RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS /RIADENIE RIZÍK V ŠTANDARDOCH PROJEKTOVÉHO MANAŽMENTU
Ladislav MARIŠ
[email protected]
Department of Security management Faculty of Special engineering University of Žilina, Slovakia
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
PROJECT MANAGEMENT
Content:
Risk of project management IPMA PMI PRINCE 2 ISO 21500 CONCLUSION
2011 and 2012 - Slovakia 40% not completed the projects / neukončené projekty on schedule and budget / na čas a v plánovanom rozpočte
„Project risks are a source of project failure.“ „Riziká projektu sú zdrojom projektového zlyhania.“
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
RISK of project management
... an opportunity that it becomes something that will affect the organization's objectives ... možnosť (príležitosť), že sa stane niečo, čo bude mať vplyv na ciele spoločnosti. Risk level of project failure (R) can be based on the expression of the relationship: Riziko (stupeň, mieru) zlyhania projektu (R) môžeme vyjadriť vzťahom: • P expresses the probability of the risk,
R = P x I;
• P vyjadruje pravdepodobnosť tohto rizika, • I expresses the impact of this risk, • I vyjadruje dôsledok tohto rizika,
R = maxRi
Total risk level R can be expressed the highest level achieved among risks (Ri). Celkovú mieru rizika R môžeme vyjadriť najvyššou hodnotou spomedzi všetkých rizík (Ri).
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
ISO 10006 - Risk related processes
ISO 10006 - Procesy zaoberajúce sa rizikom
International Standard ISO 10006 Guidelines for quality management in projects includes 13 main processes and one of them is Risk related processes that involves: • risk identification, • risk assessment, • risk treatment, • risk control.
Medzinárodná norma ISO 10006 Návod na manažérstvo kvality v projektoch obsahuje 13 hlavných procesov a jeden z nich sa volá: Procesy zaoberajúce sa rizikom ktoré obsahujú: • identifikáciu rizika,
• posudzovanie rizika,
• zaobchádzanie s rizikom, • riadenie (kontrola) rizika.
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
ISO 10006 - Risk related processes
ISO 10006 - Procesy zaoberajúce sa rizikom
• Risk identification should be performed at the initiation of the project, at progress evaluations and other occasions when significant decisions are made. Risk identification should consider risks in: • Identifikácia rizika sa má urobiť na začiatku projektu, pri hodnoteniach priebehu a pri iných príležitostiach, keď sa prijímajú závažné rozhodnutia. Pri identifikácii rizika sa majú zvážiť: • cost / náklady,
• information technology / IT
• product / produkt,
• health / zdravie,
• time / čas,
• quality / kvalita,
• security / ochrana,
• dependability / spoľahlivosť, • professional liability /
profesionálna zodpovednosť,
• safety / bezpečnosť,
• environment / prostredie, • new technologies / nové
technológie, • and their interactions / spoločné interakcie.
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
ISO 10006 - Risk related processes
ISO 10006 - Procesy zaoberajúce sa rizikom All identified risks should be assessed. Všetky identifikované riziká treba posúdiť. • qualitative analysis / kvalitatívne analýzy, • quantitative analysis / kvantitatívne analýzy.
This standard offers solutions to treat risks: Norma ponúka riešenia ako zaobchádzať s rizikom: • • • • • •
to eliminate / eliminácia, to mitigate / zníženie, to transfer / prenos, to share / podieľanie sa, to accept risks / akceptovanie, and on the other side to create plans to take advantage of opportunities / plány na využitie príležitostí.
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
ISO 10006 - Risk related processes
In the last process risk control is recommended, that throughout the project risks should be: V poslednom procese riadenia rizika je odporúčané, aby počas celého projektu boli riziká: • Monitored / monitorované,
• Controlled by previous iterative processes / riadené pomocou
predchádzajúcich procesov
Personnel should be encouraged to anticipate and identify risks and report them to the project organization. Pracovníci sa majú nabádať, aby prijali a identifikovali riziká a aby ich oznámili projektovej organizácii.
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
IPMA - Risk & opportunity
IPMA – Riziko & príležitosť
International Project Management Association created National standard competences of project management which consists of 46 competences divided in to three areas: Medzinárodná asociácia projektového manažmentu (IPMA) vytvorila súbor 46 kompetencií projektového manažmentu: • the techniques of project management (20) / techniky projektového manažmentu, • the professional behavior of project management personnel (15) / profesionálne správanie
pracovníkov projektového manažmentu, • the relations with the project’s context (11) / vzťahy v projektovom kontexte .
