Monday

Tag Archives: Risk Management

Risk management handbook published

Posted on June 11, 2016 by | Leave a comment

The Risk Management Handbook edited by Dr. David Hillson (the ‘risk doctor’) is a practical guide to managing the multiple dimensions of risk in modern projects and business.  We contributed Chapter 10: Stakeholder risk management.

The 23 Chapters are a cutting-edge survey of the risk management landscape, providing a broad and up-to-date introduction to risk, with expert guidance on current best practice and cutting-edge insight into new developments within risk management.

For more on the book, see: www.koganpage.com/product/the-risk-management-handbook-9780749478827

Leave a comment

Posted in Risk

Tagged , ,

The language used to define risks can contribute to failure.

Posted on May 15, 2016 by | 2 comments

If a risk is going to be adequately managed, it needs to be defined.  Failing to describe the actual risk (or risks) will almost inevitably lead to project failure and will frequently exacerbate the damage.

In recent times, there seems to be an explosion of documents in the public domain, including academic papers (where one would have hoped the reviewers and editors knew better) listing as ‘risks’ factors that cannot ever be risks.  The ‘fact’ hides the real or consequential risks that may be manageable.

Risk 101 – a risk is an uncertainty that may affect a project objective if it occurs. For something to be a risk, there has to be an uncertainty and the uncertainty may have a positive or negative impact on one or more objectives (see more on risk management). Risk management involves balancing the uncertainty, its potential impact and the cost and effort needed to change these for the better. But to do this you need to focus on the uncertainties that can be managed.

One of more frequently miss-described risks is ‘technical complexity’.  The degree of technical difficulty involved in a project is a FACT that can be measured and described!  Some projects such as launching a space rocket are technically complex, other less so; but NASA has a far higher success rate in its rocket launches than most IT departments have in developing successful software applications that achieve their objectives.  The technical difficulty may give rise to consequential risks that need addressing but these risks have to be identified and catalogued if they are going to be managed. Some of the risks potentially arising out of technical complexity include:

  • Inadequate supply of skilled resources in the marketplace / organisation;
  • Management failing to allow adequate time for design and testing;
  • Allowing technicians to ‘design in’ unnecessary complexity;
  • Management failing to provide appropriately skilled resources;
  • Management lacking the skills needed to properly estimate and manage the work;
  • Etc.

Another common risk in many of these pseudo risk lists is ‘lack of senior management support’.  This is a greyer area, the project team’s perception of management support and the actual level of support from senior management may differ. Developing an understanding of the actual attitude of key senior managers requires a methodical approach using tools such as the Stakeholder Circle.  However, even after defining the actual attitude of important senior managers the lack of precision in the risk description will often hide the real risks and their potential solutions or consequences:

  • If there is a real lack of senior management support the project should be cancelled, its probability of failure is greater than 80%. Continuing is simply wasting money.
  • If the problem is senior management failing to understand the importance of the project, this is an issue (it exists) and the solution is directed communication (see more on directed communication). The risk is that the directed communication effort will fail, leading to project failure, this risk needs careful monitoring.
  • If the problem is a project sponsor (or steering committee) who is not committed to project success and/or a sponsor (or steering committee) lacking understanding of his/her role (see more on the role of a sponsor) this is another issue with a solution based in education or replacement. Depending on the approach to resolving the issue (and its guaranteed impact on project success if the issue remains unresolved) the risk is either the necessary education process may not work and/or poor governance and senior management oversight will allow the issue to continue unresolved – these specific risks need to be explicitly described and acknowledged if they are to be managed.

The first step to managing risks effectively is developing a precise description of the actual risk that requires managing. If there are several associated risks, log each one separately and then group them under a general classification.   The description of each risk is best done using a common meta language such as:

  • ‘[Short name]: If a [description of risk] caused by [cause of risk] occurs, it may cause [consequence of occurrence]’. For example:
  • ‘Storms: If a heavy thunderstorm caused by summer heat occurs, it may cause flooding and consequential clean up’.

For each risk you need to:

  • Define the risk category and short name;
  • Describe the risk using an effective ‘risk meta language’;
  • Determine if the risk is an opportunity or threat and quantify its effect;
  • Prioritise the risk using qualitative assessment process;
  • Determine the optimum response;
  • Implement the response and measure its effectiveness (see more on risk assessment).

