Uncertainties are inherited in every project delivery and in particular capital construction projects. By nature, projects are all about committing to deliver future products and services based on what is known today. What makes it more challenging for capital construction projects is that although there is always a desire to deliver those projects cheaper and faster, those projects take at least five years to deliver where the chances that many assumptions made will become invalid while many new uncertainties will emerge.
Regardless of the extent of knowledge and experience that project stakeholders have, predicting what might happen and their impact on project success is always hard to achieve. This can be attributed to many projects related factors including uniqueness, deliverables produced, many stakeholders with conflicting requirements, assumptions made, constraints imposed, different individuals involved, changes when responding to unknowns among others.
Implementing proactive project risk management goal is not to eliminate risks but to Increase the ability of the organization to accept risk thus rewards will be greater. This require implementing measures to reduce the cost of threats or negative risks while increasing the rewards of opportunities or positive. Those measures will increase the return of investment (ROI) of undertaken projects.
Proactive project risk management starts by having a team assigned to formally manage project risks similar to all other project aspects to be managed. This team will become responsible for enforcing a well-defined framework to manage project risks which will incorporate risk as part of all decisions made to select, execute as was originally planned or make changes to what was originally planned, or terminate the project. Those decisions are known as Stage Gate decisions that are made when exiting each project life cycle stage to secure the approval to proceed with the following stage. The risk framework will also define the business processes required to identify, assess, evaluate, respond, monitor and control, and post-project review of project risks.
Using a Project Management Information System (PMIS) solution like PMWeb, risk management will be one of the many other project management aspects that can be digitalized using out-of-the-box integrated business processes to proactively manage, monitor, evaluate and report risks across the complete projects’ portfolio. To start with, it is important to understand who will be managing project risks and what are the roles needed to build the project risk team. The organizations chart will also define the line of authorities for those roles to establish the responsibilities for performing the different project risk management business processes. PMWeb organization module will be used to map the project risk management function organization chart.
The risk identification, qualitative assessment, evaluation and response strategy will be managed using PMWeb risk analysis module. There is no limit to the number of risk registers that can be added which will be aligned with the risk management framework. Those registers will be used to identify risks for each project risk category and their pre-mitigation and post-mitigation impact and probability of occurrence. The register will also quantify the expected cost exposure of identified, evaluated and responded to risks also known as the “Risk Cost”. PMWeb automatically calculates this value by multiplying the residual cost impact value with the occurrence probability of the risk.
The data captured in the risk analysis will be used to create and share the risk register report. The report will detail the details of pre-mitigation and post-mitigation likelihood, impact and exposure of each risk. The risk can be designed to group risks by project stage, risk category and response strategy used to treat risks. Of course, the layout and format of the risk register can be designed in any desired form or format.
In addition, the calculated expected exposure value of each residual risk will be also reported on. This estimated risk exposure will be the basis for setting the contingency reserve value in the project budget. The report can be designed to include visuals to summarize the expected contingency reserve value by risk category, project phase and selected risk response strategy. The risk register table will display the pre-mitigation and post-mitigation assessment of each risk occurrence likelihood, impact and score as well as the cost of the residual risk and expected risk value.
The consolidated risk register report which includes the likelihood and impact assessment details for identified risks along with the project schedule activity associated with each risk will be imported to a Monte Carlo risk simulation software application, like Safran, to address the other requirements for quantitative risk analysis. The Monte Carlo risk simulation enables the project risk team to determine the probability for achieving the project’s milestone dates and approved budget. In addition, it helps to identify the 10 or 20 risks that have the highest impact on the project which will be presented a report known as the Tornado report.
To enforce governance when managing project risks, PMWeb stage gate module will be used to link each created risk register to its relevant project life cycle stage. This will enable accessing the risk registers as well as other deliverables associated with each project life cycle stage. In addition, the exist scoring criteria for each project life cycle stage will include all items required to be assessed including those that relate to risk assessment to enable making the decision to either continue with the project as is, make changes and then proceed or terminate the project. Each score item will have it is own weight value to reflect the importance of each item to the “Go/ No-Go” decision that needs to be done.
As the project progresses into execution, risks need to be monitored and controlled. This will require appending the risk registers with newly identified and emerged risks as well as update the assessment of previously identified risks. Measures can be added to report the on the performance of the risk management process. In addition, reports can be generated to filter and select risks that need to be watched so they can be monitored and controlled.
