SlideShare a Scribd company logo

Cynthia.calhoun

N
NASAPMC
TechnologyEconomy & Finance
1 of 18
Download to read offline
National Aeronautics and Space Administration National Aeronautics and Space Administration Risk Management Getting Started APPEL PM Challenge Conference APPEL PM Challenge Conference February 2008 February 2008 Cynthia Calhoun Cynthia Calhoun NASA Glenn Research Center NASA Glenn Research Center www.nasa.gov www.nasa.gov
Introduction Implementing a formal risk management program into any project can be challenging when most people only focus on the costs and schedule of getting the job done. Projects know risks exists, but have decided that they do not need anything getting in the way of completing their tasks on time or adding costs to their budget. Projects need to understand that the risk management process is a basis for decisions to mitigate threats not only to their costs and schedule, but threats to the technical, environmental, security, or safety aspects of the project. 1/31/2008 PMC 2008 Risk Management Program 2
Risk Management Defined An organized, systematic decision-making process that efficiently identifies, analyzes, plans, tracks, controls, communicates, and documents risk to increase the likelihood of achieving program/project goals. NPR 7120.5 NASA Program and Project Management Requirements 1/31/2008 PMC 2008 Risk Management Program 3
NASA Risk Management Growth NASA Risk Develop Reporting Governance CRM 5 X 5 Matrix Model Process 1998 1999 2002 2005 2006 2007 * SMA RBAM NPR NASA Update 8000.4 Exploration NPR Kick-off Risk Mgt Safety 8000.4 Formal Reqts Study • Costs risks Risk • Schedule Risks Mgt Pgm • EVM per • Safety Risks (PRA) NPR • Sys Eng and Integration 7120.5A •Note—While Risk Management was not new to NASA, the Agency had never required a structured risk management effort to be a standard element of all programs and projects. 1/31/2008 PMC 2008 Risk Management Program 4
NASA Continuous Risk Management (CRM) Identify—Search for and locate risks before they become problems Analyze—Convert risk data into useable information for determining priorities and making decisions Plan—Translate risk information into planning decisions and mitigating actions (both present and future), and implement those actions Track—Monitor risk indicators and mitigation actions Control—Correct risk mitigation plan deviations and decide on future actions Communicate and Document—Provide information to project on risk activities and current/future risks 1/31/2008 PMC 2008 Risk Management Program 5
Implement and Integrate Risk Management A few examples on how a project can begin implementing risk management methods and techniques into every aspect of the project, and the barriers and successes of integrating risk management into day-to-day project activities will be covered for the following actions: Assign a risk facilitator Conduct risk management training Develop risk management plan Execute risk management plan Apply continuous improvement 1/31/2008 PMC 2008 Risk Management Program 6
Assign a Risk Facilitator Ensure programs/projects utilize risk-based decision making to continuously manage the acquisition, safety, technical, and programmatic risks. This includes: Provide CRM training and Risks Identification Workshops Assist with developing, implementing, and updating risk management plans. Review risk statements for clarity and conciseness. Provide guidance on estimating the likelihood, consequences, and timeframe of the risks. Review risk mitigations to ensure the mitigation will actually reduce the likelihood and consequence of the risk occurring. Assure risks are tracked and used to measure the progress of the risk management program. Monitoring risk closures and reporting. 1/31/2008 PMC 2008 Risk Management Program 7
Assign a Risk Facilitator (continued) Assure their respective project/element risk information is documented in the respective risk database and kept current. Ensuring the project is adhering to a continuous risk management process. Research methods, tools, and techniques to enable and improve the continuous risk management process. Review and assess the effectiveness of the risk management process and provide recommendations for improvement. Stay abreast of developments, enhancements, and assessments of Agency risk management related policies, standards, and guidelines. 1/31/2008 PMC 2008 Risk Management Program 8
Assign a Risk Facilitator (continued) Risk facilitator IS NOT responsible for implementing risk management in the project; this is the PM’s responsibility. Risk facilitator SHOULD NOT be looked upon or used as the ONLY person performing risk management on the project. Depending on the size of the project, the risk facilitator could perform a dual role. For example, serve as the risk facilitator and perform Systems Engineering, Quality Assurance, or Reliability Engineering. 1/31/2008 PMC 2008 Risk Management Program 9
