The Widening Trust Gap in Projects

The Widening Trust Gap in Projects

By Jurie Steyn

Introduction

This article was triggered by four recent events, which caused me to reflect on what the future holds for projects.  These events are:

  • A thought-provoking Insight Article on the future of project controls (Mattheys, 2018);
  • The Insight Article on the role and responsibilities of a project management office (PMO) (Taljaard, 2018);
  • Cenpower Generation’s recent termination of its contract with the construction company, Group Five, to complete the $410m Kpone power station in Tema, Ghana (Claassen, 2018); and
  • A second down-scaling in a period of four years of the engineering and project management departments at a petrochemicals company where I spent most of my working career.

Literature is freely available on future trends in project management and what would be expected from future project managers (Alexander, 2018; Evamy, 2017; Jordan, 2017; Schoper, Gemünden & Nguyen, 2016).  However, discussions on the widening of the trust gap and its impact on project success is extremely limited.

Keep in mind that I’m based in South Africa, and my observations might be unique to Africa and third world countries.

The trust gap

Independent Project Analysis (IPA) have been analysing megaprojects for over 30 years to determine the requirements for project success and to help their customers create and use capital assets more efficiently.  They’ve highlighted the crucial role that a strong, fully staffed, owner project management team, with the appropriate work and governance processes in place, plays in delivering successful projects (Merrow, 2011). It is the owner project management team that typically leads the front-end loading phase of projects.  Merrow (2011) emphasises the extraordinary degree of trust, cooperation and communication required between the owner organisation, as represented by the project sponsor, and the owner project management team.

van Heerden, Steyn and van der Walt (2015) build on these principles and propose a preferred structure for theowner project management team, as shown in Figure 1.  The owner project management team is shown as a collection of four blue triangles, representing business management, project management, engineering and operations, arranged in a larger triangle.  Below this, and shown as a red box, we have contracted in functional services, technology suppliers, and engineering and project management contractors.

 

Figure 1:  Trust gap between owner PMT and contractors(Adapted from van Heerden, et al, 2015)

I refer to the interface between the owner project management team and contractors, suppliers and service providers, i.e. the gap between the blue triangles and the red box in Figure 1, as the trust gap.  Obviously, the working relationship between these parties, responsibilities and deliverables must be described in numerous carefully worded contracts, but significant trust is essential for project success.

Before getting to the factors that contribute to a widening trust gap, let us first consider the different roles and perspectives of the owner organisation and the owner project management team on the one hand, and the contractors on the other.

Different roles and perspectives for owners and contractors

Owner organisations, and specifically the owner project team, have a different role and perspective than the contractors in projects.  This difference stems from the fact that owner organisations implement projects to achieve strategic business objectives, whereas contractors only focus on delivering projects which meet the agreed performance standards, on time and within budget.  A summary of the different objectives, roles and perspectives of owners and contractors is given in Figure 2.

 

Figure 2: Different perspectives for owners and contractors

Project scope changes can lead to cost overruns and schedule slip and should be diligently managed to that which can result in significant, demonstrated improvement to the project, or that which is essential to achieve safety and compliance objectives.  However, from the point of view of an engineering contractor, scope changes could mean thousands of extra, recoverable, engineering hours.  Scope changes can also be used as an easy excuse for schedule slip by contractors.

Current trends at owner organisations

Owner organisations can be public companies, private companies and state-owned enterprises (SOE). Owner organisations typically own and operate the production facilities and/or infrastructure delivered by projects.

Over the past number of years, we’ve seen a gradual eating away at the numbers and experience base of primarily the engineering and project management departments in owner organisations.  Reasons for this are plentiful, and range from the inability to raise capital for projects, to poor strategic vision for the company.  Restructuring of top management and personnel cuts in the operations department also result in fewer individuals in these areas being available to focus on capital projects. Business and operations management are important stakeholders in any project, and play a significant role in the commissioning of facilities and the running of a sustainable business.  This situation is reflected in Figure 3 as mice eating away at the underbelly of primarily the engineering and project management departments, and so widening the trust gap.

