This post introduces a useful risk assessment tool you can download and use on your projects. The Risk Assessment ChallengeA problem with risk assessments is that risks are often relative to the observer. As you go, a risk severity score for that category is calculated and an overall risk score tallied for the project. Here we can see that our score for the risk area addressed on tab “1 – Size and scope” produced a score of 62 out of a possible 108, giving a “Yellow” risk flag for than category. Column 12 in the risk profile graph shows an overall score for the project; in this case 418 out of a possible 839, giving the overall project a “Yellow” status. Now I believe the smarter thing to do is to try and find ways to chop large “Red” projects into multiple “Yellow” or “Green” projects, or find ways to vary the scope or approach so that “Red” projects can be reconceived as lower risk projects, but this is not always possible.
So, tools like this spreadsheet should obviously not be used as your only risk assessment method.
Also, I would like to point out that it is not as comprehensive or sophisticated as professional risk tools on the market.
That said, if your current risk assessment process is ad-hoc and varies from PM to PM, a simple tool to address the common risk areas could be a great starting point.
The criticality of business operations required NSE to focus on risk management as an integral element of its day-to-day business processes.
However, during the review of risk assessment, it was observed that the dynamic nature of the business environment had been prompting frequent changes in IT infrastructure.
The IT risk management project2 was initiated with a primary objective to ensure that ongoing risk assessment was an integral part of IT operational and governance processes.
As a first step to achieve the objective, a comparative study of available standards and frameworks3 was performed to identify a framework that would meet NSE’s IT risk management requirements. After thorough review, NSE chose the Risk IT framework4 as the benchmark for NSE’s creation of its risk management framework. Risk IT provides granular guidance on risk management processes in the three major areas required—Risk Evaluation, Risk Response and Risk Governance—covering all traditional risk management processes, including risk identification, risk assessment, risk response, risk treatment and risk monitoring. Risk IT is focused on building risk scenarios (also provide list of generic scenarios) that help in directly linking risk management with business processes. Following this study, NSE’s risk management framework has been developed based upon Risk IT (figure 3).
Maintain a common view—Maintain standard risk register to provide a risk update in business terms. Define the organization structure—Define roles and responsibilities across the organization to review and maintain IT risk profile.
Make risk-informed decisions—Provide IT risk dashboard to IT management to enable risk-informed strategic decisions. Collect data—Prepare risk scenarios, conduct risk-identification workshop, establish process touch points for risk updating and link the impact assessment with the business impact analysis (BIA). Maintain risk register—Update and maintain the risk register to develop the risk profile by aggregating departmental risk. Articulate risk—Establish a process for defining risk response and communicating to stakeholders. React to risk events—Establish a link to incident management, change management and operations management to review risk.
Each market segment has four major processes: trading (consisting of placing orders by members that are matched by matching engine and confirmed), risk management (online monitoring of activities), surveillance (online pattern matching to identify out-of-turn trades to restrict malpractices), and clearing and settlement (involving delivery of securities), in addition to various supporting processes. Figure 4 depicts the mapping of risk management processes covering these high-level IT processes. Review and sanitize the risk profile by eliminating mathematically inappropriate impacts and likelihood. NSE concluded that changes in risk need to be tracked on an ongoing basis and identified the following triggers as having an impact on risk status: incidents, events, changes in IT and business environment, and procurement based on strategic IT decisions. A uniform scale for quantifying the likelihood and qualitative impact assessment was defined for use across the organization. Use of the Risk IT framework helped NSE in building a uniform structure and view of IT risk across the organization. An Excel-based tool that automatically updates the risk profile is being used to track and maintain risk changes. The residual risk is arrived at after considering the impact of implemented controls over inherent risk.
The primary objective of risk management and fratricide avoidance is to help units protect their combat power through risk reduction, enabling them to win the battle quickly and decisively with minimum losses. During mission execution, leaders must ensure their subordinates properly understand and execute risk management controls. A thoroughly developed, clearly communicated, and completely understood plan helps minimize fratricide risk. Confirmation briefs and rehearsals are primary tools for identifying and reducing fratricide risk during the preparation phase. IntroductionA better understanding of risk management processes and practices within a government agency is crucial for enhancing the project delivery process and for implementing formally risk management. The California Department of Transportation (Caltrans), a leading authority in public transportation projects in the US, has used basic project management principles along its statewide Districts offices. The term quantitative risk analysis is merely described, lacking a sound description of the tools and methodologies that have been in place and use in the industry for many years and even with other government agencies around the world. Cost overruns caused by a lack of using risk management in the practice for infrastructure and transportation projects, has been mentioned in the literature for many years. However, only few examples of how risk management can be use in the real life are available, including how can a risk team be formed and how to educate the team for performing a sound and trusted risk management exercise.2. The purpose of the study, roles and responsibilities, the scope of the Risk Register, risk identification, analysis methods, implementation period, schedule and budget allocation need to be defined with the plan.
Risk manager roleThe relevance that a risk manager plays during the implementation phase is crucial for the success of the study. For the above reasons, it is extremely important to develop project communication plans, so the right stakeholders can be identified, together with investigating the best ways of communication with them critical project information for decision making. In this case, a worst and best case scenarios are asked from the SMEs for defining a minimum and a maximum value of the risk. In some cases, the SMEs are reluctant to participate and optional methods should be place on the table by the risk manager for getting the opinion needed from the SME.
Figure 4 illustrates an example of combining three differing opinions, but where expert A is given twice the emphasis of the owing to the greater experience of that expert (Vose, 2008).It is relevant to notice that not all the SMEs are willing to participate actively in a risk management exercise at the first time, especially if they have no been exposed before into one. If SMEs are not part of the risk management study, the results will not be trusted, causing this a failure of the process, the PM and the team.7. Eliciting the risk team members can be such a critical milestone for success or failure for the rest of the risk management process and the project itself.
Risk identification, analysis and responseThe whole process of risk management was implemented for three different projects. Regardless of the project scope, cost, schedule, location, type of funding, etc; the same steps were followed in order to determine the overall risk cost 8cost contingency). Figure 10 shows the critical risks obtained for each project once the qualitative analysis was performed.