Conduct Risk Management Training Tailor course language and exercises to the theme of the Project. Be consistent in terminology: Risk Statements—“One condition per risk statement,” “one consequence per risk statement,” “two or more consequences per risk statement?” Attributes—“Probability vs. Impact” or “Likelihood vs. Consequence” Risk Planning Approach—“Mitigate,” “Watch,” “Monitor,” “Accept,” “Research?” New Risks—“Candidate,” “New?” Closed Risks—“Retire,” “Transfer,” “Close,” “Accept,” “Escalated?” Risk matrix colors and orientation 1/31/2008 PMC 2008 Risk Management Program 10
Conduct Risk Management Training (continued) 5 5 4 5 1 2 Tot: 32 L 5 Tot: 8 I 4 9 6 3 K 4 4 Likelihood E L 33 3 7 8 I 2 Tot: 18 H 10 O 22 O 1 D 1 2 3 4 5 11 Consequences 11 2 2 33 4 4 5 5 CONSEQUENCES 1/31/2008 PMC 2008 Risk Management Program 11
Conduct Risk Management Training (continued) Ensure course content is consistent with Agency’s requirements. Require project to include a “Risk Identification Workshop” as part of training. Use project documentation to help identify threats to goals and objectives, and to develop definitions for likelihood, consequence, and timeframe risk attributes. Walk through the whole CRM process for at least one risk. 1/31/2008 PMC 2008 Risk Management Program 12
Develop Risk Management Plan Risk Management Plan should be project specific, configuration controlled, and compliant with Agency requirements. Overview of Risk Management (RM) process Project organization and responsibilities —Especially interfaces with the contractor; ensure Data Requirements Document (DRD) specifies compliance with Agency RM requirements. Risk management activities in detail Budget, resources, and milestones for risk management activities Procedure for documenting risks Assumptions and technical considerations Constraints Descope options 1/31/2008 PMC 2008 Risk Management Program 13
Execute Risk Management Plan Use Engineering Review Board/Risk Board/Risk Panel as gatekeeper to vet risks. Focus facilitator on risk in project discussions. Conduct Risk Identification Workshop against WBS elements and prior to major milestones. Include and track risk mitigations in project schedule. Talk to other “-ility” disciplines. Ensure consistent communication between interfaces. Present/report high risks to senior management, especially where technical challenges and resources for mitigations are a concern. 1/31/2008 PMC 2008 Risk Management Program 14
Execute Risk Management Plan (continued) Review risks in technical, cost, schedule, and safety discussions. Evaluate how well risk mitigations are working. Perform trend analysis on risks; any areas of concern starting to appear. Adjust risk attributes (likelihood and consequence) levels. Celebrate successes! Positive impacts to schedule and costs Technical challenges overcame Track “what ifs” Show concrete value and benefits 1/31/2008 PMC 2008 Risk Management Program 15
Continuous Improvement Evaluate frequency of risk reporting for possible timesavers. Remove burdensome tasks or activities that have no affect on risk management process. Audit risk management process for inefficiencies. Solicit recommendations from project team members. Share lessons learned with similar projects. Tap into unused features of risk tool(s). Attend risk management conferences and/or join risk management working groups. 1/31/2008 PMC 2008 Risk Management Program 16
Summary Projects can apply continuous risk management principles as a decision-making tool by: Identifying the threats to project objectives and mission success, along with any project constraints. Assessing the likelihood and consequences of these threats against project criteria (e.g., schedule, budget, milestones, etc.). Developing risk mitigation strategies and tasks to buy down the threats and reduce the risks. Integrating the risk mitigation strategies into the project schedule and budget. Reviewing the effectiveness of risk mitigation activities and residual risks. Documenting and communicating risks information throughout the project’s life cycle. 1/31/2008 PMC 2008 Risk Management Program 17
Conclusion It is very important that the risk management process: Begin early in formulation. Involve the project team to assess all identifiable risks up front. Be addressed in the Project Plan and detailed in the Risk Management Plan. Be continually reviewed for the disposition and tracking of all identified risks throughout the implementation and operations phases. 1/31/2008 PMC 2008 Risk Management Program 18

