A Risk Management Approach for Simple and Complex Projects

1
A Risk Management Approach for Simple and Complex
Projects

• The 36th Annual Directors of Programs and
  Services Conference
• Susan Dreyfus, SVP and COO, Alliance for
  Children and Families
• Cynthia Hunt, SVP, American Management Systems,
  Inc.

2
Introductions

• Presenters and Contact Information
• Susan Dreyfus, SVP and COO, The Alliance
• 414.359.1040
• sdreyfus_at_alliance1.org
• Cynthia Hunt, SVP, AMS
• 703.267.5057
• cynthia.hunt_at_ams.com

3
Agenda

• Introductions
• Why use Risk Management?
• What is Risk Management?
• Our Risk Management Approach
• Examples
• WiSACWIS Project
• Alliance Staff Transition
• Bureau of Milwaukee Child Welfare Contract
  Transition
• Holy transition
• Group Exercise

4
Why Use Risk Management?
5
Risk Management Misconceptions

• Isnt this a lot like encouraging
  the culture of Chicken Little ?

6
Risk Management Misconceptions

• Wouldnt we be better off using positive
  Solution- Focused approaches?

7
Risk Management and Scouting

• BE PREPARED!

8
Is Your Organization Open to Looking Over the
Horizon?

• Willing to use and empower work teams
• Invite / encourage members to seek out problems
  and potential failures
• Honestly identify risks
• Openly discuss solutions
• Willing to communicate without repercussions

9
What is Risk Management?

• Our Risk Management Approach

10
What is Risk?

• A potential problem waiting to happen
• May adversely impact schedule, cost, objectives
• Will vary in probability, impact, and timing

11
What is Risk Management?

• A systematic process for identifying, analyzing,
  and responding to risk to mitigate the negative
  impact on an initiative.
• The best defense is a good offense.

12
Risk Management Process
RiskReviewMeeting
MGT (ESC) BriefingPackage
RiskDiscovery Sources
Action Items related to mitigation steps

• Sample forums
• Separate meeting
• Special agenda item at regular EM/PM meeting
• EM leads
• PMs bring current view of project risks(whether
  formal reportor informal discussion)
• Mitigations are formed
• EM selects and assigns risk level

Top 5-10 EngagementRisks (List)

• Progress metric trends other management views
• Quality triggers
• PM risk plans
• External reviews
• Functional
• Technical
• Management

Individual Descriptions
DecisionFrames (to decideon mitigations)
13
Basic Steps in Risk Management
2. Risk Analysis
1. Risk Discovery
3. Risk Mitigation

• Risk Estimation
• Impact
• Probability
• Risk aversion
• How much is OK?
• How much can be reduced?
• How much can be avoided?

• Identify
• New risks
• Changes in known risks (changing probabilities or
  impact due to changing circumstances)

• Risk Mitigation Strategies to
• Reduce impact
• Reduce uncertainty
• Create options
• Adjust success targets

14
Risk Discovery

• TOP DOWN Looking for patterns across teams
• Management Team Meeting to discuss current
  threats
• Quality Trigger trends, on deliverable reviews
  and approvals
• Risk Reviews to update engagement-level risks
  (one week before ESC )
• Includes Lessons Learned discussions after major
  phase

?

• OUTSIDE IN
• Fresh Perspective in a focused way
• Bring in outside participants
• Periodic reviews on selected topics (e.g.
  Technical Architecture Review)
• Deliverable reviews on selected work products
  (e.g. design walk-through with end-users)

• MANAGER MIDDLE
• Creating a moment to reflect
• Discussion with individual Team Leaders
• Interactive dialog looking for patterns
• Preparation for the Mgmt Team Meeting
• Looking ahead 1-2 months for barriers
• Filtering the Team Leaders information

• BOTTOM UP
• Sifting through the day-to-day
• Team Leader Weekly Status Report focus on risks
• What prevented my team from completing its
  tasks?
• What do I know now that will get in the way in
  the next couple of weeks?
• Has this happened before? Once? Repeatedly?
  (root cause, not excuses)

15
Risk Analysis and Mitigation
Example

• Schedule impact of existing system changes
  implemented after General Design
• Changes to the existing systems are being
  implemented after the engagement requirements
  were finalized, due to need to keep up
  with changing business conditions during the two
  year development window.
• Impact(s)
• The overall schedule may be impacted if this
  information is not received in time to be
  included in the General Design. Changes after
  General Design may affect SW quality (code
  stability) in Build phase.
• Limited access to (busy!) Legacy IT SMEs who are
  critical to support aggressive design effort may
  delay timely completion of General Design, or
  reduce the quality of the interface
  specifications.

