Risk management

Challenges of managing risks in public sector

• The press might investigate the project and make public its challenges
• and failures.
• Necessary hardware and software might not be available through
• state purchasing systems.
• Salaries might not be adequate to attract expert staff.
• Federal policies and reimbursement models that the system was
• designed to meet might change.
• The project might be cut from the budget or might not be reauthorized
• if it crosses budget cycles.
• The best vendor might not be on approved vendor lists.
• Set-aside programs might require the use of less-qualified vendors.

• Opposition legislators might identify the project for electoral
• criticism.
• Less-qualified vendors might exert political pressure to gain
• business.
• Providers in the service-delivery network, such as county or privatesector
• providers of service, might not be able to comply with system
• requirements or might elect to develop their own systems or refuse to
• cooperate with this one.
• Systems might not be allowed to be created because they are incompatible
• with centrally mandated system architecture.
• Processes for hiring staff, contracting with consultants, and purchasing
• software and hardware might be slow and delay the project.

Best practices for public-sector project risk management

• Adopt a proactive strategy with regard to risk
• Engage as broad a group as possible in risk identification and
• response planning
• Identify the risk tolerances of your organization
• Keep in mind that risk can be reduced but not eliminated; be alert to
• secondary risks
• Give special attention to those points in the project at which control
• passes out of the hands of the project team and into the hands of other
• offices or processes

• BEST PRACTICES FOR PUBLIC-SECTOR
• PROJECT RISK MANAGEMENT

• Create risk categories that include political and media risks and the
• risk of failing to deliver a product that will satisfy customers
• Use risk analysis methods that fit the project and the organization
• (i.e., methods that are neither too rigorous nor too informal)
• Put the consideration of risk on the agenda at every team meeting
• Assign responsibility for the management of specific risks
• Build a plan for managing legal and administrative constraints
• Include time and resources in the project plan for the implementation
• of the plan for managing legal and administrative
• constraints

Identifying risks

Risk identification should:

• be performed periodically throughout the project (risks can change and additional risks become identifiable)

• involve most of the project team

• involve positive risks (factors that could lead to good project outcomes)

Analyzing risks

1: not every risk is of equal importance: do qualitative risk analysis to prioritize those risks by:

• assigning probability and impact scores to each risk
• multiplying those scores to determine the risk factor for each risk
• assigning simpler indicators of risk seriousness (such as "red", "yellow" or "green")

2: be careful and remember that the calculations are subjective

3: be particularly careful with risks of a low probability but a high impact

4: monitor risks

5: do quantitative risk analysis

To identify the relative impact of the risks we can create a risk-impact table that allows a variety of factors to be included in the scoring of the risk impact. We could also create a similar scale for positive risks, which identifies

potential positive outcomes, such as cost savings or reductions in the

schedule.

Required functions for public-sector project risk management: creating a plan for risk management

Risk management plans can be

formal or informal but must cause consideration of how the project will manage its risks.

Identifying risk categories in the risk management plan helps broaden team member thinking in risk identification. Some risk categories for public-sector projects might include:

*Schedule risks: those factors that could delay the project

*Cost risks: those factors that could increase project cost

*Scope risks: those factors that could cause the scope to increase or to be inadequately identified

*Stakeholder risks: those factors that could cause stakeholders to lose support of the project

Stakeholder risk tolerances identify which risks stakeholders have more or less tolerance for. In public-sector projects, a few assumptions

about stakeholder risk tolerances can be made. Senior stakeholders have low tolerance for any risks that might contribute to project visibility, adverse press coverage, or political scrutiny. Public-sector project

stakeholders are often not sensitive to cost risks because of the common practice of not identifying costs incurred internally.

The tolerance for schedule risks may depend on whether externally imposed deadlines are included in statutes, rules, or higher-level government requirements. For example, federal Medicaid programs often require state-level compliance by a certain date. Failure to meet that

compliance date can expose the flow of funds.

Not all risks are of

equal importance. Some are more important or serious than others. Factors that determine the relative seriousness of a negative risk are:

1) the probability that the risk will occur

2) the impact it may have on

the project if it does.

If we can assign a probability to each risk, we can multiply those factors to create a risk factor. Those risk factors can be compared to identify the relative ranking of the risk and prioritize the risks for the creation of risk

responses.

Risk probability is relatively easy to measure, because it is normally expressed as a numeric term (e.g., a 40 percent chance of the risk occurring). Identifying the potential impact of a risk is more challenging, because impact is not usually described in quantitative terms; we describe it as 'high' or 'low'.

We have a couple of choices for converting an estimate of impact from

qualitative terms to quantitative terms:

Firstly, convert the entire

impact into a financial impact, (e.g. if we are exposed to the risk that a key project team member will leave before the conclusion of the project, we could estimate the costs of hiring a replacement and the costs of any rework that might be required).

In the private sector, many risks can be converted to their financial impact because of the explicit financial goals of those organizations and

their propensity to deploy qualitative systems for evaluating projects. In

public-sector projects, converting every potential risk to its dollar impact

can be difficult.

Required functions for public-sector project ri...

Nearly everything we do in project management is intended to reduce the risk of project failure; we create a project scope, we build a schedule and even a communications plan. Risk management is a critical function, because it creates new activities that require resources and take time. Moreover, risks are always changing, which requires us to constantly engage in risk management; therefore, risk management planning is not one-time effort.

Risk management planning doesn't deal with specific project risks but it creates the risk management plan. That plan for a public-sector organization can include items such as:

*Methods to be used to identify risks

*Categories of risks, including political, legal, and media risks

*Scales for ranking risks and identifying which risks are most critical

*Responsible persons for managing risks

*Risk terms

Developing risk responses

Developing risk responses

Risk response planning is the process of creating cost-effective responses to the identified and prioritized risks. We have to start with the most serious risks and develop responses that address the probability weighted impact. We need to identify strategies to reduce the impact and probability of negative outcomes and identify

strategies that can increase the probability and impact of positive outcomes.

Michele Paolo Paprusso

Creating a plan for managing the project’s legal and administrative constraints

Michele Paolo Paprusso

Creating a plan for managi...

Legal and administrative constraints are a major factor in public-sector projects and impact a much higher percentage of projects than the same kinds of constraints do in private-sector projects. They can:

• Stop the project dead in its tracks
•  Add substantial amounts of time to the project schedule
•  Cause project resources to be engaged in activities that do not
• directly produce project outcomes
•  Widen the circle of project stakeholders to include legislators and
• oversight agencies
•  Embroil the project team in costly, time-consuming legal battles
•  Cause project team members to adopt overly conservative
• approaches to project work
•  Require the utilization of high-priced consultants who are expert in
• legal and administrative issues