BAPCO - EPICOR Risk Management Workshop - Print-2019

Risk Management
EPCIOR ERP
ICT Dept.
Designed and Delivered By

Osman Elhassan
BAPCO , Khartoum , SUDAN DEC 2019
OSMAN ELHASSAN
www.linkedin.com/in/osmanelhassan
oelhassan@bashayerpl.com
OSMAN ELHASSAN
OSMAN ELHASSAN , MBA, PMP ,PMI-RMP
Consultant Engineer , Risk Management Expert
OSMAN ELHASSAN
Course Objectives
Upon completion of the course, participants will be able to
Upon completion of the course, participants will be able to :
•Use internationally-recognized best practices and standards for

managing risks.
•Implementation for Risk identification (Identify and Prioritize

Risks ) for EPICOR ERP
OSMAN ELHASSAN
Course Outlines
• Introduction & Risk Frame work

• ICT Risk Strategy and planning
• PMI and ISO 31000 Standards
• Stakeholders Engagement
• ICT Risk Process Facilitation.
• Perform Specialized ICT Risk Analyses
• ICT Risk Monitoring and Reporting
OSMAN ELHASSAN
OSMAN ELHASSAN
Module -1-
Introduction
OSMAN ELHASSAN
What’s Risk
The effect of uncertainties on objectives
ANSI/ASSE/ISO Guide 73
OSMAN ELHASSAN
What’s Project Risk
Individual Project risk is an uncertain event or condition
that, if it occurs, has a positive or negative effect on one
or more project objectives such as scope, schedule, cost,
and quality.
Overall Project Risk : The effect of uncertainty on the
project as whole
PMBOK® Guide—Six Edition
OSMAN ELHASSAN
Source : https://leadershipchamps.wordpress.com
OSMAN ELHASSAN
Risk Management
The processes of conducting risk management planning,

identification, analysis, response planning, and controlling risk on
a project.
Control Plan
Response Identify
Analyze
PMBOK® Guide—Six Edition
OSMAN ELHASSAN
Risk Management ISO31000 : 2018
The identification, assessment, and prioritization of risks followed by

coordinated and economical application of resources to minimize,
monitor, and control the probability and/or impact of unfortunate
events, or to maximize the realization of opportunities.
Establish
Treatment
Context
Monitoring and Review

Evaluation Identification
Analyze
OSMAN ELHASSAN
OSMAN ELHASSAN
ISOOSMAN
31000:2009
ELHASSAN
Risk Management Objectives
The objectives of project risk management are to increase the

likelihood and impact of positive events, and decrease the
likelihood and impact of negative events in the project
OSMAN ELHASSAN
Importance of Risk Management
OSMAN ELHASSAN
Module -2-
Risk Attitudes
OSMAN ELHASSAN
Risk attitudes
Organizations and stakeholders are willing to accept varying
degrees of risk depending on their risk attitude
Appetite
Risk Attitudes
Tolerance
Threshold
OSMAN ELHASSAN
Risk appetite
Which is the degree of uncertainty an entity is
willing to take on in anticipation of a reward.
Risk Threshold
Measures the level of uncertainty or the level of
impact at which a stakeholder may have a specific
interest. Below that risk threshold, organization will
accept it , above that will not tolerate the risk
OSMAN ELHASSAN
Risk tolerance
which is the degree, amount, or volume of risk that an
organization or individual will withstand.
Risk tolerance Areas

which area will your stakeholders can accept ?
Cost overrun or Schedule delay , or …
OSMAN ELHASSAN
Risk Averse
Low risk attitude
Risk Prone
Higher risk tolerance and
willingness to invest in high
risk investments
OSMAN ELHASSAN
Hazard Vs Risk
OSMAN ELHASSAN
Risk Domains
Risk Strategy and Planning Monitor &

Plan Risk Identify Risks Analysis Response
Control
Stakeholder Engagement
Identify Risks Qualitative Analysis
Risk Process Facilitation

Identify Risks Analysis Response
Risk Monitoring and Reporting

Responses Monitoring and Control
Perform Specialized Risk Analysis

Qualitative Analysis . Quantitative Analysis
Risk Management Processes interactions

