Where do risks (threats and opportunities) arise from?
Presented by Lynn Stalker
Monday 10th October 2016
APM North West branch and Risk SIG conference
Alderley Park, Macclesfield
Call Girls In Panjim North Goa 9971646499 Genuine Service
Where do risks (threats and opportunities) arise from?, presented by Lynn Stalker, 10th Oct 2016, APM North West branch conference
1. Where do risks (threats and
opportunities) arise from
Presenter: Lynn Stalker CMIRM
Date: 10th
October 2016
2. Does this sound familiar?
• It’s late …
• It wasn't supposed to do that ..
• It doesn’t work …
• It’s going to cost me how much more …
• Have you listened to a word I’ve said ..
• Oh, I see you’ve done it in that way, well ...
Late Delivery of Project / Over Budget?
This presentation is aiming to consider sources
of risk (though this is not exhaustive) and
where to use them.
2
3. Introduction
• In all types of undertaking, there is a potential for events
that constitute opportunities for benefit (upside), threats to
success (downside) or an increased degree of uncertainty
• For all types of organisations, there is a need to
understand the risks being taken when seeking to achieve
objectives and attain the desired level of reward
– All projects have risks, whether that be a threat or an
opportunity, and these can come from a multitude of different
external and internal sources.
3
4. Introduction Cont….
• The purpose of using a variety of sources is to ensure
that the extent of unknown unknowns is as small as
possible
• The first stage in identifying risks is to understand where
the sources of risk can arise from.
– Asking the following questions:
• Who are the parties involved?
• What do the parties involved want to achieve?
• How is it to be done?
• What resources are required?
• When does it have to be done?
• Etc….
4
5. 5
Risk Management Process Framework
What are the
risks?
How significant
are they?
What can we
do? What will
we do?
Define risk treatment strategy
Assessment/Quantification
Identification
Monitor and review
Define boundaries and
objectives for evaluation
INITIATE PROJECT
Project Definition Risk
Management Focus
How are we doing?
What happened?
Step 1 in the 5 step process, identification
is the first and most significant phase of
the risk management process.
Why?
IDENTIFY
What are the risks
Sources of risk
ASSESS
Likelihood / impact
Ranking / Prioritisation
PLAN RESPONSES
Identify an devaluate options
Plan mitigation strategies
IMPLEMENT RESPONSES
Assigned responsibilities
Monitor and review
MANAGEPROCESS
6. Hierarchy of Risk Registers
• Operations
Routine activities of any organisation, processes, maintenance,
asset care. Efficiency of operations, including disruption associated
with people, processes and products
• Tactics
Typically associated with projects (mitigators to programme /
strategic risks), mergers, acquisitions and product developments.
Effectiveness of processes, as well as significant risks to
improvement including management of projects
• Strategies
Sets out the long-term aims, missions and objectives of the
organisation
Example – Implementation of a new IT system
6
8. Internal Drivers / Sources
• Financial Risks
– Internal control
– Fraud
– Historical liabilities
– Investments
– Capital expenditure decisions
(capex)
– Liquidity and cash flow
• Marketplace Risks
• Research & development activities
• Intellectual property
• Contracts / commercial
• Infrastructure Risks
– Recruitment
– People skills
– Health and safety
– Premises
– It systems
– Sabotage
• Reputational Risks
– Brand extensions
– Board composition
– Control environment
– Brand quality
– Contamination / activity release
8
9. 9
Project Scope and Programme / Project Objectives
• Scope of work needs to be understood before risk identification
occurs
– Every project has goals that need to be clearly defined and
understood as to what is to be accomplished, to prevent a lack of
understanding, misinterpretation and getting off track
– The project needs to be fit for purpose and not a business wish list
(too many nice to have features)
10. Programme / Project Assumptions
• Circumstances or events that need to occur for the programme /
project to be successful, but are outside the total control of the
programme / project team
– If you have any reason to believe the assumption may be broken or
unstable, then you should include as a risk.
– If you have no reason to believe it will impact the scope, then no risk is
required
– It is necessary to understand and test assumptions for the project by
asking these questions:
1. Stability – Is the assumption accurate?
2. Sensitivity – What impact does the assumption have?
Assumption Example: “No contamination or unforeseen ground conditions found during
site investigation”
Risk Example: Whilst undertaking excavations historically important remains are
unearthed
Or: Whilst undertaking excavations ground contamination is detected
10
11. 1111
Stakeholders
Etc….
Regulators
Represent a major risk
factor because they
often display
unexpected resistance
Risk Example:
Uncertainty in the ongoing
support from external
stakeholders to proposed
technical, engineering,
business and
permissioning
approaches impacts on
master production
schedule timescales
12. 12
Regulators
Etc….
Compliance with all
applicable rules and
regulations, especially in
highly regulated sectors, for
example Nuclear, Banking
Risk Example:
The organisation breaches its
authorised discharge limits
The Branch breaches its
financial sanctioning
authorisations
13. Emergent Risks
• Emergent risks are those that have not yet occurred but
are at an early stage of becoming known and/or coming
into being and expected to grow greatly in significance.
• They do not have the ‘track record’ of other better known,
non-emergent, risks and usually arise in the longer term.
– Low probability with catastrophic consequences
– Emergent risks cannot often be easily identified or anticipated
– These risks are more likely to have the major effect
13
14. Resources
• Sharing of learning from experience or other
projects
• Subject Matter Experts
– Where the opportunity arises, individuals not
immediately involved in the project can be
brought in to risk workshops
• project managers,
• engineers or
• operations resources.
• Supply chain
– These individuals will be independent from the
project, but will be experienced and qualified.
14
15. Processes
• Flowsheets
• Drawings / diagrams
• Fault trees
• Process flow diagrams
• Plant or process walk downs
• Safety Workarounds
15
18. Key Points / Summary
• Risk Management is a continuous process and as such should be
owned and managed by the programme / project on a routine basis
• It is not a one size fits all process
• It is not possible to know if all possible sources of risk are ever
identified, there will always be some unknown unknowns
• Identifying risks will provide benefits to any organisation / programme
/ project by way of improvements in:
– Successful delivery of change and increased operational efficiency
– Reduced cost of capital
– Assurance to stakeholders regarding management of risk and improved
decision making
– Competitive advantage
– Enhanced political and community support
18