fol Nia) 0 Managing Risk Page 212 LEARNING OBJECTIVES After reading this chapter you should be able to 74 Describe the risk management process, (27-2 Understand how to identify project risks. (7-3 Assess the significance of cifferent project risks. G7-4 Describe the five responses to managing risks. {7-5 Understand the role contingency plans play in the risk management process. 1 7 PeI eriee ate near ince ae renee rr eter tet oats pea ae ean ieternerteies ina project 7-7 Understand how contingency funds and time buffers are used to manage risks on a project. zt ener eerie ae on aia een Tee nn ene 7-9 _ Describe the change control process. ATA Calculate basic PERT simulation projections, (OUTLINE eA cs enoserer Ecce 27.2 Step Riskidentfication 723 step 2: Risk Assessment 7.4 Step 3:Risk Response Development 75 contingency Planning 76 Opportunity Management @77 Contingency Funding and Time Buffers 7.8 Step 4:Risk Response Control 7.9 Change Control Management @summary ®appendix 72: PERT and PERT Simulation ~ = = HAH = = 2 ‘megy er a 10 "Every project manager understands risks are inherent in projects, deliveries are delayed, accidents happen, people get sick, ‘ec, No amount of planning can overcome risk, or the inability fo contol ehanee events In the context of projects, rsk is sn uncertain event or condition that if t occurs, has a postive or negative elect on project objectives. A risk has a cause and, sit ‘cers, a consequence. For example, cause may'be a fu virus oF change in scope requirements, The event is that eam members get. stricken with the forthe praduct has to be redesigned If either ofthese uncertain events occurs, it wll impact the cos, schedule, and quality ofthe project ‘Some potential risk events can be identified before the project staris-such as equipment malfunetion or change in technical requirements, Risks can be anticipated consequences ike schedule slippages or cost overruns. Risks can be beyond imasination, Uke the 2008 financial meltdown, While risks ean have positive consequences such as unexpected price reduction in materials, the primary focus ofthis chapter ion ‘what ean go wrong and the risk management process © smrstior From practice 71 Giant Popsicle Gone Wrong” ‘An attempt to erect the world’s largest popsicle in New York City ended with a scene straight out ofa disaster film, but much stickier, ‘The 25oottal, 17/ton treat of frozen juice melted faster than expected, flooding Union Square in downtown, Manhattan with kiwr-strawberry-flavored flu. Bicycists wiped out in the stream of goo. Pedestrians slipped. Trafic was, well frozen. Ftefighters closed off several streets and used hoses to wash away the thick, sweet slime, ‘The Snapple Company, a leading maker of soft beverages, had been tying to promote a new line of frozen treats by setting a record for the world's largest popsicle but called off the stunt before the frozen gient was pulled fully upright by a construction crane. Authorities said they were worried the 2¥s-story popsicle would collapse. tA © Brlan Smithi2uma Press, Ie Organizers were not sure why it melted so quickly “We planned for t. We just didn't expect for itto happen so fast” said Snapple spokeswoman Lauren Radciffe, She said the company would offer to pay the cty for the clean- up costsRisk management attemps to recognize and manage potential and unforeseen trouble spots that may occur when the project is implemented. Risk management identifies as many tsk events as possible (what can go wrong) minimizes thei pact (what can be done about the event before the project begins). manages responses lo events that do materialize (contingency plans), and provides contingency funds to cover risk events that actually materialize For a humorous, but ultimately embarrassing. example of poor risk management see Snapshot from Practice 7.1: Giant Popsicle Gone Wrong,71 Risk Management Process A Describe the risk management process. ‘G Figure 7.1 presents a graphic model ofthe risk management challenge. The chances of a risk event occurring (eg. an error in time estimates, cost estimates, or design technology) are greatest during th early stages ofa projet. This s when uncertainty i highest and many questions remain unanswered. As the projet progresses toward completion, risk declines as the answers to rial issues (Wil the technology work? Is the timeline feasible? are resolved. The cost impact of a risk event, however, increases over the if of the project. For example, the risk event ofa design flaw occuring after a prototype has been made has a greater cost or time impact than if the aw were discovered during the planning phase ofthe project, FIGURE 7. Rik Bent Graph ‘The cost of mismanaged risk control early on in te project Orhiter. Investigations reveled that Lockheed Martin had botched the design of critical navigation software. While ght computers on the ground di calculations based on pounds of thrust per second, the spacecraft’s computer software used metric units called newtons. A check to see ifthe values were compatible was never done. “Our check and balances processes did not eatch an error lke thi that should have been caught,” said Ed Weiler, NASA's associate administrator for space seience, “That is the bottom line” (Orlando Sentinel, 1999. I the error had been discovered eal, the correction would have been relatively simple and Inexpensive. Instead, the erot was never discovered, and ater the nine-month journey tothe red planet, the $12S-million probe approached Mars at too low an altitude and burned up inthe plane's atmosphere. Following the 1999 debacle, NASA instituted a more robust risk management system, which has produced a sting of suecessf missions to Mars, including the dramatic landing of the Curios raver in August 2012. cxcmplfied bythe illfted 1999 NASA Mars Climate PageRisk management isa proactive, rather than reactive, approach. Its a preventive process designed to ensure that surprises are redced and that negative consequences associated with undesirable events are minimized. I also prepares the project manager to take action when atime, cost, andjor technical advantage is possible. Success management of project rik gives the project ‘manager better contol over the future and ean significantly improve the chances of reaching project objectives on time and within budget and of meeting required technieal (functional) performance. The sources of project risks are unlimited. There are external sources, such a inflation, market acceptance, exchange rates, and ‘government regulations. In practice, thse risk evens ae often refered to a "threats" o differentiate them from those that are not within the project manager's or team’s responsibility area, (Later we will se that budgets for such rsk events are placed in & “management reserve" contingency budget.) Since such external risks are usually considered before the decision to go ahead with the project. they willbe excluded fiom the discussion of project risks, However, external risks are extremely important and must be addressed The mor components of thers management process are dpi in Figure 72. Each step willbe examined in more “RSTTT™ dealin the romaine ofthe cape. = FIGURE 7.2 The Risk Management Process ‘Step 1 Risk Identification ‘Analyze the project to identi sources of risk [= Step 2 Risk Assessment New risks | Assess risks in terms of * Severity of impact + Liketinood of occurring * Controllability ‘Step 3 Risk Response Development New sks |". Develop a strategy to reduce possible damage ‘+ Develop contingency plans Risk management plan ‘Step 4 Risk Response Control New risks | + Implement risk strategy ‘= Monitor and adjust plan for ew risks ‘+ Change management7.2 Step 1: Risk Identification 72 Understand how to identiy project risks. ‘The risk management process begins by trying to generate a ist ofall the possible risks that could affect the projet. Typically the project manager pulls together. during the planning phase, arsk management team consisting of core team members and other relevant stakeholders Rescarch has demonstrated that proups make more accurate judgments about risks than individuals do (Snizck {& Henry, 1989), The team uses brainstorming and other problem identifying techniques to identify potential problems, Partieipants are encouraged 1o keep an open mind and generate as many probable risks as possible. More than one project has been bushwhacked by am event that members thought was preposterous i the beginning. Later during te assessment phase. participants wil have & chance to analyze and filter out unreasonable risks (ne common mistake thats made eal inthe ist Kentieation proces it oes on objectives and not on the events that could produce consequences For example, tam members may iden ing to meet schedule as major isk. What they need t focus of ave the evens that could cause tis to happen (oor estimaes, averse weather shipping delays). Only by focusing on actual events ean potential solutions be found Organizations us sk bream structures (RBSé) in conknction wih work breakdown structures (WBS) to help age ‘management cams dey and eventually analyze risks, @ Figure 7.3 provides a generic example of an RBS. The focus at the beginning shoul! be on risks that can afc the whole projet