Tag Archives: Risk Management

The Schedule Compliance Risk Assessment Methodology (SCRAM)

SCRAM is an approach for identifying risks to compliance with the program schedule, it is the result of a collaborative effort between Adrian Pitman from the Australian Department of Defence, Angela Tuffley of RedBay Consulting in Australia, and Betsy Clark and Brad Clark of Software Metrics Inc. in the United States.

SCRAM focuses on schedule feasibility and root causes for slippage. It makes no judgment about whether or not a project is technically feasible. SCRAM can be used:

  • By organisations to construct a schedule that maximizes the likelihood of schedule compliance.
  • To ensure common risks are addressed before the project schedule is baselined at the commencement of a project.
  • To monitor project status, performed either ad hoc or to support appropriate milestone reviews
  • To evaluate challenged projects, to assess the likelihood of schedule compliance, root cause of schedule slippage and recommend remediation of project issues

Whilst the documentation is intensely bureaucratic, the concepts in SCRAM move beyond the concepts embedded in processes such as the DCMA 14 point checklist  to asking hard questions about the requirements of stakeholders and how effectively risk has been addressed before baselineing the schedule.

The SCRAM concept is freely available.  The SCRAM Process Reference Model (PRM) and a Process Assessment Model (PAM) documents are available for immediate download from: https://sites.google.com/site/scramsitenew/home

For more on schedule risk assessment and compliance assessment see: http://www.mosaicprojects.com.au/Planning.html#S-Risk

What’s the Probability??

The solution to this question is simple but complex….

Probability2

There is a 1 in 10 chance the ‘Go Live’ date will be delayed by Project 1
There is a 1 in 10 chance the ‘Go Live’ date will be delayed by Project 2
There is a 2 in 10 chance the ‘Go Live’ date will be delayed by Project 3

What is the probability of going live on March 1st?

To understand this problem let’s look at the role of dice:

If role the dice and get a 1 the project is delayed, any other number it is on time or early.
If you role 1 dice, the probability is 1 in 6 it will land on 1 = 0.1666 or 16.66% therefore there is a 100 – 16.66 = 83.34% probability of success.

Similarly, if you roll 2 dice, there are 36 possible combinations, and the possibilities of losing are: 1:1, 1:2, 1:3, 1:4, 1:5, 1:6, 6:1, 5:1, 4:1, 3:1, 2:1. (11 possibilities)

diceposs

The way this is calculated (in preference to using the graphic) is to take the number of ways a single die will NOT show a 1 when rolled (five) and multiply this by the number of ways the second die will NOT show a 1 when rolled. (Also five.) 5 x 5 = 25. Subtract this from the total number of ways two dice can appear (36) and we have our answer…eleven.
(source: http://www.edcollins.com/backgammon/diceprob.htm)

Therefore the probability of rolling a 1 and being late are 11/36 = 0.3055 or 30.55%, therefore the probability of success is 100 – 30.55 = 69.45% probability of being on time.

If we roll 3 dice we can extend the calculation above as follows:
The number of possible outcomes are 6 x 6 x 6 = 216
The number of ways not to show a 1 are 5 x 5 x 5 = 125

Meaning there are 216 combinations and there are 125 ways of NOT rolling a 1
leaving 216 – 125 = 91 possibilities of rolling a 1
(or you can do it the hard way: 1:1:1, 1:1:2, 1:1:3, etc.)

91/216 = 0.4213 or 42.13% probability of failure therefore there is a
100 – 42.13 = 57.87% probability of success.

So going back to the original problem:

Project 1 has a 1 in 10 chance of causing a delay
Project 2 has a 1 in 10 chance of causing a delay
Project 3 has a 1 in 5 chance of causing a delay

There are 10 x 10 x 5 = 500 possible outcomes and within this 9 x 9 x 4 = 324 ways of not being late. 500 – 324 leaves 176 ways of being late. 176/500 = 0.352 or a 35.2% probability of not making the ‘Go Live’ date.
Or a 100 – 35.2 = 64.8% probability of being on time.

The quicker way to calculate this is simply to multiply the probabilities together:

0.9 x 0.9 x 0.8 = 64.8%

These calculations have been added to our White Paper on Probability.

A Technical question for the risk experts??

Three schedule activities of 10 days duration each need to be complete before their outputs can be integrated.

Probability

Activity 1 & 2 both have a 90% probability of achieving the estimated duration of 10 days.