The first area (techniques of project management) includes Risk & Opportunity complex of following competences for certified project manager: Prvá oblasť (techniky projektového manažmentu) obsahujú komplex kompetencií s názvom Riziko & príležitosť, určených pre projektového pracovníka - manažéra: • to keep himself and all the project team members working proactively / aby on sám a projektový • • • •
tím pracovali proaktívne, to alert to risks and opportunities / aby upozornil na riziká a príležitosti, to commit to the risk management process / aby sa zaviazal k procesu riadenia rizík, to involve interested parties in that process / aby zapájal zainteresované strany do tohto procesu, to get appropriate experts (as consultants) to support project risk management / aby príslušní odborníci (napr. konzultanti) podporovali riadenie projektových rizík.
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
IPMA - Risk & opportunity IPMA – Riziko & príležitosť
IPMA defines (for this process) possible process steps which included: IPMA definuje (pre tento proces) možné procesné kroky, ktoré obsahujú • identify and assess risks and opportunities / identifikáciu a posúdenie rizík a • • • • • • •
príležitostí, develop a risk and opportunity response plan and have it approved and communicated / priebeh rizika a reakčný plán na vzniknuté príležitosti, update the different project plans affected by the approved risks and opportunities response plan / aktualizáciu rôznych projektových plánov súvisiacich s rizikom a príležitosťami, assess the probability of attaining time and cost objectives, and keep doing it during the project / posúdenie pravdepodobnosti dosiahnutia časových a finančných (nákladových) cieľov dosahujúcich v priebehu projektu, continuously identify new risks, reassess risks, plan responses and modify the project plan / priebežná identifikácia nových rizík, prehodnotenie rizík, reakčné plány a upravený plán projektu, control the risk and opportunity response plan / riadenie reakčného plánu rizík a príležitostí, document lessons learnt and apply to future projects / dokumentáciu poznatkov, ktoré môžeme aplikovať do budúcich projektov, update risk identification tools / aktualizáciu nástrojov identifikácie rizík.
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
IPMA - Risk & opportunity IPMA – Riziko & príležitosť
Qualitative assessment ranks the risks and opportunities according to their importance as a function of their impact and probability of occurrence. That ranking is used to decide what strategy should be used to cope with each risk and opportunity. For instance project manager can: Kvalitatívne posúdenie sa vzťahuje k rizikám a príležitostiam vzhľadom na dôležitosť funkcie ich vplyvu a pravdepodobnosti ich výskytu. Toto posúdenie sa používa pri rozhodnutí aká stratégia by sa mala použiť na zvládnutie každého rizika či príležitosti. Projektový manažér má na výber: • • • • • • •
eliminate risk / eliminovať riziko, mitigate risk / zmierniť riziko, share risk / podielať sa na riziku určitou mierou, transfer a risk / preniesť riziko, insure against risk / poistiť sa proti pôsobeniu rizika, develop contingency plan / vypracovať pohotovostný plán, passively accept the risk / pasívne akceptovať riziko.
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
IPMA - Risk & opportunity IPMA – Riziko & príležitosť
Quantitative assessment provides a numerical value measuring the effect expected from risks and opportunities. Examples of powerful quantitative assessment techniques are: Kvantitatívne posúdenie poskytuje numerické vyjadrenie hodnoty vplyvu, ktorý očakávame od rizika a príležitosti. Príkladom hodnotiacich kvantitatívnych metód sú: • Monte Carlo analysis / analýza Monte Carlo,
• decision trees / metóda rozhodovacích stromov, • scenario planning / plánovanie scenárov, • RIPRANTM,
• strategy of elimination risk / stratégia eliminácie rizika.
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
PMI - Practice standard for project risk management PMI – Praktický štandard pre riadenie projektového rizika
Project Management Institute (PMI) created Practice Standard for Project Risk Management. The purpose of this Standard is to: Inštitút projektového riadenia (PMI) vytvoril Praktický štandard riadenia projektového rizika. Účelom tohto štandardu – normy je: • provide a standard for the project management profession and
other stakeholders that defines the aspects of Project Risk Management that are recognized as good practice on most projects / poskytnúť normu pre profesiu projektantov, zaoberajúcich sa riadením projektových rizík, ktoré sú súčasťou praxe viacerých projektov, • provide a standard that is widely recognized and consistently applied / poskytnúť normu, ktorá je široko uznávanú a dôsledne uplatňovaná.
