Cover Image

Not for Sale

View/Hide Left Panel
Click for next page ( 66

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement

Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 65
65 gency from the Contingency--Percentage (R3.2) tool is first The selected method or tool will involve a trade-off be- consulted. The next step is to review approximately the top tween sophistication of the analysis and its ease of use. 20 percent of the prioritized risks to ensure that the contin- The tool should help determine project cost and sched- gency is adequate. An expected value estimate for estimating ule contingency. the top-ranked risks can be calculated by multiplying the The tool should have the ability to include the explicit product of the impact should the risk occur by the probabil- knowledge of the project team members concerning the ity of the occurrence (e.g., $1,000,000 x 0.50 = $500,000). site, the design, the political conditions, and the project Contingency in addition to the predetermined percentage approach. can be included if warranted by the expected value analysis. The tool should allow quick response to changing mar- ket factors, price levels, and contractual risk allocation. The tool should help foster clear communication among Type III Quantitative Risk Analysis the project team members and between the team and and Contingency Management higher management about project uncertainties and A Type III risk analysis applies to major projects. This their impacts. method is generally facilitated by risk analysts who are experts The tool, or at least their output, should be easy to use in the area of quantitative risk management practices. The and understand. process most often begins with a Risk Workshop (R3.6) and The risk analysis process can be complex due to the com- generates a stochastic estimate of cost and schedule through plexity of the modeling that is required and the subjective an Estimate Ranges Monte Carlo Analysis (R3.5). The re- nature of the data available to conduct the analysis. How- sulting risk-based range estimate is then updated throughout ever, the complexity of the process is not overwhelming project development. and the generated information is extremely valuable. In all cases, the list of risks should be related to the contin- The risk analysis process is continuous throughout the de- gency amount. In a Type I analysis, the tie between the risks sign phase. Risk analysis at key milestones in the design and contingency is loose, but the list of risks can justify the phase will allow for active risk management and the reso- need for the contingency estimate to internal and external lution of contingency. stakeholders. In the Type III analysis, the tie is direct as the list of risks forms the basis for the stochastic model that drives the contingency estimate. 7.4 Design Phase Risk Mitigation and Planning 7.3.5 Design Phase Risk Assessment Risk mitigation and planning efforts are active and contin- and Analysis Tips uous throughout the Design Phase. The objectives of risk mit- There must be a clear understanding of risk significance igation and planning are to explore risk response strategies and a description of what the contingency amount included for the high-risk items identified in the qualitative risk assess- in a cost estimate covers in terms of project risks. ment or quantitative risk analysis. The process identifies and assigns parties to take responsibility for each risk response. It The goal of risk assessment is not to eliminate all risk from ensures that each risk requiring a response has an owner. The the project. Rather, the goal is to recognize the significant key output is the risk register or risk management plan. The risk challenges to the project and to initiate an appropriate design and estimating teams will revisit these plans at major management response to their management and mitigation. design milestones or whenever a design change occurs. All projects, regardless of project size and project complex- ity, will require some form of risk assessment and analysis. 7.4.1 Design Phase Risk Mitigation The framework of risk assessment and analysis remains the and Planning Inputs same, but the tools and level of effort vary with project complexity and the decisions that need to be made. In the initial risk mitigation and planning efforts, the A comparison of each risk's probability and impact yields ranked list of risks from the first two risk management steps a relative ranking of the risks that can be used for risk man- is the key input. As the project progresses, the risk register agement or, if warranted by project complexity, a detailed or risk management plan is the key input, along with any quantitative risk analysis using probabilistic models to newly identified risks. Risk mitigation and planning begins generate ranges of possible outcomes. by developing and documenting a risk management strat- Recalling from Chapter 3, there are five criteria that can be egy focused on the key risks. Early efforts establish the pur- applied to help select risk assessment and analysis tools. pose and objective; assign responsibilities for specific areas;