as opposed to a specific ection ofthe project or network. For example, the discussion of funding ma lead the eam to ident the possibilty ofthe poset budet being cut ae the projet has started aa sgnifiant ik event Likewise, when discussing he market the ean may identify reponding to new product releases by competitors aba risk eve FIGURE 7.3 The Risk Breakdown Structure (RBS) 7 moun, reouces Pewee comaeaon [corny so eng ott engAlter the macro risks have been identified, specific areas can be checked. An effective tool for identifying specifi risks is the risk breakdown structure. Use of the RBS reduces the chance a risk event willbe missed, On large projets multiple risk teams are organized around specific deliverables and submit their risk management reports to the project manage. See (© Snapshot from Practice 7.2: Terminal $—London Heathrow Airport for an example ofa project that would have benefited ftom a sore robust RBS, Arisk profile is another useful tol. A isk profile lst of questions that address traditional areas of uncertainty on a projet. These ‘questions have been developed and refined from previous, similar projects. @ Figure 7.4 provides a partial example ofa risk profile FIGURE 7.4 Paral Risk Profle for Product Deeopaent Project “Techical Reeiements ‘Ae the requirements stable Desi Docs the desin depend on unelti roptinini aramptions? “esting Wil esting equipment be salle when needee? Dovlopment Is the development process supported ty a compatible set of procedures, methods and tol? Seed Isthe schedule dependent upon the competion of oer pots? Bude How elite are the cost estimates? uit Are quality considerations built no the dese? Management Do people know who ha thority or whit? Work Eaoament Do people work cooperatively ates functional bounds? Stating Issa inexperienced or understated? Cusiomer Docs the customer understand what il tak o complet the projet? Contactors ‘Ar there any ambiqies in contactor task definitions? Good risk profiles lke RBSs, are tailored to the type of project in question. For example, building an information system is diferent {om building a ne car. They are organization specific. Risk profiles recognize the unique strengths and weaknesses ofthe fiz, Finally, risk profiles address both technical and management risks, For example, the profile shown in © Figure 7.4 asks questions bout design, uch as "Does the design depend upon unrealistic assumptions?” The questions may lead the team to identify that the technology will not work under extrome conditions asa Fsk. Similarly, questions about work environment ("Do people cooperate ‘eros funetional boundaries?”) may lead t the identieation of potential communication breakdowns between Marketing and R&D ea risk Risk profiles are generated and mi during the post-project audit (see (Chapter 14). These profiles, when kept up to date, can be a powerful resource in the ri manageman pencess. The collective experiance of tha firm's past projects resides in their quacticns tained usually by personnel from the project office. They are updated and refined “Page 12]© sarstor FRom practice 72 Terminal 5—London Heathrow Airport’ ‘The queen announced to a select audience atthe ribbon-cutting ceremony for Terminal 5 at London Heathrow Airport, “It gives me great pleasure to open Terminal 5—the 2st century gateway to Britain and, to us, the wider world” {At the cost of over $5 billon British Airways (BA) was banking on Terminal 8 eliminating what had commonly been called the "Heathrow hassle” Over the past decade Heathrow had earned a reputation for baggage delays, long ‘queues, and lost luggage, so much so that premium passengers were avoiding landing there and paying extra to land in ultra-modern hubs, ke Amsterdam and Frankfurt Terminal S was designed by a warle-famous architect and featured sweeping views of London; wide, open spaces; {and rows of luxury shops, including Tiffany’s and a Gordon Ramsey restaurent. twas designed to handle 30 milion customers a year with state-of-the-art departure lounges. Itincluded a sophisticated baggave setup designed to handle 12,000 bags per hour and eliminate the Heathrow hassle. Merch 28, the opening day of the terminal, started ominously. The fist warning came at 400 a.m. when many of the staff and passengers began showing up late because they could not find parking. The read signs outside the ‘terminal were not clear, and people sald they were given the wrong information once inside. Once the staff arrived ‘at work, many were unable to log in to the computer system due to inadequate training, AS a resul processing of passengers began to bog down, and the luggage began to stack up. Technical glitches with the baggage system ‘emerged. An underground conveyor system became clogged up. By noon, BA had had to cancel 20 fights. By 5:00 pm. BA had suspended the checking in of all luggage. This meant passengers atthe airport had the choice of flying with just hand baggage, getting an alternative fight, or claiming a refund. Of al the planes that left that day, one in three had no luggage! ‘That was only day: fights were canceled all week and BA brought in hundreds of volunteers to tacke the baggage mountain. In the end, over 28,000 sultcases were shipped to Milan, where they were sorted out away from the turmol in London, ‘The opening of Terminal 5 was an embarrassment, with hundreds of canceled fights and thousands of lost bags. it cost BA over $32 million and two senior executives their Jobs. BA later admitted that customers were deserting in wake of the Terminal 5 fiasco, wth passenger numbers down 7 percent. What are the lessons to be learned? There are many. The firsts that on complex projects there is @ tendency to focus on the technical challenges and shortchange the human side ofthe project. Remember, projects are socio: ‘technical systems! A more robust RBS may have revealed the need for more taining and a walk-through before the terminal became operational. One also must question the wisdom of going fully operational on day 1. Going from operating zero fights one day to 380 is a formidable task. A more prudent approach may have been to limit ‘the fights the fist week to work out the kinks and ensure success, Historical records can complement or be used when formal rsk profiles are not available. Project teams can investigate whet hhappened on similar projects in te past to deity potential risks. For example, a project manager can check the omtime performance of selected vendors to gauge the threat of shipping delay. IT project managers can access “best practices” papers ‘etlling other companies experiences converting software systems. Inquiries should not be limited to recorded daa. Savy projet. ‘managers tap the wisdom of others by seeking the advice of veteran project managers. “The risk identification process should not be limited to just the core team. Input from customers, sponsors, subcontractors, Page 71 vendors and other stakeholders should be solicited, Relevant stakeholders can be formally interviewed or included on the risk management team, Not only do these players have a valuable perspective, ba by involving them inthe rsk management process they also become more committed to project success.” (One ofthe kes to sucess in risk identification isatitude, While “can do” attitude is essential dung implementation, project ‘managers have to encourage critical thinking when it comes t risk identifiation. The goa isto find potential problems before they happen ‘The RBS ani risk profiles ate useful tools for making sure no stones are Tet unturned. At the same time, when done well the number of risks identified can be overwhelming and abit discouraging. Initial optimism canbe replaced with griping and cries of “What have ve gotten ourselves into?” Itis important that project managers set the right tone and complete the risk management process so ‘embers regain confidence in themselves and the project.7.3 Step 2: Risk Assessment 73 ‘Assess the significance of different project risks. Step produces alist of potential risks, No ll of Unese risks deserve attention, howover. Some ae trivial and can be ignored, while ethers pose serious threats tothe weltre ofthe projet. Managers have to develop methods for sifting through the list of risks, eliminating inconsequential or redundant ones and stratifying worthy ones in terms of importance and need for attention, Scenario analysis i the easiest and most commonly used technique for analyzing risks, Team members asses the sigifiance ofeach Fisk oveat in terms of + Probability of the evr + Impact ofthe event. ‘Simply stated, risks need tobe evaluated in terms ofthe likelihood the event is going to accu and the impact or nem consequences ofits occurrence. A project manager being struck by lightning ata worksite would have a major negative ——— limpaeton the projet, but the likelinood of such an event isso ow tha the risk i not worthy of consideration, Conversely, people do change jobs, so an event lie the loss of key project personnel would have not only an adverse impact but also a high ikeinood of ‘curring in some organizations 30, then it woul be wise for that orzanizaton tobe prosetive and mitigate ths rsk by developing incentive schemes for retaining specialists