Recommended

Risk management
Risk managementRisk management
Risk managementbipulpwc
 
Srm
SrmSrm
SrmTim Smith
 
Canga.m.wood.j
Canga.m.wood.jCanga.m.wood.j
Canga.m.wood.jNASAPMC
 
S thomas sfield
S thomas sfieldS thomas sfield
S thomas sfieldNASAPMC
 
Bizier.brenda
Bizier.brendaBizier.brenda
Bizier.brendaNASAPMC
 
Richards.robert
Richards.robertRichards.robert
Richards.robertNASAPMC
 
Risk management plan for Human Resource Software
Risk management plan for Human Resource SoftwareRisk management plan for Human Resource Software
Risk management plan for Human Resource SoftwareDavid Bustin
 
Plan Risk responses
Plan Risk responsesPlan Risk responses
Plan Risk responsesNam N.N Tran M.Eng, PMP
 

Recommended

Risk management
Risk managementRisk management
Risk managementbipulpwc
 
Srm
SrmSrm
SrmTim Smith
 
Canga.m.wood.j
Canga.m.wood.jCanga.m.wood.j
Canga.m.wood.jNASAPMC
 
S thomas sfield
S thomas sfieldS thomas sfield
S thomas sfieldNASAPMC
 
Bizier.brenda
Bizier.brendaBizier.brenda
Bizier.brendaNASAPMC
 
Richards.robert
Richards.robertRichards.robert
Richards.robertNASAPMC
 
Risk management plan for Human Resource Software
Risk management plan for Human Resource SoftwareRisk management plan for Human Resource Software
Risk management plan for Human Resource SoftwareDavid Bustin
 
Plan Risk responses
Plan Risk responsesPlan Risk responses
Plan Risk responsesNam N.N Tran M.Eng, PMP
 
Homayoon.dezfuli
Homayoon.dezfuliHomayoon.dezfuli
Homayoon.dezfuliNASAPMC
 
Dezfuli.homayoon
Dezfuli.homayoonDezfuli.homayoon
Dezfuli.homayoonNASAPMC
 
Improved Risk information to support sound policy/decision making processes –...
Improved Risk information to support sound policy/decision making processes –...Improved Risk information to support sound policy/decision making processes –...
Improved Risk information to support sound policy/decision making processes –...Global Risk Forum GRFDavos
 
Overview in Project Manager Role
Overview in Project Manager Role Overview in Project Manager Role
Overview in Project Manager Role Software Park Thailand
 
Unit 7 risk
Unit 7 riskUnit 7 risk
Unit 7 riskAzhar Shaik
 
Crisis Communications
Crisis CommunicationsCrisis Communications
Crisis CommunicationsCB Creative, Inc.
 
Gonzalez.matthew
Gonzalez.matthewGonzalez.matthew
Gonzalez.matthewNASAPMC
 
Dickerson mark
Dickerson markDickerson mark
Dickerson markNASAPMC
 
Lucht
LuchtLucht
LuchtNASAPMC
 
Boyer.roger
Boyer.rogerBoyer.roger
Boyer.rogerNASAPMC
 
Thomas.coonce
Thomas.coonceThomas.coonce
Thomas.coonceNASAPMC
 
Dezfuli.h
Dezfuli.hDezfuli.h
Dezfuli.hNASAPMC
 
Kothari.d.mitchell.r
Kothari.d.mitchell.rKothari.d.mitchell.r
Kothari.d.mitchell.rNASAPMC
 
Ralph.basilio
Ralph.basilioRalph.basilio
Ralph.basilioNASAPMC
 
Denise.pham
Denise.phamDenise.pham
Denise.phamNASAPMC
 
Biess ted
Biess tedBiess ted
Biess tedNASAPMC
 
Josef martens
Josef martensJosef martens
Josef martensNASAPMC
 
Bryan.oconnor
Bryan.oconnorBryan.oconnor
Bryan.oconnorNASAPMC
 
Millis.marc
Millis.marcMillis.marc
Millis.marcNASAPMC
 
Rick nybakken.jan.chodas
Rick nybakken.jan.chodasRick nybakken.jan.chodas
Rick nybakken.jan.chodasNASAPMC
 
Harvey elliott
Harvey elliottHarvey elliott
Harvey elliottNASAPMC
 
Adrian.mark
Adrian.markAdrian.mark
Adrian.markNASAPMC
 

More Related Content

What's hot

Homayoon.dezfuli
Homayoon.dezfuliHomayoon.dezfuli
Homayoon.dezfuliNASAPMC
 
Dezfuli.homayoon
Dezfuli.homayoonDezfuli.homayoon
Dezfuli.homayoonNASAPMC
 
Improved Risk information to support sound policy/decision making processes –...
Improved Risk information to support sound policy/decision making processes –...Improved Risk information to support sound policy/decision making processes –...
Improved Risk information to support sound policy/decision making processes –...Global Risk Forum GRFDavos
 