 

Figure 3:  Widening of the trust gap (Adapted from van Heerden, et al, 2015)

In SOE, most top positions are political appointments.  In South Africa and in the Gupta state-capture era, important project and tender decisions were often made by individuals with little or no project management or engineering background.  The primary focus seemed to be self-enrichment, and not project success. There are many instances where SOE’s ignored their own tender regulations when awarding contracts, for example, South African railways officials imported brand new locomotives from Europe worth hundreds of millions of rand, despite explicit warnings that the trains are not suited for local rail lines (Myburgh, 2015). 

In South Africa, we have the additional burden of complying with Broad-Based Black Economic Empowerment (BBBEE) requirements, with the implication that individuals with extensive experience are made redundant, or are replaced with candidates with limited experience.  Project management and engineering departments thus not only become smaller, but tend to be staffed with less experienced personnel.

Trends at engineering and PM companies

Referring to Figure 3, it is obvious that the widening of the trust gap is not only as a result of personnel cutbacks, loss of project and engineering experience, and greed from the side of the owner organisation.

The trust gap can also open from the side of contractors, suppliers and service providers, as illustrated by the erosion of the red box in Figure 3.  Some of the factors that can contribute to this erosion of trust are listed below:

  • Financial standing:Construction companies in South Africa are in a difficult situation at present and personnel cutbacks are frequent.  Companies are downsizing and/or put up for sale;
  • Bribery: Attempts at bribery of technology suppliers, service providers and contractors by personnel from state or owner organisations prior to the signing of a contract or during the execution thereof can lead to strained relationships and would impact the chance of project success;
  • Communication:Unclear project objectives and charter, from an immature or understaffed owner project management team, combined with ad hoc and incomplete communication will erode trust;
  • Interface management: Insufficient effort or resources for proper client liaison by contractors and service providers, most likely due to in-house cost cutting at the contractors and service providers;
  • Relationships: Soured relationships following a history of schedule and cost overruns on previous projects for same owner organisation.  This can also be a concern based on underperforming end-products from previous projects and outstanding claims;
  • Coordination:No experienced managing contractor to keep a project on track, despite poor decision-making from the owner project management team.  This is a certain recipe for disaster; and
  • Incompetence:Disregard of owner company tender procedures may lead to the selection of incompetent contractors and service providers, often with catastrophic results.

Impact of a widening trust gap

IPA measure five dimensions of project effectiveness in their assessments to determine whether a project is a success, or not (Merrow, 2011). If a project surpasses the threshold limit for failure on any one of these dimensions, the project is considered a failure.  The five dimensions are cost overruns (>25%), cost competitiveness (>25%), schedule slip (>25%), schedule competitiveness (>50%) and production vs. plan in year 2 of operation.  Project success is defined as a lack of failure.

As the trust gap widens, the probability of remaining below the threshold limit for failure on any of these dimensions decreases, i.e. the wider the trust gap, the larger the likelihood of an unsuccessful project. 

Closing the trust gap

Given the state of the South African economy and political uncertainties, the question is whether the trust gap can be reduced to improve the likelihood of project success.  Two options immediately spring to mind:

  • Eliminate corruption: Elimination of corruption in specifically SOE should receive attention at the highest level and proper governance should be instituted to ensure that tender procedures are always followed.  The decision of which contractor to employ should always be made by a team of professionals with the necessary experience and knowledge, and using a predetermined decision matrix; and
  • Use external resources: The southern African market is awash with highly competent engineers and project managers, many of whom were put on early retirement due to the factors described in previous sections.  Many of them are available as consultants to fill critical vacancies on owner project teams, especially during the early project stages. These are people who understand the business requirements and can translate strategic business objectives into clear project objectives.

