Standardized Program Risk Management Rose Martin, a senior program manager of the AB – 99 program, sits at her desk and looks at the risk management…
Standardized Program Risk Management
Rose Martin, a senior program manager of the AB – 99 program, sits at her desk and looks at the risk management framework her team currently uses. This framework
has been developed over the years and is adopted by her organization as a stand- ard framework. Rose is wondering whether this standard methodology should be
revised to address the challenges of future programs. ” Our organization is taking more risks these days. If our risk management framework cannot handle this, one
day we will be on the front page, which may not necessarily be good. “
THE COMPANY AND THE AB – 99 PROGRAM
Rose works for a multinational aerospace manufacturer, global security, and advanced technology company. The company is the world ‘ s largest defense contractor by revenue and offers a variety of products and services. Systems integration is among these services. Rose ‘ s program, AB – 99, is one of the programs under the Systems Integration business unit. The company is the prime systems integration contractor for AB – 99
with the total responsibility of overseeing all systems integration efforts. It is a multiyear contract to integrate advanced electronic systems into 99 multimission helicopters to improve their communications capabilities.
STANDARD RISK MANAGEMENT METHODOLOGY
For AB – 99, Rose creates the environment that promotes a positive attitude toward risk management. Risk management is considered as an important part of program management. In fact, risk management is ingrained in the company culture. It is practiced in every program by everyone. Since it is typical that a major defense
program consists of extended teams, it is important that the program stakeholders are involved in risk management on at least two different levels — the team level and the program level . Each level forms its own risk management board. At the team level, the team takes responsibility for the program risk
in their areas. The team is also responsible for highlighting risks that warrant elevation to the Program Risk Management Board. Risk management at the program level is performed to facilitate the coordination and oversight of the overall program risks. The company practices a standard risk management process which is aligned with the Department of Defense policy. The typical steps in the risk management process include risk identification, risk assessment, risk handling, risk surveil- lance, and risk closure.
Risk Identification: Risks are identified at all levels and throughout the entire program life cycle. For AB – 99, Rose recalls that, during the early stage of the program, they identified risks by examining the contract requirements, Statement of Work SOW, specification and other Request for Proposal RFP materials, as well as the internally developed work breakdown structure WBS, Integrated Master Schedule IMS, and program plans. This initial assessment led to areas where the team focused on improving the performance position to meet technical requirements, cost targets, and schedule goals, while balancing all three elements. The risk identification process also includes the review of the WBS against the internal risk taxonomy matrix. This matrix, in fact, serves as a checklist for risk categories, which include requirements, design, integration and test, management processes, program constraints, production, and logistics including obsolescence.
Risk Assessment: To identify risk priority, risks were assessed by using both qualitative and quantitative approaches. For the qualitative risk assessment, risks were classified by likelihood and impact levels. The likelihood represents the probability of risk occurrence. For the impact level, the adverse trends in
performance – measuring parameters from the impact or risks are measured and predicted. These parameters are the technical, cost, and schedule dimensions. In terms of assessment scales, the AB – 99 team uses a scale of 1 to 5 to assess likelihood remote to near certain and impact high to low. The explicit operational
definitions for both likelihood and impact were used to facilitate a consistent evaluation standard. After the assessment, risks were added to a matrix. This risk matrix helped facilitate the risk prioritization and the group review and discussion of the risk and corresponding step – by – step mitigation schemes. Rose remembers that the cumulative effect of all of the risks on program cost in dollars was provided by a summation of the individual factored cost exposures. Cost exposure is reviewed on a premitigation and a postmitigation basis, enabling the program to review the predicted reduction of cost exposure.
In addition to the qualitative risk assessment, the AB – 99 team also employed the quantitative risk assessment. In particular, the risk likelihood was evaluated in terms of percent and the impact level was identified in terms of dollars cost or days schedule. Factored cost or schedule exposure was defined as the product of the likelihood and impact in dollars or days. Rose recalls that each risk analy- sis included the determination of a root cause. By categorizing the root cause, potential mitigation actions became more evident and more effective.
Risk Handling: After the program risks were evaluated and prioritized, the action plans were developed for responding to the moderate and high risks. Avoidance, mitigation, and the use of contingency acceptance were the common action plans. Low risks were maintained on a watch list, reviewed quarterly for changes, and closed when no longer applicable.
Risk Surveillance: At the team level, the risk management board of each team continually tracked high – or moderate – risk items. On a particular risk item, once the board agreed that the risk level changed from moderate or high to low, that risk item was placed on the watch list and monitored for changes. The board
also monitored whether any risk items needed possible additional funding from the management reserve, whether any risks warranted elevation to the program risk management board, and whether there were any newly identified risks. At the program level, the program risk management board met regularly to review and discuss new potential risks and to manage existing risk mitigation efforts.
Risk Closure: Closure criteria were developed to evaluate risk items.
According to the criteria, if risks especially the ones on the watch list are assessed as no longer a factor, they are closed and removed from the list.
THE USE OF A RISK MANAGEMENT DATA BASE
To make this risk management activity possible, the AB – 99 team uses a risk man- agement data base. In the data base, risks are described, catalogued, updated,tracked, and so forth. Rose believes fully that the use of the data base helps them manage risks effectively. The team uses the data base to support 1 the integrated risk management, 2 the risk verification by risk management boards, 3 the risk scoring system, and 4 the establishment of metrics and closure criteria for mitigation tracking. The data base also 1 is the central location for obtaining risk assessment data for the program, 2 provides for the team to respond quickly to emerging risks, 3 facilitates shared monitoring of risks affecting multiple sub- systems, and 4 is the tool used to communicate risk areas and status to the chief engineers and program leadership council. Rose loves the automated notification feature of her data base because it gives any team member the ability to enter or update risks and the owner auctioneer receives an immediate notification so they are aware of the changes and can access the information directly.
1. Discuss the standard risk management methodology of AB – 99 and suggest what Rose should do to improve this standard methodology?
2.Determine which stakeholders would need to be consulted?
3.Describe the process you would use to mentor project managers involved with the program the case study?