OSMAN ELHASSAN
OSMAN ELHASSAN
Module -3-
Risk Strategy And Planning
OSMAN ELHASSAN
Risk Strategy & Planning Tasks
Task 1
Assessment and Criteria
Task
Task
Task
Task
3 2 54 Improve
Develop
Evaluation
Produce
effectiveness
Risk
Risk
Criteria
Strategy
Plan
OSMAN ELHASSAN
Enterprise Risk Management
strategic-minded enterprises do not strive to eliminate risk , they seek to

manage risk exposures across all parts of their organizations so that, at any
given time, they incur just enough of the right kinds of risk—no more, no less
—to effectively pursue strategic goals
OSMAN ELHASSAN
Risk Strategy & Planning
Activities related to developing policies , processes and

procedures for risk assessment , planning and response
OSMAN ELHASSAN
Risk Management Processes
Risk management is carried through the following processes
Plan Risk
Managmentt
Identify Risks
Qualitative
RMP Analysis
Quantitative
Analysis
Risk Responses
Control Risks
OSMAN ELHASSAN
Plan Risk Management
The process of defining how to conduct risk management activities ,

decide the required tools and procedures
Requirements Tools and Techniques
Analytical Techniques
Project Mgt Plan
Expert Judgment
Project Charter
Meetings
Stakeholder Register
Enterprise Env. Factor
Org Process Assets
OSMAN ELHASSAN
Risk Management Continues
Risk management plan describes how activities will be structured and
performed , it includes the following
Methodology.
Approaches, tools, and data sources that will be used to perform RM
Roles and responsibilities.

Team members roles , lead and support.
Budgeting
Estimates funds needed, based on assigned resources, for inclusion in the cost
baseline and establishes protocols for application of contingency and
management reserves.
Timing
Defines when and how often the risk management processes will be
performed .
OSMAN ELHASSAN
Identify Risks
The process of determining which risk will affect the project or the
organization and document their characteristics
Requirements Tools and Techniques Outputs

Project Management Plan Documentation reviews Risk register
Details.
Information gathering technique
Checklist analysis
Assumptions analysis
Diagramming techniques
SWOT analysis
Expert judgment
OSMAN ELHASSAN
Risk Characteristics
Risk is often characterized by reference to potential events (Likelihood ,
Probability) and consequences (Impact), or a combination of these.
Known risks are those that have been identified and analyzed,
making it possible to plan responses for those risks.
Known risks that cannot be managed proactively, should be assigned

a contingency reserve
Unknown risks cannot be managed proactively and therefore may be

assigned a management reserve
OSMAN ELHASSAN
Three Perspectives of Risk Identification
Source: Practice Standard For Project Risk Management

OSMAN ELHASSAN
Risk Ownership
Each risk should be described at a level of detail at which it can be assigned to

a single risk owner with clear responsibility and accountability for its
management.
OSMAN ELHASSAN
Risk Trigger Conditions
Trigger conditions should also be identified where this is possible and

appropriate
OSMAN ELHASSAN
Module - 4 -
Critical Success Factors
OSMAN ELHASSAN
Critical Success Factors for the Identify Risks Process
 Early Identification
Early risk identification enables key project decisions to take maximum

account of risks inherent in the project, and may result in changes to the
project strategy. It also maximizes the time for risk responses,
 Iterative Identification
Risk identification should be repeated throughout the project life cycle. this
should be done periodically.
OSMAN ELHASSAN
Emergent Identification
Risk identification should not be limited to formal risk identification events

or regular reviews
Comprehensive Identification
A broad range of sources of risk should be considered to uncertainties that

might affect project objectives have been identified.
OSMAN ELHASSAN
OSMAN ELHASSAN
Module - 5 -
Risk Analysis And Priritize Techniques
OSMAN ELHASSAN
Perform Qualitative Risk Analysis
The process of prioritizing risks and their probability , basically carried
based on risk characteristics
Risk Management plan Risk probability and impact assessment

Scope Baseline Risk data quality assessment
Risk register Risk categorization
Enterprise Env. Factors Risk urgency assessment
Org. process assets Expert judgment
OSMAN ELHASSAN
Other Parameters for Assessment of Risk
Other factors that can be used to prioritize risk during qualitative risk
analysis
Urgency
Proximity
Manageability
Controllability
Detectability
Connectivity
Strategic Impact
Propinquity
OSMAN ELHASSAN
Risk Categorization
Organization by sources of risk (e.g., project phase) to determine the areas of
the project most exposed to the effects of uncertainty
Risk Breakdown Structure (RBS).