The future of the Project Management Office (PMO)

Taljaard (2018) describes the roles and responsibilities of the PMO very clearly in his recent article.  Based on the trends described above, it is obvious that owner organisations must make a fundamental mind-shift where it involves project implementation.  Although all the PMO functions remain relevant, I forecast a downscaling of some of the functions, and a possible sharing of some of the PMO roles, like project portfolio management and optimisation by other senior business leaders.

I forecast a growth in the number and utilisation of owner project team support professionals.  Lastly, the role of the owner project sponsor will become increasingly important.  For large and complex projects, the project sponsor is seen as an executive, full-time position by competent individuals who have been trained as sponsors, understand the business objectives and can make decisions based on facts

Figure 4 is summary of my view of the future of the PMO and the project sponsor.

 

Figure 4:  The future of the PMO

Closing remarks

The widening of the trust gap is very visible in southern Africa and may be applicable in most third world countries.  The wider the trust gap, the lower the probability of project success… Fortunately, the widening can be curtailed by improved governance and the elimination of corruption, as well as the use of freelance project management and engineering professionals.

OTC, and other consulting groups like us, should see an increase in the demand for our services, once owner organisations make a mind-shift in their approach to projects.

References

Alexander, M., 2018, 5 Project management trends to watch in 2018. Available from https://www.techrepublic.com/article/5-project-management-trends-to-watch-in-2018/.  Accessed on 28 December 2018.

Claassen, L., 2018, Ghanaian power firm ends troubled contract with Group Five.  Published in BusinessDay of 2 December 2018. Available from https://www.businesslive.co.za/bd/companies/energy/2018-12-02-ghanaian-power-company-ends-troubled-contract-with-group-five/. Accessed on 28 December 2018.

Evamy, M. (ed),2017, Future of project management., Publication by the Association of Project Management, Arup and The Bartlett School of Construction and Project Management at UCL.

Jordan, A., 2017, The technology-driven future of project management: capitalizing on the potential changes and opportunities.Publication by Oracle, projectmanagement.com and Project Management Institute.

Mattheys, K., 2018, Insight Article 052: Disrupting project controls – fast forward 20 years.  Available from http://www.ownerteamconsult.com/publications/  Accessed on 14 December 2018.

Merrow, E.W.,2011, Industrial megaprojects: concepts, strategies, and practices for success., John Wiley & Sons, Inc., Hoboken, New Jersey.

Myburgh, P-L., 2015, SA’s R600 million train blunder.Available from https://www.news24.com/SouthAfrica/News/SAs-R600-million-train-blunder-20150704.  Accessed on 28 December 2018.

Schoper, Y-G., Gemünden, H-G. & Nguyen, N.M., 2016, Fifteen future trends for Project Management in 2025.Published in the Proceedings of the International Expert Seminar in Zurich in February 2016 on Future Trends in Project, Programme and Portfolio Management.

Taljaard, J.J., 2018, Insight Article 054: The project management office (PMO).  Available from http://www.ownerteamconsult.com/publications/  Accessed on 14 December 2018.

van Heerden, F.J., Steyn, J.W. & van der Walt, D.,2015, Programme management for owner teams: a practical guide to what you need to know., OTC Publications, Vaalpark, RSA. Available from Amazon.

 

You may also be interested in

Quantitative Risk Analysis for Projects

Quantitative Risk Analysis for Projects

By Jurie Steyn

This article is a continuation of a two-part series of articles on the basics of project risk management as published previously.  The two parts are as follows:

  • Part 1: Planning for project risk management (Steyn, 2018a); and
  • Part 2: Identify, analyse, action and monitor project risks (Steyn, 2018b).

In this article we delve deeper into the intricacies of quantitative analysis of the high risks to a project as identified though qualitative risk assessment.