It was a common practice at Caltrans to assign a merely flat rate for risk contingency, without referring to specific project risks or by justifying the percentage upon a formal risk management study.For each project, a set of risk responses were developed by the RMT and placed with the Risk Register. In other words, if the risk has a source in construction, then the best suitable risk owner should come from that division.The whole risk management implementation, including the risk identification, analysis and response was conducted in three meetings with the RMT. Risk monitoring and controlRisk monitoring and control has been mentioned as one of the most common failures of risk management.
Risk metrics are fundamental for determining and assessing how risk management is contributing or enhancing the project delivery process. For example, in can be assumed that the baseline risk contingency was the one marked in grey colour.
Risk management systemA risk management system could be considered the ultimate tool for managing risks for a portfolio of projects.
In practical terms, for having a risk management system it is necessary to have developed a sufficient number of risk management studies and to have performed formal training to project managers. As well, reports can be generated for supporting the decision making process.Although a risk management system is a great tool for supporting the decision making along the project delivery process. It is recommended first to start risk management with education, a pilot project and training. After several studies, the role of a system can be justified for enhancing the overall process of risk management and its communication.12. Caltrans enterprise risk managementAlthough the term of enterprise risk management (ERM) is not new, Caltrans started looking into its current process for doing business.
Program Project Management, Construction, Environmental, Design, Right of Way and Surveys are the most representative functional divisions existing at Caltrans. It sets out principles, a framework and a process for the management of risks that are applicable to any type of organization in public or private sector. It does not mandate a "one size fits all" approach, but rather emphasizes the fact that the management of risk must be tailored to the specific needs and structure of the particular organization.
ConclusionsCaltrans has evolved considerably in the past five years in the field of project risk management. While I created the spreadsheet formatting and presentation, the risk categories, questions and scores come from IEEE analysis of actual software project risks, so they have a reputable source. There is an eleventh tab where you can optionally enter your own project specific risks if you wish. I worked for a consulting company in the UK that used a similar model to help determine the seniority of project manager that should be assigned to a project. It is designed to help you think about the various risks on your project, it should not substitute thorough risk analysis involving a wide variety of project stakeholders.
Up until this new focus, the existing risk management process mainly focused on addressing business risk. Considering the future road map and alignment of the Risk IT framework with COBIT, COBIT 4.1 control objectives were used to identify control gaps and to assess the impact of controls on the risk profile.
In risk assessment it is used by asking the experienced judgment on the likelihood and impact of risk to users who are associated in the risk evaluation process to arrive at consensus on measures of likelihood and impact of identified risk. Risk management is the process of identifying and controlling hazards to conserve combat power and resources. Demonstrating consistent and sustained risk management behavior through leading by example and stressing active participation throughout the risk management process.
During execution, in-stride risk assessment and reaction can overcome unforeseen fratricide risk situations. This chapter outlines the whole implementation process carried out with the risk management team formed from different functional units and backgrounds. Risk management has been part of the project management menu; nevertheless its application was limited only to developing a risk register and a qualitative analysis at the most.
Risk management planningAs any other process in project management, risk management has to be planned in order to forecast the total effort required by the project team for developing the full scope of risk management. The roles of the Project Manager (PM) and the Risk Manager (RM) are critical for developing a realistic implementation plan (Figure 1).
The RM as a risk expert should be able to lead, coordinate, educate, explain, convince, propose, monitor and evaluate the entire process; plus he or she needs to be able to have experience in leading teams from different backgrounds and coming from different functional units and agencies.
Figure 4 shows a typical stakeholder analysis used at Caltrans, which is part of the project communication plan. This function assumes that there are three different values assigned to a variable of risk; a minimum, a most likely and a maximum. The downside of conducting these interviews is that they are rather time consuming.In some cases, we can get different SMEs opinions for the same variable or risk as mentioned by Vose (2008). Risk management team elicitationThe selection of members for the Risk Management Team (RMT), is not an easy task at all. At the end, risk management is an input-output process that if wrong data or knowledge is feed into, then the results expected, most likely would be trustless or would included biases which at the end affect seriously the integrity and best practices in risk management. The main goal of the risk analysis for each project was to determine the cost risk contingency associated to each project risk register. For the qualitative risk analysis in particular, it was useful to provide tangle examples to the team before and during the meeting.As can be observed, the critical risks are only a few ones in compare with all the risks identified at the initiation phase.
Risk management meetingsIt was not common at all at Caltrans to have risk management meetings for the PDT members and even for executives. In some cases, critical project issues were discovered thanks to the risk discussions.The risk management meetings were properly planned, one for the identification, analysis and results. In part because the follow up process is usually forgotten by the project and risk manager and as results, there is no comparison between the baseline and actual Risk Registers or risk results. If the benefits of risk management are tangible and can be promoted with management and executives, the chances for formalizing the risk management process are very high. Then, after the risks responses implementation, risks are mitigated and the contingency is reduced (red colour). By having a set of projects in which risk management was previously implemented, the system can be fulfilled with data, including lessons learned.
Taken together, management of these components constitutes a Department-wide Risk Management Strategy.
The most common project risk management techniques used in the private sector are currently part of Caltrans project delivery process. For many organizations it is difficult to get an objective view of their project risks across a portfolio of projects because different project managers have different risk thresholds. Each tab has a number of questions about your project, you answer the questions by selecting the response that best fits your project from the drop down list in column “C”. The score for tab “2 – IT Tools and Methods” scored 30 out of 93, giving a “Green” risk flag. Back then I was assigned to “Green” and “Yellow” projects, they called in the big guns for “Red” projects. The IEEE source I took these from needs refreshing in the fields of hardware technology risk, and bringing up to date for emerging trends such as closer collaboration with users or offshoring. The IT risk assessment method was complementary to the business risk processes, and the approach adopted was periodic assessment (once a year), which until now was considered adequate.
Bakshi has previously worked in various capacities with the State Bank of India, the Enterprise Risk Services Group of Deloitte Touche Tohmatsu, India Private Limited, and Wipro Consulting Services.