Yellow

• Mitigation Step(s)
• 1. Establish monthly Billing Coordination
  Committee, headed by CIO. Membership includes
  Engagement Manager (EM), two Marketing
  departments, and Legacy IT.
• Legacy systems share proposed change requests and
  Marketing explains related business case
• Engagement describes impact (schedule and legacy
  SME resources)
• CIO provides clarity on priorities and
  approves/disapproves changes
• 2. EM links information to Engagement Change
  Control process
• 3. EM meets with Legacy Mgr and CIO weekly re
  IT SMEs

Date 2/99
Status Now Ongoing Ready to initiate on 1st
change Now Ongoing
?
?
?
16
Risk Summary
Example
Need MGT Intervention
Design quality impact due to shortage of
marketing SMEs
1
Marketing Involvement
Yellow
2
Schedule impact of legacy changes implemented
after General Design
Ongoing Legacy Changes
Yellow
Need MGT Decision
Significant open issues on approach and strategy
3
Acceptance Testing Effort
Yellow
Need MGT Guidance
4
Current purchasing timeframes may delay critical
change orders
Purchasing Process
New
Yellow
.. .
Trend since last ESC Increasing risk
No change
Decreasing risk
RED Success Targets at risk
(mitigations infeasible or failed) YELLOW
Mitigation steps in place but not
completed (needs monitoring) GREEN Risk
has been mitigated
Select the top 5 to 10 level 1 risks
17
Risk Management Reviews

• Objectives
• Identify and assess significant risks to
  initiative success
• Determine approaches to reducing risks
• Validate progress on mitigation strategies

Keys to success . . .

• Do regularly
• Establish continuity of senior reviewers
• Focus on major risks (include linkage to
  interdependent projects), and appropriate
  mitigation strategies
• Link to ongoing management techniques (e.g.,
  Executive Steering Committee)

18
Getting Started

• Define your risk management process
• Ongoing risk management approach, including
  process, supporting tools, reports, audiences,
  and how risk mitigation action steps will be
  tracked
• Approach to report on risks and request
  action/decisions from Management (ESC?) and other
  executive stakeholders
• How team members and other stakeholders will
  provide input on identified risks
• Establish the initial set of key risks and pilot
  with the management team and others
• Define schedule/frequency of risk reviews

19
Risk Management Examples

• DHFS WiSACWIS Project
• Alliance Staff Transition
• Bureau of Milwaukee Child Welfare Transition
• Holy Transition

20
WiSACWIS Overview

• The Project WiSACWIS
• Wisconsin Automated Child Welfare Information
  System
• Why 80 of large IT projects fail
• Lack of User Involvement
• Lack of Executive Sponsorship
• Scope Creep
• What AMS Engagement Management Framework, Risk
  Management Methodology

21
Applied Risk Management At Every Level

• Internal State/vendor project mgmt team
• Bi-weekly Project Oversight Committee
• Division of Children Family Services
• Division of Management and Technology
• Vendor and State Project team
• Monthly IT Steering Committee
• Administrators from executive sponsor Divisions
• State Project Director
• AMS, Inc. Responsible VP, Project Management team
• Quarterly IT Steering Committee
• DHFS Deputy Secretary
• AMS Senior Vice President

22
Risk Repository Tool
23
Risk Repository Tool
24
Risk Examples

• Workers may have an unrealistic expectation of
  what the system is intended to do.
• Impact(s)
• Users relegate system to support staff
• Users wont fully utilize the system, which will
  result in incomplete data

Yellow
Mitigation Step(s) 1. Ensure communication of
project objectives and activities to users.
2. Foster user involvement in system
development. 3. Provide effective training. 4.
Manage expectations through leadership. 5.
Develop and communicate the plan for setting
realistic user expectations.
Date
Status
25
Risk Examples - 2

• Y2K problems with other systems may disrupt the
  WiSACWIS implementation.
• Impact(s)
• Implementation could be disrupted if there are
  Year 2000 problems with external systems that
  WiSACWIS interfaces with. Disruption, depending
  on the extent, could negatively impact worker
  perception, provider payments, etc.

Yellow
Mitigation Step(s) 1. Monitor progress on Y2K
compliance activities for interfacing
systems. 2. Review contingency plans for
dependent systems. 3. Lessen potential impact by
keeping with the 12/23/1999 implementation date
but controlling extent of usage and dependency
until post 1/1/2000 and the extent of problems,
if any, are known.
Date
Status
26
And the outcome was...

• Project completed 2 weeks early
• No surprises or show stoppers
• On budget, on quality
• Established new model for large IT project
  management within DHFS
• Rebuilt relationships with external stakeholders

27
Other Examples of Applying the Methodology

• Alliance Staff Transition
• Contract transition for Bureau of Milwaukee Child
  Welfare
• Holy transition

28
Group Exercise
29
Risk Management Template
RISK Statement Impact(s)
Mitigation Step(s) 1. 2. 3.
Date
Status
30
Risk Management Template
RISK Statement Impact(s)
Mitigation Step(s) 1. 2. 3.
Date
Status
31
Risk Management Template
RISK Statement Impact(s)
Mitigation Step(s) 1. 2. 3.
Date
Status
32
In Conclusion...

• THANK YOU!