Introduction

Project risk management covers all the activities and processes of planning for risk management, identification and analysis of project risks, response planning and implementation, and risk monitoring on a project.  There are seven project risk management steps as discussed in the two articles referred to above, namely:

  • Step 1 – Plan Risk Management;
  • Step 2 – Identify risks and opportunities;
  • Step 3 – Perform qualitative risk analysis;
  • Step 4 – Perform quantitative risk analysis;
  • Step 5 – Plan risk responses;
  • Step 6 – Implement risk responses; and
  • Step 7 – Monitor risks.

In this article, the focus will be on Step 4: perform quantitative risk analysis.  We will see that quantitative risk analysis is a way of numerically estimating the probability that a project will meet its cost and time objectives. Quantitative analysis is based on a simultaneous evaluation of the impact of all identified and quantified risks, both prior to and after taking mitigating actions.

The nature of project risks

Most of our readers would be familiar with the project management triangle; a triangle with scope, cost and schedule at the three apexes, and quality in the body of the triangle.  In our opinion, quality is a function of appropriate design specifications and prudent design to meet the business objectives. The scope of a project can be diligently managed and project risks should not have an impact, unless it can be shown that changes are required to address safety concerns.

Unmanaged risks may result in problems such as schedule and/or cost overruns, performance shortfall, or loss of reputation.  Performance shortfalls can be addressed by redesign and improved equipment and technology, all of which require additional time and money.  Reputation damage may also prove to be very costly and time consuming to overcome.  Opportunities that are exploited can lead to benefits such as schedule and/or cost reductions, improved overall project performance, or reputation enhancement.

The bottom-line is that all project risks and opportunities can be expressed in terms of their impact on project schedule and project cost.  Some risks will only impact cost, some only schedule, and some will directly impact both cost and schedule.  However, impacts on project schedule can also be expressed in terms of monetary value, based on the extended period that contractors and construction personnel will be required and delays in beneficial operation of the facility.

Risks and opportunities can therefore have a direct bearing on the overall project schedule and project cost.  By following steps 1 to 3 of the risk management process, we can identify the high priority risks and opportunities for inclusion in the quantitative risk assessment.

The nature of cost/schedule estimates

Project uncertainty changes over time. As the definition of a project advances through the project life-cycle, the level of uncertainty diminishes. This is reflected in the OTC Stage-Gate Model and gate criteria for moving from one gate to the next. The project stages provide a convenient way to characterise the state of planning and design, as well as other information about a project.

Projects in the prefeasibility stage have more unknowns than projects in the feasibility and/or planning stage. Projects moving through the implementation stage (final design and construction), in contrast, would be expected to have a comprehensive set of engineering drawings, operating assumptions, and cost detail. There could still be substantial uncertainty about certain aspects of a project well advanced in design, but most high-cost characteristics of the project will have been finalised.

Project risks and opportunities similarly change. The number of risks faced by a project would be expected to decrease as design detail advances to eliminate or avoid potential problems. Risks are also reduced as national authorities issue environmental permits and finalise other matters like tax dispensations and project subsidies.

If a project’s estimated total cost is thought of not in terms of a single dollar value, but as a potential range in costs that reflects the effects of risks and opportunities, the potential range in costs would be expected to narrow over time and converge upon a most likely value. The narrowing in cost range is shown in Figure 1. This narrowing in range is also expected for project schedule as the project moves through the stages.  Note that the only time in the project life-cycle when the schedule and final cost are known with certainty, is when the facility is handed over to the end-user and the costs have been reconciliated.

Figure 1:  Project cost varies with uncertainty and time (Adapted from Parsons Transportation Group, 2004)

Methodologies for quantified risk analysis

Different methods have been developed to provide realistic cost and schedule estimates over the years. Traditionally, project owners have accounted for the possible impacts of risks in a deterministic way by establishing contingencies, or add-ons, to a base project cost or base project schedule. Contingencies typically are single-value allowances and set using simple rules of thumb.