andjor engaging in eosstrainng to reduce the impact of turnover ‘The quality and credibility of the risk analysis process require that different levels of risk probabilities and impacts be defined. These ‘definitions vary and shouldbe tailored tothe specific nature and needs ofthe project. For example, a relatively simple scale ranging fiom “very unlikely” to “almost certainly” may sufice for one projec, whereas another projet may use more precise numeric probabilities (01, 0.3.0.5...) Impact scales can be abit more problematic, since adverse risks affect project objectives diferently. For example, a component lure may eause only a sight delay in project schedule but a major inerease in project cost, IF controling cost isa high priority then the impact would be severe. Ion the other hand, time is more critical than cost then the impaet would be minor. Because impact ultimately needs to be assessed in terms of project priorities, different kinds of impact scales are used. “Page ‘Some scales may simply use rankorder descriptors, such a “ow.” “moderate,” “hh.” and “very high,” whereas others use ‘numeric weights (e., 1-10), Some may focus on the project in general, whereas others fous on specific project objectives. The risk ‘management team needs to establish up front what distinguishes a | from a3 or “moderate” impact from “severe” impact. (GrFigure 7.8 provides an example of how impact scales could be defined, given the projet objectives of cost, time, scope, and quality FIGURE 7.5 Defined Condtions for Impact Saks ofa Risk on Major Project Objectines (examples for negate impact on) Proc zi 2 2 z 5 epee | _verytow ton eset Hon veeyton Setjecaie | “ipenicee | tipenteee | Secepnsewe | "ScrDocumentation of scenario analyses can be scea in various risk assessment forms used by companies.) Figure 7.6 isa partial «example of risk assessment form used on an information systems projeet involving an operating systems (OS) upgrade. FIGURE 7.6 Risk Asusment Form RiskEvent Lik Impact Detection Difficulty When Interface problems | 4 4 4 ‘Conversion System freezing 2 5 5 Startup User backlash 4 3 3 Postintallation Hardware 1 5 5 Installation maifunctioning Notice that in addition ro evaluating the severity and probability ofrisk events the team also assesses when the event might occur and its detection eificuity Detection difficulty isa measure of how easy it would be to detect thatthe event was going to occu in time to take mitigating action, that is, how much warning thete would be, So in the OS upgrade example, che detection scale would range from $= no warning to 1 = ots of time to react. Often organizations find it useful to categorize the severity of diferent risks into some form of risk assessment matrix. The matrix is typically structured around the impact ad likelihood of the risk event. For exsimple, the risk matrix presented in) Figure 7.7 consists of a 5» S aera of elements with each element representing a different set of impact and likelihood values. FIGURE 77 Risk Seerity Matric Tyres Zone (major rik) [Fpretiow zone ¢mocerate nak) Lukeshooes [fyereen zone (minor risk)‘The matrix is divided into red, yellow, and green zones representing maior, moderate, and minor risks, respectively. The red"Page zone is centered onthe top riht comer of the matrix (hih impact high likehood, while the green zone is entered on the bottom left corner (low impactjow likelihood). The moderatersk yellow zone extends down the mide ofthe matrix. Since impact is generally considered more important tha likelihood (a 10 percent chance of losing $1,000,000 is usualy considered a more severe risk than 3.90 percent chance of losing S1,000) the red zone (major risk) extends farther down the high-impact column, ‘Using the OS upgrade projet again as an example, interface problems and system freezing would be placed in the red zone (major risk), while user backlash and hardware malfunctioning would be placed inthe yellow zone (moderate risk). The risk severity matrix provides a bass fo prioritizing which risks to address. Red zone risks rece frst priority followed by yellow zone risks. Green zane risks are typically considered inconsequential and ignored unless heir satus changes, Failure Mode and Eets Analysis (FMEA) extends the risk severity matrix by including ease of detec in the Impact x Probability x Detection = Risk Value Exch ofthe three dimensions is rated according to Spoint scale. For example, detection is defined asthe ability of the project team to discern thatthe risk event i imminent, A score of I would be given iTeven a chimpanzee could spot the risk coming. The highest {detection score of § would be given to events that could only be discovered aftr it was too late (eg.system freezing). Similar anchored scales would be applied for severity of impact and the probability of the event occurring. The weighting of the rsks is then based on their overall score. For example, risk wth an impact inthe “I” zone with a very low probability and an easy detection Score might sore a I (1 * 1* 1= 1). Conversely, a high-impact risk that is highly probable and impossible to detect would score 125 (5 «5 *5 = 128), This broud range of numerie scores alos fr easy stratification of risk according to overal significance [No assessment scheme is absolutely foolproof. For example, the weakness of the FMEA approach is that a risk event rated Impa 1, Probability = 5, ané Detection = $ would receive the same weighted score as an event rated Impact = 5, Probability = S, and Detection = 11 This underscores the importance of na treating risk assessment as imply an exercise in mathematics. There is 80 substitute for thoughiful disevsston of key rsk events, Probability Analysis “There are many statistical techniques avaiable tothe project manager that can assist in assessing project risk. Decision trees have been used to assess alternative courses of action using expected values. Statistical variations of net present value (NPV) have been used to assess cash flow risks in projects. Correlations between past projects" cash flow and Scurves (cumulative project cost curve— teaseline—over the life ofthe project) have been used to assess cashflow risks. PERT (program evaluation and review technique) and PERT simulation can be wed to review aetivity and project risk, PERT and related techniques take a more macro perspective by looking at overall cost and schedule risks Here the focus is not on individual events but on the likelihood the project will be completed on time and within budget. These methods are useflin assessing the ‘overall risk ofthe project and the need for such things as eontingeney funds, resourees, and time. The use of PERT simulation is increasing because i uses the same data required for PERT, and software to perform the simulation is readily available. Basically PERT simulation assures a statistical distribution (range between optimistic and pessimistic) for each activity “Page DOV uration; it then simulates the network (perhaps over 1,000 simultions using a random number generator. The outcome isthe relative probability called a eiicality index. of an activity becoming critical under the many illereat possible activity urations for each activity, PERT simulation also provides a ist of potential rita paths and ther respective probabilities of ‘occurring. Having this information available can greatly facilitate identifying and assessing schedule risk. (See ©@ Appendix 7.1 at the nd ofthis chapter fora more detailed description and discussion.)7.4 Step 3: Risk Response Development 74 Describe the five responses to managing risks. ‘When a risk event is identified and assessed, a decision must be made concerning whieh response is appropriate forthe specific event. Responses to risk ean be classified as mitigating, avoiding, transferring, esealating or retaining. Mitigating Risk Reducing risk is usually the first alternative considered. There are basically to srateges for mitizating risk: (1) reduce the likelihood that the event will cur andj (2) reduce the impact thatthe adverse event would have on the projet. Most isk teams fous first on ‘reducing the likelihood of rsk evens, sine if successful ths may eliminate the nce to consider the potentially costly second state. ‘Testing and prototyping are frequently used to prevent problems from surfacing ater ina project. An example of testing can be found in an informatio systems project. The projet team was responsible for installing new operating system in ther parent company. Before implementing the projec, the team tested the new system on a smaller, isolated network. By doing so they discovered a variety ‘of problems and were able to come up wih solutions prior to implementation. The team stl encountered problems with the Installation, but the number and severity wete greatly reduced ‘Often, identifying the root causes of an event is useful. For example the fear that a vendor willbe unable to supply customized ‘components on time may be attributable to (1) poor vendor relationships, (2) design miscommunication, and (3) lack of motivation, As result ofthis analysis the project manager may decide to take his counterpart to lunch to clear the ar invite the vendor to atend. design meetings, and restructure the contrat to