Title: A Risk Management Approach for Simple and Complex Projects
1A Risk Management Approach for Simple and Complex
Projects
- The 36th Annual Directors of Programs and
Services Conference - Susan Dreyfus, SVP and COO, Alliance for
Children and Families - Cynthia Hunt, SVP, American Management Systems,
Inc. -
2Introductions
- Presenters and Contact Information
- Susan Dreyfus, SVP and COO, The Alliance
- 414.359.1040
- sdreyfus_at_alliance1.org
- Cynthia Hunt, SVP, AMS
- 703.267.5057
- cynthia.hunt_at_ams.com
3Agenda
- Introductions
- Why use Risk Management?
- What is Risk Management?
- Our Risk Management Approach
- Examples
- WiSACWIS Project
- Alliance Staff Transition
- Bureau of Milwaukee Child Welfare Contract
Transition - Holy transition
- Group Exercise
4Why Use Risk Management?
5Risk Management Misconceptions
- Isnt this a lot like encouraging
the culture of Chicken Little ?
6Risk Management Misconceptions
- Wouldnt we be better off using positive
Solution- Focused approaches?
7Risk Management and Scouting
8Is Your Organization Open to Looking Over the
Horizon?
- Willing to use and empower work teams
- Invite / encourage members to seek out problems
and potential failures - Honestly identify risks
- Openly discuss solutions
- Willing to communicate without repercussions
9What is Risk Management?
- Our Risk Management Approach
10What is Risk?
- A potential problem waiting to happen
- May adversely impact schedule, cost, objectives
- Will vary in probability, impact, and timing
11What is Risk Management?
- A systematic process for identifying, analyzing,
and responding to risk to mitigate the negative
impact on an initiative. - The best defense is a good offense.
12Risk Management Process
RiskReviewMeeting
MGT (ESC) BriefingPackage
RiskDiscovery Sources
Action Items related to mitigation steps
- Sample forums
- Separate meeting
- Special agenda item at regular EM/PM meeting
- EM leads
- PMs bring current view of project risks(whether
formal reportor informal discussion) - Mitigations are formed
- EM selects and assigns risk level
Top 5-10 EngagementRisks (List)
- Progress metric trends other management views
- Quality triggers
- PM risk plans
- External reviews
- Functional
- Technical
- Management
Individual Descriptions
DecisionFrames (to decideon mitigations)
13Basic Steps in Risk Management
2. Risk Analysis
1. Risk Discovery
3. Risk Mitigation
- Risk Estimation
- Impact
- Probability
- Risk aversion
- How much is OK?
- How much can be reduced?
- How much can be avoided?
- Identify
- New risks
- Changes in known risks (changing probabilities or
impact due to changing circumstances)
- Risk Mitigation Strategies to
- Reduce impact
- Reduce uncertainty
- Create options
- Adjust success targets
14Risk Discovery
- TOP DOWN Looking for patterns across teams
- Management Team Meeting to discuss current
threats - Quality Trigger trends, on deliverable reviews
and approvals - Risk Reviews to update engagement-level risks
(one week before ESC ) - Includes Lessons Learned discussions after major
phase
?
- OUTSIDE IN
- Fresh Perspective in a focused way
- Bring in outside participants
- Periodic reviews on selected topics (e.g.
Technical Architecture Review) - Deliverable reviews on selected work products
(e.g. design walk-through with end-users)
- MANAGER MIDDLE
- Creating a moment to reflect
- Discussion with individual Team Leaders
- Interactive dialog looking for patterns
- Preparation for the Mgmt Team Meeting
- Looking ahead 1-2 months for barriers
- Filtering the Team Leaders information
- BOTTOM UP
- Sifting through the day-to-day
- Team Leader Weekly Status Report focus on risks
- What prevented my team from completing its
tasks? - What do I know now that will get in the way in
the next couple of weeks? - Has this happened before? Once? Repeatedly?
(root cause, not excuses)
15Risk Analysis and Mitigation
Example
- Schedule impact of existing system changes
implemented after General Design - Changes to the existing systems are being
implemented after the engagement requirements
were finalized, due to need to keep up
with changing business conditions during the two
year development window. - Impact(s)
- The overall schedule may be impacted if this
information is not received in time to be
included in the General Design. Changes after
General Design may affect SW quality (code
stability) in Build phase. - Limited access to (busy!) Legacy IT SMEs who are
critical to support aggressive design effort may
delay timely completion of General Design, or
reduce the quality of the interface
specifications.
