Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
70 8.1 Introduction Risk management is integral to the project management process. This Guidebook offers a systematic approach for the application of risk management practices that link to planning and preconstruction phases of project development and the level of a projectâs complexity. One specific outcome of imple- menting risk management is to help control project costs. In this context, risk management provides a structured approach to estimating contingency dollars for a project. Through the risk management process, a projectâs contingency can then be managed effectively as the level of project definition increases. Risk Management is described as a five-step process. A num- ber of risk management tools support the process at the appro- priate phases of project development. While implementation of individual steps and tools is essential, they should not be implemented in an âal la Carteâ approach. Implementation requires that all five steps be applied to integrate risk manage- ment into other agency processes that impact project cost and control these costs over the projectâs development phases. Although risk management integration with other agency processes can begin at the organizational level, ultimately all lev- els must participate to create the cultural change necessary to address the challenges from instituting risk management at the organization, program, and project levels. Table 8.1 summa- rizes the implementation goals for the three levels. Achieving these goals will likely require organizational change and a com- mitment of agency resources. 8.2 Step One â Implementation of Risk Strategy: Organizational Change NCHRP Report 574: Guidance for Cost Estimation and Man- agement for Highway Projects During Planning, Programming, and Preconstruction provided a strategic approach to address- ing the cost escalation problem. The basis behind this approach was eight strategies to address a number of cost escalation fac- tors. One strategy was the Risk Strategy, which has the follow- ing focus: Identify risks, quantify their impact on cost, and take actions to mitigate the impact of risks as the project scope is developed. The implementation of the risk strategy will require a long- term commitment to change. Implementation should be ap- proached as a continuous process of assessment, planning, assigning responsibility, and measuring performance. Assess- ment at the organizational level focuses on the understanding of risk, what it is and why it is an important process to imple- ment. An understanding of risk will provide a basis for develop- ing a plan for staffing and committing the resources for imple- menting risk management. The outcome of assessment and planning is the assignment of responsibility. A key to imple- menting the Risk Strategy is to find a âChampionâ of risk man- agement within the upper level management hierarchy of the agency. This champion must have a passion for risk manage- ment and then a vision for how risk management can be imple- mented across the agency. The champion should ensure that performance measures are in place so that the status of imple- mentation can be periodically reported. The process will create a loop of continuous improvement as depicted in Figure 8.1. 8.2.1 Establish Steering Committee An effective initial effort in the implementation process is to form a steering committee with the right mix of members. Since risk management is a focused area, steering committee members should have some knowledge of the risk manage- ment process or, at a minimum, possess a willingness to learn risk management as detailed in this Guidebook. A cross sec- tion of disciplines that will need to be involved in program and project risk management should be included on the commit- tee. Consideration should be given to including an expert in risk management even if this expert comes from outside of the agency. The committee should follow the approach shown in C H A P T E R 8 Implementation
Figure 8.1 for determining a specific implementation effort around the Risk Strategy. In assessing current implementation and planning for fu- ture implementation, the steering committee must also un- derstand that risk management often is closely related with other critical project management processes, such as cost esti- mating, cost management, and project development. For ex- ample, the risk management process is used in cost estimating to quantify contingency dollars assigned to a project. Under- standing this type of relationship is vital because the impact of risk management on other processes may increase the dif- ficulty of implementation of the Risk Strategy successfully. 8.2.2 Develop Action Plan Over time, the agency will need to develop a risk awareness culture. This effort begins with a vision that sets an overarch- ing direction for an agency related to the implementation of risk management. The vision should make a case for change, especially when risk management is new to the agency. Change should be explained in terms of why change is needed and then what are the corresponding benefits for change. Ac- countability for implementation should be determined to confirm successful implementation. This comprehensive vi- sion must be communicated to agency personnel. Manage- ment commitment to the vision is essential. Finally, an action plan should be developed to describe the processes, training, skill development, and other resources needed to carry out the vision. 8.2.3 Determine Organizational Structure for Risk Management Implementing a new or significantly improving an exist- ing process requires organization structures to support the process improvement. Risk management is no different. However, the type of structure followed will certainly vary de- pending on the agency organizational culture and the ap- proach to risk management. Organizational approach to risk management might range from a stand alone office to sup- port the risk management process used on projects to several agency personnel who promote risk management within the organization but are not fully dedicated to the risk manage- ment effort. In either case, typical functions of the risk man- agement support group could include, but not be limited to, developing policy, training materials, supporting risk appli- cations on projects, and communicating risk related informa- tion to users. Setting up an organization structure to imple- ment risk management requires support and decisions from upper management of the agency. A key issue is the resource commitment to risk management in terms of personnel and other support costs. 71 Table 8.1. Implementation goals. Implementation Thrusts Implementation Focus Implementation Goals Organizational Level Risk Strategy Implement Risk Strategy Across the Agency Assess current status of risk management implementation Plan for long term implementation Assign responsibility for implementation Measure results of implementation Program Level Risk Management Steps Implement Risk Management Steps Across Programs Assess current status of step implementation Develop policies Commence use of Risk Management Guide Develop training and education Project Level Risk Management Tools Implement Risk Management Tools Across Projects Assess current status of tool implementation Determine subject matter experts required Conduct pilot studies for new implementation Develop/revise agency specific tools Assessment Planning Assigning Responsibility Measuring Performance Risk Strategy Implementation Process Figure 8.1. Strategy implementation process.
