Program portfolio risk management solutions
Download as PPTX, PDF1 like1,012 views
This document discusses establishing a Risk Management Environment (RME) at the program and portfolio level. It introduces MCL Management Group and their experts Paul Lohnes and Cheryl Wilson who have experience establishing RMEs. The document addresses questions about what constitutes a mature RME, how to assess the maturity of an existing RME using their Risk Maturity Model, how to determine an organization's risk tolerance using their Organizational Risk Tolerance model, and how to establish a process for escalating risks across different levels.
Program portfolio risk management solutions
- 1. Risk Management Environment (RME) for Program and Portfolio MCL Management Group Cheryl Wilson, PMP, RMP, CCEP & Paul Lohnes, PMP risk@mclmg.com
- 2. Paul H. Lohnes PMP, Managing Partner Over 28 years Project Management experience Own company for 24 years before starting MCLMG with Cheryl Risk management, project rescuer, and project management consultant Has delivered over 500 seminars to over 10,000 attendees worldwide Cheryl A. Wilson PMP, PMI-RMP, CCEP SVP, Risk Management Division Over 26 years project and risk management experience Government, commercial, and non-profit organizations Established two complete RME at the portfolio level in past 2 years Compliance & ethics officer (SME) 2 MCLMG, LLC Alexandria, VA
- 3. Introduction Risk Management Environment (RME) Solutions for P/PM 3
- 4. Q1: What is a mature RME? • Risk proactive: mitigate first, respond second • Proactive risk mitigation mindset: reduce impact First and foremost: PROACTIVE • Accountable means taking ownership • Accountable means being active not passive Be accountable • Responsible means taking positive actions • Responsible means being focused on solutions Be responsible • Transparent means accepting risk as part of PM • Transparent means identifying & managing risks Be transparent • Ignoring risks, hoping they will go away • Thinking risks are bad and should NOT be discussed Maturity is NOT 4
- 5. Risk Maturity Model (RMM™) Assessing maturity of your RME 5 States of an RME’s maturity • State 1: Adolescence (lowest) • State 2: Transparent • State 3: Responsible • State 4: Accountable • State 5: Proactive (highest) Similar to the SEI’s CMMI structure •Covers most project management activities – risk is project invasive! •Does not require annual fees or membership 5 ™ MCLMG, 2010
- 6. RMM™ Maturity States •Risk ignorant, dismissive, ineffective •No risk perspective or mindset in organization Adolescence •Risk accepting, acknowledging, and progressive •Risk discovery, tracking, and monitoring Transparent •Taking actions towards the risks before triggering •Beginning to instill a risk-friendly mindset in the PM activities Responsible •Taking ownership of risk mitigation actions •Seeking and obtaining Sr. Management support Accountable •Active and effective risk mitigation strategies : REV reductions! •Tracking and costing risk program to a Return on Investment perspective Proactive 6 REV = risk equivalent value; defined as REV = RCI * RPO (Slide 51)
- 7. MITIGATE Characteristics of a Proactive RME M Mature I Inquisitive T Thorough I Investment-Oriented G Goal-seeking A Articulated T Transitional E Effective 7
- 8. Q2: How do I Assess my RME? Begin with understanding your As-Is • Where is the RME today? • Do we have an active RME in our projects/programs/portfolios (aggregate levels)? Be honest and up front • Everyone starts somewhere • Don’t over rate your own program Be objective – use a definitive model (RMM™) Use a checklist to ensure consistency 8
- 9. RME Maturity Assessment Checklist 9 • Purpose • Perform a self-assessment of the As-Is status • Provides a baseline for comparison • Outcomes • Shows areas of strengths & weaknesses • Provides starting line for maturity planning • Starts RME maturity discussions • Begins risk maturity mindset changes
- 10. Determine the Status of Your RME Using outcome of RMM State Checklist Which state is your RME at? Portfolio level Program level Project level What are the strengths & weaknesses at each aggregate level? Where are the commonalities, differences? 10
- 11. Q3: How do you determine risk tolerance? Organizational Risk Tolerance (ORT™) Model •Organizational Risk Tolerance •Risk characteristic or appetite of organization •Purpose: drives project management risk tolerance ORT ™ •Mitigation: use of risk mitigation strategies •Maturity: level of risk understanding and acceptance Based on two (2) independent variables •Risk Seeking High maturity High mitigation •Risk Accepting High maturity Low mitigation •Risk Avoiding Low maturity High mitigation •Risk Rejecters Low maturity Low mitigation Four types of organizational risk tolerance 11
- 12. ORT ™ States I The ORT™ defines four very simple states of risk tolerance based on the intersection of two independent variables: 1. Maturity (level from RMM) 2. Mitigation (usage) The ORT will impact the project’s risk tolerance in that a project can never be more risk tolerant than the organization that funds it. 12
- 13. ORT ™ States II • High maturity, high mitigation • Understands value of risk versus reward concept Risk Seeker • High maturity, low mitigation • Accepts risk as normal, deals with issues instead Risk Accepter • Low maturity, high mitigation • Avoids risks as normal, proactive in transfer or converting risks Risk Avoider • Low maturity, low mitigation • Ignores risks until issues, reactive Risk Rejecter Mitigation Maturity 13
- 14. ORT Model Parameters Participants • Several senior management (C-level) • Several senior PM managers (program/portfolio) • Any certified risk professionals • Sampling of project team members Resources • Online survey • Off-line scoring Created using two independent variables • Maturity • Mitigation 14
- 15. What is your ORT? Perform the ORT assessment Do the assessment on your organization Be objective, comprehensive, and focused Perform the ORT Do the assessment on your organization Be objective 15
- 16. The ORT™ Solution Review Which ORT state describes your organization? No single organization is characterized in a single state Organizations exhibit characteristics of several •Internal state •External state Parameters can alter ORT State •Size of project/program •Complexity of project/program •Visibility of project/program 16
- 17. Q4: How do I Escalate Risks? Risks should only be owned on single aggregate level Risks can escalate across aggregate levels •Begin at project, grow into program level risk • Start as program risk, mitigated down to project Escalation is a change in risk ownership •Need process/procedure to transfer ownership •Must be managed to prevent chaos Portfolio level usually plays role of arbiter 17
- 19. Upward Escalation Normal escalation • From lower levels to higher • Growth of risk beyond budget or schedule of lower level Transfer of ownership • Project manager to program manager • Project risk owner to program risk owner 19
- 20. Downward Escalation Abnormal escalation • Less frequent than upward • Requires more effort Done for aged risks • Older risks less powerful • Older risks have lower REVs 20
- 21. Escalation Hand-off Process Begins with a risk review Risk parameters have changed •REV growth •Risk impact zone growth •Complexity of mitigation strategy Agreement between transferring parties Risk register data transfer Re-assignment of ownership resources 21
- 22. Escalation Process Management The oversight is done by non-involved party • Project to program: oversight by portfolio • Program to portfolio: oversight by director • Risk manager always involved Arbitration for escalation disputes • Risk manager determines parameters of dispute • Assigns a non-involved party as arbiter • Arbitration is binding on transferring parties Constraints should be reviewed • Scope, time, cost, and quality constraints analysis • Adjustments may be needed to handle REV / mitigation values upon transfer 22
- 23. Paul Lohnes, PMP Managing Partner phl@mclmg.com Cheryl Wilson, PMP, PMI-RMP, CCEP VP, Risk Division caw@mclmg.com MCLMG, LLC 23
Editor's Notes
- #19: Describe the different roles Initiator Accepter Approver Arbiter