Methodologies for incorporating risk in the cost and schedule estimates include one, or more, of the following:

  • Gantt Charts: Provides a graphical summary of the progress of several project segments by listing each segment vertically on a sheet of paper, representing the start and duration of each task by a horizontal line along a time scale, and then representing the current time by a vertical line moving from left to right. It is then easy to see where each task should be, and to show its status. A serious drawback is that it does not easily show the interrelationship of tasks;
  • Program Evaluation Review Technique, or PERT: The basis of PERT was a detailed diagram of all anticipated tasks in a project, organised into a network, which represented the dependence of each task on the ones that needed to precede it.  In addition, planners would estimate or elicit a probability distribution for the time each task would take from expert engineers.
  • Critical Path Method, or CPM: CPM also uses a network representation, but initially did not try to estimate probability distributions for task durations. The deterministic nature of the network allowed for easier calculation. It facilitated the determination of the critical path, the set of tasks that drove the final project length. CPM can be used in conjunction with Monte Carlo simulation;
  • Expected Monetary Value, or EMV: EMV is used in conjunction with Decision Tree Analysis (DTA).   DTA allows the organisation to structure the costs and benefits of decisions when the results are determined in part by uncertainty and risk.  Solution of the decision tree helps select the decision that provides the highest weighted average Expected Monetary Value or expected utility to the organisation;
  • Fault Tree Analysis: A Fault Tree Analysis is the analysis of a structured diagram which identifies elements that can cause system failure.  The effective application of this technique requires a detailed description of the area being discussed.  The undesired outcome is first identified and then all possible conditions/failures which lead to that event are identified. This reveals potentially dangerous elements at each phase of the project.
  • Sensitivity Analysis: Considered the simplest form of risk analysis and determines the effect on the whole project of changing one of its risk variables, e.g. delays in design or cost of materials.  It often highlights how the effect of a single change in one risk variable can produce a marked difference in the project outcome:
  • Monte Carlo simulation: Used primarily for project schedule and cost risk analysis in strategic decisions.  It specifies a probabilistic distribution for each risk and then considers the effect of risks in combination.   Calculates quantitative estimates of overall project risk and reflects the reality that several risks may occur together on the project.

In the further discussions, only the probabilistic approach of Monte Carlo simulation will be considered.

Monte Carlo simulation

Structure of QRA process

One first needs to understand the overall structure of the quantitative risk analysis process before getting to the detail of Monte Carlo simulation.  The process illustrated in Figure 2 is aligned with the PMI standards for project management, namely the PMBOK Guide, 6th edition (PMI, 2017) and project risk management (PMI, 2009).

Figure 2:  Structure of the quantitative risk analysis process (Adapted from PMI, 2017)

The process starts with the identification of significant and high risks though qualitative analysis. These risks must be examined for duplication, similarity of triggers, cost and/or schedule impacts and other interrelationships.  Common root cause risks likely to occur together are addressed by correlating the risks that are related.  The collection of high-quality data about risks can be difficult, because it’s not available in any historic database and should be gathered by interviews, workshops, and other means using expert judgment.

Next, an appropriate model of the project is required as the basis for quantitative risk analysis. Project models most frequently used in quantitative risk analysis include the project schedule (for time) and line-item cost estimates (for cost). Quantitative risk analysis is especially sensitive to the completeness and correctness of the model of the project that is used.  This is followed by the application of the Monte Carlo process to simulate the probabilistic cost and/or schedule for the project.

Process

In a Monte Carlo analysis, deterministic cost and schedule values in the project models are replaced by probability distributions reflecting the possible range of outcomes for each of these variables.  A random number generator is used to calculate a value for each of the probability distributions to produce a cost/schedule value. The same model is run repeatedly, hundreds or thousands of times. Each time it runs, the value is recorded and presented as a probability distribution. When the simulation is complete, we can look at statistics from the simulation to understand the project risk as represented in the model.