The WSDOT initiated a risk office when its Cost Estimate Validation Process (CEVP) commenced. This office has been active in drafting policy, supporting risk assessment work- shops, and developing risk related tools among other focus areas. The office has four full-time personnel that support the risk management process. An alternate approach was used by Caltrans. While Caltrans did not establish a specific office to initiate the risk management process, they did have personnel that worked on developing a risk management process. This process is captured in a handbook designed to support project management and includes some tools used to implement risk management at the District level. Caltrans also has developed a dedicated course for risk management. This course is in- cluded as one of several training courses under the Caltrans project management curriculum. Agency implementation of the risk management process will require organizational change to support this new process. Each agency will have to determine an organizational approach to risk management that fits within the agency culture and re- sources available. Commitment to such a structured approach is vital to successful implementation. 8.3 Step Two â Implementation of Methods: Programmatic Change The second implementation step involves change at the program level with the institution of the risk management process steps as shown in Figure 8.2. Chapter 3 and Chapters 5 through 7 described the implementation of the five risk man- agement steps that support implementing the Risk Strategy. At the program level, current practice is first examined. Next, policies and procedures regarding risk management should be developed. Finally, the development of training and education materials is prepared to support implementation. 8.3.1 Assess Current Practice The first task for implementation of the risk management process is an assessment of the current state of practice within the agency. This assessment should be conducted by project development phase such as for the programming phase as indicated in Table 8.2. Current use should consider not only if the particular step is being used, but also the level of under- standing of the step and how it is being applied in practice. Comments then can be gathered on issues to consider for fu- ture implementation of the step. Since many agencies include contingencies in their cost estimates, it is important to capture definitions of contingency and how risk is related to the con- tingency value that is incorporated into each estimate. 8.3.2 Determine Policies and Procedures Once an understanding of the use of the risk management steps is achieved, the agency should begin to formulate poli- cies related to risk management and, in particular, contin- gency. These policies should address the relationship between risk and contingency and specific issues such as how is con- tingency determined, who owns the contingency, and when should contingency be retired, all in relation to risk manage- ment process steps. A general policy statement related to evaluating risk and contingency was developed by the Minnesota Department of 72 Risk Management ProcessAllocate Monitor and Control Identify Assess/ Analyze Mitigate and Plan Figure 8.2. Risk management process framework (varies by project development phase and complexity). Step Currently in Use Comments on FutureImplementation Identify Assess and Analyze Mitigate and Plan Allocate Monitor and Control Table 8.2. Example assessment of risk management steps in the programming phase.