A simple Excel template such as this can help: http://www.mosaicprojects.com.au/Practical_Risk_Management.html#Tools

Managing issues is similar, the key difference is the consequences of an unresolved issue are certain – the issue is a fact that has to be dealt with (see more on issues management).

There are a number of factors that can cause both risks and issues to be improperly defined, some technical, most cultural. Three of the most important are:

  • Dealing with easy to identify symptoms without looking for the root cause of the risk / issue (see more on root cause analysis).
  • A management culture that does not allow open and honest reporting of risks and issues; preferring to hide behind amorphous descriptions such as ‘technical complexity’ rather than the real risk ‘management’s inability to manage this level of complicated technology’.
  • Failing to allow adequate time to analyse the stakeholder community using tools such as the as the Stakeholder Circle so that the full extent of risks associated with people’s capabilities and attitudes can be understood – these can account for up to 90% of the actual risks in most projects.

Management culture is the key to both allowing and expecting rigorous and honest assessment of risk. One of the key functions of every organisation’s governing body is to design, create and maintain the organisation’s management culture, this is a problem that starts at the top! For more on the roles of governance see: http://www.mosaicprojects.com.au/WhitePapers/WP1096_Six_Functions_Governance.pdf.

2 Comments

Posted in Governance, Risk

Tagged , , , , ,

Stakeholders and Reputational Risk

Posted on April 25, 2016 by | 1 comment

Your reputation and your organisation’s reputation are valuable assets. The willingness of others to trust you, their desire to work with you and virtually every other aspect of the relationship between you and your stakeholders is influenced by their perception of your reputation (see more on The value of trust).  But reputations are fragile: they can take a lifetime to build and seconds to lose. Some of the factors influencing them are:

  1. Reputation cannot be controlled: it exists in the minds of others so it can only be influenced, not managed directly.
  2. Reputation is earned: trust is based on consistent behaviour and performance.
  3. Reputation is not consistent: it depends on each stakeholder’s view. One organisation can have many different reputations, varying with each stakeholder.
  4. Reputation will vary: each stakeholder brings a different expectation of behaviour or performance and so will have a distinct perception of reputation.
  5. Reputation is relational: you have a reputation with someone for something. The key question is therefore: ‘with whom, for what?’
  6. Reputation is comparative: it is valued in comparison to what a particular stakeholder experiences or believes in relation to peers, performance and prejudice.
  7. Reputation is valuable: but the true value of reputation can only be appreciated once it is lost or damaged.

Estimating the ‘true value’ of your reputation is difficult and as a consequence decisions on how much to invest in enhancing and protecting your reputation becomes a value judgment rather than a calculation. Your reputation is created and threatened by both your actions and their consequences (intended or not).  Some actions and their effects on your reputation are predictable, others are less so and their consequences, good or bad are even less certain. This is true regardless of your intention; unexpected outcomes can easily cause unintended benefit or damage to your reputation.

Building a reputation requires hard work and consistency; the challenge is protecting your hard earned reputation against risks that can cause damage; and you never know for sure what will cause reputational damage until it is too late – many reputational risks are emergent.

Managing Reputational Risk in Organisations

Because an organisation’s reputation is not easy to value or protect, managing reputational risk is difficult! This is particularly true for larger organisations where thousands of different interactions between staff and stakeholders are occurring daily.

The first step in managing an organisation’s reputational risk is to understand the scope of possible damage, as well as potential sources and the degree of possible disruption. The consequence of a loss of reputation is always the withdrawing of stakeholder support:

  • In the private sector this is usually investor flight and share value decline; these can spiral out of control if confidence cannot be restored.
  • In the public sector this is typically withdrawal of government support to reflect declining confidence.
  • In the professional sector client confidence is vital for business sustainability; a loss of reputation means a loss of clients.