A hierarchical representation of risks according to their risk categories.
OSMAN ELHASSAN
Critical Success Factors for the Perform Qualitative Risk
Analysis Process
Risk Analysis Credibility
OSMAN
PRACTICE STANDARD ELHASSAN
FOR PROJECT RISK MANAGEMENT
Risk categories
Risk categories may include the following.
Information systems risk
This includes sensitive and critical information as well as personal data
( Customer , Staff , network services , etc ).
 Human resources risk
Telecommunication organizations staff needs to be trained, competent and qualified
in many areas of the business. They need to take charge of roles and responsibilities
that are security-related.
Operational risk
The operational side needs to be efficient, effective and protected against the risk of
being compromise
Recommendation ITU-T X.1055
OSMAN ELHASSAN
Network services risk
Need to be delivered in such away that they are protected against the risk of being
compromised.
IT services risk
The technology deployed by a telecommunication organization for their business and
their customers needs to be reliable, robust and secure.
Physical risk
The physical locations, sites, buildings, computer rooms and switching centers need to be
physically secured against the threats.
 Compliance risk
Ensure compliance with the laws and regulations that apply in the jurisdictions in which
they are operating and providing services.
OSMAN ELHASSAN
Risk assessment techniques
Brainstorming
Brainstorming involves stimulating and encouraging free-flowing

conversation amongst a group of knowledgeable people to identify potential
failure modes and associated hazards, risks, criteria for decisions and/or
options for treatment
Source : ISO Standard IEC/FDIS 31010:2009

OSMAN ELHASSAN
Structured or semi-structured interviews
individual interviewees are asked a set of prepared questions from a prompting

sheet which encourages the interviewee to view a situation from a different
perspective and thus identify risks from that perspective
OSMAN ELHASSAN
Delphi technique
A procedure to obtain a reliable consensus of opinion from a group of experts.
Experts expressed their opinions individually and anonymously while having
access to the other expert’s views as the process progresses
OSMAN ELHASSAN
Check-lists
Check-lists are lists of hazards, risks or control failures that have been
developed usually from experience, either as a result of a previous risk
assessment or as a result of past failures
OSMAN ELHASSAN
Cause-and-effect analysis
Cause-and-effect analysis is a structured method to identify possible causes
of an undesirable event or problem
OSMAN ELHASSAN
SWOT Analysis
SWOT analysis identifies any opportunities for the project that arise from
organizational strengths, and any threats arising from organizational
weaknesses
OSMAN ELHASSAN
Probability and Impact Matrix
OSMAN ELHASSAN
To develop and agree on suitable scale based on the Project or
enterprise potential risks
OSMAN ELHASSAN
Impact Scale Example
OSMAN ELHASSAN
Module - 6 -
Quantitative Risk Analysis
OSMAN ELHASSAN
Perform Quantitative Risk Analysis
Numerically analyze the effect of identified risks and their effect on the
project
Risk Management Plan Data gathering and representative

Cost Management plan techniques.
Risk register Quantitative risk analysis and
Schedule Mgt. plan modeling techniques
Enterprise Env. Factors Expert Judgment
Org. Process assets
OSMAN ELHASSAN
Expected Monetary Value (EMV) Analysis.
A statistical technique that calculates the average outcome when the
future includes scenarios that may or may not happen. A common use of
this technique is within decision tree analysis and in Risk quantitative
analysis .
OSMAN ELHASSAN
Osman Elhassan DOOL51@gmail.com
Monte Carlo Analysis
Monte Carlo simulation is a detailed, computer-intensive simulation approach
to determining the value and probability of possible outcomes of a project
objective such as a project schedule (e.g., the completion date) or cost
estimate (e.g., the total cost).
It computes the schedule or cost estimate many times using inputs drawn at
random from ranges specified with probability distribution functions for
schedule activity durations or cost line-items.
OSMAN ELHASSAN
Osman Elhassan DOOL51@gmail.com
Module - 7 –
Stakeholders Engagement
OSMAN ELHASSAN
Promote Common Understanding
T1
Educate Stakeholders
T2
Coach Project Team

T3
T4 Assess Stakeholders Risk Tolerance

Stakeholders
T5 Identify Stakeholders Risk Attitude
Engagement
T6
Optimize Consensus
T7
Provide Risk Related Recommendation
T8
Promote Risk Ownership
T9
Get Other Projects Implications
OSMAN ELHASSAN
Stakeholder Engagement Task 1
Promote a common understanding of the

value of risk management by using
interpersonal skills
Train, coach, and educate stakeholders in risk principles and processes in

order to create shared understanding
OSMAN ELHASSAN
Coach project team members in implementing risk processes
Assess stakeholder risk tolerance using processes and tools such as

interviewing stakeholders and reviewing their historical behaviors
OSMAN ELHASSAN
Identify stakeholder risk attitudes in order to manage stakeholder expectations
and responses throughout the life of the project
Engage stakeholders on risk prioritization process in order to optimize
consensus regarding priorities
OSMAN ELHASSAN
Provide risk-related recommendations to by
using effective communication techniques in
order to support effective risk-based decision
making.
Promote risk ownership by
proactively communicating
roles and responsibilities
Liaise with stakeholders of other projects
order to inform them of implications for
their projects.
OSMAN ELHASSAN
Module - 8 –
Plan Risk Responses
OSMAN ELHASSAN
Plan Risk Responses
The process of developing options and actions to enhance opportunities

and to reduce threats to project objectives.