The pertinent issue is how to convert a cost/schedule range for each of the significant and high risks into a probability distribution.  Risk impacts are expressed as discrete or continuous probable outcomes within a specified range, for example, with lower and upper limits for costs and/or time. The distributions are often simplified, due to the limited data points available from objective or subjective information or to be consistent with the level of accuracy that can be expected in the risk quantification effort.  Probability distributions are a convenient way to represent this detail, and they lend themselves to statistical analysis.

The type of probability distribution should be chosen (e.g. by the lead analyst) to best reflect the perceived range of impacts of a risk event. Some common distributions used to characterise risks are shown in Figure 3.

Figure 3:  Probability distributions for quantifying risk impacts (Parsons Transportation Group, 2004)

More accurate cost estimates

When analysing the potential effects of risk and uncertainty on project cost a project is divided into two parts.  The first element is the project base cost, which is the cost excluding add-on contingencies to cover unknowns, or risks.  The second element of the project includes the uncertainties and opportunities that could add to (or, in turn, subtract from) the cost of the project.  This is the element of project risk.

Figure 4 shows this relationship from the perspective of project costs. Base costs tend to be large and relatively well defined. Risk costs tend to be smaller than base costs and can vary considerably. Total cost is simply the sum of these two cost elements. Base costs and risk costs are shown as distributions since, in risk assessment, both elements are uncertain. Even base costs of a project include some level of uncertainty; no two individuals would likely agree on an exact dollar number even if all assumptions were held in common.

Figure 4:  Base cost, plus risk cost, gives total project cost probability spread (Parsons Transportation Group, 2004)

Common cost risk assessment outputs include a probability density function of expected total cost, a cumulative S-curve of project cost, as well as a tornado diagram of primary risk drivers or events that have the most influence on the project.

More accurate project schedules

Risk assessment of a project requires three steps; first create the CPM schedule, then gather risk information such as optimistic, most likely, and pessimistic durations and probability distributions, and finally, simulate the network using a Monte Carlo approach. The greatest amount of effort and judgment goes into developing the three-point activity duration estimates to use in a schedule risk analysis.

The results of a schedule risk analysis are typically displayed as a histogram (an approximation to a probability density function) providing the frequency of schedule outcomes (dates) and an S-Curve (a cumulative distribution function) providing the cumulative probability of achieving dates associated with given milestones or overall project completion.  Results for a hypothetical example are shown in Figure 5.

Other types of outputs include descriptive statistics, a probabilistic critical path, and a probabilistic sensitivity analysis. All these results should be evaluated for indicators of schedule risk.

Figure 5:  Example of schedule histogram and S curve (Hulett, 2017)

Integrated cost/schedule analysis

Depending upon the nature of risks and the desired outcomes of the analysis, risk cost and schedule impacts can be evaluated independently as discussed in the preceding paragraphs, or together, in an integrated manner. The disadvantage of independent evaluation is that the interrelationship of cost and schedule cannot be determined. Integrated analysis converts duration impacts to cost impacts through escalation. It is more difficult technically, however, to evaluate cost and schedule together and may not be necessary in all cases, depending on the nature of the significant risks to a project.  Analytical tools are available to assist in integrated analysis.

Pre/post risk mitigation

Using information from risk assessment, a project owner can evaluate measures to mitigate cost and schedule risks. Effective risk management will reduce impacts and make it more likely the project will be on time and within budget without the owner having to make additional contingency allowances.  Effective risk mitigation will improve a project’s probable cost, as shown in Figure 6. Proposed risk mitigation is documented in a risk management plan. This becomes the project owner’s action plan for effectively minimising risk impacts to a project.

Figure 6:  Comparison of project cost estimates before and after risk mitigation (Parsons Transportation Group, 2004)

Software

To determine probabilistic project costs, software such as MS Excel with @RISK™, RiskAMP™, CrystalBall™, ModelRisk™ or Deltek Acumen Risk™ can be used with any estimating method.