What's hot (6)

Homayoon.dezfuli
Homayoon.dezfuliHomayoon.dezfuli
Homayoon.dezfuli
 
Dezfuli.homayoon
Dezfuli.homayoonDezfuli.homayoon
Dezfuli.homayoon
 
Improved Risk information to support sound policy/decision making processes –...
Improved Risk information to support sound policy/decision making processes –...Improved Risk information to support sound policy/decision making processes –...
Improved Risk information to support sound policy/decision making processes –...
 
Overview in Project Manager Role
Overview in Project Manager Role Overview in Project Manager Role
Overview in Project Manager Role
 
Unit 7 risk
Unit 7 riskUnit 7 risk
Unit 7 risk
 
Crisis Communications
Crisis CommunicationsCrisis Communications
Crisis Communications
 

Viewers also liked

Gonzalez.matthew
Gonzalez.matthewGonzalez.matthew
Gonzalez.matthewNASAPMC
 
Dickerson mark
Dickerson markDickerson mark
Dickerson markNASAPMC
 
Boyer.roger
Boyer.rogerBoyer.roger
Boyer.rogerNASAPMC
 
Thomas.coonce
Thomas.coonceThomas.coonce
Thomas.coonceNASAPMC
 
Dezfuli.h
Dezfuli.hDezfuli.h
Dezfuli.hNASAPMC
 
Kothari.d.mitchell.r
Kothari.d.mitchell.rKothari.d.mitchell.r
Kothari.d.mitchell.rNASAPMC
 
Ralph.basilio
Ralph.basilioRalph.basilio
Ralph.basilioNASAPMC
 
Denise.pham
Denise.phamDenise.pham
Denise.phamNASAPMC
 
Biess ted
Biess tedBiess ted
Biess tedNASAPMC
 
Josef martens
Josef martensJosef martens
Josef martensNASAPMC
 
Bryan.oconnor
Bryan.oconnorBryan.oconnor
Bryan.oconnorNASAPMC
 
Millis.marc
Millis.marcMillis.marc
Millis.marcNASAPMC
 
Rick nybakken.jan.chodas
Rick nybakken.jan.chodasRick nybakken.jan.chodas
Rick nybakken.jan.chodasNASAPMC
 
Harvey elliott
Harvey elliottHarvey elliott
Harvey elliottNASAPMC
 
Adrian.mark
Adrian.markAdrian.mark
Adrian.markNASAPMC
 
Stephen.rider
Stephen.riderStephen.rider
Stephen.riderNASAPMC
 
Wood.michael
Wood.michaelWood.michael
Wood.michaelNASAPMC
 
White.p.johnson.k
White.p.johnson.kWhite.p.johnson.k
White.p.johnson.kNASAPMC
 
Gonzales.matthew
Gonzales.matthewGonzales.matthew
Gonzales.matthewNASAPMC
 

Viewers also liked (20)

Gonzalez.matthew
Gonzalez.matthewGonzalez.matthew
Gonzalez.matthew
 
Dickerson mark
Dickerson markDickerson mark
Dickerson mark
 
Lucht
LuchtLucht
Lucht
 
Boyer.roger
Boyer.rogerBoyer.roger
Boyer.roger
 
Thomas.coonce
Thomas.coonceThomas.coonce
Thomas.coonce
 
Dezfuli.h
Dezfuli.hDezfuli.h
Dezfuli.h
 
Kothari.d.mitchell.r
Kothari.d.mitchell.rKothari.d.mitchell.r
Kothari.d.mitchell.r
 
Ralph.basilio
Ralph.basilioRalph.basilio
Ralph.basilio
 
Denise.pham
Denise.phamDenise.pham
Denise.pham
 
Biess ted
Biess tedBiess ted
Biess ted
 
Josef martens
Josef martensJosef martens
Josef martens
 
Bryan.oconnor
Bryan.oconnorBryan.oconnor
Bryan.oconnor
 
Millis.marc
Millis.marcMillis.marc
Millis.marc
 
Rick nybakken.jan.chodas
Rick nybakken.jan.chodasRick nybakken.jan.chodas
Rick nybakken.jan.chodas
 