Risk register
Risk Mgt. Plan Strategies for negative risks or threats
Strategies for positive risks or opportunities
Contingent response strategies
Expert judgment
OSMAN ELHASSAN
Critical Success Factors for Project Risk Management
OSMAN ELHASSAN
Source : PMI PRACTICE STANDARD FOR PROJECT RISK MANAGEMENT
Strategies for Negative Risks or Threats
Avoid
eliminate the threat or protect the project from its impact.
 Transfer
shifts the impact of a threat to a third party, together with ownership of the
response.
OSMAN ELHASSAN
Strategies for Negative Risks or Threats continues
Mitigate
reduce the probability of occurrence or impact of a risk.
Accept
Acknowledge the risk and not take any action unless the risk occurs.
This strategy is adopted where it is not possible or cost-effective to
address a specific risk in any other way.
OSMAN ELHASSAN
Strategies for Positive Risks or Opportunities
 Exploit
For risks with positive , to ensure the opportunity definitely happens.
Enhance
The enhance strategy is used to increase the probability and/or the positive
impacts of an opportunity. (key drivers ) .
OSMAN ELHASSAN
Strategies for Positive Risks or Opportunities continue
 Share
Sharing a positive risk involves allocating some or all of the ownership
of the opportunity to a third party who is best able to capture the
opportunity for the benefit of the project.
Accept
Being willing to take advantage of the opportunity if it arises, but
not actively pursuing it.
OSMAN ELHASSAN
Risk Types
Primary risks
Risk that identified and considered initially , risk
responses has been planned
Residual risks
Risk that are expected to remain after planned
responses have been taken, as well as those that have
been deliberately accepted
 Secondary Risks
Risk that arises as a direct outcome of
implementing a risk response
OSMAN ELHASSAN
Fallback plans
for use as a reaction to a risk that has occurred and the

primary response proves to be inadequate
 Workaround
A response to a threat that has occurred, for which a prior
response had not been planned or was not effective
OSMAN ELHASSAN
Budget Risk Reserves
Contingent reserves
Contingency reserves that are calculated based on the
quantitative risk analysis of the project and the
organization’s risk thresholds
Management Reserve
The cost or time reserve that is used to manage the unidentified
risks or “unknown-unknown”
It is not an estimated reserve; it is a random figure, which is
defined according to the organization’s policy.
OSMAN ELHASSAN
Module - 7 –
Stakeholders Risk Monitoring

And
Control
OSMAN ELHASSAN
Document and Update Risk Info
T1
Coordinate and Communicate

T2
T3 Create Periodic Reports
Risk Monitoring T4
and Reporting Monitor Metrics
T5
Analyze /Measure performance
T6
Update risk plan
T7
Capture lesson learned
OSMAN ELHASSAN
Risk Report
The risk report presents information on sources of overall project risk,
together with summary information on identified individual project risks in
addition to risk analysis results.
Information in the risk report may include but is not limited to:
 Sources of overall project risk with the important drivers of risks

 Summary information on identified individual project risks,
OSMAN ELHASSAN
Risk Report
The risk response owner reports periodically to the project manager on the
effectiveness of the plan, any unanticipated effects, and any correction
needed to handle the risk appropriately.
Control Risks also includes updating the organizational process assets,

including project lessons learned databases and risk management templates,
for the benefit of future projects
OSMAN ELHASSAN
 Risk Monitoring and Reporting Task 1
Document and periodically update risk

information using standard tools (risk
register, risk database ,etc )
Risk Monitoring and Reporting Task 2
Coordinate with project manager using
communication techniques
OSMAN ELHASSAN
Create periodic standard and custom reports

using risk-related metrics
Monitor risk response metrics by analyzing risk
response performance information, and present to

key stakeholders in order to ensure resolution of
risk
OSMAN ELHASSAN
Analyze risk process performance against

established metrics in order to drive risk
process improvements.
Update the project risk management plan
using relevant internal and external inputs

in order to keep the plan current.
OSMAN ELHASSAN
Capture risk lessons learned through comprehensive review of the project

risk management plan,
OSMAN ELHASSAN
What do you think are the
Barriers to Successful ERP Project Risk