OCR for page 65
66 identify additional technical expertise needed; describe the Management Plan (R3.1) tool in Appendix A provides a good assessment process and areas to consider; delineate proce- example of this output. This example from Caltrans describes dures for consideration of mitigation and allocation op- a clear approach to the assignment of responsibility. It also tions; dictate the reporting and documentation needs; and provides items that require resource investment and a method establish report requirements and monitoring metrics. This for calculating their costs. planning should address evaluation of the capabilities of po- Risk mitigation and planning is iterative and includes de- tential sources as well as early industry involvement. scribing and scheduling the activities and processes to assess The list of risks (or risk register) is the basis for the solici- (identify and analyze), mitigate, monitor, and document the tation of mitigation and planning options from key managers risk associated with a project. For minor or moderately com- and experts. The mitigation and planning options will require plex projects, the result should be a Risk Register (R3.12). For cost-benefit analyses (e.g., the cost of implementing a mitiga- major projects or moderately complex projects with a high tion effort versus the reduction in probability or impact to a degree of uncertainty, the result should be a formal Risk risk) to assess the viability or impact of the options. Estima- Management Plan (R3.1). tors and risk analysts will have key input into the mitigation Updates to the risk management plan and risk register should and planning process. occur frequently during the design phase. The nature of each The project management staff will have the final input into risk will change as the design evolves. Some mitigation efforts the risk mitigation and planning efforts. They will determine will be successful and others will fail. Other risks will change as who "owns" the risk and is responsible for ensuring its effec- project conditions change over time. The risk register should tive management. The risk management plan and/or risk reg- reflect the current status of each risk. Triggers for updating the ister should clearly identify who is responsible for managing risk register and/or risk management plan include: major de- and resolving each individual risk. sign milestones; a change to project scope; identification of a new risk(s); and/or change to an existing risk. 7.4.2 Design Phase Risk Mitigation and Planning Tools 7.4.4 Design Phase Risk Mitigation and Planning Relationship Risk mitigation and planning tools that can be used in the to Project Complexity Design Phase are listed in Table 7.3. Refer to Appendix A for complete tool descriptions. The risk mitigation and planning effort should be congru- ent with project complexity. Each risk plan should be docu- mented, but the degree of documentation will vary with proj- 7.4.3 Design Phase Risk Mitigation ect complexity. Not all projects will require a comprehensive and Planning Outputs and quantitative risk management process. The simplest minor The outputs of the risk mitigation and planning steps are projects may only require a Red Flag Items (I2.1) tool to man- an organized, comprehensive, and interactive risk manage- age the most important risks. The list can be reviewed at proj- ment strategy and plan for adequate resources. The Risk ect milestones to ensure that the key risks are being managed. The creation of a Risk Register (R3.12) is a more formal iden- tification of risks than the simple Red Flag Items (I2.1). A risk Table 7.3. Design phase risk mitigation and planning tools. register is highly recommended for all projects. The risk regis- ter provides project managers with a listing of significant risks Tool and includes information about the cost and schedule impacts Moderately of each risk. It supports the contingency resolution process by Complex Minor Major tracking changes as a result of actual cost and schedule risk impacts, as the project progresses through the development I2.1 Red Flag Items process and the risks are resolved. The level of detail in the reg- ister will vary with project complexity. Registers can be applied R3.1 Risk Management Plan to minor projects and the effort to create and maintain them R3.5 Estimate Ranges Monte Carlo Analysis can be relatively minimal. All moderately complex projects R3.6 Risk Workshop should use a risk register. The risk register creates a concise tool to manage the risks and the individuals assigned to each risk. R3.11 Risk Breakdown Structure Major projects or moderately complex projects with high R3.12 Risk Register levels of uncertainty will benefit from having a detailed and for- mal Risk Management Plan (R3.1) that records all aspects of R3.13 Risk Management Information System risk identification, risk assessment, risk analysis, risk planning,