Each sector can point to scenarios where the impact of reputation damage can vary from mild to catastrophic; and whilst the consequences can be measured after the effect they are not always predictable in advance.  To overcome this problem, managing reputation risk for an organisation requires three steps:

  • Predict: All risk is future uncertainty, and an appropriate risk forecasting system to identify reputation risk is required – creative thinking is needed here! The outcomes from a reputational risk workshop will be specific to the organisation and the information must feed directly into the governance process if reputation risk is to be taken seriously (see more on The Functions of Governance).
  • Prepare: Reputation risk is a collective responsibility, not just the governing body’s. All management and operational staff must recognise the organisation’s reputation is important and take responsibility for protecting it in their interaction with stakeholders. The protection of reputation should also be a key element in the organisation’s disaster recovery plans.
  • Protect: A regular vulnerability review will reveal where reputation risk is greatest, and guide actions to prevent possible damage. Each vulnerability must be assessed objectively and actions taken to minimise exposure. Significant risks will need a ‘protection plan’ developed and then implemented and monitored.

Dealing with a Reputational Risk Event

When a risk event occurs, some standard elements needs to be part of the response for individuals and organisations alike. For reputation enhancing risk events, make sure you acknowledge the ‘good luck’ in an appropriately and take advantage of the opportunity in a suitably authentic way. Over-hyping an event will be seen as unauthentic and have a negative effect on reputation; but good news and good outcomes should be celebrated. Reputation threatening risk events need a more proactive approach

  • Step 1: Deal with the event itself. You will not protect your reputation by trying to hide the bad news or ignoring the issue.  Proactively work to solve the problem in a way that genuinely minimise harm for as many stakeholders as possible minimises the damage that has to be managed.
  • Step 2: Communicate. And keep communicating – organisations need to have a sufficiently senior person available quickly as the contact point and keep the ‘news’ coming. Rumours and creative reporting will always be worse then the fact and will grow to fill the void. All communication needs to be open, honest and as complete as possible at the time.  Where you ‘don’t know’ tell people what you are doing to find out. (see Integrity is the key to delivering bad news successfully).
  • Keep your promises and commitments. If this becomes impossible because of changing circumstances tell people as soon as you know, don’t wait for them to find out.
  • Follow up afterwards. Actions that show you really care after the event can go a long way towards repairing the damage to your reputation.

Summary

Reputation is ephemeral and a good reputation is difficult to create and maintain. Warren Buffet in his 2015 memo to his top management team in Berkshire Hathaway emphasised that their top priority must be to ‘zealously guard Berkshire’s reputation’. He also reminded his leadership team that ‘we can afford to lose money–even a lot of money. But we can’t afford to lose reputation–even a shred of reputation’ (discussed in Ethics, Culture, Rules and Governance). In the long run I would suggest this is true for every organisation and individual – your reputation is always in the minds of other people!

1 Comment

Posted in Ethics

Tagged , , , , , , ,

Project Risk Management – how reliable is old data?

Posted on January 28, 2016 by | 5 comments

One of the key underpinnings of risk management is reliable data to base probabilistic estimates of what may happen in the future.  The importance of understanding the reliability of the data being used is emphasised in PMBOK® Guide 11.3.2.3 Risk Data Quality Assessment and virtually every other risk standard.

One of the tenets underpinning risk management in all of its forms from gambling to insurance is the assumption that reliable data about the past is a good indicator of what will happen in the future – there’s no certainty in this processes but there is degree of probability that future outcomes will be similar to past outcomes if the circumstances are similar. ‘Punters’ know this from their ‘form guides’, insurance companies rely on this to calculate premiums and almost every prediction of some future outcome relies on an analogous interpretation of similar past events. Project estimating and risk management is no different.

Every time or cost estimate is based on an understanding of past events of a similar nature; in fact the element that differentiates an estimate from a guess is having a basis for the estimate! See:
–  Duration Estimating
–  Cost Estimating

The skill in estimating both normal activities and risk events is understanding the available data, and being able to adapt the historical information to the current circumstances. This adaptation requires understanding the differences in the work between the old and the current and the reliability and the stability of the information being used. Range estimates (three point estimates) can be used to frame this information and allow a probabilistic assessment of the event; alternatively a simple ‘allowance’ can be made. For example, in my home state we ‘know’ three weeks a year is lost to inclement weather if the work is exposed to the elements.  Similarly office based projects in the city ‘know’ they can largely ignore the risk of power outages – they are extremely rare occurrences. But how reliable is this ‘knowledge’ gained over decades and based on weather records dating back 180 years?