include incentives for ontime delivery ‘Other examples of reducing the probability of risks occurring are scheduling outdoor work during the summer months, investing in ‘upfiont safety traning, and choosing high-quality materials and equipment. ‘When the concetns are that duration and costs have been underestimated, managers will augment estimates to compensate forthe ‘uncertainties. It is common to use a ratio between old und new projects to adjust time or cost. The ratio typically serves as a constant For example if past projeets have taken 10 minutes pe ine of computer code, a constant of 1.10 (which represents a 10 percent Jncrease) would be used forthe proposed project time estimates because the new project is more difficult than prior projects. An alternative mitigation strategy is to reduce the impact ofthe risk iit occurs, For example, a bridgsdullding project “Page DD illstats risk reduction, A new bridge project fora coastal port was tose an innovative, coatinuous cement pouring — ——— process developed by an Australian firm to save lage sums of money and time. The major risk was that the continuous pouring process for each major section of the bridge could not be interrupted. Any interruption would requite thatthe whole cement section (oundreds of cubic yards) be torn down and started over. An assessment of possible risks centered on delivery ofthe cement from the ‘cement faciory. Tucks could be delayed. or the fctory could break down. Suc risks would result in tremendous rework costs and delays. Risk was reduced by having two additional portable cement plants bull nearby on different highways within 20 miles of the ‘ridge projec in ease the main factory supply was interrupted, These two portable plants carried raw materials fora whole bridge section, snd extra tucks were on immediate standby each time contiauous pouring was required, Similar risk reduction scenarios are apparent in system and software development projects where parallel innovation processes are used in case one fl © Snapshot from Practice 7.3: From Dome to Dust details the steps Controlled Demolition took to minimize damage when they imploded the Seattle Kingdome,‘SNAPSHOT FROM PRACTICE 73 From Dome to Dust™ (On March 26, 2000, the largest concrete domed structure In the world was reduced.to a pile of rubble In a dramatic implosion lasting less than 20 seconds. According to Mark Loizeaux, whose Maryland-based Controlled Demolition in. was hired to bring the 24-year-old Seattie Kingciome down, "We don't blow things up, We use explosives as an engine, but gravity isthe catalyst that wil ring it dow.” Destroying the Kingdome was the most complicated of the 7000 demolitions Loizeaux’s company had Undertaken, Nearly three months of preparations were needed to implode the dome, at a total cost of $9 milion ‘The Kingdome was considered to be one of the strongest structures in the word, containing over 25:00 tons of conerete, wth each of ts 40 vauited ribs incorporating seven lengths of 2%-Inch reinforcing steel bat Strands of orange detonating cord—basically dynamite in a string that explodes atthe lightning pace of 24,000 ‘eet per second—connecied six pielke divisions ofthe Kingdome to a nearby control center. Throughout each section, Controlled Demolition workers cilled nearly 000 holes and packed them with high ‘velocity gelatin explosives the size of hot dogs. Large charges were placed about one-third ofthe way up each dome rib; smaller charges were put farther up the ribs. When the detonation button was pushed, blesting caps set off a chain reaction of explosions in each section, reducing the stadium to rubble. While the actual implosion was a technical tour-de-force, risk management was a critical part of the project's success. To minimize damage to surrounding buildings, the explosive charges were wrapped in a layer of chain link fencing covered with thiek sheets of geotextile polypropylene fabric to contain flying concrete. Nearby buildings were protected in various manners depending on the structure and proximity to the Dome, Measures included sealing ai-handling units, taping seams on doors and windows, covering floors and windows with plywood, and draping reinforced polyethylene sheeting around the outside, (© Tim MatsuilGetty mages To holp absorb the impact, air-conditioning units removed from the interior were stacked with other material to create a barrier around the perimeter of the work area. Hundreds of police officers and security personnel were used to cordon off an area extending roughly 1000 feet ‘rom the Dome from overzealous spectators. Trafic was closed for @ larger area. Accommodations were provided ‘or people and pots who lived within the restricted zone, Eight water trucks, eight sweeper units, and more than 100 workers were deployed immeciately after the blast 10 control ust and begin the cleanup. Asa side note, one-third ofthe concrete was crushed and used in the foundation of a new $430-milion outdoor ‘football stadium, wich was builtin its place. The rest ofthe concrete was carted away and used in roadbeds and foundations throughout the Seattle area.Avoiding Risk Avoiingrsk is changing the projet plan to eliminate the risk or conltion. Although iis impossible to eliminate all risk age ‘events, some specifi risks may be avoided before you launch the project. For example, adopting proven technology instead ~~ ‘of experimental technology can eliminate technica fallure. Choosing an Australian supplier es opposed to an Indonesian supplier ‘would virtually eliminate the chance that political unrest would eisrupt the supply of critical materials. Likewise, one could eliminate the risk of choosing the wrong sofware by developing web applications using both ASAPNET and PHP. Choosing to move a concert {indoors would eliminate the threat of inclement weather. Transferring Risk ‘Transferring risk to another party is common; this transfer does not change risk, Passing risk vo another party almost always results in ‘ving «premium for this exemption. Fixed-price contracts are the classic example of transferring risk from an obnes toa contractor. ‘Tue contractor understands her frm will pay for any tsk event that materializes; therefore, a monetary risk factor is added to the contract bid price. Before deciding to transfer risk, the owner should decide which party can best control activites that would lead to the risk occurring, Also, isthe contractor capable of absorbing the risk? Clearly identifying and documenting responsibility for absorbing risk is imperative Another, more obvious way to transfer risk is insuranes, However in most cases this is impractical because defining the projet risk ‘vent and conditions to an insurance broker who is unfamiliae with the project is dificult and usually expensive. Of course ow: probability ad hiah-consequence risk events such a acts of God are more easily defined and insured, Performance bonds, ‘warranties, and guarantees ae other nancial instruments used to transfer risk (On large, international construction projects like petrochemical plants and oil refineries, host countries ar insisting on contracts that enforce Buik.Own OperateTransfer (BOOT) provisions. Here the prime projet organization i expected not onl to build the fclity ‘ut also to take over ownership until its operation capacity has been proven and all the debugging has occurred before final transfer of ‘ownetship to the ellen. In such eases, the ost country has transfered financial risk of ownership until the projet has been ‘completed and capabilities proven Escalating Risk sealatng risk oocurs when the project encounters threat that i ouside the soope of the project oe the authority ofthe projet ‘manager. In such eases the response shouldbe to notify the appropriate people within the orgenization of the threat For example ‘while working on a highech product an engineer discovers through informal channels that a competitor is developing an alternative energy source. While this would not impact the eurent project it may have significant implications for fture products. The project ‘manager would forward this information tothe prodt manager and head of R&D. In another example, informal diseussions with ‘cam members revel widespread dsttisfaction with pay and beets among staf across the company: Tas threat would be escalated to the Human Resource Department, Escalate rsts are not monitored further bythe project team, Retaining Risk Retaining sk occurs when a concious decison s made to acep the isk of an event occurring Some risks aso age it “FageDIS™ is ot ease consider ranting or reducing he event (ea earthquake). The projet owner asses he isk | —— tecause the change of uch an event ocurting i sim notes cage sks enfin the budge ceserve can simply be bsoved if they materialize, The i reine by developing coningeey plato implement i he rik mutes In fo cones ark vent can bt ignored nl cout ever acepd, shoul th iow ooo People vary in their risk tolerance. Before deciding how to respond toa rsk, one should consider the risk appetite of key stakeholders as well as your team, In the project management lexicon, mitigating a ris refers toa very specific strategy of reducing the probability andjor impact ofthe threat, However, in any everyday