Uncertainties are inherited in every project delivery and in particular capital construction projects. By nature, projects are all about committing to deliver future products and services based on what is known today. What makes it more challenging for capital construction projects is that although there is always a desire to deliver those projects cheaper and faster, those projects take at least five years to deliver where the chances that many assumptions made will become invalid while many new uncertainties emerge.
Regardless of the extent of knowledge and experience that project stakeholders have, predicting what might happen and their impact on project success is always hard to achieve. This can be attributed to many projects related factors including uniqueness, deliverables produced, many stakeholders with conflicting requirements, assumptions made, constraints imposed, different individuals involved, and changes when responding to unknowns, among others.
The goal of implementing a proactive project risk management system is not to eliminate risks but to increase the ability of the organization to accept risk, thus rewards will be greater. This requires implementing measures to reduce the cost of threats or negative risks while increasing the rewards of opportunities or positive outcomes. Those measures increase the return of investment (ROI) of undertaken projects.
Proactive project risk management starts by having a team assigned to formally manage project risks similar to all other project aspects to be managed. This team becomes responsible for enforcing a well-defined framework to manage project risks which incorporates risk as part of all decisions made to select, execute, or make changes to what was originally planned or terminate the project. Those decisions are known as Stage Gate decisions that are made when exiting each project life cycle stage to secure the approval to proceed with the following stage. The risk framework also defines the business processes required to identify, assess, evaluate, respond, monitor and control, and post-project review of project risks.
Using a Project Management Information System (PMIS) solution like PMWeb, risk management is one of the many other project management aspects that can be digitalized using out-of-the-box integrated business processes to proactively manage, monitor, evaluate and report risks across the complete projects’ portfolio. To start with, it is important to understand who is managing project risks and what roles are needed to build the project risk team. The organizations chart also defines the line of authorities for those roles to establish the responsibilities for performing the different project risk management business processes. The PMWeb organization module maps the project risk management function organization chart.
The risk identification, qualitative assessment, evaluation, and response strategy is managed using the PMWeb risk analysis module. There is no limit to the number of risk registers that can be added, which align with the risk management framework. Those registers help identify risks for each project risk category and their pre-mitigation and post-mitigation impact and probability of occurrence. The register also quantifies the expected cost exposure of identified, evaluated and responded to risks, also known as the “Risk Cost”. PMWeb automatically calculates this value by multiplying the residual cost impact value with the occurrence probability of the risk.
The data captured in the risk analysis helps create and share the risk register report. The report shows the details of pre-mitigation and post-mitigation likelihood, impact, and exposure of each risk. The risk register can be designed to group risks by project stage, risk category, and response strategy used to treat risks. Of course, the layout and format of the risk register can be designed in any desired form or format.
In addition, the calculated expected exposure value of each residual risk will be also reported on. This estimated risk exposure becomes the basis for setting the contingency reserve value in the project budget. The report can be designed to include visuals to summarize the expected contingency reserve value by risk category, project phase and selected risk response strategy. The risk register table displays the pre-mitigation and post-mitigation assessment of each risk occurrence likelihood, impact and score as well as the cost of the residual risk and expected risk value.
The consolidated risk register report, which includes the likelihood and impact assessment details for identified risks along with the project schedule activity associated with each risk, can be imported to a Monte Carlo risk simulation software application, like Safran, to address the other requirements for quantitative risk analysis. The Monte Carlo risk simulation enables the project risk team to determine the probability for achieving the project’s milestone dates and approved budget. In addition, it helps to identify the 10 or 20 risks that have the highest impact on the project which are presented in a report known as the Tornado report.
To enforce governance when managing project risks, the PMWeb stage gate module helps to link each created risk register to its relevant project life cycle stage. This enables accessing the risk registers as well as other deliverables associated with each project life cycle stage. In addition, the existing scoring criteria for each project life cycle stage includes all items required to be assessed. This includes items that relate to the risk assessment to enable making the decision to either continue with the project as, make changes and then proceed, or terminate the project. Each score item has it is own weighted value to reflect the importance of each item to the “Go/ No-Go” decision that needs to be made.
As the project progresses into execution, risks need to be monitored and controlled. This requires appending the risk registers with newly identified and emerged risks as well as updating the assessment of previously identified risks. Measures can be added to report the performance of the risk management process. In addition, reports can be generated to filter and select risks that need to be watched so they can be monitored and controlled.
The monitoring and controlling of risks also includes capturing the issues that could stem from risks that have actually occurred. For those risks, PMWeb potential change order module captures the details of those issues and link them to the risk register where this risk was originally identified, assessed, evaluated, and responded to. For issues with a resolution that requires change, PMWeb enables generating a change order from approved potential change orders that modifies the commitment contract associated with the occurred risk.
In addition, the PMWeb change event module can also be used to link all change orders issued. This addresses the appropriate response to the impact of occurred risks, as well as the budget adjustments to make to either transfer funds from the reserve cost accounts to other project scope of work cost accounts or increase the project baseline budget. The change event can also link to the risk register where the occurred risk was initially identified to trace the reasons that lead to this change.
The built-in integration between PMWeb risk analysis, issues, or potential change order and change order modules allows generating a report detailing all potential changes and changes that the project was subject to due to risks that have actually occurred. The integrated risk-change report provides stakeholders with the insight on how risks have impacted what was originally planned for.
PMWeb also allows reporting on the project contingency reserve drawdown as a result of responding to risks that have actually occurred and resulted in a change to what was originally planned. The report captures those details from the PMWeb budget and budget request module, which is used to transfer funds from the project contingency reserve cost center to other affected project scope of work cost centers. The report can also report on the time buffer activity which is associated with the project contingency reserve cost center.
To enforce the culture of continuous improvement, the project risk management team needs to use the knowledge gained and lessons learned in creating risk registers that comes ready with the predefined risks for each category. This enables the project risk team to use those templates on future projects. This therefore expedites the risks identification as well as ensures that the risk list is comprehensive. The lessons learned register report should be one of the post-project review workshop deliverables that the project risk management team carries out.
Similar to all other business processes managed in PMWeb, the project team can attach all supportive documents to each business process template detailed above. It is highly recommended to add details to each attached document to better explain to the reader what is being attached and viewed. In addition, links to other relevant transactions or records of other business processes managed in PMWeb can be also added.
It is also highly recommended that all those supportive documents, regardless of their type or source, get uploaded and stored on PMWeb document management repository. PMWeb allows creating folders and subfolders to match the physical filing structure used to store hardcopies of those documents. Permission rights can be set to those folders to restrict access to only users who have access to do so. In addition, PMWeb users can subscribe to each folder so they can be notified when new documents are uploaded or downloaded.
To enforce transparency and accountability in managing the business processes detailed above, a workflow needs to be added to each template to map the submit, review and approve tasks, role or roles assigned to each task, task duration, task type and actions available for task. The workflow can be configured to include the approval authority levels as set in the Delegation of Authority (DoA) document.
When a transaction for any of the business processes detailed above is submitted for review and approval, the workflow tab available on the relevant template captures the planned review and approve workflow tasks for each transaction as well as the actual history of those review and approval tasks. The captured workflow data includes the actual action date and time, done by who, action taken, comments made and whether team input was requested.