Last year was the hottest year on record (by a significant margin) as was 2014 – increasing global temperatures increase the number of extreme weather events of all types and exceptionally hot days place major strains on the electrical distribution grids increasing the likelihood of blackouts.  What we don’t know because there is no reliable data is the consequences.  The risk of people not being able to get to work, blackouts and inclement weather events are different – but we don’t know how different.

Dealing with this uncertainty requires a different approach to risk management and a careful assessment of your stakeholders. Ideally some additional contingencies will be added to projects and additional mitigation action taken such as backing up during the day as well as at night – electrical storms tend to be a late afternoon / evening event. But these cost time and money…..

Getting stakeholder by-in is more difficult:

  • A small but significant number of people (including some in senior roles) flatly refuse to accept there is a problem. Despite the science they believe based on ‘personal observations’ the climate is not changing…….
  • A much larger number will not sanction any action that costs money without a cast iron assessment based on valid data. But there is no valid data, the consequences can be predicted based on modelling but there are no ‘facts’ based on historical events……..
  • Most of the rest will agree some action is needed but require an expert assessment of the likely effect and the value proposition for creating contingencies and implementing mitigation activities.

If it ain’t broke, don’t fix it???? 

The challenge facing everyone in management is deciding what to do:

  • Do nothing and respond heroically if needed?
  • Think through the risks and potential responses to be prepared (but wait to see what actually occurs)??
  • Take proactive action and incur the costs, but never being sure if they are needed???

There is no ‘right answer’ to this conundrum, we certainly cannot provide a recommendation because we ‘don’t know’ either.  But at least we know we don’t know!

I would suggest discussing what you don’t know about the consequences of climate change on your organisation is a serious conversation that needs to be started within your team and your wider stakeholder community.

Doing nothing may feel like a good options – wait and see (ie, procrastination) can be very attractive to a whole range of innate biases. But can you afford to do nothing?  Hoping for the best is not a viable strategy, even if inertia in your stakeholder community is intense. This challenge is a real opportunity to display leadershipcommunication and  negotiation skills to facilitate a useful conversation.

5 Comments

Posted in Communication, Risk, Stakeholder Management

Tagged , , , , , ,

Extreme Risk Taking is Genetic……

Posted on December 20, 2014 by | 2 comments

A recent 2014 scientific study, Going to Extremes – The Darwin Awards: sex differences in idiotic behaviour highlights the need for gender diversity.  The class of risk studied in this report is the idiotic risk, one that is defined as senseless risks, where the apparent payoff is negligible or non-existent, and the outcome is often extremely negative and often final. The results suggest that having an ‘all male’ or male dominated decision making group may be a source of risk in itself.

Sex differences in risk seeking behaviour, emergency hospital admissions, and mortality are well documented and confirm that males are more at risk than females. Whilst some of these differences may be attributable to cultural and socioeconomic factors (eg, males may be more likely to engage in contact and high risk sports, and are more likely to be employed in higher risk occupations), sex differences in risk seeking behaviour have been reported from an early age, raising questions about the extent to which these behaviours can be attributed purely to social and cultural differences. This study extends on these studies to look at ‘male idiot theory’ (MIT) based on the archives of the ‘Darwin Awards’. Its hypothesis derived from Women are from Venus, men are idiots (Andrews McMeel, 2011) is that many of the differences in risk seeking behaviour may be explained by the observation that men are idiots and idiots do stupid things…… but little is known about sex differences in idiotic risk taking behaviour.

The Darwin Awards are named in honour of Charles Darwin, and commemorate those who have improved the human gene pool by removing themselves from it in an idiotic way (note the photographs are both of unsuccessful attempts to win an award).  Whilst usually awarded posthumously, (the idiot normally has to kill themselves) the 2014 The Thing Ring award shows there are other options.  Based on this invaluable record of idiotic human behaviour, the study considered the gender of the award recipients over a 20 year period (1995-2014) and found a marked sex difference in Darwin Award winners: males are significantly more likely to receive the award than females.