Harvey elliott
Harvey elliottHarvey elliott
Harvey elliott
 
Adrian.mark
Adrian.markAdrian.mark
Adrian.mark
 
Stephen.rider
Stephen.riderStephen.rider
Stephen.rider
 
Wood.michael
Wood.michaelWood.michael
Wood.michael
 
White.p.johnson.k
White.p.johnson.kWhite.p.johnson.k
White.p.johnson.k
 
Gonzales.matthew
Gonzales.matthewGonzales.matthew
Gonzales.matthew
 

Similar to Cynthia.calhoun

Dezfuli youngblood
Dezfuli youngbloodDezfuli youngblood
Dezfuli youngbloodNASAPMC
 
Ashley.edwards
Ashley.edwardsAshley.edwards
Ashley.edwardsNASAPMC
 
Risk analysis and management
Risk analysis and managementRisk analysis and management
Risk analysis and managementgnitu
 
Project risk management
Project risk managementProject risk management
Project risk managementEr Swati Nagal
 
Why Traditional Risk Management fails in the Oil+Gas Sector
Why Traditional Risk Management fails in the Oil+Gas SectorWhy Traditional Risk Management fails in the Oil+Gas Sector
Why Traditional Risk Management fails in the Oil+Gas Sectorjanknopfler
 
Project of entrepreneurship
Project of entrepreneurship Project of entrepreneurship
Project of entrepreneurship AliAbbas390458
 
Webinar - Building Team Efficiency and Effectiveness
Webinar - Building Team Efficiency and EffectivenessWebinar - Building Team Efficiency and Effectiveness
Webinar - Building Team Efficiency and EffectivenessInvensis Learning
 
Risk-Management-05012023-025512pm.ppt
Risk-Management-05012023-025512pm.pptRisk-Management-05012023-025512pm.ppt
Risk-Management-05012023-025512pm.pptYasirShaikh34
 
1Risk ReportingRisk ReportingRique Gidde.docx
1Risk ReportingRisk ReportingRique Gidde.docx1Risk ReportingRisk ReportingRique Gidde.docx
1Risk ReportingRisk ReportingRique Gidde.docxfelicidaddinwoodie
 
Risk Management and Remediation
Risk Management and RemediationRisk Management and Remediation
Risk Management and RemediationCarahsoft
 
Beyond PMP: Risk Management
Beyond PMP: Risk ManagementBeyond PMP: Risk Management
Beyond PMP: Risk Managementabhinayverma
 
Managing risk as Opportunity
Managing risk as OpportunityManaging risk as Opportunity
Managing risk as OpportunityGlen Alleman
 
Risk management(software engineering)
Risk management(software engineering)Risk management(software engineering)
Risk management(software engineering)Priya Tomar
 
IT Risk managment combined
IT Risk managment combinedIT Risk managment combined
IT Risk managment combinedGlen Alleman
 

Similar to Cynthia.calhoun (20)

Dezfuli youngblood
Dezfuli youngbloodDezfuli youngblood
Dezfuli youngblood
 
Ashley.edwards
Ashley.edwardsAshley.edwards
Ashley.edwards
 
Risk analysis and management
Risk analysis and managementRisk analysis and management
Risk analysis and management
 
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk Management
 
Project risk management
Project risk managementProject risk management
Project risk management
 
Why Traditional Risk Management fails in the Oil+Gas Sector
Why Traditional Risk Management fails in the Oil+Gas SectorWhy Traditional Risk Management fails in the Oil+Gas Sector
Why Traditional Risk Management fails in the Oil+Gas Sector
 
Risk guideline
Risk guidelineRisk guideline
Risk guideline
 
Project of entrepreneurship
Project of entrepreneurship Project of entrepreneurship
Project of entrepreneurship
 
Webinar - Building Team Efficiency and Effectiveness
Webinar - Building Team Efficiency and EffectivenessWebinar - Building Team Efficiency and Effectiveness
Webinar - Building Team Efficiency and Effectiveness
 
Risk-Management-05012023-025512pm.ppt
Risk-Management-05012023-025512pm.pptRisk-Management-05012023-025512pm.ppt
Risk-Management-05012023-025512pm.ppt
 
1Risk ReportingRisk ReportingRique Gidde.docx
1Risk ReportingRisk ReportingRique Gidde.docx1Risk ReportingRisk ReportingRique Gidde.docx
1Risk ReportingRisk ReportingRique Gidde.docx
 