For schedules, software such as MS Project with @RISK™ or Risk+™, Primavera Risk Analysis software with Monte Carlo™ or Deltek Acumen Risk™ can be used. Alternatively, if a critical path schedule model can be developed in a spreadsheet, MS Excel with @RISK™, RiskAMP™, CrystalBall™ or ModelRisk™ can be used to simulate risks directly.

The result is a probability distribution of the project’s cost and completion date based on the identified risks in the project.

Concluding remarks

Proper project risk management is an integral part of any project.  It is an iterative process which continues throughout the project cycle. Quantitative risk analysis is a logical next step after qualitative risk analysis and should be performed at key stages of the project life-cycle.  It is a way of numerically estimating the probability that a project will meet its cost and time objectives.

Monte Carlo simulation is becoming the project manager’s best weapon for quantitatively analysing project risks. It is an extremely powerful tool that allows project managers to incorporate uncertainty and risk in their project plans and set reasonable expectations regarding cost and schedule on their projects. The results of simulation are quantified, allowing project managers to better communicate their arguments when management is pushing for unrealistic project expectations.  However, Monte Carlo simulation is still not very popular in current project management practice, primarily due to its statistical nature.

For those of you looking for more information on quantitative risk analysis, I recommend the books by Cooper et al (2014), Hulett (2009) and Vose (2008).

References

Cooper, D., Bosnich, P., Grey, S., Purdy, G., Raymond, G., Walker, P. & Wood, M., 2014, Project risk management guidelines; managing risk with ISO31000 and IEC 62198, 2nd ed. John Wiley & Sons, Ltd. Chichester, West Sussex.

Hulett, D.T., 2009, Practical schedule risk analysis.  Gower Publishing Limited, Farnham, Surrey.

Hulett, D.T., 2017, Modern Methods of Schedule Risk Analysis using Monte Carlo Simulations. In Proceedings of the 2017 Large Facilities Workshop, held in Baton Rouge, LA.

Parsons Transportation Group, in association with Touran, A., 2004, Risk analysis methodologies and procedures. US Dept. of Transportation, Federal Transit Administration.

PMI (Project Management Institute, Inc.), 2017, A guide to the project management body of knowledge (PMBOK Guide), 6th ed. PMI Book Service Center, Atlanta.

PMI (Project Management Institute, Inc.), 2009, Practice standard for project risk management. PMI Book Service Center, Atlanta.

Steyn, J.W., 2018a, Introduction to Project Risk Management: Part 1 – Planning for risk management.  Available from http://www.ownerteamconsult.com/publications/  Accessed during May 2018.

Steyn, J.W., 2018b, Introduction to Project Risk Management: Part 2 – Identify, analyse, action and monitor project risks.  Available from http://www.ownerteamconsult.com/publications/  Accessed during May 2018.

Vose, D., 2008, Risk analysis – a quantitative guide, 3rd ed.  John Wiley & Sons, Ltd. Chichester, West Sussex.

You may also be interested in

Excellence in Capital Projects

Excellence in Capital Projects

Join experts from multiple industries with complex capital projects at the core of their experience and business models. What do capital projects in the manufacturing, basic materials, and healthcare industries have in common? Where are they different? How can we learn from one another?

read more
Intro to Project Risk Management – Part 2 – Identify, action and monitor project risks

Intro to Project Risk Management – Part 2 – Identify, action and monitor project risks

By Jurie Steyn

This article is the second of a two-part series of articles on the basics of project risk management.  The two parts are as follows:

  • Part 1: Planning for project risk management; and
  • Part 2: Identify, analyse, action and monitor project risks.

Part 1 dealt with planning of the project risk management process and described what should be included in a project risk management plan.  This article deals with the implementation of the project risk management plan.

Introduction

As an introduction to this article, we revisit the overview of project risk management as presented in the first of this series of articles.