Of the 413 Darwin Award nominations in the study period, 332 were independently verified and confirmed by the Darwin Awards Committee. Of these, 14 were shared by male and female nominees (usually overly adventurous couples in compromising positions – see: La Petite Mort) leaving 318 valid cases for statistical testing. Of these 318 cases, 282 Darwin Awards were awarded to males and just 36 awards given to females. Meaning 88.7% of the idiots accepted as Darwin Award winners were male!

Gender diversity on decision making bodies may help to reduce this potential risk factor in two ways.  First, by reducing the percentage of people potentially susceptible to MIT. Second, by modifying the social and cultural environment within decision making body, reducing the body’s tendency to take ‘extreme risk decisions’.

One well documented example is the current Federal Government. Given the extremely limited representation of women in the make-up of the current Abbott government, and some of the self-destructive decisions they have made, I’m wondering if there is a correlation. A softer, less aggressive, lower risk approach to implementing many of the policies they have failed to enact may have resulted in a very different outcome for the government.

2 Comments

Posted in Governance, Risk, Stakeholder Management

Tagged , , , , , , ,

Two events not to miss

Posted on October 30, 2013 by | Leave a comment

Two events in Melbourne not to be missed!

1: IPMD Melbourne:

First on the 14th November – Melbourne’s first ever International Project Management Day breakfast.

To preview Dr Amantha Imber, the breakfast keynote speaker’s thoughts on innovation and creativity see: http://www.youtube.com/watch?v=nfUNp9LABhU.  Want more?  Download the event PDF and book your breakfast from: http://www.mosaicprojects.com.au/ftp/IPMD_14th%20Nov_Melbourne%20Event.pdf

Unfortunately I cannot make the breakfast – we are running our last PMP and CAPM courses for the year that week (starting 11th November) and as a scheduler, know being in two places at the same time is difficult. For more on the training see: http://www.mosaicprojects.com.au/Training-Schedule.html

2: Making Sense of Schedule Risk Analysis – Free Event

Second, on the 20 November, international risk management expert, Tony Welsh, President of Barbecana Inc and developer of the Full Monte risk analysis tool is the speaker at the AIPM Project Controls SIG (PC-SIG) meeting to be held at The Water Rat Hotel, 256 Moray Street, South Melbourne: http://www.thewaterrathotel.com.au/, on Wednesday 20th November (start 5.30pm). There is no catering for the forum but interested participants are invited to pre- and post-forum drinks at the bar (after all it is a pub!!).

This is a free event open to anyone with an interest in project controls, however, to make sure there’s adequate seating we are asking you to register with AIPM at http://www.aipm.com.au/iMIS/Events/Event_Display.aspx?EventKey=VI131120&zbrandid=2139&zidType=CH&zid=5168408&zsubscriberId=505907810&zbdom=http://aipm.informz.net (the event is free). But as long as you don’t mind the risk of standing, pre-registration is not essential. And I definitely will be attending this event.

Leave a comment

Posted in General Project Management

Tagged , , , ,

Making Sense of Schedule Risk Analysis – Free Event

Posted on October 20, 2013 by | 1 comment

Mosaic Project Services is pleased to be supporting a free AIPM Project Controls SIG  (PC-SIG) meeting to be held at The Water Rat Hotel, 256 Moray Street, South Melbourne VIC, 3205: http://www.thewaterrathotel.com.au/

Date: Wednesday 20 November 2013,  Start 5.30 pm – Start (note earlier start time) Finish 7.00 pm –  There is no catering for the forum but interested participants are invited to pre and  post- forum drinks at the bar (after all it is a pub!!).

The agenda for the meeting is:

  • 17:30 Welcome to the AIPM SIG COP
  • 17:35 AIPM News – John Williams
  • 17:40 Project Controls Developments – Pat Weaver
  • 17:45 Presentation “Making Sense of Schedule Risk Analysis” – Tony Welsh
  • 18:45 Wrap up
  • 18:50 Close (after-meeting drinks/ dinner option)

The main presenter is Tony Welsh, President, Barbecana Inc. http://www.barbecana.com

Tony was one of the founders of Welcom (producer of Open Plan and Cobra) back in 1983.  He sold the company to Deltek in 2006 and has recently started a new company, Barbecana.