Risk Management and Remediation
Risk Management and RemediationRisk Management and Remediation
Risk Management and Remediation
 
11 risk management
11 risk management11 risk management
11 risk management
 
11 project risk management
11 project risk management11 project risk management
11 project risk management
 
Beyond PMP: Risk Management
Beyond PMP: Risk ManagementBeyond PMP: Risk Management
Beyond PMP: Risk Management
 
Managing risk as Opportunity
Managing risk as OpportunityManaging risk as Opportunity
Managing risk as Opportunity
 
Risk management
Risk managementRisk management
Risk management
 
Risk management(software engineering)
Risk management(software engineering)Risk management(software engineering)
Risk management(software engineering)
 
8. project risk management
8. project risk management8. project risk management
8. project risk management
 
IT Risk managment combined
IT Risk managment combinedIT Risk managment combined
IT Risk managment combined
 

More from NASAPMC

Bejmuk bo
Bejmuk boBejmuk bo
Bejmuk boNASAPMC
 
Baniszewski john
Baniszewski johnBaniszewski john
Baniszewski johnNASAPMC
 
Yew manson
Yew mansonYew manson
Yew mansonNASAPMC
 
Wood frank
Wood frankWood frank
Wood frankNASAPMC
 
Wood frank
Wood frankWood frank
Wood frankNASAPMC
 
Wessen randi (cd)
Wessen randi (cd)Wessen randi (cd)
Wessen randi (cd)NASAPMC
 
Vellinga joe
Vellinga joeVellinga joe
Vellinga joeNASAPMC
 
Trahan stuart
Trahan stuartTrahan stuart
Trahan stuartNASAPMC
 
Stock gahm
Stock gahmStock gahm
Stock gahmNASAPMC
 
Snow lee
Snow leeSnow lee
Snow leeNASAPMC
 
Smalley sandra
Smalley sandraSmalley sandra
Smalley sandraNASAPMC
 
Seftas krage
Seftas krageSeftas krage
Seftas krageNASAPMC
 
Sampietro marco
Sampietro marcoSampietro marco
Sampietro marcoNASAPMC
 
Rudolphi mike
Rudolphi mikeRudolphi mike
Rudolphi mikeNASAPMC
 
Roberts karlene
Roberts karleneRoberts karlene
Roberts karleneNASAPMC
 
Rackley mike
Rackley mikeRackley mike
Rackley mikeNASAPMC
 
Paradis william
Paradis williamParadis william
Paradis williamNASAPMC
 
Osterkamp jeff
Osterkamp jeffOsterkamp jeff
Osterkamp jeffNASAPMC
 
O'keefe william
O'keefe williamO'keefe william
O'keefe williamNASAPMC
 
Muller ralf
Muller ralfMuller ralf
Muller ralfNASAPMC
 

More from NASAPMC (20)

Bejmuk bo
Bejmuk boBejmuk bo
Bejmuk bo
 
Baniszewski john
Baniszewski johnBaniszewski john
Baniszewski john
 
Yew manson
Yew mansonYew manson
Yew manson
 
Wood frank
Wood frankWood frank
Wood frank
 
Wood frank
Wood frankWood frank
Wood frank
 
Wessen randi (cd)
Wessen randi (cd)Wessen randi (cd)
Wessen randi (cd)
 