language, miigang refers to any ation that reduces or diminishes aris, which could include the ‘other responses.7.5 Contingency Planning 75, Understand the role contingency plans play in the risk management process. A contingency plan ian alternative plan that wil be used ifa possible foreseen risk event becomes a realty. The contingeney plan ‘represents actions that will educe or mitigate the negative impact of the rsk event. A key dstnetion between a risk response and a contingency plan is that a response is part ofthe actual implementation plan and action is taken before the risk ean materialize, while contingency plan i not part of the intial implementation plan and only goes ino effect after the rsk is recognized. Like al plans, the contingency plan answers the questions of what, where, when, and how much action wil ake plae, The absence ‘of a contingency plan, when a isk event occurs, can cause a manager lo delay or postpone the decision to implementa remedy. This postponement can lad to panic and acceptance ofthe fist remedy suggested, Such aftertheevent decision making under pressure ‘an be dangerous and cosy, Contingency planning evaluates alternative remedies for posible foreseen events before the risk event ‘occurs and select the best plan among alternatives. This early contingency planing feiitates a smooth transition tothe remedy oF ‘workaround plan. The availabilty ofa contingeney plan can significantly increase the chances for project succes. ‘Conditions for activating the implementation ofthe contingency plan should be decided and learly documented. The plan should ‘include a cost estimate and identify the source of funding, All parties affected should agree to the contingeney plan and have authority to make commitments. Because implementation ofa contingency plan embodies disruption inthe sequence of work. all ‘contingency plans should be communicated to team members so that surprise and resistance are minimized ‘Hire isan example: A high tech niche computer company intends to introduce a new “platform” product ata very specific taret date. “The projects 47 teams all sere delays will not be acceptable. Ther contingency plans fortwo large component suppliers demonstrate how seriously risk management is viewed. One supplier's plat sits on the San Andreas Feu, which is prone to earthquakes, The contingency plan has an alternative supplier, who is constantly updated, producing a replica ofthe component in another plant. Another key supplier in Toronto, Canada, presents delivery rsk on their due date because of potential bad weather. Tis contingency plan cll fora chartered plane (already contracted tobe on standby) if overland transportation presents a delay problem. To outsiders these plans must seem a bit extreme, but in high-tech industries where time to market is king, risks of identified ‘vents are taken seriously Risk response matrices such as the one shown in @iFigure 7.8 are wel for summarizing how the project team plans to “Page” tmanage its that have been enifed. Again, the OS upgrade projects sed t strate his Kind of mati. The fst step isto Keniy whether to mitigate avoid, ans, esate, o retain the rk. The eum decides to reduce the canees ofthe system freezing by experimenting with a prottype ofthe system. Prototype experimentation not only allows them to dey and is, conversion “bugs” before the acta instalation Bu aso yes information tat coul be wef in enhancing acceptance by end users “Te project eam then able oienty and document changes between the old and ne systems tha wll be incorporated nto the teaning the users ese. The risk of equipment malfuneton fs transfrred by choosing a elible supplier with a stong waranty rogramFIGURE 7.8 Risk Response Matrix ene Bent ‘esoonee Comngency Pan Tigger Whos Response Symemtoenng | Maga Tox pets feat Stout | Erne ‘The next step ist identify contingency plans in cae the risk still occurs. For example, if interface problems prove insurmountable, then the team will attempt a workaround until vendor experts arrive to help solve the problem. If the system freezes aftr installation, ‘the team wil fist try to reinstall the software, I user dissatisfaction is high, then the Information Systems (IS) Department will provide more brand from a second dealer. The team aso needs to discuss and agree what would “trigger” implementation ofthe contingency plan Inthe case of the system freezing. the trigger is not being able to unfreeze the system within one hou or. inthe ease of user backlash, ‘an angry ell fom top management. Finally, the individual responsible for monitoring the potential risk and inating the contingency plan needs tobe assigned. Smart project managers establish protocols for contingency responses before they are needed, For an example of the importance of establishing protocols, see (Snapshot from Practice 7.4; Risk Management at the Top of the Worl Af support. I the team is unable to get reliable equipment from the original supplier, then it will order a diferent ‘Some ofthe most common methods for handling risk are discussed inthe following sections. Technical Risks “Technical risks are problematic; they can often be the kind that cause the project to be shut down. What ifthe system or “Page TON ‘process does not work? Contingeney plans are made for those possibilities that are foreseen, For example, Carier “Transicold was involved in developing a new Phoenix reftigration unit for truckiraile applications. This new unit was to use rounded panels made of bonded metals, which at the time was new technology for Transicol. Furthermore, one ots competitors had tried unsuccessfully to incorporate similar bonded metals into their products. The project team was eager to make the new technology work, butit wasnt until the very end ofthe project that they were able to get the new adhesives to bond adequately to ‘complete the project. Throughout the project, the tar maintained a welded pane! fabrication approach ust in ease they were ‘unsuccessful. If this contingeney approach had been needed. it would have inereased produetion costs, but the project still would have ‘been completed on time© snarstior FROM PRACTICE 74 Risk Management at the Top of the World” ‘The gripping account in the 2015 fm Everest ofan lifted attempt to climb Mount Everest in which six climbers ied provides testimony to the risks of extreme mountain climbing. Accounts of Mount Everest expesitions provide insights into project risk management. First, most climbers spend ‘more than three weeks accimating their bodies to high-altitude conditions. Native Sherpas are used extonsivoly to ‘arty supplies and set up each of the four base camps that will be used during the final stages of the climb. To reduce the Impact of hypoxia ightheadness, and disorientation caused by shortage of oxygen, most climbers use ‘oxygen masks and bottles during the final ascent. if lucky enough not to be one of the first expeditions of the ‘season, the path tothe summit should be staked out and roped by previous climbers. Climbing guides receive last ‘minute weather reports by radio to confirm whether the weather conditions warrant the risk, Finally, fr added Insurance, most climbers join their Sherpas in an elaborate puja ritual intended to summon the divine support of the gods before beginning their ascent. Allof these efforts pale next tothe sheer physical and mental rigors of making the final climb from base camp IV to the summit. Ths s what climbers refer to asthe “death zone" because beyond 26,000 feet the mind and body begin to quickly deteriorate despite supplemental oxygen. Under fair conditions it takes around 18 hours to make the round-trip tothe top and back to the base camp. Climbers leave as early as :00 a.m. inorder to make it back before night falls and total exhaustion sets in ‘The greatest danger in climbing Mount Everest Is notin reaching the summit but in making itback to the base ‘camp. One out of every five climbers who make itto the summit dies during thelr descent. The key s establishing ‘a contingency plan in case the climbers encounter hard going or the weather changes. Guides establish a predetermined turnaround time (e.g, 200 pm) to ensure a safe return no matter how close the climbers are to the ‘summit, Many lives have been lost by faling to adhere to the tumaround time and pushing forward to the summit ‘As one climber put i. "With enough determination, any bloody idiot can get to the top ofthe hil. The tick is to get back alive”Danie Prudes/123RF ‘One climber who faced the 2:00 prm. deadline was Goran Krupp. After eyeling 8000 miles from Stockholm to Katmandu he tumed back 1,000 feet from the summit. In addition to backup strategies, project managers need to develop methods to quickly assess whether technical a uncertainties canbe resolved. The use of sophisticated computeraided design (CAD) software has greatly helped resoive design problems. At the same time, Smith and Reinertsen (1995). in their book Developing Products in Ha the Time, argue that there is no substitute for making something and seeing how it works, fel, or looks, They supges that one should fist identi the high-risk technical areas, then build models or design experiments to resolve the risk as quickly as possible. Technology