Tony grew up in South East London and holds degrees in physics from Oxford University and in operations research from the London School of Economics. His career began at Imperial Chemical Industries (ICI) under the direction of John Lawrence, a leading light in operations research (O.R.) and editor of the British O.R. Society journal. His work focused on sales forecasting, media scheduling, and measuring the affects of advertising.

Since 1980, Tony has been involved exclusively with project management software, for most of that time at the company he co-founded, Welcom. During that time he has been personally responsible for, among other things, the development of no less than four schedule risk analysis systems.

His paper will start with a brief discussion of the nature of uncertainty and how we measure it, the validity of subjective estimates, and why schedule uncertainty is different and more complex than cost uncertainty.  This will include an explanation of the phenomenon of merge bias.

It will go on to explain how Monte Carlo simulation works and why it is the only valid way to deal with schedule uncertainty.  Reference will be made specifically to uncertainty relating to task durations, resource costs, and project calendars.

The main part of the paper will deal with how to determine the input data, including correlations, and how to interpret the results, including estimated frequency function, cumulative frequency function, and percentile points.

The paper will conclude with a discussion of sensitivity analysis, its value, and the difficulty of doing it properly.

This event is a rare opportunity for Australian based project controls professionals in and around Melbourne to engage with one of the founders of the project controls profession, still active in developing and advancing our skills and knowledge.

To help manage numbers you are asked to register with AIPM at?  http://www.aipm.com.au/iMIS/Events/Event_Display.aspx?EventKey=VI131120&zbrandid=2139&zidType=CH&zid=5168408&zsubscriberId=505907810&zbdom=http://aipm.informz.net  (the event is free).  But as long as you don’t mind the risk of standing, pre-registration is not essential.

As the event sponsor, my hope is we have a really good turnout for the event and look forward to seeing you at The Water Rat – there’s plenty of street parking and the pub is on the #1 tram route.

1 Comment

Posted in Project Controls, Risk

Tagged , ,

The social dynamics of governance – Bullying and Pressure Projects

Posted on August 16, 2013 by | Leave a comment

A number of current news items have highlighted the complexity and interconnectedness of governance in organisations. The blog post is going to draw together four elements – high pressure projects, bullying, the need for organisations to provide a safe workplace and the need to support people with mental illness; all of which have interconnected governance implications.

To lay the foundation for this post, the interconnected nature of governance has been discussed in our post Governance -v- Management: A Functional Perspective  and is best displayed in this ‘petal diagram’

The catalyst for this post are some recent changes in Australian workplace legislation that is forcing all types of organisations to consider how they manage the mental health of their paid and volunteer workforce.  In essence these codified requirements are no different to the pre-existing requirements to protect the physical wellbeing of the workforce and others interacting with the organisation, the only difference is mental heath and wellbeing are now overtly covered.

The new uniform national workplace health and safety laws require employers to ensure that workplaces are physically and mentally safe and healthy, and the work environment does not cause mental ill-health or aggravate existing conditions.  Under these harmonised laws ‘reckless conduct’ offences incur penalties of up to $3 million for corporations and $600,000 and/or 5 years jail for individuals.

These challenges cannot be avoided; it remains illegal to discriminate against individuals on the grounds of disability, including mental disability, in the same way it is illegal to discriminate on the grounds of age, sex, race, and religious and other beliefs.

These are not trivial issues as the  $230,000 penalty (fines and costs) awarded  by the Victorian Supreme Court against the former operator of a commercial laundry for ‘workplace abuse’ and the  reputations damage suffered by CSIRO (Australia’s premier scientific research organisation), over on-going bullying allegations demonstrate.

There is a growing awareness of psychological hazards in the workplace including bullying, harassment and fatigue; and the consequences of organisational failures in this area can extend well beyond the strict legal liabilities.  To avoid prosecution and reputational damage, organisations are increasingly being required to take proactive, preventative actions and implement a culture, reinforced by effectively implemented policies to manage these aspects of workplace health and safety. Attitudes are slow to change and creating a culture that properly respects and protects mental wellbeing will require a sustained focus at the governance levels of the organisation as well as in the day-to-day management of the work place.

The payback for good governance and effective management in this area is that organisations that promote good mental health in the workplace are seen as great places to work, and have higher levels of productivity, performance, creativity, and staff retention, and tend to financially outperform other less well governed organisations. These are very similar findings to organisations that actively support and embrace ‘Corporate Social Responsibility (CSR) – apparently the good guys finish first (not last)!!