Vellinga joe
Vellinga joeVellinga joe
Vellinga joe
 
Trahan stuart
Trahan stuartTrahan stuart
Trahan stuart
 
Stock gahm
Stock gahmStock gahm
Stock gahm
 
Snow lee
Snow leeSnow lee
Snow lee
 
Smalley sandra
Smalley sandraSmalley sandra
Smalley sandra
 
Seftas krage
Seftas krageSeftas krage
Seftas krage
 
Sampietro marco
Sampietro marcoSampietro marco
Sampietro marco
 
Rudolphi mike
Rudolphi mikeRudolphi mike
Rudolphi mike
 
Roberts karlene
Roberts karleneRoberts karlene
Roberts karlene
 
Rackley mike
Rackley mikeRackley mike
Rackley mike
 
Paradis william
Paradis williamParadis william
Paradis william
 
Osterkamp jeff
Osterkamp jeffOsterkamp jeff
Osterkamp jeff
 
O'keefe william
O'keefe williamO'keefe william
O'keefe william
 
Muller ralf
Muller ralfMuller ralf
Muller ralf
 

Recently uploaded

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 

Recently uploaded (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 

Cynthia.calhoun

  • 1. National Aeronautics and Space Administration National Aeronautics and Space Administration Risk Management Getting Started APPEL PM Challenge Conference APPEL PM Challenge Conference February 2008 February 2008 Cynthia Calhoun Cynthia Calhoun NASA Glenn Research Center NASA Glenn Research Center www.nasa.gov www.nasa.gov
  • 2. Introduction Implementing a formal risk management program into any project can be challenging when most people only focus on the costs and schedule of getting the job done. Projects know risks exists, but have decided that they do not need anything getting in the way of completing their tasks on time or adding costs to their budget. Projects need to understand that the risk management process is a basis for decisions to mitigate threats not only to their costs and schedule, but threats to the technical, environmental, security, or safety aspects of the project. 1/31/2008 PMC 2008 Risk Management Program 2
  • 3. Risk Management Defined An organized, systematic decision-making process that efficiently identifies, analyzes, plans, tracks, controls, communicates, and documents risk to increase the likelihood of achieving program/project goals. NPR 7120.5 NASA Program and Project Management Requirements 1/31/2008 PMC 2008 Risk Management Program 3
  • 4. NASA Risk Management Growth NASA Risk Develop Reporting Governance CRM 5 X 5 Matrix Model Process 1998 1999 2002 2005 2006 2007 * SMA RBAM NPR NASA Update 8000.4 Exploration NPR Kick-off Risk Mgt Safety 8000.4 Formal Reqts Study • Costs risks Risk • Schedule Risks Mgt Pgm • EVM per • Safety Risks (PRA) NPR • Sys Eng and Integration 7120.5A •Note—While Risk Management was not new to NASA, the Agency had never required a structured risk management effort to be a standard element of all programs and projects. 1/31/2008 PMC 2008 Risk Management Program 4
  • 5. NASA Continuous Risk Management (CRM) Identify—Search for and locate risks before they become problems Analyze—Convert risk data into useable information for determining priorities and making decisions Plan—Translate risk information into planning decisions and mitigating actions (both present and future), and implement those actions Track—Monitor risk indicators and mitigation actions Control—Correct risk mitigation plan deviations and decide on future actions Communicate and Document—Provide information to project on risk activities and current/future risks 1/31/2008 PMC 2008 Risk Management Program 5
  • 6. Implement and Integrate Risk Management A few examples on how a project can begin implementing risk management methods and techniques into every aspect of the project, and the barriers and successes of integrating risk management into day-to-day project activities will be covered for the following actions: Assign a risk facilitator Conduct risk management training Develop risk management plan Execute risk management plan Apply continuous improvement 1/31/2008 PMC 2008 Risk Management Program 6
  • 7. Assign a Risk Facilitator Ensure programs/projects utilize risk-based decision making to continuously manage the acquisition, safety, technical, and programmatic risks. This includes: Provide CRM training and Risks Identification Workshops Assist with developing, implementing, and updating risk management plans. Review risk statements for clarity and conciseness. Provide guidance on estimating the likelihood, consequences, and timeframe of the risks. Review risk mitigations to ensure the mitigation will actually reduce the likelihood and consequence of the risk occurring. Assure risks are tracked and used to measure the progress of the risk management program. Monitoring risk closures and reporting. 1/31/2008 PMC 2008 Risk Management Program 7
  • 8. Assign a Risk Facilitator (continued) Assure their respective project/element risk information is documented in the respective risk database and kept current. Ensuring the project is adhering to a continuous risk management process. Research methods, tools, and techniques to enable and improve the continuous risk management process. Review and assess the effectiveness of the risk management process and provide recommendations for improvement. Stay abreast of developments, enhancements, and assessments of Agency risk management related policies, standards, and guidelines. 1/31/2008 PMC 2008 Risk Management Program 8
