User Account

All Pages

How does risk management differ in a project and program

Assignment Help Project Management
Reference no: EM133042521

BSBPMG632 Manage program risk

Activity 1 How does risk management differ in a project and program?

Activity 2 What steps can a Program Manager take to mentor Project Managers within the program in risk management.

Confirm risk management is transparent and dynamic across the program so that risks are assigned and managed in a timely manner

Effective program risk management promotes16 -
Risk management as part of the organisation's culture:
• a culture that is not risk averse but is prepared to manage risks within an appetite that is set and reviewed by the Executive Leadership Team (ELT);
• a culture of enquiry, learning, reflection and trust to anticipate and objectively assess risks and opportunities associated with managing directions, services, processes, competencies, values and behaviours;
• a culture with channels of communication that are open, ethical, and improve connectivity across the department;
• a culture which continually adds value to departmental governance structure and client outcomes;
• a culture which commits to a robust business planning and reporting cycle which is inclusive of risk management principles.
Visible focus on managing strategic risk emergence and uncertainty:
• demonstrated by exercising risk leadership by example and communicating the risk culture;
• modelling behaviours based on principles outlined in this framework;
• overseeing and understanding the interdependence of risks;
• ensuring competencies by supporting professional development and risk management education and training; and
• aligning resources with managing risks and opportunities

Full accountability for managing and reporting significant risks at all levels of the organisation (strategic and operational):
• managing the uncertainty associated with strategic risks
• creating predictability and operational reliability
• implementing cost effective treatments to reduce risks and exploit opportunities
• ensuring risk management is considered in all new projects, initiatives, business cases and cabinet submissions
• risk information and knowledge that is accurate, timely and complete to be integrated into an effective decision making process

Risk management roles and responsibilities

The main risk management roles and responsibilities are:

• senior responsible owner - in a program and project management context, the SRO has overall responsibility for putting in place an effective risk management policy and process
• sponsoring group or board - has key oversight responsibility for risk management processes and a prime role in setting policy and approving action in the mitigation of risks that are causing concern
• program manager or project manager - day to day risk management responsibility rests here; the program or project manager has a key role in implementing PPM related risk management policy
• risk owner - the person best placed to direct or take mitigating action against individual risks
• all staff - risk management is the responsibility of all staff in the organisation - staff will adopt various roles at different stages in the program or project

Activity 3

Describe the various stakeholder responsibilities for risk management within a program

Develop and maintain a program risk-management system for effective management and communication of risks, controls, treatments and outcomes to stakeholders across the program
Selecting and implementing risk treatments

Risk treatment involves working through options to treat unacceptable risks to your business. Unacceptable risks range in severity; some require immediate treatment, others can be monitored and treated later.

Before you decide which risks to treat, you need to gather information about the:

• method of treatment
• people responsible for treatment
• costs involved
• benefits of treatment
• likelihood of success
• ways to measure and assess treatments.

Once you decide how to treat identified risks you will need to develop, and regularly review, your risk management plan.

The following are different options for treating risk. Avoid the risk
You may decide not to proceed with the activity likely to generate the risk, where practical. Alternatively, you may think of another way to reach the same outcome.

Reduce the risk

You can control a risk by:

• reducing the likelihood of the risk occurring - for example, through quality control processes, managing debtors, auditing, compliance with legislation, staff training, regular maintenance or a change in procedures
• reducing the impact if the risk occurs - for example, through emergency procedures, off- site data backup, minimising exposure to sources of risk or public relations.

Transfer the risk

You may be able to shift some or all of the responsibility for the risk to another party through insurance, outsourcing, joint ventures or partnerships.

Accept the risk

You may accept a risk if it cannot be avoided, reduced or transferred. However, you will need to have plans for managing and funding the consequences of the risk if it occurs.

Determining and selecting most appropriate options for treating risks

Risk treatment involves identifying the range of options for treating risk, assessing those options, preparing risk treatment plans and implementing them. It is probable that a combination of options will be required to treat complex risks. Once a risk is well understood and it is clear that some treatment will be required, detailed analysis of treatment options may be required. There will usually be several options, each entailing different costs and benefits and each offering a different level of risk mitigation.