The monitoring and controlling of risks also include capturing the issues that could stem from risks that have actually occurred. For those risks, PMWeb potential change order module will be used to capture the details of those issues and link them to the risk register where this risk was originally identified, assessed, evaluated and responded to. For issues that their resolution requires change, PMWeb will enable generating a change order from approved potential change orders that will be used to modify the commitment contract associated with the occurred risk.
In addition, PMWeb change event module can be also used to link all change orders issued to address the actions take to respond to the impact of occurred risks as well as the budget adjustments made to either transfer funds from the reserve cost accounts to other project scope of work cost accounts or increase the project baseline budget. The change event can will be also linked to the risk register where the occurred risk was initially identified to trace the reasons that lead to this change.
The built-in integration between PMWeb risk analysis, issues or potential change order and change order modules allows generating a report that will detail all potential changes and changes that the project was subject to due to risks that have actually occurred. The integrated risk-change report will provide stakeholders with the insight on how risks have impacted what was originally planned for.
PMWeb will be also used to report on the project contingency reserve drawdown as a result of responding to risks that have actually occurred and resulted in a change to what was originally planned. The report will capture those details from PMWeb budget and budget request module which will be used to transfer funds from the project contingency reserve cost center to other affected project scope of work cost centers. The report can also report on the time buffer activity which will be associated with the project contingency reserve cost center.
To enforce the culture of continuous improvement, the project risk management team needs used the knowledge gained and lessons learned in creating risk registers that will come ready with the predefined risks for each category. This will enable the project risk team to use those templates on future projects. This will expedite the risks identification as well as ensure that the risk list is comprehensive. The lessons learned register report should be one of the deliverables of the post-project review workshop that the project risk management team will carry out.
Similar to all other business processes managed in PMWeb, the project team can attach all supportive documents to each business process template detailed above. It is highly recommended to add details to each attached document to better explain to the reader what is being attached and viewed. In addition, links to other relevant transactions or records of other business processes managed in PMWeb can be also added.
It is also highly recommended that all those supportive documents, regardless of their type or source, get uploaded and stored on PMWeb document management repository. PMWeb allows creating folders and subfolders to match the physical filing structure used to store hardcopies of those documents. Permission rights can be set to those folders to restrict access to only those users who have access to do so. In addition, PMWeb users can subscribe to each folder so they can be notified when new documents are uploaded or downloaded.
To enforce transparency and accountability in managing the business processes detailed above, a workflow needs to be added to each template to map the submit, review and approve tasks, role or roles assigned to each task, task duration, task type and actions available for task. The workflow can be configured to include the approval authority levels as set in the Delegation of Authority (DoA) document.
When a transaction for any of the business processes detailed above is submitted for review and approval, the workflow tab available on the relevant template will capture the planned review and approve workflow tasks for each transaction as well as the actual history of those review and approval tasks. The captured workflow data will include the actual action data and time, done by who, action taken, comments made and whether team input was requested.
About the Author
Bassam Samman, PMP, PSP, EVP, GPM is a Senior Project Management Consultant with 40-year service record providing project management, project controls services and project management information system to over than 200 projects with a total value in excess of US $100 Billion. Those projects included Commercial, Residential, Education and Healthcare Buildings and Infrastructure, Entertainment, Hospitality and shopping malls, Oil and Gas Plants and Refineries, Telecommunication and Information Technology projects. He is thoroughly experienced in complete project management including project management control systems, computerized project control software, claims analysis/prevention, risk analysis/management (contingency planning), design, supervision, training and business development.
Bassam is a frequent speaker in topics relating to Project Management, Strategic Project Management and Project Management Personal Skills. Over the past 40 years he has lectured at more than 350 events and courses at different locations in the Middle East, North Africa, Europe and South America. He has written more than 500 articles on project management and project management information systems that were featured in international and regional magazines and newspapers. He is a co-founder of the Project Management Institute- Arabian Gulf Chapter (PMI-AGC) and has served on its board of directors for more than 6 years. He is a certified Project Management Professional (PMP) from the Project Management Institute (PMI), a certified Planning and Scheduling Professional (PSP) and Earned Value Professional (EVP) from the Association for the Advancement of Cost Engineering (AACE) and Green Project Management (GPM).
Bassam holds a Masters in Engineering Administration (Construction Management) with Faculty Commendation, George Washington University, Washington, D.C., USA, Bachelor in Civil Engineering – Kuwait University, Kuwait and has attended many executive management programs at Harvard Business School, Boston, USA and London Business School, London, UK.