Activity 3 has an 80% probability of achieving the 10 days.

Scenario 1:

The three activities are in parallel with no cross dependencies, what is the probability of the integration activity starting on schedule?

Possible solution #1

There is a 10% probability of the start being delayed by Activity 1 overrunning.
There is a 10% probability of the start being delayed by Activity 2 overrunning.
There is a 20% probability of the start being delayed by Activity 3 overrunning.

Therefore in aggregate there is a 40% probability of the start being delayed meaning there is a 60% probability of the integration activity starting on time.

Possible solution #2

The three activities are in parallel and the start of the integration is dependent on all 3 activities achieving their target duration. The probability of a ‘fair coin toss’ landing on heads 3 times in a row is 0.5 x 0.5 x 0.5 = 0.125  (an independent series)

Therefore the probability of the three activities achieving ‘on time’ completion as opposed to ‘late’ completion should be 0.9 x 0.9 x 0.8 = 0.648 or a 64.8% probability of the integration activity starting on time.

Which of these probabilities are correct?

Scenario #2

The more usual project scheduling situation where activities 1, 2 and 3 are joined ‘Finish-to-Start’ in series (an interdependent series). Is there any way of determining the probability of activity 4 starting on time from the information provided or are range estimates needed to deal with the probability of the activities finishing early as well as late?

There is a correct answer and an explanation – see the next post
(its too long for a comment)

Value is created by embracing risk effectively

The latest briefing from the real ‘Risk Doctor’, Dr David Hillson #75: RESOLVING COBB’S PARADOX? starts with the proposition: When Martin Cobb was CIO for the Secretariat of the Treasury Board of Canada in 1995, he asked a question which has become known as Cobb’s Paradox: “We know why projects fail; we know how to prevent their failure – so why do they still fail?” Speaking at a recent UK conference, the UK Government’s adviser on efficiency Sir Peter Gershon laid down a challenge to the project management profession: “Projects and programmes should be delivered within cost, on time, delivering the anticipated benefits.” Taking up the Gershon Challenge, the UK Association for Project Management (APM) has defined its 2020 Vision as “A world in which all projects succeed.” The briefing then goes on to highlight basic flaw in these ambitions – the uncertainty associated with various types of risk. (Download the briefing from: http://www.risk-doctor.com/briefings)

Whilst agreeing with the concepts in David’s briefing, I don’t feel he has gone far enough! Fundamentally, the only way to achieve the APM objective of a “world in which all projects succeed” is to stop doing projects! We either stop doing projects – no projects – no risks – no failures. Or approximate ‘no risk’ by creating massive time and cost contingencies and taking every other precaution to remove any vestige of uncertainty; the inevitable consequence being to make projects massively time consuming and unnecessarily expensive resulting in massive reductions in the value created by the few projects that can be afforded.

The genesis of Cobb’s Paradox was a workshop focused on avoidable failures caused by the repetition of known errors – essentially management incompetence! No one argues this type of failure should be tolerated although bad management practices mainly at the middle and senior management levels in organisations and poor governance oversight from the organisation’s mean this type of failing is still all too common. (for more on the causes of failure see: Project or Management Failures )

However, assuming good project management practice, good middle and senior management support and good governance oversight, in an organisation focused on maximising the creation of value some level of project failure should be expected, in fact some failure is desirable!

In a well-crafted portfolio with well managed projects, the amount of contingency included within each project should only be sufficient to off-set risks that can be reasonably expected to occur including variability in estimates and known-unknowns that will probably occur. This keeps the cost and duration of the individual projects as low as possible, but, using the Gartner definitions of ‘failure’ guarantees some projects will fail by finishing late or over budget.

Whilst managing unknown-unknowns and low probability risks should remain as part of the normal project risk management processes, contingent allowances for this type of risk should be excluded from the individual projects. Consequently, when this type of risk eventuates, the project will fail. However, the effect of the ‘law of averages’ means the amount of additional contingency needed at the portfolio level to protect the organisation from these ‘expected failures’ is much lower than the aggregate ‘padding’ that would be needed to be added to each individual project to achieve the same probability of success/failure. (For more on this see: Averaging the Power of Portfolios)

Even after all of this there is still a probability of overall failure. If there is a 95% certainty the portfolio will be successful (which is ridiculously high), there is still a 5% probability of failure. Maximum value is likely to be achieved around the 80% probability of success meaning an inevitable 20% probability of failure.