Transportation (Mn/DOT) to aid in implementing risk man- agement. An example portion of this policy is: Total project cost estimates for each of the project develop- ment phases will include an analysis of uncertainty and risk, and associated contingency estimates. (Anderson et al. 2008) A second general policy statement that focuses on manag- ing risk and contingency also developed by Mn/DOT is illus- trated in the following statement: A process will be implemented for removing contingencies as project scope becomes better defined and risk management steps are taken (contingency resolution). (Anderson et al. 2008) Example guidelines to implement these general policy state- ments are: Uncertainty, risk and associated contingencies will be ac- knowledged early for all projects in the project development process, starting with the planning phase, and updated in sub- sequent phases. Risks that are beyond project-related risks and contingency (e.g., revenue over estimation, unanticipated events or condi- tions) will be considered in a program contingency. With the exception of the Letting Phase cost estimate, where project contingency is zeroed out, contingency will not be incor- porated in individual line item costs; instead, contingency will be maintained in a separate category. As more is known about the project, the amount of estimated contingency and the Base Esti- mate would change (contingency resolution). (Anderson et al. 2008) These guidelines are a final step that Mn/DOT employed to set a program context for implementing risk management including contingency issues. Policy formulation related to risk and contingency must support the Risk Strategy and the vision for risk management as articulated in the action plan prepared at the organiza- tional level. The policies must provide guidance for imple- menting risk management practices at the project level through the use of risk management steps and tools. Agencies should also consider policies relating to the use of range estimates to express risks and uncertainty. The FHWA allows ranges in long-range plans prepared during the plan- ning phase. Further, cost estimates for other phases can be shown as cost ranges based on probabilities of overrun. How- ever, this approach would require the agency to establish a pol- icy for budgeting purposes in which a single number is in- cluded in an intermediate plan (say six to 10 years) and the STIP. The policy might direct that the project cost be budgeted at an 80 or 90 percent probability of underrun. Careful consid- eration should be given to the selection of the specified percent for all projects, before creating an agency policy around this percentage. Once risk policies are determined and approved, risk pro- cedures can be developed. This guidebook can serve as the basis for customizing the risk management process to fit an agencyâs culture and level of expertise. Future implementa- tion should address how this manual might be enhanced and improved over time. 8.3.3 Develop Education and Training It is very likely that agency personnel will need to gain an understanding of risk management in general and then train- ing on how to apply risk management process steps. Man- agers and engineers at all phases of project development should be educated on the meaning of risk management, why risk management is important, and how risk management adds value in terms of controlling program and project costs. Education is required at all levels; however, the details of ed- ucating agency personnel may vary depending on the per- sonâs role in program and project management. Thus, train- ing courses can include content that ranges from high level risk management concepts to the details of applying risk management during a specific project phase using the steps and appropriate tools. Since the risk management process is used in conjunc- tion with other processes, training materials can be devel- oped for incorporation into a cost estimating or cost man- agement course or within a project management course. More detailed training on risk management can then be achieved through a standalone course wherein detailed ap- plications of the steps and tools can be the focus of such a course. Depending on the expertise and knowledge of the agency in risk management, consultants in this area may be re- quired to help develop training materials and then conduct the training courses until such time that the agency has gained sufficient expertise in risk management. In many states, consultants prepare project estimates and also manage project cost. As such, there is a need to train consultant en- gineers in the risk management process. This is especially necessary when the agency has its own approach to risk management. 8.4 Step Three â Implementation of Tools: Project Change The third level of implementation involves the applica- tion of tools at the project level. Tools should be developed and evaluated on a trial basis before they become agency standard practice as dictated by policy and through proce- dure manuals. Many of the tools described in Appendix A have been used on projects, but not necessarily in the agency environment. 73
8.4.1 Assess Current Practices The agency should also assess the current use of tools that support the risk management process at the project level. Table 8.3 provides an example of how to assess tool use in one project development phase. A similar table can be used to as- sess tool use in other phases. The agency will want to exam- ine how the tool is being used and how successful it has been in a specific project application. To realize the full potential of this approach, Table 8.3 should be used in conjunction with a detailed review of the tools in Appendix A and the steps described in Chapters 5, 6, and 7. This is necessary because the detailed application of the tools can vary, even within an agency. For example, the tool R3.2, Contingency to Percentage, can be applied in a number of different ways. Some agencies use a sliding scale contin- gency band that ties to project development phases. Others provide standard contingency values for use in each project development phase. The key in this example is to find the ap- proach that would best fit into the agency level of expertise re- lated to implementing risk management in relation to setting contingency amounts. If there are subject matter experts they should be identified. Often times, the more sophisticated risk management tools will require an outside consultant to aid in implementing the tool. This is particularly true for those tools that involve prob- abilistic estimating. 