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
PMI - Practice standard for project risk management PMI – Praktický štandard pre riadenie projektového rizika This practice standard includes detailed processes as follows: Táto praktická norma obsahuje detailne rozpracované nasledujúce procesy: • Plan Risk Management / Plán riadenia rizika, • Identify Risks / Identifikácia rizík,
• Perform Qualitative Risk Analysis / Kvalitatívnu analýzu rizík,
• Perform Quantitative Risk Analysis / Kvantitatívnu analýzu rizík, • Plan Risk Responses / Havarijný plán (reakčný plán rizík), • Monitor and Control Risks / Sledovanie a riadenie rizík.
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
PRINCE2 - Risk management strategy
PRINCE2 – Stratégia riadenia rizík
Projects In Controlled Environments version 2 (PRINCE2) is a project management methodology which is used as the project management standard for many types of projects. PRINCE2 predstavuje metodológiu projektového riadenia, ktorá sa používa ako štandard riadenia pre najrôznejšie typy projektov. PRINCE2 recommends a Risk Management Strategy (RMS) which should be produced by the project manager. PRINCE2 odporúča tzv. Stratégiu riadenia rizík, ktorá bola vytvorená pre projektových manažérov.
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
PRINCE2 - Risk management strategy
PRINCE2 – Stratégia riadenia rizík
The content of the RMS includes the goals procedure and roles (responsibilities) of risk management on the project (timing, budget, tools, techniques). Stratégia obsahuje ciele a zodpovednosti riadenia projektového rizika (napr. čas, rozpočet, nástroje, techinky). Risk management procedure recommended 5 following steps: • identify (context, risks),
• assess (to estimate - probability, impact, proximity; to evaluate - all
project risks), • plan (the possible risk responses and recommendation), • implement (of the risk response, must be appropriately monitored), • communicate (to risk information, both to project team members and stakeholders).
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
PRINCE2 - Risk management strategy
PRINCE2 – Stratégia riadenia rizík
There are 9 categories of risk response: • to avoid,
• to reduce,
• to fallback, • to transfer, • to accept, • to exploit,
• to enhance, • to reject,
• and to share.
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
ISO 21500 - Risk management
ISO 21500 Guidance on project management is the first in a planned family of project management standards. It is designed to align with related International Standards:
• ISO 10006 Quality management systems − Guidelines for quality
management in projects, • ISO 10007 Quality management systems − Guidelines for configuration management, • ISO 31000 Risk management – Principles and guidelines.
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
ISO 21500 - Risk management
For risk management area defines following 4 processes: 1. Identify risks,
Risks with a potential negative impact to the project are referred to as threats and risks with a potential positive impact on the project are referred to as opportunities, • Input: project plans • Output: risk register.
2. Assess risks,
includes estimating the probability of occurrence of each identified risk and the corresponding consequence on objectives, if the risk does occur. The risks are then prioritized in accordance with this assessment considering other factors such as the timeframe and key stakeholders risk tolerance. • Inputs: project plans, risk register • Output: prioritized risks.
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
ISO 21500 - Risk management
For risk management area defines following 4 processes: 3. Treat risks,
relate to develop options and determine actions to enhance opportunities and reduce threats to the project’s objectives. Risk treatment includes measures: • to mitigate the risk, • to deflect the risk, • to develop contingency plans to be used if the risk occurs. • Inputs: project plan, risk register • Outputs: risk responses, change requests.
4. Control risks
keeping track of the identified risks, identification and analysis of newly arising risks, monitoring trigger conditions for contingency plans and reviewing progress on risk responses, while evaluating their effectiveness • Inputs: project plan, progress data, risk register, risk responses • Outputs: risk responses, change requests.
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
CONCLUSION 1. 2. 3. 4. 5.
Project management is closely linked to the risk management, Assessment and subsequent treatment with project risks reduce the rate of project failure. More similarities in meaning of risk management. How to manage risk of the project, should be related to specified characteristics in mentioned standards. IPMA, PRINCE2 and PMI are primarily intended for certification of project managers and ISO 21500, which replaces ISO 10006, provides guidance on project management.
L. MARIŠ: RISK MANAGEMENT IN PROJECT MANAGEMENT STANDARDS
„THANK YOU FOR YOUR ATTENTION“