Furthermore, a focus on maximising value also means if you have better project managers or better processes you set tighter objectives to optimise the overall portfolio outcome by accepting the same sensible level of risk. Both sporting and management coaches understand the value of ‘stretch assignments’ – people don’t know how good they are until they are stretched! The only problem with failure in these circumstances is failing to learn and failing to use the learning to improve next time. (For more on this see: How to Suffer Successfully)

The management challenge is firstly to eliminate unnecessary failures by improving the overall management and governance of projects within an organisation. Then rather than setting a totally unachievable and unrealistic objective that is guaranteed to fail, accept that risk is real and use pragmatic risk management that maximises value. As David points out in his briefing: “Projects should exist in a risk-balanced portfolio. The concept of risk efficiency should be built into the way a portfolio of projects is built, with a balance between risk and reward. This will normally include some high-risk/high-reward projects, and it would not be surprising if some of these fail to deliver the expected value.”

Creating the maximum possible value is helped by skilled managers, effective processes and all of the other facets of ‘good project management’ but not if these capabilities are wasted in a forlorn attempt to ‘remove all risk’ and avoid all failure. The skill of managing projects within an organisation’s overall portfolio is accepting sensible risks in proportion to the expected gains and being careful not to ‘bet the farm’ on any one outcome. Then by actively managing the accepted risks the probability of success and value creation are both maximised.

So in summary, failure is not necessary bad, provided you are failing for the ‘right reason’ – and I would suggest getting the balance right is the real art of effective project risk management in portfolios!

Stakeholders and Risk

Probably the biggest single challenge in stakeholder communication is dealing with risk – I have touched on this subject a few times recently because it is so important at all levels of communication.

Projects are by definition uncertain – you are trying to predict a future outcome and as the failure of economic forecasts and doomsday prophets routinely demonstrate (and bookmakers have always known), making predictions is easy; getting the prediction correct is very difficult.

Most future outcomes will become a definite fact; only one horse wins a race, the activity will only take one precise duration to complete. What is uncertain is what we know about the ‘winner’ or the duration in advance of the event. The future once it happens will be a precise set of historical facts, until that point there is always a degree of uncertainty, and this is where the communication challenge starts to get interesting……

The major anomaly is the way people deal with uncertainty. As Douglas Hubbard points out in his book the Failure of Risk Management: “He saw no fundamental irony in his position: Because he believed he did not have enough data to estimate a range, he had to estimate a point”. If someone asks you what a meal costs in your favourite restaurant, do you answer precisely $83.56 or do you say something like “usually between $70 and $100 depending on what you select”? An alternative answer would be ‘around $85’ but this is less useful than the range answer because your friend still needs to understand how much cash to take for the meal and this requires an appreciation of the range of uncertainties.

In social conversations most people are happy to provide useful information with range estimates and uncertainty included to make the conversation helpful to the person needing to plan their actions. In business the tendency is to expect the precisely wrong single value. Your estimate of $83.56 has a 1 in 3000 chance of actually occurring (assuming a uniform distribution of outcomes in a $30 range). The problem of precisely wrong data is discussed in Is what you heard what I meant?.

The next problem is in understanding how much you can reasonably expect to know about the future.

  • Some future outcomes such as the roll of a ‘true dice’ have a defined range (1 to 6) but previous rolls have absolutely no influence on subsequent rolls, any number can occur on any roll.
  • Some future outcomes can be understood better if you invest in appropriate research, the uncertainty cannot be removed, but the ‘range’ can be refined.

This ‘know-ability’ interacts with the type of uncertainty. Some future events (risks) simply will or won’t happen (eg, when you drop your china coffee mug onto the floor it will either break or not break – if it’s broken you bin the rubbish, if it’s not broken you wash the mug and in both situations you clean up the mess). Other uncertainties have a range of potential outcomes and the range may be capable of being influenced if you take appropriate measures.

The interaction of these two factors is demonstrated in the chart below, although it is important to recognise there are not absolute values most uncertainties tend towards one option or the other but apart from artificial events such as the roll of a dice, most natural uncertainties occur within the overall continuum.

Stakeholders and Risk - Risk Matrix

Putting the two together, to communicate risk effectively to stakeholders (typically clients or senior managers) your first challenge is to allow uncertainty into the discussion – this may require a significant effort if your manager wants the illusion of certainty so he/she can pretend the future is completely controllable and defined. This type of self-delusion is dangerous and it’s you who will be blamed when the illusion unravels so its worth making the effort to open up the discussion around uncertainty.