offers many methods for early testing and validation, ranging from ¥D printing and holographic imagery for model building to focus groups and early design usability testing for market testing (Thamhain, 2013). By isolating and testing the key technical questions early ina projet. roject feasibility ean be quickly determined and necessary adjustments made, such as reworking the processor in some cases closing down the project 3Schedule Risks ‘Often organizations wil defer the threat ofa project coming in late uni it surfaces, Here contingency funds ae set aside to expedite fr “erash” the project fo get it back on truck. Crashing. or reducing project duration, is accomplished by shortening (compressing) ‘one oF more activities onthe erieal path, This comes with additional costs and risk. Techniques for managing this siuation are ciscussd in & Chapter 9. Some contingency plans can avoid costly procedures. For example, schedules canbe altered by working activites in parallel or using tar'gostart la relationships, Also, using te best people for highsk tasks can relieve or lessen the chance of some risk events occurring. Cost Risks Projects of long duration need some contingency for price changes—which are usually upward. The important pot to remember ‘when reviewing price i to avoid the tap of using one hump sum to cover price risks, For example if inflation has been running about 3 percent, some managers add 3 percent forall resourees used in the project, Ths lampsum approach does not address exactly where price protection is needed and falls to provide for tracking and control. On costsensitive projects, price risks should be evaluated item by tem, Some purchases and contracts will not change over the life of the project. Those that may change shouldbe identified and ‘estimates made of the magnitude of change. This approach ensures control of the contingency funds as the project is implemented Funding Risks What ifthe funding for the project is eut by 25 percent or completion projections indicate that costs will realy exceed avilable funds? What azethe chances ofthe project being canceled before completion? Seesoned project managers recognize that a complete risk assessment must include an evaluation of funding supply. This is especialy tue for publicly funded projects. Casein point was the lkfated ARH-70 Arapaho helicopter being developed forthe U.S. Army by BellAireraft, Over $300 million had been invested to develop a new age combat and reconnaissance helicopter when in October 2008 the Defense Department recommended that the project be canceled. The cancellation reflected a need to cut costs and switch toward using unmanned aireaft for surveillance as ‘well as atack missions. Just as government project are subject to changes in strategy and politcal agenda, business firms frequently undergo “Page 3 changes in priorities and top management. The pet projects of the new CEO replace the pet projects of the former CEO. —— Resources become tight and one way to fund new projeets i to cancel other projets Severe budget euts or lack of adequate funding can havea devastating effect on a project. Typically when such a fate occurs there is need to scale back the scope of the project to what is possible, “Allornothing projects” are ripe targets to budget cutters This was the ‘ase of the Arapaho helicopter once the decison was made to move away from manned reconnaissance aireraft Here the “chunkabilt” of the project can be an advantage For example, freeway projects ca fll short of the orginal intentions but still add value foreach mile competed (On a much smaller scale, similar funding risks may exist for more mundane projets, Fo example, a building contractor may find that. {due toa sudden downturn in the stock market the owners can no longer afford to build their dream house. Or an IS consulting firm ray be left empty handed when a client les for bankruptcy. kn the former case the contractor may have asa contingency seling the ‘house on the open market, while unfortunately the consulting frm will have to join the long line of ereditors7.6 Opportunity Management 76 Understand opportunity management and describe the five approaches to responding to opportunities in a project. For the sake of brevity this chapter has focused on negative rsks-hat ean go wrong on a project. There is lp side-hat can zo Fight on a project, This is commonly referred to as a positive risk or an opportunity. An opportunity san event that can have & positive impact on project objectives. For example, unusually favorable weather ean accelerate construction work, oa drop in fuel prioes may create savings that could be used to add value to project, Essentially the same process tat is used to manage nezative risks is applied to postive risks, Opportunities are identified, assessed in terms of Lkelihood and impact, responses are determined, ‘nd even contingency plans an funds can be established to take advantage ofthe opportunity fit occurs, The major exception ‘between managing negative rsks and opportunity in the responses. The project management profession has identified fhe types of response to an opportunity Exploit. This tactic seeks to eliminate the uncertainty associated with an opportunity to ensure that i definitely happens [Examples include assigning your best personnel to a ertical burs activity to reduce the time to completion and revising a design to ‘enable a component to be purchased rather than developed internal ‘Share. This strategy involves allocating some oral ofthe onnership ofan opportunity to another party who is best able to capture the opportunity for the benefit of the project. Examples include continuous improvement incentives for external contractors and joint ventures Enhance. Enhance is the opposite of mitigate in that action is taken to increase the probability and/or the postive impact of an ‘opportunity. Examples include choosing a site location based on favorable weather patterns and choosing raw materials that are likely to decline in price Escalate. Sometimes projects encounter opportunites that ae outside the scape of the projector exoeed the authority Faye TH ‘of the project manager In such eases the project manager should notify the appropriate people within the organization ‘of the opportunity: For example, a customer tells the project manager that he is considering adapting the product to different market and wonders whether you would be interested in bidding on the work. The opportunity is passed upward t the projet sponsor. Or through the course of project interactions, the project manager discovers an alternative supplier fora key component. This information would be passed on to the Procurement Department, Accept. Accepting an opportunity is being willing to take advantage of if it occurs, but not taking action to purse it While it is only natural to focus on negative risks iis sound practice to engage in active opportunity management as well7.7 Contingency Funding and Time Buffers 77 Understand how contingency funds and time buffers are used to manage risks on a project. ‘Contingency funds are established to cover project risks—identied and unknown, When, where, and how much money wil be spent are not known unl the risk event oceurs. Project “owners” are often reluctant to setup project contingency funds that seem to imply the project plan might be a poor one. Some perceive the contingency fund as an addon slush fund, Others say they wil face the risk ‘when it materializes. Usually such reluctance to establish reserve funds can be overcome with documented risk identifiation, assessment, contingeney plans, and plans for when and how funds wil be disbursed ‘The size and amount of contingency funds depend on uncertainty inherent in the project. Uncertainty is reflected inthe “newness” of the project, inaccurate time and cost estimate, technical unknowns, unstable scope, and problems not anticipated In practice, contingencies run from 1 to 10 percent in projects similar to past projects. However. in unique and highdechnology project is not ‘uncommon to find contingencies running in the 20 to 60 pereent range. Use and rate of consumption of reserves must be closely monitored and controlled. Simply picking a percentage ofthe baseline-siy, 5 pescent-and calling i the contingency reserve isnot a sound approach. Also, adding up all the identified contingeney allotments and throwing them into one pt isnot conducive to sound ‘onto! ofthe reserve fund [In practice, the contingency fund is typically divided into contingency and management reserve funds for control purposes. Contingen ‘ey reserves are sot upto cover identified risks; these reserves are allocated to specific segments or deliverables ofthe project. Manage meat reserves are setup to cover unidentified risks and ate allocated to risks associated withthe total projet, The sks ate separated ‘because ther use requites approval from diferent levels of project authority Because al rsks are probabilistic, the reserves are not Included inthe baseline for each work package or activity they re only activated when a risk oveurs. I an identified tsk does not ‘occur and its chance of occurring is pas, the fund allocated tothe rsk should be deducted from the contingency reserves. (This