Hazard assessment is the process of determining the direct impact of each hazard on an operation (in the form of hazardous incidents). Make informed risk decisions; establish and then clearly communicate risk decision criteria and guidance. Project and Enterprise Risk Management at the California Department of TransportationPedro Maria-Sanchez1[1] California Department of Transportation, District 11 San Diego, USA1. In addition, a discussion is held over the critical steps and aspects for performing project and enterprise risk management in the real world.Risk management is not new for the transportation industry in the United States, specifically in highway projects. This also presents some risk in that an acceptable location for a leach field may not be available. The California Department of Transportation (Caltrans), developed a Project Risk Management Handbook which is being used as a reference for planning the steps for applying risk management into specific projects.
Nevertheless, additional knowledge is provided to the team members for assessing properly the risks and opportunities during the qualitative and quantitative analysis. Vose (2008) enounces the following as the characteristics of the risk analysts: creative thinkers, confident, modest, thick-skinned, communicators, pragmatic, able to conceptualize, curious, good at mathematics, a feel for numbers, finishers, cynical, pedantic, careful, social and neutral. A key part for soliciting the information for the SMEs, are the questions asked by the Risk Manager or Risk Facilitator. The analysis, brainstorming, experience, background of the RMT members is critical not only for the risk management identification; it is for all the process including the monitoring and control. Firstly, the downside of using such a team like the PDT is the size since it could be complicated for the RM to facilitate the meetings for obtaining better results towards assessing the uncertainty. The purpose of the qualitative risk analysis was to select those risks that represent a major negative or positive impact into the project objectives. No meeting took more than two hours and instead of meeting minutes, the Risk Register was used as the deliverable for discussion and follow up.10. Nevertheless, the monitoring and control process continues and a new risk arises, increasing again the project contingency (blue colour).
A system can represent a considerable advantage for executives and project managers since can provide risk management status reports for a set of projects for specific data dates. Project Delivery staff can assess and take intelligent risks in delivery because taking intelligent risks fosters innovation and responsible decision-making. The implementation of project risk management has assisted Caltrans executives and project managers in assessing properly the project contingency cost based upon specific identified risks. What a “Gung-ho” project manager rates as a “Medium Risk” project might actually be “Very High Risk” project to the majority of other project managers. Likewise tab “6 – Business Process” was flagged as “Red” a warning sign that the project carries a lot of risk in this area.
Accurately evaluate the unit's effectiveness, as well as subordinates' execution of risk controls during the mission.
The Office of Statewide Project Management Improvement (OSPM), has developed a Project Risk Management handbook which is a guide for project managers at Caltrans for using risk management. Although there are considerable resources for learning about risk management, Caltrans has adopted this process into its project development process (Figure 2). The reality is that we not always can find individuals that have all the virtues mentioned before, therefore; we need to select the most critical characteristics that a risk manager should have. In addition, the team members should feel free to talk about risk and in some cases having more than one member coming from the same division of functional unit, can cause some limitations for discussion and brainstorming. A model was built for running the Monte Carlo Simulation technique for obtaining the risk cost contingency for each project. Figure 11.Risk contingency behaviourCaltrans has implemented risk monitoring through the project development team meetings, where the project manager and the risk manager address any changes within the current risks or document new risks. In addition, some members for example the project manager, the design manager or the risk manager can have rights for edition. But, at the same time, Caltrans needs to follow its project-related processes and controls to manage that risk.