8.4.2 Test New Tools The adoption of new or the revision of existing risk man- agement tools should involve testing and verification of their effectiveness. The consequences of implementing inappro- priate tools that do not support risk management steps can lead to unanticipated cost and schedule impacts. Two meth- ods can be followed when implementing new tools: testing the new tool in parallel with existing tools or conducting pilot studies on appropriate projects. Again, depending on the tool, this effort might require the expertise of a risk manage- ment consultant. With the use of either method of testing new tools, the agency needs to have measures to determine if the tool is pro- ducing the result intended. Users should comment on bene- fits, deficiencies, and changes needed to improve tool imple- mentation. The tool may be dropped from consideration as a permanent tool if the results are not satisfactory. 8.4.3 Customize Tools to Fit Agency The final activity of the project-level implementation would involve the development of agency-specific tools. The tool must fit within the policy directives regarding risk and the re- sources available to fully develop a customized tool for the agency. Any customization effort should consider the impact and level of tool use across projects. 8.5 Step Four â Integrating the System: A Strategic Plan The previous sections describe the implementation of a risk management strategy, risk management steps, and risk man- agement tools at the organizational, program, and project lev- els, respectively. While each of these elements is individually important, success will only be realized when the agency inte- grates these elements as a comprehensive long-term strategic initiative. The basis of any comprehensive strategy starts with a vision that articulates management commitment and direction. This vision addresses change and the need for a new process such as risk management. Table 8.4 provides an implementation framework to inte- grate the risk steps and tools in support of achieving the Risk Strategy across the project development phases. The first col- umn identifies the project phase, in this case, planning. The second column identifies each of the five steps in the risk man- 74 Table 8.3. Example assessment of programming phase tools. Tools Examples of Use Subject Matter Experts Comments on Future Implementation Identification of Risks I2.1 Red Flag Items I2.3 Risk Checklists Risk Analysis R3.1 Risk Management Plan R3.2 Contingencyâ Percentage R3.3 Contingencyâ Identified Additional Tools Additional Tools
agement process. A short statement might be provided to focus the step for the particular project phase of interest. The third column identifies the tools that might be used in this project phase in support of the risk management step. Col- umn four provides for the assignment of responsible parties for managing implementation of the steps and tools. Column four should also include performance measures to guide whether the tool is working as intended. While Table 8.4 focuses on specific risk management is- sues, an integrated implementation plan must consider the interaction between the risk management process and other project management processes such as cost estimating and cost management. Both of these processes use inputs and out- puts of the risk management process. The risk management process also provides information to these two processes. There may be other processes that are influenced by the use of risk management. The user of the Guidebook is encour- aged to make an assessment of those related process that are impacted by implementing risk management. Further, to successfully implement risk management, or- ganization structures must be in place to provide the neces- sary resources to develop the implementation framework de- scribed in Table 8.4. The first decision is the type of structure that will be used and the resource dedicated to the risk man- agement approach under this structure. Once the structure is in place, the resources used to implement risk management will need to focus on policies, training, procedural develop- ment, and eventually development of tools. 8.6 Summary This chapter illustrates a purposeful approach to integrat- ing and implementing the concepts and content found in this Guidebook. The framework proposed in the final section of the chapter is one method for creating a strategic path for- ward with the goal of controlling project costs through risk management. Agencies can develop other approaches that use the steps and tools presented in this Guidebook. A sys- tematic approach to risk management is essential to aid in controlling costs. The use of expert consultants in this area is encouraged, especially when the more sophisticated tools are implemented in support of certain risk management steps. 75 Table 8.4. Example implementation framework. Project Development Phase Performance Improvement Opportunity/Action (Steps) Implementation Steps (Tools) Responsible Party and Performance Measurement Planning Risk Identification â Develop appropriate tools to support the identification of risks Red Flag Items â Develop tool application approach for documenting identified risks Program or party responsible for implementation with performance measurement Planning Risk Assessment/Analysis â Develop tools that provide for a contingency estimate Contingency Percentage â Prepare guidance for selecting contingency values consistent with planning phase Program or party responsible for implementation with performance measurement Planning All Steps Training â Develop training modules to incorporate risk identification and risk assessment/analysis for contingency applications for planning Program or party responsible for implementation with performance measurement Continue with Programming Phaseâ¦ Continue with opportunity/actions from methodsâ¦ Continue with implementation steps from toolsâ¦ Continue with assignment of responsibilities and measures