The purpose of evaluating risks is to prioritise the need for treatment plan development. Once that is completed, it is time to determine the best treatment plan option for that particular risk. There are a number of different options which you can apply to any risk:

• Accept the risk
• Avoid the risk
• Reduce the risk
• Develop a contingency plan
• Mitigate the impact
o Change the consequences
o Change the likelihood
• Transfer or Share the risk with a third party

Regardless of the final decision ensure that all relevant parties have signed off on it. Although you may be in charge of developing the risk management plan, this is a group project, with group decisions.

Developing an action plan for implementing risk treatment

A risk management plan details your strategy for treating risks. It details information about:

• identified risks
• the level of risks
• your planned strategy
• the time frame for implementing your strategy
• the resources required
• the individuals responsible for ensuring the strategy is implemented.

Your final plan should include appropriate objectives, a budget and milestones on the way to achieving those objectives.

Reviewing your risk management plan

The business environment is constantly changing. The type of risks you face will change as your business develops and grows. Regularly reviewing your risk management plan is therefore essential for identifying new risks and monitoring the effectiveness of your risk treatment strategies.

The action plan formalises the risk management process. The specific format of the risk management action plan will vary from one organisation to another, but the following is an example of a relatively straightforward methodology.
• Risk
• Date identified
• Level of risk
• Reason for risk rating
• Risk priority /risk ranking
• Action (what is to be done)
• What resources are required
• Who is responsible for the action
• Timeline-when should the action be completed
• Strategy for informing relevant stakeholders- i.e. staff volunteers, board, corporate sponsors, etc.
• Review date
A risk control action plan is essential for the effective and systematic introduction of risk control actions. Remember to compare the levels of the risk control hierarchy with the time frame when determining target dates.

Activity 4 Summarise the relationship between ethics and risk management. In your summary, outline how considering ethics can be applied as a risk management tool. Provide examples of how a consideration of ethics impacts on organisational practices.

Activity 5 A study of data losses incurred by companies due to hackers penetrating the Internet security of the company found that 60 percent of the companies in the industry studied had experienced security breaches and that the average loss per security breach was $15,000.

1. What is the probability that a company will not have a security breach?
2. One company had two breaches in one year and is contemplating spending money to decrease the likelihood of a breach. Assuming that the next year would be the same as this year in terms of security breaches, how much should the firm be willing to pay to eliminate security breaches (i.e., what is the expected value of their loss)?

Activity 6 The following is the experience of Insurer A for the last three years:

1. What is the frequency of losses in year 1?
2. Calculate the probability of a loss in year 1.
3. Calculate the mean losses per year for the collision claims and losses.
4. Calculate the mean losses per exposure.
5. Calculate the mean losses per claim.
6. What is the frequency of the losses?
7. What is the severity of the losses?

Activity 7

Develop a sample agenda for a program risk monitoring meeting.

The purpose of risk management is to identify potential problems before they occur so that risk- handling activities may be planned and invoked as needed across the life of the product or project to mitigate adverse impacts on achieving objectives.
Risk management is a continuous, forward-looking process that is an important part of business and technical management processes. Risk management should address issues that could endanger achievement of critical objectives. A continuous risk management approach is applied to effectively anticipate and mitigate the risks that have critical impact on the project.
Effective risk management includes early and aggressive risk identification through the collaboration and involvement of relevant stakeholders. Strong leadership across all relevant stakeholders is needed to establish an environment for the free and open disclosure and discussion of risk.
Although technical issues are a primary concern both early on and throughout all project phases, risk management must consider both internal and external sources for cost, schedule, and technical risk. Early and aggressive detection of risk is important because it is typically easier, less costly, and less disruptive to make changes and correct work efforts during the earlier, rather than the later, phases of the project.
Risk management can be divided into three parts: defining a risk management strategy; identifying and analyzing risks; and handling identified risks, including the implementation of risk mitigation plans when needed.
For the purpose of this review, please address the following points:

1. Demonstrate that you have a process to determine risk sources and categories. Identification of risk sources provides a basis for systematically examining changing situations over time to uncover circumstances that impact the ability of the project to meet its objectives. Risk sources are both internal and external to the project. As the project progresses, additional sources of risk may be identified. Establishing categories for risks provides a mechanism for collecting and organizing risks as well as ensuring appropriate scrutiny and management attention for those risks that can have more serious consequences on meeting project objectives.
Typical work products would include: (1) risk source lists (external and internal) and (2) risk categories lists.

