PROACTIVE (?) RISK MONITORING AND CONTROL EFFORTS IN PROJECT RISK MANAGEMENT PROCESS
Ir. Mohd Amirul Ismail
Senior Manager - Project Delivery Risk | Governance, Risk & Compliance
1. Introduction
I decided to write about this topic because I have observed that the risk monitoring and control process step is one process step where lots of project risk managers have not proactively done. Frankly, I don’t have a candor personality to blow out the proportion of their passive approach. Each project risk manager I had met, had viscerally implemented this process step via regular risk meetings solely. I intend to propel them to move to the next level, create more dynamic participative in the risk management process. The most important thing is that risk owners and project stakeholders would yearn for the right support levels from project risk managers in any decision-making point.
Beforehand, it is worth mentioning that I started my career as a Civil Engineer in one civil engineering and construction company in Malaysia back in the year 2002. I have experienced completing detailed engineering and design works and taking up a role in project engineering management. I used to be highly cautious when analyzing soil investigation data and calculating the load-bearing capability of the ground elements. The latter shall support the sub-structures and superstructures that will be built directly on top. Intuitively, we have had managed risk. I have written this topic based on my knowledge, skills, and experiences in both arenas. Hence, my writing will technically sound engineering in the realm of project risk management.
Risk Management process consists of five steps; Planning, Identification, Analysis, Treat, Monitor, and Control. Monitor and control is one process step where project risk managers implemented both activities concurrently. In chapter 5: Monitoring and Controlling Process Group of PMBOK 6th Edition, Monitor Risks are defined as
“The process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project.”
PMBOK has listed inputs for this process in sub-item 5.10.2. However, they are not limited to; Issue Log, Lessons Learned Register, Risk Register, and Risk Report. While in the Total Cost Management Framework (TCM) of the AACE International, Risk Monitor and Control is written comprehensively in Section III Project Control Process, Item 7.6. In a nutshell, the TCM framework suggests or recommends constituting a review committee that periodically updates the qualitative analysis in one specific risk meeting, evaluates the effectiveness of the planned treatment strategies, and identifies new risks, if any.
2. Risk Review Meeting is Wasting Time.
I can tell that majority of risk owners or project stakeholders viewed risk meetings as complete time-wasting. They have already addressed risks in the other platforms, e.g., departmental, coordination, workshop, technical, and at least in progress meetings. Besides, project stakeholders have also embedded risk management in their standard operating procedures, which what setting the daily activities are. Hence, they perceived a risk review meeting as counterproductive. This excruciated perception is real and a disservice to project risk managers who periodically update the risk register. Getting attendance from the invited participants is a real predicament, leaving project risk managers with no choice but to proceed with whoever is attending at that time. Mr. Alex Sinderenko, a public figure in Risk Management topic in Linkedin, had debunked risk management bullshit and urged quitting from working in that intoxicating environment before project risk managers realized they had denigrated themselves. If that is the only appropriate solution, my professional experiences section in my curriculum vitae will take up six to seven pages. Indeed that is not favorable in the eyes of recruitment personnel. So I and us all, the project risk managers, have to work around and overcome these challenges.
3. Project Controls possess vital information for risk management.
Project Risk Managers must work hand in hand with those in project controls. Notably, the monitoring and control risk activities should be synchronized and integrated with schedule, cost controls, and also in Change Management. The objectives are to yield consistency in reporting and make risk output more predictive when oversight the potential future unfavorable circumstances. Project Controls is one discipline that possesses and dealing with important information in the project performance measurement and assessment. That information are also related to risk and significance.
In schedule control, a schedule is a tool for planners to assess project performance, identify which activities have started on time, delayed, yet to commence, and updated the actual versus planned completion. S-curve is generated based on cumulative earned achievement; in some matured cases, late start and early start curves indicate the flexibilities of float and resources. Project Risk Managers should be involved in that process, if not colloquial. Any concerns that concerned stakeholders are a risk description, while any alternative solution is a treatment strategy. And any forecast delay in the completion date is the score of schedule impact in the qualitative risk analysis section. When there is no way a contractor can overcome the setback, that’s the indication when the risk turned into an issue.
From the cost control perspective, project risk managers must be familiar with the elements that constitute cost impact corresponding to the schedule's duration. The spectrum encompasses direct and indirect costs, e.g., rented plants and machinery, logistic, preliminary and general costs (P&G), transportation, percentage of assumed variation order, etc. How Clients expressing the Extension of Time (EOT) in a contract is also essential. This information is useful when evaluating claims, where one will need to decide whether the prolongation cost needs to be accounted for. Alas, there are cases where some contractors have no more wherewithal to continue the project due to the above matters.
On the other hand, Change Management Log is one useful reference for Project Risk Managers to ascertain whether there is an incurred cost from risk materialization. Its spectrum helps project risk managers to dictate the right scoring in the qualitative risk analysis section. Per AACE;
“Change management imposes required structure and discipline in the project control process by maintaining the integrity of the control basis as a valid baseline, (i.e., a baseline that represents a project plan in alignment with project objectives and requirements). Since risk is anything that affects the potential to achieve objectives, an invalid baseline by definition diminishes risk management effectiveness”.
The above points briefly recognized the significance of integrating risk monitoring and control efforts with project controls. Hence, avoid confounding updates. It will also enable project risk managers to provide relevant comments for each risk item.
# To be continued
Group Head of Risk, Insurance and Internal Audit
3 年https://riskacademy.blog/what-is-a-risk-its-not-what-you-think-it-is/
Mission Critical Specialist: A/E/CM, EPC, CMaR.
3 年Can whole heartedly agree that Risk Review meetings can be difficult to secure attendance to and maintain attention during. All too often, project level Risk meetings devolve into an updating exercise of activity/information that should have been updated prior to the meeting. This is most often not the fault of the Risk Coordinator or Risk Mgr but a project level leadership issue. The Risk Mgr’s analysis is only as good as the information provided and the consistency of it. Larger enterprises that require/demand a Risk Report be apart of a projects Monthly Mgt reporting fair better. Risk meetings should spend time on confirmation of updating but majority of the time should be spent on issues resulting from delayed and/or inability to implement risk avoidance/mitigation measure and potential impacts relative to. Remaining time to identify new risks, flesh them out & overview projected impacts to cost/schedule/objectives. Though it can be frustrating, Risk Mgrs are unbiased analysts; not decision makers. We provide clear information in a form to drive decision making. We are communicators of the driving risks, project redefining risks and illuminating strategic Program/Portfolio/Business/Brand risks for escalation.