  • 9. Assign a Risk Facilitator (continued) Risk facilitator IS NOT responsible for implementing risk management in the project; this is the PM’s responsibility. Risk facilitator SHOULD NOT be looked upon or used as the ONLY person performing risk management on the project. Depending on the size of the project, the risk facilitator could perform a dual role. For example, serve as the risk facilitator and perform Systems Engineering, Quality Assurance, or Reliability Engineering. 1/31/2008 PMC 2008 Risk Management Program 9
  • 10. Conduct Risk Management Training Tailor course language and exercises to the theme of the Project. Be consistent in terminology: Risk Statements—“One condition per risk statement,” “one consequence per risk statement,” “two or more consequences per risk statement?” Attributes—“Probability vs. Impact” or “Likelihood vs. Consequence” Risk Planning Approach—“Mitigate,” “Watch,” “Monitor,” “Accept,” “Research?” New Risks—“Candidate,” “New?” Closed Risks—“Retire,” “Transfer,” “Close,” “Accept,” “Escalated?” Risk matrix colors and orientation 1/31/2008 PMC 2008 Risk Management Program 10
  • 11. Conduct Risk Management Training (continued) 5 5 4 5 1 2 Tot: 32 L 5 Tot: 8 I 4 9 6 3 K 4 4 Likelihood E L 33 3 7 8 I 2 Tot: 18 H 10 O 22 O 1 D 1 2 3 4 5 11 Consequences 11 2 2 33 4 4 5 5 CONSEQUENCES 1/31/2008 PMC 2008 Risk Management Program 11
  • 12. Conduct Risk Management Training (continued) Ensure course content is consistent with Agency’s requirements. Require project to include a “Risk Identification Workshop” as part of training. Use project documentation to help identify threats to goals and objectives, and to develop definitions for likelihood, consequence, and timeframe risk attributes. Walk through the whole CRM process for at least one risk. 1/31/2008 PMC 2008 Risk Management Program 12
  • 13. Develop Risk Management Plan Risk Management Plan should be project specific, configuration controlled, and compliant with Agency requirements. Overview of Risk Management (RM) process Project organization and responsibilities —Especially interfaces with the contractor; ensure Data Requirements Document (DRD) specifies compliance with Agency RM requirements. Risk management activities in detail Budget, resources, and milestones for risk management activities Procedure for documenting risks Assumptions and technical considerations Constraints Descope options 1/31/2008 PMC 2008 Risk Management Program 13
  • 14. Execute Risk Management Plan Use Engineering Review Board/Risk Board/Risk Panel as gatekeeper to vet risks. Focus facilitator on risk in project discussions. Conduct Risk Identification Workshop against WBS elements and prior to major milestones. Include and track risk mitigations in project schedule. Talk to other “-ility” disciplines. Ensure consistent communication between interfaces. Present/report high risks to senior management, especially where technical challenges and resources for mitigations are a concern. 1/31/2008 PMC 2008 Risk Management Program 14
  • 15. Execute Risk Management Plan (continued) Review risks in technical, cost, schedule, and safety discussions. Evaluate how well risk mitigations are working. Perform trend analysis on risks; any areas of concern starting to appear. Adjust risk attributes (likelihood and consequence) levels. Celebrate successes! Positive impacts to schedule and costs Technical challenges overcame Track “what ifs” Show concrete value and benefits 1/31/2008 PMC 2008 Risk Management Program 15
  • 16. Continuous Improvement Evaluate frequency of risk reporting for possible timesavers. Remove burdensome tasks or activities that have no affect on risk management process. Audit risk management process for inefficiencies. Solicit recommendations from project team members. Share lessons learned with similar projects. Tap into unused features of risk tool(s). Attend risk management conferences and/or join risk management working groups. 1/31/2008 PMC 2008 Risk Management Program 16
  • 17. Summary Projects can apply continuous risk management principles as a decision-making tool by: Identifying the threats to project objectives and mission success, along with any project constraints. Assessing the likelihood and consequences of these threats against project criteria (e.g., schedule, budget, milestones, etc.). Developing risk mitigation strategies and tasks to buy down the threats and reduce the risks. Integrating the risk mitigation strategies into the project schedule and budget. Reviewing the effectiveness of risk mitigation activities and residual risks. Documenting and communicating risks information throughout the project’s life cycle. 1/31/2008 PMC 2008 Risk Management Program 17
  • 18. Conclusion It is very important that the risk management process: Begin early in formulation. Involve the project team to assess all identifiable risks up front. Be addressed in the Project Plan and detailed in the Risk Management Plan. Be continually reviewed for the disposition and tracking of all identified risks throughout the implementation and operations phases. 1/31/2008 PMC 2008 Risk Management Program 18