2. Demonstrate that you have a process to define the parameters used to analyze and categorize risks, and the parameters used to control the risk management effort. Parameters for evaluating, categorizing, and prioritizing risks typically include risk likelihood (i.e., the

probability of risk occurrence), risk consequence (i.e., the impact and severity of risk occurrence), and thresholds to trigger management activities.
Risk parameters are used to provide common and consistent criteria for comparing the various risks to be managed. Without these parameters, it would be very difficult to gauge the severity of the unwanted change caused by the risk and to prioritize the necessary actions required for risk mitigation planning.
Typical work products would include: (1) risk evaluation, categorization, and prioritization criteria and (2) risk management requirements (control and approval levels, reassessment intervals, etc.).

3. Demonstrate that you have a process to establish and maintain the strategy to be used for risk management. A comprehensive risk management strategy addresses items such as: (1) The scope of the risk management effort, (2) Methods and tools to be used for risk identification, risk analysis, risk mitigation, risk monitoring, and communication, (3) Project-specific sources of risks, (4) How these risks are to be organized, categorized, compared, and consolidated, (5) Parameters, including likelihood, consequence, and thresholds, for taking action on identified risks, (6) Risk mitigation techniques to be used, such as prototyping, simulation, alternative designs, or evolutionary development, (7) Definition of risk measures to monitor the status of the risks, and (8) Time intervals for risk monitoring or reassessment.
The risk management strategy should be guided by a common vision of success that describes the desired future project outcomes in terms of the product that is delivered, its cost, and its fitness for the task. The risk management strategy is often documented in an organizational or a project risk management plan. The risk management strategy is reviewed with relevant stakeholders to promote commitment and understanding.
A typical work product would be the project risk management strategy.

4. Demonstrate that you have a process to identify and document the risks. The identification of potential issues, hazards, threats, and vulnerabilities that could negatively affect work efforts or plans is the basis for sound and successful risk management. Risks must be identified and described in an understandable way before they can be analyzed and managed properly. Risks are documented in a concise statement that includes the context, conditions, and consequences of risk occurrence.

Risk identification should be an organized, thorough approach to seek out probable or realistic risks in achieving objectives. To be effective, risk identification should not be an attempt to address every possible event regardless of how highly improbable it may be. Use of the categories and parameters developed in the risk management strategy, along with the identified sources of risk, can provide the discipline and streamlining appropriate to risk identification. The identified risks form a baseline to initiate risk management activities. The list of risks should be reviewed periodically to reexamine possible sources of risk and changing conditions to uncover sources and risks previously overlooked or nonexistent when the risk management strategy was last updated.
Risk identification activities focus on the identification of risks, not placement of blame. The results of risk identification activities are not used by management to evaluate the performance of individuals.
There are many methods for identifying risks. Typical identification methods include (1) Examine each element of the project work breakdown structure to uncover risks; (2) Conduct a risk assessment using a risk taxonomy. Interview subject matter experts; (3) Review risk management efforts from similar products. Examine lessons-learned documents or databases;
(4) Examine design specifications and agreement requirements.
A typical work product would be a list of identified risks, including the context, conditions, and consequences of risk occurrence.

5. Demonstrate that you have a process to evaluate and categorize each identified risk using the defined risk categories and parameters, and determine its relative priority. The evaluation of risks is needed to assign relative importance to each identified risk, and is used in determining when appropriate management attention is required. Often it is useful to aggregate risks based on their interrelationships, and develop options at an aggregate level. When an aggregate risk is formed by a roll up of lower level risks, care must be taken to ensure that important lower level risks are not ignored.
A typical work product would be a list of risks, with a priority assigned to each risk.