Nevertheless, management is taking currently formal steps in implementing it through all the state of California with the intention of managing and controlling not only project risks. Even more problematic, is when project risk assessments miss major categories of risks and are rated much lower risk than they should be.
Reduction of fratricide risk begins during the planning phase of an operation and continues through preparation and execution.
Unfortunately, the latest version of the manual which is from 2007, did not included a detail explanation of the benefits for performing quantitative risk analysis while determining the risks impacts into the project objectives, in terms of cost and time. The RM is a neutral element of the project team and can reduce the bias, which can seriously affect the outcome of the risk management study.4.
Definitely a risk manager should be a good communicator, must have an analytical mind and needs to be able to think outside the box. This approach definitely will help the whole process and will assist the RM to maintain the team focused in talking only about risk.8. In this case, the risk manager is in charge of contacting the risk owners for updates and feedback regarding their risks.Risk status reports have been developed with the purpose of maintaining informed the executive though a proper risk management communication.
According to the Minesota Department of Transportation (MnDOT, 2012), ERM is a risk-based approach to managing an enterprise, incorporating concepts of internal control, planning and budgeting. The risk profile tool I will introduce is a mechanism to help bring consistent risk assessments across an organization and ensure no major risk areas are omitted. However, the risk manager needs to deal with risk assessment that in the quantitative arena requires analytical modelling skills that the project manager is usually not trained for.
These reports are developed by the RM and are updated every time there is a change with the Risk Register.Risk monitoring and control must be maintain through the project life cycle until the closeout phase, were the lessons learned can include feedback from risk management. It is important to notice that outside of the common risk sources (corporate, programmatic, project and operations); other variables such the quality of life indicators, market research and performance measures are included. It is a demanding list and indicates; that risk analysis should be performed by people who have a proven track record of doing risk management for several projects ideally. The PM and RM should put extra care in keeping a constant review of the baseline Risk Register with the purpose of actively managing the project contingency and for assessing the effectiveness of the risk responses.11. These variables have a direct impact into the risk sources, which at the end could influence the results and benefits of risk management.
The California Department of Transportation (Caltrans, 2007) describes the risk manager (Risk Officer) responsibilities as risk management planning, identification, qualitative and quantitative analysis, risk response and risk monitoring and control.
Risk management has to be implemented for projects or within projects, but this is only the first step. In particular, there is a closed communication between other local, regional and federal agencies which need to be involved and provide assessments and feedback. One of the most important topics handled by the ERM is the determination of the Risk Appetite.



Books about electronics pdf
Electromagnetic pulse protection pdf


Comments

  1. 22.09.2014 at 21:30:50


    Insurance coverage, even though it could.

    Author: Judo_AZE
  2. 22.09.2014 at 10:31:44


    Absolutely everyone has the gear they require and you attempt.

    Author: shakira