Then the second challenge is to recognise the type of uncertainty you are dealing with based on the matrix above and focus your efforts to reduce uncertainty on the factors where you can learn more and can have a beneficial effect on future outcomes. The options for managing the four quadrants above are quite different:

  • Aleatoric Incidents have to be avoided (ie, don’t drop the mug!)
  • Epistemic Incidents need allowances in your planning – you cannot control the weather but you can make appropriate allowances – determining what’s appropriate needs research.
  • Aleatoric Variables are best avoided but the cost of avoidance needs to be balanced against the cost of the event, the range of outcomes and your ability to vary the severity. You can avoid a car accident by not driving; most people accept the risk and buy insurance.
  • Epistemic Variables are usually the best options for understanding and improvement. Tools such as Monte Carlo analysis can help focus your efforts on the items within the overall project where you can get the best returns on your investments in improvement.

Based on this framework your communication with management can be used to help focus your efforts to reduce uncertainty within the project appropriately. You do not need to waste time studying the breakability of mugs when dropped; you need to focus on avoiding the accident in the first place. Conversely, understanding the interaction of variability and criticality on schedule activities to proactively managing those with the highest risk is likely to be valuable.

Now all you have to do is convince your senior stakeholders that this is a good idea; always assuming you have any after the 21st December!*

____________________

*The current ‘doomsday’ prophecy is based on the Mayan Calendar ending on 21st December 2012 but there may be other reasons for this:

Stakeholders and Risk Myan Prediction

Credit, Trust and Emotions

Last night we attended the Deakin University, Richard Searby Oration, delivered by Dr Guy Debelle, Assistant Governor (Financial Markets), Reserve Bank of Australia. His topic was: Credo et Fido: Credit and Trust.

The 2012 Oration explored the importance of credit and trust within the financial system and how the breakdown in trust post 2007 and the Global Financial Crisis (GFC) is severely hampering the global recovery.

Debelle’s hypothesis is that there is no credit without trust because there is always asymmetrical information in a loan transaction, the borrower always knows more about his/her/its financial situation and intentions than the lender and trust is needed to bridge this knowledge gap and allow the loan to be made.

This is as true of a depositor lending to a financial institution as it is of a bank lending to a borrower or importantly one financial institution lending to another institution. When trust breaks down, the lending process slows up or stops altogether. For more on the value of trust see: WP1030_The_Value_of_Trust

However, trust implies risk, the root cause of the GFC was overconfidence, leading to lax lending practices, supported by a lack of effective due diligence, leading to a chronic underpricing of risk. This allowed highly unethical, if not criminal practices to develop exponentially with institutions offloading risk to other institutions at a fraction of the real price. This complacency and ‘lazy trust’ allowed vast ‘bubbles’ of underpriced risk to develop across the whole financial sector. When the finance system was eventually forced to take a severe look at its situation, trust evaporated, credit dried up and the GFC destroyed value around the world.

The sovereign states (ie, governments) as lenders of last resort were in many cases unable to counterbalance the situation because trust in their ability to repay debt also evaporated. Pricing risk requires a reasonable degree of confidence that the parameters of the ‘unknown’ are knowable and a reasonable probability can be assigned to a defined risk exposure. Post GFC the breakdown of trust and confidence in financial markets has lead to uncertainty. When lenders ‘don’t know’ what the risk is they cannot price the risk, set a reasonable premium and use the information to strike a loan rate. If lender cannot set an interest rate for a loan, there is no loan (or the rates are exorbitantly high and the loan periods very short).

On-going banking scandals in Europe and the USA are continuing to erode trust and slow the rebuilding, despite money supply being expanded by the central banks. Having money is no good if you cannot trust anyone to lend it to.

The thread of argument that can be drawn from the above is that access to the credit needed to fund economic growth is based on a large proportion of a society having enough confidence in their financial systems for a reasonable degree of pragmatic trust to be extended by lenders to borrowers (and the borrowers having sufficient confidence in the situation and system to seek loans). This is as much a function of the underlying emotional settings within a society as the actual facts of the situation.

Australia is an interesting example. The GFC had minimal overall effect on the economy due to much tighter fiscal and banking policies, supported by swift government action. The current situation is also good with relatively low debt and the Reserve Bank has significant options open to keep the economy growing.