6. Demonstrate that you have a process to develop a risk mitigation plan for the most important risks to the project, as defined by the risk management strategy. A critical component of a risk mitigation plan is to develop alternative courses of action, workarounds, and fallback positions, with a recommended course of action for each critical risk. The risk mitigation plan for a given risk includes techniques and methods used to avoid, reduce, and control the probability of occurrence of the risk, the extent of damage incurred should the risk occur

(sometimes called a "contingency plan"), or both. Risks are monitored and when they exceed the established thresholds, the risk mitigation plans are deployed to return the impacted effort to an acceptable risk level. If the risk cannot be mitigated, a contingency plan may be invoked. Both risk mitigation and contingency plans are often generated only for selected risks where the consequences of the risks are determined to be high or unacceptable; other risks may be accepted and simply monitored.
Options for handling risks typically include alternatives such as: (1) Risk avoidance: Changing or lowering requirements while still meeting the user's needs; (2) Risk control: Taking active steps to minimize risks; (3) Risk transfer: Reallocating design requirements to lower the risks;
(4) Risk monitoring: Watching and periodically reevaluating the risk for changes to the assigned risk parameters; (5) Risk acceptance: Acknowledgment of risk but not taking any action. Often, especially for high risks, more than one approach to handling a risk should be generated.
In many cases, risks will be accepted or watched. Risk acceptance is usually done when the risk is judged too low for formal mitigation, or when there appears to be no viable way to reduce the risk. If a risk is accepted, the rationale for this decision should be documented. Risks are watched when there is an objectively defined, verifiable, and documented threshold of performance, time, or risk exposure (the combination of likelihood and consequence) that will trigger risk mitigation planning or invoke a contingency plan if it is needed.
Adequate consideration should be given early to technology demonstrations, models, simulations, and prototypes as part of risk mitigation planning.
Typical work products would include: (1) Documented handling options for each identified risk; (2) Risk mitigation plans; (3) Contingency plans; and (4) a list of those responsible for tracking and addressing each risk

7. Demonstrate that you have a process to monitor the status of each risk periodically and implement the risk mitigation plan as appropriate. To control and manage risks effectively during the work effort, follow a program to monitor risks and their status and the results of risk-handling actions regularly. The risk management strategy defines the intervals at which the risk status should be revisited. This activity may result in the discovery of new risks or new risk-handling options that may require re-planning and reassessment. In either event, the acceptability thresholds associated with the risk should be compared against the status to determine the need for implementing a risk mitigation plan.

Typical work products would include: (1) Updated lists of risk status; (2) Updated assessments of risk likelihood, consequence, and thresholds; (3) Updated lists of risk-handling options; (4) Updated list of actions taken to handle risks; and (5) Risk mitigation plans.

8. Demonstrate that you have established and maintain an organizational policy for planning and performing the risk management processes.

9. Demonstrate that you establish and maintain a plan for performing the risk management process. Typically, this plan for performing the risk management process is included in (or referenced by) the project plan. This would address the comprehensive planning for all of the specific practices in the project plan, from determining risk sources and categories all the way through to the implementation of risk mitigation plans.

10. Demonstrate that you provide adequate resources for performing the risk management process, developing the work products, and providing the services of the process. Examples of resources provided are: risk management databases, risk mitigation tools, prototyping tools, and modelling and simulation.

11. Demonstrate that you assign responsibility and authority for performing the process, developing the work products, and providing the services of the risk management process.

12. Demonstrate that you train the people performing or supporting the risk management process as needed.

13. Demonstrate that you place designated work products of the risk management process under appropriate levels of configuration management.

14. Demonstrate that you identify and involve the relevant stakeholders of the risk management process as planned.

15. Demonstrate that you monitor and control the risk management process against the plan for performing the process and take appropriate corrective action.

16. Demonstrate that you objectively evaluate adherence of the risk management process against its process description, standards, and procedures, and address noncompliance.

17. Demonstrate that you review the activities, status, and results of the risk management process with higher level management and resolve issues. Reviews of the project risk status are held on a periodic and event-driven basis with appropriate levels of management, to provide visibility into the potential for project risk exposure and appropriate corrective action. Typically, these reviews will include a summary of the most critical risks, key risk parameters (such as likelihood and consequence of these risks), and the status of risk mitigation efforts.

Activity 8

Provide an example of an identified program risk, its potential impact on a program and possible remedial action to mitigate the risk.