removes the tempkation to use contingency reserves fr other issues or problems.) OF course, if the rsk does occur funds ae removed from the reserve and added tothe cost baseline Ieis important that contingency allowances be independent ofthe original time and cast estimates. These allowances need to be clearly distinguished to avoid time and budget game playing Contingency Reserves “These reserves are identified for specific work packages or segments ofa project found inthe baseline budget or work Page TST” breakdown structure. For example, a reserve amount might be added to “computer coding” to cover the tsk of testing” = ——— showing a coding problem. The reserve amount is determined by costing out the accepted contingency or recovery plan. The contingency eserves should be communicated tothe project tam. This openness suggests trust and encourages good cost performance. However distributing contingency reserves shouldbe the responsibilty ofboth the project manager and the tam members responsible for implementing the specific segment ofthe project. I the risk does not materialize, the funds are removed ‘rom the contingency reserves. Ths, contingency reserves decrease as the project progresses ayManagement Reserves ‘These reserve funds are needed to cover major unforescen risks and, hence. are applied tothe total project. For example, a major scope change may appear necessary midway inthe project. Beeause this change was not anticipated itis covered from the ‘management reserves. Management reserves ar established afer contingeney reserves ar identified and funds established. These reserves are independent of contingency reserves and are controlled by the projeet manager andthe “owner” ofthe project, The “owner” can be internal (top management) or external tothe project organization. Most management reserves are set using historical ata and judements concerning the uniqueness and complexity ofthe project. Placing technical contingencies in the management reserves isa special ease, Identifying possible technical (functional) risks is often sssovated with a new, untried, innovative process oF product Hecause there i a chance the innovation may not work out, flack plan is necessary. This type of rik is beyond the control ofthe project manager. Hence, technical reserves ae hel in the ‘management reserves and controlled by the owner or top management. The owner and project manager decide when the contingency plan will be implemented and the reserve funds used, Itis assumed there sa high probability these funds will never be used G Table 71 shows the development of a budget estimate for a hypothetical project. Note how contingeney and management reserves are kept separate: control is easly tracked using this format TABLE 7.1 Budget Estimate iy Badge Racine Contingency Resere Projet Bdge Deen 50.000 | ‘is000| sis Code 0.000, 0000 x0000 Test 24000 2.000 22,000 Salo 120,000 7.000 sisi7.000 Manaeement sere E - 50,000 Tol 142000 97,000 1867000 Time Buffers Jast as contingency funds are established to absorb unplanned costs, managers use time bufes to cushion aginst potential delay in the project. And lke contingeney funds, the amount a time is dependent upon the inherent uncertainty ofthe preiec. The more uncertain the project is, the mor ime should be reserved for he schedule. The strategy is to asin extra time at erica moments in the project. Fr example, bers are aed to A. Activities with severe risks B. Merge activites that are prone to delays due to one oF more preceding activi being late . Noneriicalsetivtes to reduce the ikelihood that they wll erate another eriical ath rere D. Activities that require scarce resources to ensure thatthe resources are valable when needed, — Inthe face of overall schedule uncertainty buffers are sometimes added tothe end of the project. For example, a 300-working-ay project may have a 30day project buffer. While the extra 30 days would not appear on the schedule, they are available if needed. Like ‘management reserves, this buffer typically requires the authorization of top management. A more systematie approach to buffer ‘management is discussed in the @ Chapter 8 appendix on critical chain project management7.8 Step 4: Risk Response Control 78 Recognize the need for isk management being an ongoing activity Typically the results ofthe ist thee steps ofthe risk management proces ae summarized in a formal document often called the risk register. A risk resister details all identified risks, including descriptions, category, probability of occurring, impact, responses, contingeney plans, owners, and curtent status. The regis isthe backbone forthe lst sep in the risk management process: risk contro. Risk contol involves executing the tsk response strategy, monitoring triggering events initiating contingency plans, and ‘watching for new risks. Establishing a change management system to deal with events that require formal changes in the Scope, tbudget, andjor schedule of the project isan essential element of rsk contol Project managers need to monitor risks just as they track project progress. Risk assessment and updating need tobe part of every status meeting and progress report system. The project team needs o be on constant alert for new, unforeseen sks. Thamhain (2013) studied 35 majo product development eforts snd found that over half ofthe contingencies that occurred were not amtcipate! Readiness to respond co the unexpected is citeal element of isk management “Management needs to be sensitive that others may not be forthright in acknowledging new risks and problems. Admitng that there might be a bugin design cade or that diferent components are not compatible reflects poorly on individual performance Ifthe prevailing organizational culture is one where mistakes are punished severely then it only human nature to protect oneself Similarly. ibad news i greeted harshly and there is a propensity to “kill the messenger." then participant wil be reluctant to speak fecoy, The tendency to suppres bad news is compounded when individual responsibility is vague and the projet team is under extreme pressure [rom top management to get the project done quickly Projeet managers need to establish an environment in which participants feel eomortable raising concerns and admitting mistakes (Browsing & Ramasesh, 2015). The norm shouldbe tht mistakes are acceptable snd hiding mistakes is intolerable, Problems should be embraced, not denied. Participants shouldbe encouraged t dently problems and new risks. A postive atitude bythe project ‘manager towne sks i ky. (On large, complex projects it may be prudent to repeat the rte identifiction/assessment exercise with fresh information. Risk profiles should be reviewed to test ifthe orginal responses held true, Relevant stakeholders should be broughe ito the discussion andthe risk register needs tobe updated. While this may not be practical on an ongoing basis, project managers should touch base with them on 2 regular basis or hold special siakeholder meetings to review the satus of risks on the projet. [A second key for controlling the cost of rks is documenting responsibility This canbe problemati in projects involving "Page TH ‘multiple organizations ad contractors. Responsibility for risk is frequently passed on to others withthe statement “That is ——— ot my worty” This mentaliy is dangerous. Each identied risk should be assigned (or shared) by mutual agreement ofthe owner, project manager. and the contractor or person having line responsibility for dhe work package or segment ofthe project. It is best 0 Ihave the line person responsible approve the use of contingency reserves and monitor ther rate of usage. If management reserves are required, the line person should play am active role in estimating additional costs and funds needed to complete the project. Having line personne participate inthe proces focuses attention on the management reserves, contro of their rate of usage. and early warning of potential risk evens Irisk management i not formalized, responsibilty and responses to risk will be ignore. “The bottom line is that project managers and team members need tobe vigilant in monitoring potential risks and should identi new land mines that could derail a projet. Risk assessment as to be pat of the working agenda of status meetings. and when new risks emerge they need tobe analyzed and incorporated into the risk management process.7.9 Change Control Management 79 Describe the change control process. [A major element ofthe risk control process is change management, Not every deal ofa project plan will materialize as expected. Coping with and controlling project changes presents formidable challenge for most project managers. Changes come from many sourees, such asthe project customer, owner, project manager, team members, and risk events, Most changes easily fll into three categories 1. Scope changes in the form of design or additions represent bg changes—for example, customer requests for anew feature oF a redesign that will improve the product. 