Risk Workshop and Risk Register - Coursework Example

Risk Workshop and Risk Register Risk Workshop and Risk Register Once the Risk Management Plan is prepared then it is important to map the Risk Workshop and the Risk Register so as to identify lapses in the project execution. In addition to this these also help in evaluating the project progress with respect to the previously stated aims and objectives. This paper aims to discuss all these aspects through following questions: 1. Identify the required pre-workshop activities. Risk workshops are the most significant part of major risk reviews. These are developed and executed in order to identify new risks while presenting reviews on progress. Moreover, they aim to discuss current risks along with their agreed responses and the overall project effectiveness. However, the risk workshops cannot be conducted successfully without a prior pre-workshop activities plan. Hence following are the fundamental pre-workshop activities for the Advanced Security System Project. Timing and design: The timing and design for the overall workshop has to be decided at this stage. It will be a two day workshop starting from 9am-5pm (day 1) and 9am-3pm (day 2). The workshop design will include: confirming the core project objectives, rules, risk identification, analysis, explanations, assessment, risk categorization and development of responses. Arrangement of equipment and facilities: These would include workshop or conference hall, comfortable seating arrangement, multimedia system for display of presentation, stationery and the recommended tools suggested by the board of directors. Moreover, availability of refreshments is also necessary. Methodology: The two day workshop will be based upon Access Organizational Readiness Report and the Risk Management Plan. Threats and opportunities from previous models which are consistent with the current project progress will be identified. Then the overall objectivities will be discussed along with the necessary steps required to be taken for evaluations and analysis. Thereafter the final recommendations and responses will be made. Certification: The workshop will end with the quality certification for the project Advanced Security System. This would be an important step in encouraging the working team while motivating people towards betterment. 2. Prepare a risk workshop agenda based on Sample Agenda for a First Risk Assessment / Two – Day Risk Workshop (Appendix B of the Hillson and Simon text). Include suggested time intervals for each activity and justify why each agenda item is relevant for this case. Risk Workshop Agenda for the Project Advanced Security System (Hillson and Simon, 2007) DAY 1 Morning 1. Introduction Flayton Electronics has recently encountered a significant customer data breach. Sensitive customer information including bank account details, credit card numbers and personal information has been lost. As a result the CEO of the organization Brett Flayton and the security manager Laurie initiated investigations concerning the stole of customer data. With very little effort the company identified that it does not have very well defined critical success factors and the employees are not well trained in customer dealing. Moreover, CIO has revealed that Flayton Electronics isn’t 100% PCI complaint due to which their transactions are not regularly checked. In order to deal with the data breach and other similar issues which might occur in future the company came up with a Risk Management Plan for the Advanced Security System. This plan critically identified the project objectives while presenting the risk tools and techniques and the future risks. Now the company has to develop a risk workshop and risk register to evaluate the project progress and required responses. The introduction to the workshop must not take less than half hour as this is an important part of the overall event. 2. Confirm project objectives Following project objectives are to be confirmed in the risk workshop. Total time duration is 1 hour: Allocation of $100,000 for the Security System Project. The plan should be started by the 15th February 2014 whereas the maximum time for completion is 6 months. The security system would check all the customer transactions while making sure that customers are giving authorized credit cards. For achieving this objective the company would require 100% PCI compliance. The efficiency and effectiveness of the overall Advanced Security System Project will be evaluated through risk management process, risk reviews and different techniques. 3. Confirm scope of risk process for this workshop Following elements of the risk process have to be confirmed for the workshop. Time duration for this part is half hour: The maximum delay in time and the maximum resources company can allocate for this project are to be discussed. For instance, Flayton Electronics can bear a risk 5 to 7 months delay in project completion whereas on the other hand it can allocate $80,000 to $120,000 to the Advanced Security System Project. The company has to ensure that customer trust and reputation must not be compromised as it is the primary competitive advantage for Flayton Electronics. Risk Management Plan reveals threats and opportunities which are acceptable up to the score P=-2 as depicted in the P-1 tables (P-I Tables, 2014). Confirm the participation of stakeholders in the entire project while analyzing the amount of maximum allocated resources. Create the ownership in risk project, disseminate of pertinent information on periodic basis. Additionally, analyze the duties of project manager along with the associates. Discuss the effectiveness of Advanced Security System Project while analyzing all the related activities which might take place during the project life cycle. Identify the external and internal security threats and the changes which might occur in the future business environment. Comprehensively converse about the management, technical and commercial risks. 4. Workshop ground rules Following are the ground rules for the Advanced Security System Risk Workshop (time: half hour): All the stakeholders, project managers and team members of Advanced Security System must attend the Risk Workshop. All the attendees should have the risk workshop briefing prior to the workshop. They must be facilitated to present their viewpoints in the workshop. The practical aspects of the Advanced Security System will be evaluated with the help of experts in security and management. The workshop must be conducted as per the agenda while the event organizers must be able to achieve the risk workshop objectives. 5. Risk management briefing In broader terms Risk Management refers to the continuous process of identifying, examining, assessing and treating the potential or occurred risks. It also deals with recognizing financial and human resources in order meet the future challenges. As in case of Flayton Electronics, the company faced data breach which is subsequently related to loss of customers’ trust while extra financial expenses so as to upgrade the security system. All the activities starting from risk identification to the final implementation of risk plan are managed by the risk manager. Moreover, different workshops and risk reviews are supposed to be prepared during this time. Total time for briefing is half hour. 6. Expectations and Results The Risk Workshop for the Advanced Security System is expected to evaluate the project progress while considering all the project and risk management objectives. Subsequently it should assess the performance of the employees and managers involved in this process. Finally the workshop should come up with substantial results in regard to the Advanced Security System and the security risks which Flayton Electronics might face in future. Total time for discussion of results and expectations is half hour. 7. Identify risks The workshop would have to identify the risks as per the Risk Breakdown Structure (Hillson and Simon, 2012). For instance, the workshop panel might come up with following identifications (time: half hour): Technical Risks: Risk management plan reveals different technical risks including requirement definition, estimates and constraints, technology and safety. Management Risks: These might be related to project management and communication issues. Commercial Risk: This is particularly associated with client/customer stability. External Risks: The external business environment is expected to impact the Flayton Electronic’s to a greater extent. This might be concerning to legislation and business competition. Afternoon In the second half of the workshop the assumptions and constraints related to future risks will be discussed. This would be beneficial in reducing assumed risks with significantly lower chances of occurrence. 8. Rationalize risks Following two risks have now very little rational importance (time for discussion: half hour). Requirements definition: The Company has already defined the critical risk factors and business strategies which are found to be consistent with this project. Estimates and constraints: Flayton Electronics has validated all the future risk assumptions which have subsequently removed the potential estimation issues and constraint risks. 9. Risk metalanguage Risk metalanguage is basically used to distinguish risks between cause and effect. For instance, the company would have to execute Advanced Security System (cause) to eliminate customer data breach (risk) while strengthening the relationship with clients (effect). Similarly the company would have to increase its technology (cause) to gain competitive advantage (risk) and significant market share (effect). Time for this discussion is 1 hour. 10. Record identified risks Following risks might be identified during the workshop (time: half hour): Delay in project completion. Lack of financial resources. Inactive employees and lack of managerial support. Increased pressure from the external environment. DAY 2 Morning 11. Explanation of assessment scheme (recap) All the risks will be assessed on the basis of different tools and techniques. For instance, the project size was calculated 44 which depicts that standard ATOM risk management plan would be sufficient for Advanced Security System Project. In addition to this the Double P-I matrix would be used to prioritize risks (time: 1 hour). 12. Assessment of probability and impacts Probability and impacts will be assessed by the predesigned ATOM risk management template. Here, the impact values will be specific to Advanced Security System Project (time: 1 hour). 13. Risks categorization Risks world be categorized considering security of customer data, critical success factors, project objectives, risk management plan objectives and impact on customer relationships. Moreover, they would be categorized on the basis of design, internal, external, project management and construction for the risk register (time: 1 hour). Afternoon 14. Nomination of Risk Owners Here, the risk owners or the key individuals who would be accountable for implementing the overall project and assuming future risks will be nominated. These individuals will be selected from among the stakeholders and managers and they will represent the entire team (time: 1 hour). 15. Develop initial responses to priority risks Responses will be developed for all the risks depending upon the priority setting and the overall need to cater the most important and immediate risks. These responses would be related to the risk management tools and techniques discussed in Advanced Security System Risk Management Plan (time: 1 hour). 16. Close the workshop The workshop will be closed with the identification of future risks including all the necessary responses and certification. 3. Determine the top five (5) threats in a risk register following Figure B-11, Sample Simplified Risk Register Format (Appendix B of the Hillson and Simon text). Include information from the case for each threat. S. No Risk Category Risk Threat Cause Effect Objective Response Strategy 1 External Funds not available Budget constraints Project delay Time Mitigate 2 Design Incorrect cost estimate Economic recession Project cost increases Cost Mitigate 3 Construction unrevealed utility impacts Unidentified utilities Project cost increases Cost Transfer 4 External Permit delays Agency issues Project penalties Quality Mitigate 5 Construction Differing technological conditions Natural or human errors Increased project costs Cost Transfer 4. Justify the assignment of probability and impacts for each threat identified in criterion number 3 of this assignment. S. No Threat Probability Impact Justification 1 Funds not available High Very high It will cause harm to project progress 2 Incorrect cost estimate Low High Addition finances required 3 Unrevealed utility impacts Low Low Indirect relation with the project 4 Permit delays Medium Low Indirect relation with the project 5 Differing technological conditions Medium High Security system is based upon technology 5. Document the top three (3) opportunities in a risk register following Figure B-11, Sample Simplified Risk Register Format (Appendix B of the Hillson and Simon text). Include information from the case for each opportunity. S. No Risk Category Risk Opportunity Cause Effect Objective Response Strategy 1 Project Management Increased Marketing Public exposure New customer Quality Sustain 2 External Decline in competition Economic recession Increased market share Market value Take Advantage 3 Design Advanced Technology Research and development Quick project progress Progress Take Advantage 6. Justify the assignment of probability and impacts for each opportunity identified in criterion number 5 of this assignment. S. No Opportunity Probability Impact Justification 1 Marketing High High Reduced marketing cost 2 Competition Low Low Substantial competitive advantage 3 Technology Medium Medium Reduction in project completion time References Hillson, D. & Simon, P. (2012). Project Risk Management: The ATOM Methodology. New York: New York: Management Concepts Press. Hillson, D. & Simon, P. (2007). Sample agenda for a First Risk Assessment/two-day risk workshop. ATOM Risk. P-I Tables. (2014). Retrieved Jan 17, 2014, from Epix Analytics. Read More