However, managing this change is not going to be simple!  Organisations are under ever increasing pressure to adapt to a rapidly changing environment and to produce ‘more with less’ to survive. One of the key capabilities enabling quick and effective strategic change is the domain of project and program management. In response to these organisational pressures, project managers are increasingly being placed under stress to be faster, cheaper and better and to deliver the new capability or ‘thing’ in record time.  Couple this to the mistaken belief of some managers that setting ‘stretch targets’ is a way to motivate workers (even though sustained failure is known to be a major cause of stress and demotivation) and you end up with a classic governance dilemma.

Deciding how to best balance these competing demands require an overarching governance policy supported by a sympathetic implementation by management to achieve both a safe work environment and an effective management outcome.  In the absence of effective governance managers are left to sort out their own priorities and frequently are driven by short term KPIs focused on easy to measure cost and time performance criteria. In these circumstances concern for performance frequently outweighs concern for people.

These issues are compounded by the fact that far too many middle and project managers lack effective people skills and can easily drift from pushing for performance to micro management to outright bullying. The mental wellbeing risks include applying undue pressure to perform that induces stress leading to depression; as well as more overt acts of aggression and bullying. The Australian Fair Work Amendment Bill of 2013 defines workplace bullying as ‘repeated, unreasonable behaviour directed towards a worker or group of workers that creates a risk to health or safety’.

Unfortunately, at least in the Australian context, bullying is a major unreported problem. A recent survey by the University of Sydney (see the report summary) has found that workplace bullying tends to be peer-to-peer and occurs at all levels of organisations. Most incidents occur within the presence of one’s peers, including bullying in meetings and other managers are unlikely to intervene. The problem is insidious, nearly 50% of the survey respondents reported bullying in the last year, and only 16% organisation assisted the situation when the problem was reported. But, ignoring the issue is a high risk strategy.

All types of organisation need to develop focused strategies to reduce the opportunities for bullying to occur at every level from the board room table down to the shop floor; and to policies backed by procedures to deal with bullying effectively when it does occur, in ways that support the victims. Bullying is illegal, causing damage to a person’s mental health is illegal (and bullying is only one way this can occur) and failing to effectively manage the consequences of mental illness is illegal.

The ongoing damage being caused to CSIRO’s reputation by the publication of the report into bullying within the organisation demonstrates the way these problems can escalate into a major issue for the Board. The on-going publicity associated with potential litigation and prosecutions has a long way to run before the final wash up allows CSIRO to move forward with a clean slate. And, as the CSIRO report suggests, the consequences of breaking the law are likely to be a small part of the overall damage caused governance failures in this important area.

The reason this is primarily a governance issue is the challenge associated with developing a philosophy and culture that empowers management to resolve the dilemma associated with balancing commercial objectives against personal wellbeing objectives – there is no ‘right answer’.  It is all too easy for executives to decide the organisation needs a new capability, managers being tasked to deliver the required outcome with inadequate resources, and the project manager to be given an unreasonably short timeframe for delivery.  The pressure to ‘perform’ inevitably leading to increases in stress, conflict and potentially bulling. But whilst there are many questions, and decisions, there are few clear answers:

  • When does the need to perform and work extended hours slip into workplace fatigue and an unsafe work environment?
  • When does the project manager’s desire to push team members for maximum performance slip into bullying?
  • Who is responsible for creating the unsafe work environment:
    –  The PM operating at the tactical level?
    –  The managers that set the strategic objectives?
    –  The executives who created the overall environment?
    –  The ‘governors’ who failed to offer appropriate leadership?

Good management can certainly alleviate some of the symptoms, but good governance is needed to eliminate the root cause and promote mental wellbeing in the workplace. At least in Australia there are now effective laws to help and the data shows improving this aspect of an organisation is good for business, and of course excellent stakeholder management.

Leave a comment

Posted in Governance

Tagged , , , , , , , , , ,

The Schedule Compliance Risk Assessment Methodology (SCRAM)

Posted on August 10, 2013 by | 1 comment

SCRAM is an approach for identifying risks to compliance with the program schedule, it is the result of a collaborative effort between Adrian Pitman from the Australian Department of Defence, Angela Tuffley of RedBay Consulting in Australia, and Betsy Clark and Brad Clark of Software Metrics Inc. in the United States.