2. Implementation of contingency plans, when risk events oceur, represent changes in baseline costs and schedules 3, Improvement changes suggested by projet team members represent another category. Because change is inevitable, a welldefined change review and contol process shouldbe set up early in the project planning cyte Change management systems involve reporting, controling, and recording changes to the project baseline. (Note: Some organizations consider change control syatems part of conigurtion management.) la practice, most change management systems are designed to entity proposed changes List expected efecs of proposed change(s) on schedule and budget. Review. evaluate. and approve or disapprove changes formally [ogotiate and resolve conflicts of change, conditions, and cost 2 affected, Assign responsibility for implementing change Aadjus the master schedule and budget. ei L 3 4 5. Communicate changes tothe par 6. 2 8, Track all changes that are tobe implemented [As part ofthe project communication plan, stakeholders define up front the communication and decision-making process that will be ‘used to evaluate and accept changes. The process can be captured in a flow diagram like the one in © Figure 7.9, On small projects this process may simply entail approval a small group of sakcholdrs. On larger projects more elaborate decision-making processes tae established, with different processes being used for diferent kinds of change. For example. changes in performance requirements may require multiple signoff, including the project sponsor and client, while switching suppliers may be authorized bythe project manager Regardless of the nature ofthe project, the gol isto establish the proses for introducing necessary changes in te projet in a timely and effective manner.FIGURE 7.9 Chang Cont! Poe UJ Change Request ‘Submitted Review Change Request ‘Approved ? Update Plan of Record Distribute for Action Or particular importance is assessing the impact ofthe change on the project. Often solutions to immediate problems have adverse consequences on other aspects of a project. For example, in overcoming «problem with the exhaust system fr a hybrid automobile, the design engineers contributed to the prototype exceeding weight parameters. tis important thatthe implications of changes are assessed by people wth appropriate expertise and perspective. On construction projects this soften the responsibility of the architecture firm, while “software architects” perform a similar funetion on software development effort Organizations use change equest forms and logs to tack proposed changes. An example of a simplifed change request form is depicted in @ Figure 7.10, Typically change request forms include a description of the change, the impact of not approving the change, the impact ofthe change on project seape/schedule/cost, and defined signature paths for review, a well sa tracking log aaFIGURE 710 Sample Change Request Project name JnsivChinese cuture exchonge. Project sponsor hishembassy Request number _12 Date June 6, 2 tignetor Jenner MeDonoid henge requested by Chinese cuture office Description of requested change 1. Request river dancers to replace smal ish dance group, 2 Request one combination dance with iver dancers and Chino ballet groua Reason fr change ‘iver dancers will enbance stature of event The group fs wel known ond loved by Chinese poopie ‘Ares of pect of proposed change-describe each an separate sheet [XD Scope Hes = omer CD seneduie 2 Risk ‘Disposition Pity Funding Source D Approve Cl Emergency TG Mom. reserves TX] approveas amended | XI Urge TF comingency reserves 1 isepprove Ow customer beteres DB omer ‘Sigrff Approvals Project manager Wiliam OMoty Date June 12, Dune Project sponsor Kenneth Thompson Date June 13, 2uxx Projectcustomer Hong Lee Date June 19, 2000 ‘other ate ‘An abridged version of a change request log for a construction project is presented in @ Figure 7.11. These logs are wsed to monitor change requests. They typically summarize the status of ll outstanding change requests and include such useful information asthe source and date of the change, document codes for related information, cost estimates, and the current status of the request.FIGURE 7.11 Change Request Loz ‘Owner Requested Change Status Report—Open Kes Dates ct Deseiton Refereace Document Date Red ‘Date Subait == Amount =—‘Status 1 Sewer work fet “18829 OPEN 52 Sates Plates at restoom Shower Vales ASLS6 ys 3y30)2020 9.308 APPROVED 53. Waterproofing Options ast77 1yrs2020 169.386 OPEN S4 Chang Electrical oor box spec ehange — RFL 113 145/200 3292020 2844 SUBMIT 88 YEOption fr Sil and rll doors Doorsampes 1/14/2020 20.000, ROM. 56 Pressure Wash C toner Omer request 315)2020 3/3020 eset SUBMIT 57. FteLiteghssin sts ver seaest 6.000. QUOTE S8 Cyber Café aed tle JOFOL equipment ASI65 pom0 32972020 4528 APPROVED 59. Additional Damoersin C wink AST68 anew 3292020 1985. SUBMIT © Revise Coro eines asi 23ja000 31/2000 3988 SUBMIT (OPEN-Requies es ROM-Rowgh oner magnitude ‘QUOTE-Subeonractor quotes ‘SUBMIT-RC eter vbmited APPROVED-RC lter approved REVISE-RC leter tobe reviewed ASI- Architect’ supplemental instructions RFL-Request for information —— [Every approved change must be identified and integrated into the plan of ecord through changes in the project WBS and baseline schedule, The plan of record isthe current oficial plan forthe projet in terms of scope, budget, and schedule. The plan of record serves as a change management benchmark fr future change requests as well as the baseline for evaluating projet progress. the change control system isnot integrated with the WBS and baseline, project plans and control will soon seldestuct. Thus, one ofthe keys toa successful change control process is document, document, document! The benefits derived from change contol systems are the following, Inconsequential changes are discouraged by the formal proces, Costs of changes are maintained in «log. Integrity of the WBS and performance measures is maintained, Allocation and use of contingency and management reserves are tracked. Eft of changes is visible to all partis involved. Implementation of change is monitored L a 4 5, Responsibility for implementation is clarified 6 1 8 Scope changes will be quickly reflected in baseline and performance measures. (Clearly change control is important and resuires that someone or some group be responsible for approving changes, ‘Keeping the process updated, and communicating changes tothe project team and relevant stakeholders, Projet eontrol depends heavily on keeping the change contol proces current. Tis historical record ean be used for satisfying customer inquires, ‘dentitying problems in post project audits, and estimating future project cost PageSummary ‘To put the processes discussed inthis chapter in proper perspective, one should recognize thatthe essence of project management is risk management. Every technique in tis book isa risk management technique, Each in ts own way tries to prevent something bad fcom happening, Project selection systems try to reduce the likelihood tt projects will aot contebute to the mission of the fim Projet scope statements, among other things, are designed to avoid costly misunderstandings and reduce scope creep. Work breakdown structures reduce the likelihood that some vital par of the projeet wil be omited or thatthe budget estimates are unrealistic. Team building reduces the likelihood of dysfunctional conllict and breakdowns in coordination. All of the techniques try to increase stakehokersetistction and the chances of project succes. From this perspective, managers engage in risk management activities to compensate forthe uncertainty inherent in roietFage D5 ‘management and that things never go according to plan. Risk management is proactive, not reactive. It reduces the number ——— of surprises and prepares people for the unexpected. Although many managers believe that inthe final analysis, isk assessment and contingency depend on subjective judgment, some standard method for ideniving, assessing, and responding o risks should be included inal projets. The very process of identi project risks forees some discipline at all eels of projet management and improves project performance. Contingency plans increas the ehanee thatthe project can be completed on time and within budget, Contingency plans ean be simple workarounds or elaborate, detailed plans. Responsibility fr risks shouldbe clearly identified and documented. It is desirable and prudent to keep a reserve as aed against project risks. Contingeney eserves are linked to the WBS and should be communicated tothe projet cum. Control of management reserves should remain with the owner, project manager, and line person responsible. Use of contingency reserves shouldbe closely monitored, controlled, and reviewed throughout the project if cycle Experience clearly indicates that using a formal, structured process to handle possible foreseen and unforeseen project risk events minimizes surprises, costs, delays, stress and misunderstandings. Risk management is an iterative process that occurs throughout the lifespan ofthe project. When risk events occur or changes are necessary using an effective change contol proces to quiekly approve and record changes wil filtate measuring performance against schedule and cost, Ukimately sucessful risk management requires ‘culture in which threats are embraced, not denied, and problems ae identified, not hidden