Management
OSMAN ELHASSAN
OSMAN ELHASSAN
Results of Good Project Risk Management
Unlike crisis management, good project risk management often goes unnoticed.
Well-run projects appear to be almost effortless, but a lot of work goes into
running a project well.
Project managers should strive to make their jobs look easy to reflect the results
of well-run projects.
OSMAN ELHASSAN
Control Risks
The process of implementing risk response plans, tracking identified risks,
monitoring residual risks, identifying new risks, and evaluating risk process
effectiveness throughout the project
Requirements Tools and Techniques Outputs

Risk register Risk assessment Work performance
Project management plan Risk audits information
Work performance data variance and trend Organizational Process assets
Performance reports analysis updates
Technical performance Change requests
measurement PM plan updates
Reserve analysis Project document updates
meetings
OSMAN ELHASSAN
Designed by Osman Elhassan PMP#1405450 DOOL51@gmail.com
The Control Risks process applies techniques, such as variance and trend analysis,
which require the use of performance information generated during project
execution.
OSMAN ELHASSAN
Tracking Trigger Conditions
Trigger conditions and the corresponding metrics are defined during the Plan
Risk Responses process.
Tools are required to evaluate and track these conditions against the project
baseline or specified thresholds, based on actual status.
OSMAN ELHASSAN
Control Risks process are to determine if
Project assumptions are still valid,
 Analysis shows an assessed risk has changed or can be retired,
 Risk management policies and procedures are being followed, and
Contingency reserves for cost or schedule should be modified in alignment
with the current risk assessment.
Control Risks can involve choosing alternative strategies, executing a

contingency or fallback plan, taking corrective action, and modifying the
project management plan.
OSMAN ELHASSAN
END OF DOCUMENT
OSMAN ELHASSAN

BAPCO - EPICOR Risk Management Workshop - Print-2019

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BAPCO - EPICOR Risk Management Workshop - Print-2019

Uploaded by

Copyright:

Available Formats

Risk Management

Designed and Delivered By

Upon completion of the course, participants will be able to :

•Use internationally-recognized best practices and standards for

•Implementation for Risk identification (Identify and Prioritize

• Introduction & Risk Frame work

The effect of uncertainties on objectives

Individual Project risk is an uncertain event or condition

that, if it occurs, has a positive or negative effect on one

or more project objectives such as scope, schedule, cost,

Overall Project Risk : The effect of uncertainty on the

The processes of conducting risk management planning,

The identification, assessment, and prioritization of risks followed by

Monitoring and Review

The objectives of project risk management are to increase the

Risk tolerance Areas

Cost overrun or Schedule delay , or …

Risk Strategy and Planning Monitor &

Risk Process Facilitation

Risk Monitoring and Reporting

Perform Specialized Risk Analysis

Risk Management Processes interactions

Risk Strategy And Planning

strategic-minded enterprises do not strive to eliminate risk , they seek to

Activities related to developing policies , processes and

The process of defining how to conduct risk management activities ,

Requirements Tools and Techniques

Roles and responsibilities.

Requirements Tools and Techniques Outputs

Known risks that cannot be managed proactively, should be assigned

Unknown risks cannot be managed proactively and therefore may be

Source: Practice Standard For Project Risk Management

Each risk should be described at a level of detail at which it can be assigned to

Trigger conditions should also be identified where this is possible and

Critical Success Factors

Early risk identification enables key project decisions to take maximum

Risk identification should not be limited to formal risk identification events

A broad range of sources of risk should be considered to uncertainties that

Risk Analysis And Priritize Techniques

Requirements Tools and Techniques

Risk Management plan Risk probability and impact assessment

Risk Breakdown Structure (RBS).

Risk Analysis Credibility

Brainstorming involves stimulating and encouraging free-flowing

Source : ISO Standard IEC/FDIS 31010:2009

individual interviewees are asked a set of prepared questions from a prompting

Quantitative Risk Analysis

Requirements Tools and Techniques

Risk Management Plan Data gathering and representative

Coach Project Team

T4 Assess Stakeholders Risk Tolerance

Promote a common understanding of the

Stakeholder Engagement Task 2

Train, coach, and educate stakeholders in risk principles and processes in

Coach project team members in implementing risk processes

Stakeholder Engagement Task 4

Assess stakeholder risk tolerance using processes and tools such as

Identify stakeholder risk attitudes in order to manage stakeholder expectations

and responses throughout the life of the project

Stakeholder Engagement Task 6

Engage stakeholders on risk prioritization process in order to optimize

consensus regarding priorities

Stakeholder Engagement Task 8