SCRAM focuses on schedule feasibility and root causes for slippage. It makes no judgment about whether or not a project is technically feasible. SCRAM can be used:

  • By organisations to construct a schedule that maximizes the likelihood of schedule compliance.
  • To ensure common risks are addressed before the project schedule is baselined at the commencement of a project.
  • To monitor project status, performed either ad hoc or to support appropriate milestone reviews
  • To evaluate challenged projects, to assess the likelihood of schedule compliance, root cause of schedule slippage and recommend remediation of project issues

Whilst the documentation is intensely bureaucratic, the concepts in SCRAM move beyond the concepts embedded in processes such as the DCMA 14 point checklist  to asking hard questions about the requirements of stakeholders and how effectively risk has been addressed before baselineing the schedule.

The SCRAM concept is freely available.  The SCRAM Process Reference Model (PRM) and a Process Assessment Model (PAM) documents are available for immediate download from: https://sites.google.com/site/scramsitenew/home

For more on schedule risk assessment and compliance assessment see: http://www.mosaicprojects.com.au/Planning.html#S-Risk

1 Comment

Posted in Risk, Scheduling

Tagged , , , , , ,

What’s the Probability??

Posted on January 18, 2013 by | 10 comments

The solution to this question is simple but complex….

There is a 1 in 10 chance the ‘Go Live’ date will be delayed by Project 1
There is a 1 in 10 chance the ‘Go Live’ date will be delayed by Project 2
There is a 2 in 10 chance the ‘Go Live’ date will be delayed by Project 3

What is the probability of going live on March 1st?

To understand this problem let’s look at the role of dice:

If role the dice and get a 1 the project is delayed, any other number it is on time or early.
If you role 1 dice, the probability is 1 in 6 it will land on 1 = 0.1666 or 16.66% therefore there is a 100 – 16.66 = 83.34% probability of success.

Similarly, if you roll 2 dice, there are 36 possible combinations, and the possibilities of losing are: 1:1, 1:2, 1:3, 1:4, 1:5, 1:6, 6:1, 5:1, 4:1, 3:1, 2:1. (11 possibilities)

The way this is calculated (in preference to using the graphic) is to take the number of ways a single die will NOT show a 1 when rolled (five) and multiply this by the number of ways the second die will NOT show a 1 when rolled. (Also five.) 5 x 5 = 25. Subtract this from the total number of ways two dice can appear (36) and we have our answer…eleven.
(source: http://www.edcollins.com/backgammon/diceprob.htm)

Therefore the probability of rolling a 1 and being late are 11/36 = 0.3055 or 30.55%, therefore the probability of success is 100 – 30.55 = 69.45% probability of being on time.

If we roll 3 dice we can extend the calculation above as follows:
The number of possible outcomes are 6 x 6 x 6 = 216
The number of ways not to show a 1 are 5 x 5 x 5 = 125

Meaning there are 216 combinations and there are 125 ways of NOT rolling a 1
leaving 216 – 125 = 91 possibilities of rolling a 1
(or you can do it the hard way: 1:1:1, 1:1:2, 1:1:3, etc.)

91/216 = 0.4213 or 42.13% probability of failure therefore there is a
100 – 42.13 = 57.87% probability of success.

So going back to the original problem:

Project 1 has a 1 in 10 chance of causing a delay
Project 2 has a 1 in 10 chance of causing a delay
Project 3 has a 1 in 5 chance of causing a delay

There are 10 x 10 x 5 = 500 possible outcomes and within this 9 x 9 x 4 = 324 ways of not being late. 500 – 324 leaves 176 ways of being late. 176/500 = 0.352 or a 35.2% probability of not making the ‘Go Live’ date.
Or a 100 – 35.2 = 64.8% probability of being on time.

The quicker way to calculate this is simply to multiply the probabilities together:

0.9 x 0.9 x 0.8 = 64.8%

These calculations have been added to our White Paper on Probability.

10 Comments

Posted in Risk

Tagged , , , ,