In response to a directive from the Committee of the Conference on Energy and Water Development of the 105th Congress (U.S. Congress, 1997), the Department of Energy (DOE) requested that the National Research Council (NRC) appoint a committee to review and assess the progress made by the department in improving its project management practices. The NRC appointed a committee under the auspices of the Board on Infrastructure and the Constructed Environment to undertake the review and assessment of DOE project management (known as the Phase III review). The committee is composed of 10 professionals with diverse experience in academic, government, and industrial settings and extensive knowledge of project management and process improvement.1 (See Appendix A for biographies of the committee members.)
The principal task of the committee has been to review and comment on DOE’s recent efforts to improve its project management. (See Appendix B for the statement of task.) This committee’s efforts are the third phase of evaluative activities that began in 1997. The first phase was an assessment of the need for independent project reviews in the Department of Energy (Phase I) (NRC, 1998), followed in 1998 by a comprehensive assessment of DOE project management practices (Phase II) (NRC, 1999). The current third phase was planned as a 3-year effort beginning in July
2000 and has produced three annual assessment reports (NRC, 2001, 2003, 2004).
The committee has noted in each of its annual assessment reports that risk management is probably the most difficult aspect of project management, and for many DOE projects it is also the most critical. During the 3 years of the Phase III assessment, the committee observed examples of improvement in DOE’s risk management efforts, but also found evidence of persistent deficiencies. In its final annual assessment (NRC, 2004) the committee found that “risk management is an integral requirement of Order O 413.3 but has not been adequately addressed in Manual M 413.3-1 and in Project Management Principles” (NRC, 2004, p. 29) and that “a consistent approach to risk identification, assessment, and mitigation would be a first step toward making risk management more useful and usable across the department“ (NRC, 2004, p. 29). The committee has recommended that DOE develop guidance for effective risk management beginning prior to approval of mission need (CD-0) and continuing through project execution, and require its implementation for all projects.
This report is provided, at the request of DOE, as a summary of the risk management practices of leading owner organizations in project management in both the public and private sectors. This report therefore simply attempts to summarize what the committee believes constitutes excellence in project risk management. The methods described here are appropriate for public- and private-sector project owners’ representatives, including senior managers, program managers, project directors, and project managers. The objective of this report is to summarize the knowledge of project risk management needed by an owner’s representative to understand both issues that require active owner participation and issues that require oversight of activities that are delegated to contractors. For DOE this representative is primarily the project director; however, program directors and senior managers also have responsibilities for effective project risk management and therefore need a thorough understanding of the owner’s role in project risk management.
This report is based on the expertise and experience of the committee members as noted in their biographies. The report is presented as a resource for DOE and all project owners who are concerned with risks in their projects. Chapter 2, “Owners’ Roles and Responsibilities,“ provides an overview of project teams and the overall enterprise direction deemed necessary for successful project risk management. Chapter 3, “Properties of Project Risks,“ defines project risks and describes activities to manage them. Chapter 4, “Risk Identification and Analysis,“ covers risk analysis techniques and the managerial skills needed to interpret risk assessments. Chapter 5, “Risk Mitigation,“ describes actions that owners’ representatives can take to reduce the impact of identified risks if they occur.
Chapter 6, “Contingency,“ defines contingency and discusses the implications of various approaches to setting cost and schedule contingencies for projects. Chapter 7, “Active Risk Management,“ discusses how owners can use risk identification, analysis, and mitigation to increase project success. Chapter 8, “Portfolio Risk Management,“ identifies the challenges and opportunities for owners of multiproject programs for managing and reducing overall risks. Chapter 9, “Conclusions,“ is an overview of the actions owners can take to achieve excellence in risk management.