The overall strength of the economy was outlined in a speech entitled ‘The Glass Half Full’ given by Glenn Stevens’, Governor of the Reserve Bank of Australia (RBA), in his address to the American Chamber of Commerce (SA) AMCHAM Internode Business Lunch held in Adelaide on the 8 June 2012 (see: http://www.rba.gov.au/speeches/2012/sp-gov-080612.html).

One of the key charts presented by Stevens shows the inflation adjusted per capita GDP in Australia has hardly missed a beat – the GFC had a flattening effect but overall business conditions for the last 5 years have remained basically the same and are improving.

GDP = Gross Domestic Product and is directly correlated to the spending power per person (compounded by the growth in the Australian population). The only significant change highlighted in Steven’s report was a shift from an unsustainable growth in personal borrowings back towards a more sustainable savings rate which under any normal circumstance would be seen as good economic sense, particularly given the disasters in places like Ireland, Spain and Iceland caused by excessive borrowing.

So given the basically solid performance of the Australian economy, one would expect a similar trend in business confidence?? Unfortunately this is not the case:

A survey of business confidence by DBM Consultants shows confidence crashed in the period between 2007 and 2009 and continues to ‘flat-line’ with the vast majority of businesses being concerned about the economy. This flows through into low expectations for increasing employment and taking on borrowings (see: www.dbmconsultants.com.au).

The question is why is there such as big disconnect between the financial facts as presented by the RBA and the emotional distrust expressed by business in the DBM report?

My feeling is the key driver is the almost unrelenting stream of negative reporting in the press focusing on ‘bad news’ stories such as plant closures rather than good news stories such as the overall growth in employment (even in the manufacturing states such as Victoria), supported by a similar campaign by the federal opposition for short term political gain. This combination of unrelenting negativity will undoubtedly lower the level of optimism in the community (shown by numerous surveys) and lower the levels of trust in the government which as the ‘lender of last resort’ flows through into the financial and business communities.

Given the press appear to believe bad news sells papers and the opposition has a vested interest in winning the next election, both legitimate objectives, one wonders what needs to happen to start the shift in confidence highlighted as essential in Dr Debelle’s oration? The belief highlighted in the DBM report above has to be having a direct effect on the rate of growth in the economy because businesses are not investing, not training staff and not employing at the levels they could if there was more confidence – to an extent, the emotions are self-fulfilling.

As individuals we cannot do much at a national or international level, but we can learn from the wider world. When dealing with your team and/or communicating with stakeholders a proper balance is needed between achievements and issues. Focusing only on bad news and you will damage future prospects – unrelenting negativity is likely to be self-fulfilling; whilst unfounded optimism is a recipe for disaster if you ignore prudent good practice.

Project Assurance

Effective project and program governance requires a carefully measured balance between prudent and effective risk taking, allowing skilled project teams the flexibility to tailor and improve processes to enhance success and effective surveillance to ensure the organisation’s objectives are being achieved.

An excessive focus on ‘due process’ stifles innovation and improvement and can easily lead to ‘process induced failure’ where every one focuses on producing the correct document in preference to dealing with the information contained in the document… There is absolutely no point in being able to say that ‘every risk that adversely affected the project had been identified in the risk register’, if the risks could have been avoided by proactive management.

Good project management, good business management and good governance requires appropriate and timely action to mitigate or remove risks that can sensibly be managed, and recognition of the fact that the decision to take action is risky because there is no certainty the risk being mitigated would have occurred anyway: there is always a probability a risk won’t occur! Similar issues requiring balanced decision making occur across the full spectrum of project and program management.

Balancing the cost of action against the possible cost of inaction requires good business judgement; the definition of ‘good judgement’ being, ‘you are right more often than you are wrong’; not the ridiculous expectation of perfect foresight (it does not exist), nor systems that are biased in favour of ignoring preventative actions until it is too late.

The role of project surveillance systems should be focused on this type of issue assuring the organisation’s senior management and other stakeholders that their project and program management teams are making the best decisions to protect and enhance the overall value of the projects and programs to the organisation. ‘Due process’ is important, but only to the extent it either assists the decision making process or provides information that is required by law or regulation.

Our new White Paper ‘Proactive Project Surveillance’ looks at the different types of review and the way they can be structured to both assist the projects and programs being reviewed to generate value for the organisation whilst providing assurance to the organisation’s executives and stakeholders that the projects and programs are being managed effectively.

You can download the White Paper from: http://www.mosaicprojects.com.au/WhitePapers/WP1080_Project_Reviews.pdf