Activity 9
What is involved in gap analysis and evaluation?

Activity 10
Outline two methods that you could use to collect stakeholder feedback related to a program.

Activity 11
When selecting and implementing treatments, there are six things you need to ensure you do. List them in the table below, then give a brief description of what they involve.

Identify and document risk management issues and recommended improvements for application to future projects and programs29
Project Management Institute (PMI) Project Management Body of Knowledge (PMBOK) defines lessons learned as the learning gained from the process of performing the project. Formally conducted lessons learned sessions are traditionally held during project close-out, near the completion of the project or program.

Activity 12
How can an issue log be used in risk management in future projects?

Attachment:- Manage Program Risk.rar

Reference no: EM133042521

Questions Cloud

Errors between sender to receiver : Skeleton code of rdt2.2 sender and receiver, you are supposed to fill in code where marked with #Fill in start and #Fill in end and submit the working code
What is the present worth of the defender : If we set up the problem as comparing the present worth of the defender vs the present worth of the challenger, what is the present worth of the defender
Calculate the terminal cash flow from the project : CGS sold the machine at the end of the 5-year project for $4,000 cash. CGS is subject to a 25% tax rate. Calculate the terminal cash flow from the project
What are the consolidation eliminating entries : All amortization is straight-line. Total impairment for technology for the years 2018 to 2020 is $1,000. What are the consolidation eliminating entries
How does risk management differ in a project and program : What is the probability that a company will not have a security breach and How does risk management differ in a project and program
Estimate the project NPV using a discount rate : Dowling Sportswear is considering building a new factory to produce aluminum baseball bats. Estimate the project's NPV using a discount rate of 5 percent
How long will it take Jack to win Jill hand in marriage : Jack must buy her new $340,000 Rolls-Royce Phantom. Jack currently has $15,890 that he may invest. How long will it take Jack to win Jill hand in marriage
Compute the total taxable income of Aden for the year ended : He has a farm which generated a surplus of Sh. 120,000 during the year. Compute the total taxable income of Aden for the year ended
Provide the journal entries to reflect the revaluation : ABC Ltd acquires some machinery at a cost of $250 000 on 1 July 2021. Provide the journal entries to reflect the revaluation decrement

Reviews

Write a Review

Project Management Questions & Answers

  Identify specific facts from case that permit plaintiff

Identify specific facts from Case 16-1 that might permit the plaintiff to prevail.- What "facts," had they existed, would have allowed the plaintiff to win this case?

  Concentration of ethanol in hard liquor

The concentration of ethanol in hard liquor is given as degrees proof, which is twice the percent ethanol by volume. What are the mole fraction and molality of C2H5OH in 70 degrees rum?

  Organizational environments

Organizational Environments - Most cross-cultural experts would identify the dominant acitivy orientation for Americans as

  What are the implications of ai on defining project scope

Conduct research using the CSU Online Library and your textbook to answer the following questions: What is appreciative inquiry (AI)? What are the implications of AI on defining project scope

  Why a cooperative could not claim to be a syndicate

What is the distinction between a general partnership and a limited partnership?-  Explain why a cooperative could not claim to be a syndicate.

  Why are writing skills especially essential

Why is it important for business and professional students to develop good communication skills, and why are writing skills especially essential?

  How a project manager can use strategy

How a project manager can use strategy in a project involving purchasing and supply management and how it has helped their organization with new business and market share.

  Main driving forces behind enterprise resource

What are the two main driving forces behind Enterprise Resource Planning for a business organization?

  Determine the autocorrelation function of the process

Determine the autocorrelation function of the process X(t), and sketch it.- Determine the power spectral density of the process X(t), and sketch it.

  Differentiate between ordinary and subliminal advertising

Differentiate between ordinary and subliminal advertising using examples to illustrate.- Compare and contrast the consumer and organizational buyer in terms of the hierarchy of effects sequence.

  Create a gantt chart using the tasks

Create a Gantt chart using the tasks, durations, dependencies, and milestones from part a.). The Gantt chart should include proper formatting to show summary tasks, individual tasks.

  Have you ever felt obligated to do something

Have you ever felt obligated to do something you felt was wrong because a person in a position of authority told you to do it?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd