Charbagh ! (Call Girls) in Lucknow Finest Escorts Service 🥗 8923113531 🏊 Avai...
Risk 2012 Walenta 120926 sanitized
1. Risk Integration
Understand the difference of risk management on
project and program level and be able to manage
risks appropriately on each level while integrating
the view on risk management for the organization
Thomas Walenta, PMP
thwalenta@online.de
2. Why should we look at integrative risk
management for an organization?
What are the different vertical risk
management areas?
How is IBM managing risk on the
program/project level?
Why can Business Resilience help to reduce
implementation risk?
2
3. IBM Risk Study 2011: 77% of executives feel that risk exposure has
increased. Not a single respondent said risk is decreasing.
“The priority now is to
connect the top-down and
bottom-up views so that
our risk management
framework will be a truly
holistic business
resilience strategy.”
Jean-Pierre Bourbonnais, CIO/VP
77% Increase Information Technologies
Bombardier Aerospace
in Risk Exposure
Source: IBM Institute for Business Value - Risk Management Study 2011 3
4. IBM Risk Study 2011: Risk Silos are considered one of the most
important barriers to improve risk management
Lack of best
practices— 9% Functional
concentration within
the organization
(silos)— 28%
Lack of emerging
technologies— 12%
“My selling pitch to them
Lack of C-level (CEO and the board) is
vision and that a robust risk
commitment — management capability is
14% a competitive advantage.”
Yousef Valine, Chief Risk Officer,
First Horizon National Corporation
Inability to predict ROI
from improvements — 37%
4
Source: IBM Institute for Business Value - Risk Management Study 2011
5. IBM 2010 IT Risk Study: Major area for improvement to attain a
higher level of risk maturity: 'Risk Planning happens in silos'
Risk management issues
48%
Risk maturity
For the most part, risk
planning happens in silos 30% Low
23%
We take a reactive rather 38%
than a proactive approach 27% Low
to risk planning 35%
41%
We do not have a formal risk
management department
13% Medium
46%
13%
We do not have a well-crafted
business continuity strategy
28% Medium-High
54%
From a staffing perspective, we 13%
are ill prepared to handle the 34% Medium-High
changing risk landscape 51%
Agree/strongly agree Neither agree nor disagree Disagree/strongly 5
disagree IBM IT Risk Study 2010
Source:
6. Why should we look at integrative risk
management for an organization?
What are the different vertical risk
management areas?
How is IBM managing risk on the
program/project level?
Why can Business Resilience help to reduce
implementation risk?
6
7. Vertical Silo's: different levels of the organization look at risks in
different ways – examples of questions per level
Enterprise Risk Do we select the right long-term vision &
Management Strategy goals? What is happening on the market?
Are we compliant? Are profits, revenue &
Operations growth on target? Any structural risks?
Do we have optimal alignment of resources
Portfolio to initiatives? Right mix of initiatives?
Implementation
Is the goal on target? Are benefits achieved?
Risk Management Program Are Stakeholders satisfied?
Design Are requirements understood, is feasibility
proven?
Project
Delivery Are changes managed, cost & milestones in
line?
7
8. Risk integration across the organization
Enterprise Risk
Management Strategic
Risk
Strategy
Operational
Operations Risk
Portfolio Risk Portfolio
Implementation
Program
Risk Management
Risk Program
Design
Project Risk Project
Delivery
8
9. Attributes of Risk levels typically show different focus
on time, attitude, stakeholders and signs of risk
Orientation Stakeholders Key risk indicators
Strategic Future (3-5 yrs+) Shareholders, Market change
Risk Sustainability Market Competition
capabilities Stock value
Portfolio Risk Midterm (6-18 months) C-Suite, Resource constraints
Right mix of initiatives, division leaders
Best use of resources
Operational
Risk Past, Quarterly view regulation, auditors Audit results (SOX)
Compliance, resilience Profit, Growth, Revenue
Program Present and Future Strategic Goal Owners Benefits achievement
Risk Goals & benefits Business Lines Stakeholder acceptance
Opportunities Product Owners
Project Risk Present Program Managers Earned value – cost & time
Risk avoidance Sponsors Scope, quality, features
Clients, Project Team requirements match
9
10. Program Risk Project Risk
Categories (*) Typical Areas of concern Categories (*) Typical Areas of concern
Stakeholder Funding, major influencers
Environmental Risks Portfolio, Stakeholders, expectations
Politics, Compliance
Starting and Running the Requirements Conflicts, needs vs. wants
Program-Level Risk
program
Scope Boundaries, level of detail
Project Risks Escalated from Projects
Cost Estimation, contingency
Operational-level Risks Transition, Time Dependencies
Change management,
Benefits realization
Resources Availability, skills, boarding
Portfolio-related Risks Resources, effort
interdependencies
Quality Features, testing
Benefits-related Risks Synergy, systemic views, Feasibility Architecture, technical risks
architectural
(*) Source: PMI's Standards for Project, Program and Portfolio Mgmt
10
11. Project Portfolio Risk looks at finding the optimal mix of
initiatives to achieve the organizations strategy
Portfolio Risk Component Risk
Categories (*) Typical Areas of concern
Structural Risk Portfolio composition,
interactions, resources
Program
Risk
Component Risk Escalated from projects and
programs within the portfolio
Overall Risk Management maturity, Project Risk
governance
(*) Source: PMI's Standards for Project, Program and Portfolio Mgmt
11
12. Program Management is outward focussed while Project Management
mainly deals with project internals
Program Risk Project Risk
Benefits Scope
Understand
Create Plan
Achieve Control
Deliver
Stakeholders Governance Cost Time
12
13. ISO 31000:2009 provides principles and guidelines for risk management in
order to give a framework for risk integration
• creates and protects value.
• integral part of organisational processes Context
• part of decision making. Mandate
• explicitly addresses uncertainty.
Communicate & Consult
• systematic, structured and timely. Identify
Monitor & Review
Design
• based on the best available information.
• tailored. Analyze
Improve Implement
• takes human / cultural factors into
account. Evaluate
Monitor
• transparent and inclusive.
• dynamic, iterative, responsive to change. Assess
• continual improvement of the
organization. Treat
11 Principles Framework Process
13
14. Similar risk management frameworks for risk management on
implementation (PMI) and enterprise (COSO) levels
PMI … … COSO provides an ERM Framework
Plan Risk Internal Environment
Establishes the entity’s risk strategy and culture
Mgmt Objective Setting
Considers risk strategy in the setting of objectives, and forms
the risk appetite of the entity
Identify Event Identification
Differentiates risks and opportunities
Risk Assessment
Assesses the extent to which potential events might impact
objectives
Analyze
Risk Response
Identifies and evaluates possible responses to risk
Control Activities
Develop Creates policies and procedures to help ensure that the risk
responses are carried out
Responses
Information & Communication
Identifies, captures, and communicates pertinent information
Monitor &
Monitoring
Control Monitors effectiveness of ERM activities
Source: Committee of Sponsoring Organizations of the Treadway Commission (2004) 14
15. Why should we look at integrative risk
management for an organization?
What are the different vertical risk
management areas?
How is IBM managing risk on the
program/project level?
Why can Business Resilience help to reduce
implementation risk?
15
16. Integration between Program and Project levels: IBM's standard
regular risk assessment method '7 keys' is covering both areas
IBM's 'seven keys to
success' methodology is
used and enhanced since
more than 10 years and
incorporated into IBM's
Risk Management Tools.
16
17. Seven Keys are detailed by checklists and
incorporated in tools
Key Area: Project Program
Stakeholders committed internal external
Business benefits realized x
Work & Schedule predictable x
Scope realistic & managed x
Team is high performing x
Risks being mitigated x x
Delivery organizations benefits realized x
17
18. Risk integration is achieved across the organization by defining and
using Risk Management on implementation level, analysing risk data to
make strategic choices and adapt policies and processes
Strategy
Strategy
Operational
Risk
Data Analysis
Resilience –
helps to reduce Policies, processes
Portfolio
Portfolio impact on
operation risk
Program Risk
Common Risk Management Tool
Project Risk
18
19. Why should we look at integrative risk
management for an organization?
What are the different vertical risk
management areas?
How is IBM managing risk on the
program/project level?
Why can Business Resilience help to reduce
implementation risk?
19
20. Business resilience is the ability of an enterprise to rapidly adapt
and respond to risks, in order to maintain continuous business
operations, be a more trusted partner and enable growth (IBM).
20
21. Business Resilience is an important mitigating factor for
Implementation Risk
Role of Resiliency Influences overall
(ability to mitigate) organization performance
Risk = (Probability x Consequence) - Resilience
Project / Program View
Organizational View
21
22. Enterprise Risk Management: IBM surveyed 494 companies to better
understand how risk factors are affecting their overall performance
Study Objectives Study Methodology
Understand what risk factors are On-line survey conducted by
top-of-mind with executives today, IBM Institute for Business Value
and what they are strategizing to
alleviate the affects of risk on their 494 responses from individuals
enterprise performance with a title of CxO, EVP, GM, Vice
President, Director,
Identify their priorities and Product/Functional Mgr.
initiatives that they are investing in
to mitigate and manage risk Interviews with companies that
have holistic programs and are
Learn how they are monetizing risk to mitigate the
organizationally governing these effects and deliver value to the
risk initiatives enterprise
(*) Source: IBM: Combating Risk with predictive analysis, June 2012 22
23. IBM Study: Which initiatives has your organization adopted /
is most likely to adopt in the next three years?
Up to now Next 3 years
Develop integrated business 1
resilience strategy
Develop communications or training program 2
Invest in new risk-related solutions 2 3
Respond to recent natural disasters by
rethinking strategies 4
Engage external advisors
5
Discuss issues with supply-chain partners 4
Create a business continuity plan 1
Establish company-wide risk management team 3
Assign overall responsibility to a single 5
executive
(*) Source: IBM: Combating Risk with predictive analysis, June 2012 23
24. Leaders are applying predictive analytics to increase
business resilience
Leaders share these characteristics:
Reduced Risk Effects
Risk management is significant and core to their
+38% 65% business strategy
+15% 59%
44 They have comprehensive, “mature” risk
38% 65% 44%
% 59% management programs with an established
27 management system, top-down organization and
% network alignment
environmental operational They achieve business value by applying
intelligence to monitor, manage and mitigate risks
Leaders Other participants
Value Achieved
+16% 51%
+24% 48% +21% 48%
38% 51% +23%
38% 46% 38% 51%
46% 32%
44%
35% 51%
25%
24% 23%
cost efficiencies competitive advantage growth brand reputation
(*) Source: IBM: Combating Risk with predictive analysis, June 2012 24
25. IBM uses a lifecycle methodology to help clients achieve
sustainable improvements in business resilience.
Plan
Set
Inputs: objectives
Business objectives,
Business goals, priorities, policies
and current capabilities
imperatives: Analyze
Implement
Design
Information
Assess
Resilience
risk lifecycle
management
Evaluate Deploy
Regulatory
compliance
Corporate Monitor Control
Outputs:
governance Reduced risk, improved
governance and facilitated
compliance management
Manage
25
26. Why should we look at integrative risk
management for an organization?
What are the different vertical risk
management areas?
How is IBM managing risk on the
program/project level?
Why can Business Resilience help to reduce
implementation risk?
26
27. Risk Integration across the organisation is driven by overall business
resilience improvement and establishment of a risk management standard
Enterprise Risk
Management Strategy
Business
Resilience
Operations
Policy
Data
Portfolio
Implementation
Risk Management Program
Risk Mgmt
Standard
Design
Project
Delivery
27
28. How to obtain some more details?
thwalenta@online.de
http://de.linkedin.com/pub/thomas-walenta/0/3a6/732
http://twitter.com/twtomm
IBM Institute for Business Value / Studies
http://www-935.ibm.com/services/us/gbs/thoughtleadership/
2010 IT Risk Study
2011 Resilience and Risk Study
http://www-935.ibm.com/services/us/gbs/bus/html/risk_study.html
2012 Reputational Risk and IT Study
http://www-935.ibm.com/services/us/gbs/bus/html/risk_study-2012-infographic.html
Business Resilience
http://www.ibmbusinesscontinuityindex.com/
28
.