Yellow
- Mitigation Step(s)
- 1. Establish monthly Billing Coordination
Committee, headed by CIO. Membership includes
Engagement Manager (EM), two Marketing
departments, and Legacy IT. - Legacy systems share proposed change requests and
Marketing explains related business case - Engagement describes impact (schedule and legacy
SME resources) - CIO provides clarity on priorities and
approves/disapproves changes - 2. EM links information to Engagement Change
Control process - 3. EM meets with Legacy Mgr and CIO weekly re
IT SMEs
Date 2/99
Status Now Ongoing Ready to initiate on 1st
change Now Ongoing
?
?
?
16Risk Summary
Example
Need MGT Intervention
Design quality impact due to shortage of
marketing SMEs
1
Marketing Involvement
Yellow
2
Schedule impact of legacy changes implemented
after General Design
Ongoing Legacy Changes
Yellow
Need MGT Decision
Significant open issues on approach and strategy
3
Acceptance Testing Effort
Yellow
Need MGT Guidance
4
Current purchasing timeframes may delay critical
change orders
Purchasing Process
New
Yellow
.. .
Trend since last ESC Increasing risk
No change
Decreasing risk
RED Success Targets at risk
(mitigations infeasible or failed) YELLOW
Mitigation steps in place but not
completed (needs monitoring) GREEN Risk
has been mitigated
Select the top 5 to 10 level 1 risks
17Risk Management Reviews
- Objectives
- Identify and assess significant risks to
initiative success - Determine approaches to reducing risks
- Validate progress on mitigation strategies
Keys to success . . .
- Do regularly
- Establish continuity of senior reviewers
- Focus on major risks (include linkage to
interdependent projects), and appropriate
mitigation strategies - Link to ongoing management techniques (e.g.,
Executive Steering Committee)
18Getting Started
- Define your risk management process
- Ongoing risk management approach, including
process, supporting tools, reports, audiences,
and how risk mitigation action steps will be
tracked - Approach to report on risks and request
action/decisions from Management (ESC?) and other
executive stakeholders - How team members and other stakeholders will
provide input on identified risks - Establish the initial set of key risks and pilot
with the management team and others - Define schedule/frequency of risk reviews
19Risk Management Examples
- DHFS WiSACWIS Project
- Alliance Staff Transition
- Bureau of Milwaukee Child Welfare Transition
- Holy Transition
20WiSACWIS Overview
- The Project WiSACWIS
- Wisconsin Automated Child Welfare Information
System - Why 80 of large IT projects fail
- Lack of User Involvement
- Lack of Executive Sponsorship
- Scope Creep
- What AMS Engagement Management Framework, Risk
Management Methodology
21Applied Risk Management At Every Level
- Internal State/vendor project mgmt team
- Bi-weekly Project Oversight Committee
- Division of Children Family Services
- Division of Management and Technology
- Vendor and State Project team
- Monthly IT Steering Committee
- Administrators from executive sponsor Divisions
- State Project Director
- AMS, Inc. Responsible VP, Project Management team
- Quarterly IT Steering Committee
- DHFS Deputy Secretary
- AMS Senior Vice President
22Risk Repository Tool
23Risk Repository Tool
24Risk Examples
- Workers may have an unrealistic expectation of
what the system is intended to do. - Impact(s)
- Users relegate system to support staff
- Users wont fully utilize the system, which will
result in incomplete data
Yellow
Mitigation Step(s) 1. Ensure communication of
project objectives and activities to users.
2. Foster user involvement in system
development. 3. Provide effective training. 4.
Manage expectations through leadership. 5.
Develop and communicate the plan for setting
realistic user expectations.
Date
Status
25Risk Examples - 2
- Y2K problems with other systems may disrupt the
WiSACWIS implementation. - Impact(s)
- Implementation could be disrupted if there are
Year 2000 problems with external systems that
WiSACWIS interfaces with. Disruption, depending
on the extent, could negatively impact worker
perception, provider payments, etc.
Yellow
Mitigation Step(s) 1. Monitor progress on Y2K
compliance activities for interfacing
systems. 2. Review contingency plans for
dependent systems. 3. Lessen potential impact by
keeping with the 12/23/1999 implementation date
but controlling extent of usage and dependency
until post 1/1/2000 and the extent of problems,
if any, are known.
Date
Status
26And the outcome was...
- Project completed 2 weeks early
- No surprises or show stoppers
- On budget, on quality
- Established new model for large IT project
management within DHFS - Rebuilt relationships with external stakeholders
27Other Examples of Applying the Methodology
- Alliance Staff Transition
- Contract transition for Bureau of Milwaukee Child
Welfare - Holy transition
28Group Exercise
29Risk Management Template
RISK Statement Impact(s)
Mitigation Step(s) 1. 2. 3.
Date
Status
30Risk Management Template
RISK Statement Impact(s)
Mitigation Step(s) 1. 2. 3.
Date
Status
31Risk Management Template
RISK Statement Impact(s)
Mitigation Step(s) 1. 2. 3.
Date
Status
32In Conclusion...