t know about me: My interest in
diving (sky & scuba – not at the same time) helped kick-
Image courtesy Booz Allen Hamilton start my interest in Risk Management.
3

Agenda
Effective Communication
– Focused Forethought
– Team Alignment
3-part Risk Relevance Test
– Authenticity
– Topicality
– Conformability
Summary

Image courtesy Booz Allen Hamilton

2
 6/20/2018

Effective Communication

The essential ingredient for any

meaningful PRM effort

Focused Forethought
Change is the law of life

Never put your body where

your mind has never been

6 Image Credit & License; CC0 / Creative Commons: http://jooinn.com/blue-angels-35.html

3
 6/20/2018

Risk Attitude
A question of perspective

The perception and judgement Project teams may exhibit a

of risk is very personal. range of attitudes towards risk:
Risk-averse
Risk Tolerant
Risk-neutral
Risk-seeking

By Marie-Lan Nguyen (2007), Public Domain,

Risk Review Boards (RRB) can

https://commons.wikimedia.org/w/index.php?curid=2101546

“Everything we hear is an opinion.

Everything we see is a perspective, help validate and normalize
not a truth." messaging.
– Marcus Aurelius

Bow-tie Model & RM CUEs

Pinpointing an appropriate CUE for effective risk management

C U E
CAUSE UNCERTAINTY EFFECT

Trigger Consequence

Event
Trigger Consequence
(threat or
opportunity)

Trigger Consequence

[Imperfect] [Imperfect]
Proactive Reactive
Response(s) Response(s)
Risk Exposure Window
8 Graphic attributed to author

4
 6/20/2018

The Role of the RRB

Critical control points in the PRM process
Process Step
/ Role Plan Assess Treat Control
Team
Member
Risk Definition Proposed status values serve as
control points. Validation by the
Action Proactive RRB minimizes potential bias.
Owner Response
Implementation

Reactive
Response
Implementation
N

Risk Owner
Current Score Proposed
N
ALARP

Proposed
Target Score Y
CLOSED

RRB START
Risk identification is arguably the foundation
Appetite/ Y
Threshold of the whole RM process. Everyone is ALARP
Framing encouraged to participate in Risk
Identification, however, the RRB (chaired by N
N
the risk lead) will validate a risk’s definition CLOSED
Y

and general relevance before it is formally END

added to the risk register.

Graphic attributed to author

Risk Relevance
A test to validate risk definitions prior to risk register inclusion

YES YES YES

Authenticity Topicality Conformability Risk is
relevant

NO NO NO

Risk is not
relevant

Is the risk idea Does the risk’s Does the statement

credible? consequence impact logically conform
Has the team’s the venture’s with the defined
perception of risk objectives or goals? process? Is the risk
been bias-free? Is it on topic? clearly defined?

• The RRB should take care to eliminate duplicate risks. Conversely, the RRB should ensure the team does willfully avoid
an inconvenient truth or taboo.
• Business as Usual (BAU) concerns require no action of than applying normal policy or procedure.
• Risks deemed BAU should be transferred to the PM’s Issue Log unless / until the likely impact is considered extraordinary.
10 Graphic attributed to author

5
 6/20/2018

Authenticity

Approaches for validating the team’s

perception of risk is bias free

11

Authenticity
Validating the team’s perception of risk is bias free

Cognitive bias affects business

and economic decisions or
human behavior in general

Flyvberg argues that two behaviors

warrant special attention:
1. Optimism bias
2. Strategic misrepresentation

12
By Jm3 - Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=57942404

6
 6/20/2018

Optimism Bias
Acknowledging the “Planning Fallacy”

The Sydney Opera House – 1966 People naturally underestimate

(3 years after planned completion) cost, time and risk

Dr. Daniel Kahneman

By Robeyclark - Own work, CC BY-SA 3.0, By https://nihrecord.nih.gov/newsletters/04_13_2004/story02.htm, Public Domain,
https://commons.wikimedia.org/wiki/File:Sydney_Opera_House_-_construction_-_phase_2_1966.jpg https://commons.wikimedia.org/w/index.php?curid=1266697

13

Strategic Misrepresentation
Inconvenient truths & taboos; Guarding against ethical, reputation and litigation risk

The Compromise Triangle

By DavidBailey - Own work, CC BY-SA 4.0, https://commons.wikimedia.org/wiki/File:Fraud_Triangle.png

14

7
 6/20/2018

Topicality

Using framing workshops and

formalizing value drivers to facilitate
team alignment

15

Team Alignment
Tools for unifying the group; Collective Effervescence

Framing workshops crystallize a Formally agreed value drivers,

common understanding: key success factors and risk
appetite.
Organizational boundaries
Time horizon
Third party risk

By Hernán Piñera - ShareALike, CC BY-SA 2.0,

https://www.flickr.com/photos/hernanpc/7115374283

Graphic attributed to author

16

8
 6/20/2018

Conformability

Using a Risk Metalanguage and RBS

to ensure process compliance

17

Risk Metalanguage
Providing teams with a CUE for effective risk management

Structured descriptions separate cause, uncertainty and effect.

Due to <cause>,
There is a threat / opportunity that <risk> may occur,
Resulting in <effect>.

Minimizes confusion or miscommunication.

Ensures more accurate Contingency Analysis.
Can aid identification (e.g. brainstorming may reveal multiple causes behind one risk
and vice versa).
Facilitates more effective Risk Response Planning.
Aids the assignment of the most competent or qualified Risk Owner.
Provides an opportunity for Topic Modeling (i.e. better insight around the relationship
between common Risk Triggers and Risk Events (or uncertain conditions).
18 Graphic attributed to author

9
 6/20/2018

Risk Breakdown Structure

Source-orientated risk classification

As part of the planning process step,

risk breakdown structure (RBS) codes
should be reviewed and modified as
may be required with client or other
stakeholders to verify applicability.
RBS codes are "source-orientated"
implying that:
they relate to a risk’s cause,
since each risk register line entry has
one cause, only one RBS code should
apply and,
the cause description helps frame,
guide or inform a proactive risk
response including appropriate
ownership assignment.
Used as a means to roll-up and report
risk management effectiveness

19 Graphic attributed to author

Summary

Weaving the threads together to

bind a more robust PRM process

20

10
 6/20/2018

Summary
Well-defined risk if the bedrock for a successful PRM program

Teams must not assume everyone

shares a common target.
Risk management programs falter if risk
registers lose credibility.
Risk review boards help validate and
normalize messaging.
If a risk is worthy of inclusion in a
formal risk management process, it
must satisfy three tests:
Authenticity,
Topicality,
Conformability.
A risk relevance test adds value to:
Quantitative risk assessments,
Image-courtesy-of-cliff1066-of-Flickr-under-a-creative-commons-licence:
Risk-informed decision-making,
https://goo.gl/images/PLUcyN
Ongoing risk monitoring and control.
What gets measured, gets managed.
21

QUESTIONS/COMMENTS?

(PLEASE USE MICROPHONE)

22

11
 6/20/2018

RISK.2929
Improving Risk Management effectiveness by testing Risk Relevance
James Arrow DRMP FRICS
Arrow_James@BAH.com

23

12