Project risk management covers all the activities and processes of planning for risk management, identification and analysis of project risks, response planning and implementation, and risk monitoring on a project.  There are seven project risk management steps, as follows:

  • Step 1 – Plan Risk Management: Refer to the Part 1 article for an overview of this step (Steyn, 2018);
  • Step 2 – Identify risks and opportunities: The identification of individual project risks and opportunities in a manner which makes analysis possible;
  • Step 3 – Perform qualitative risk analysis: Assess and prioritise individual project risks and opportunities for further analysis or action, based on their probability of occurrence and potential consequences;
  • Step 4 – Perform quantitative risk analysis: The process of performing numerical analysis to determine the most likely outcome of identified high priority risks and opportunities;
  • Step 5 – Plan risk responses: The development of risk reduction options, strategy selection, and agreement on preventive and contingency actions to reduce overall project risk exposure;
  • Step 6 – Implement risk responses: The process of implementing agreed-upon risk response plans by the risk owner, according to the agreed upon timeline; and
  • Step 7 – Monitor risks: Monitor the progress with the implementation of agreed-upon risk response plans, identify and analyse new risks, and evaluate risk process effectiveness.

Unmanaged risks may result in problems such as schedule and/or cost overruns, performance shortfall, or loss of reputation.  Opportunities that are exploited can lead to benefits such as schedule and/or cost reductions, improved overall project performance, or reputation enhancement.

This article focuses on steps 2 to 7 of the project risk management process.  We also reiterate that this introduction to project risk management is aligned with the PMI Global Standard for project management, namely the PMBOK Guide, 6th edition, which incorporates ANSI/PMI 99-001-2017 (PMI, 2017).

Step 2:  Identify project risks

Opening comments

This involves the identification and documentation of project risks and opportunities. This process takes place throughout the project life-cycle.  Risk identification is the responsibility of all project stakeholders.

Techniques for identifying risks

Tools and techniques for identifying risks and opportunities include:

  • Expert judgement: Expertise should be obtained from individuals or groups, using reports or individual interviews, with appropriate knowledge of similar projects or business areas;
  • Brainstorming: Perform a brainstorming exercise to obtain a comprehensive list of individual risks and opportunities, as well as sources of overall project risks;
  • Checklists: Checklists are lists of items, actions, or points to be considered when identifying risks and opportunities.   The nine risk categories we use helps ensure that all risks are covered;
  • SWOT analysis: It is always beneficial to start with a SWOT analysis of the project to identify potential risks and opportunities.  Weaknesses and Threats give rise to risks and Strengths and Opportunities lead to opportunities for achieving the objectives; and
  • Data analysis tools: Other data analysis tools include root cause analysis and assumption and constraint analysis.    Analysis of project documentation may also highlight risks and opportunities.

Risk statements

Risk statements need to be structured descriptions of the risks which separate cause, risk and consequence.  For example: Because of (1) an existing condition, an (2) uncertain event may occur, which would lead to (3) an effect on the project objectives.  In this case, the numbering refers to:

  1. The Cause;
  2. The Risk or uncertain event, and;
  3. The Consequence.

Writing risk statements in this manner makes the risk assessment process much simpler.  To force the writing of risk statements in this format, use a table with three columns entitled Cause, Risk and Consequence.

Risk statements, covering identified risks and opportunities, are recorded in the project risk register.

Risk register

The output of the project risk identification process is a risk register.  At this stage the risk register should contain:

  • Lists of risks and opportunities: Risks and opportunities, each with a unique identifier, and grouped according to the chosen risk breakdown structure. We use the STEEPCOIL risk categories;
  • Potential risk owners: Potential risk owners for risks and opportunities are listed in the risk register. This will be confirmed during the qualitative risk analysis process step (Step 3); and
  • Potential risk responses: Any potential risk responses, as identified during the risk identification, are recorded in the risk register. This will be confirmed during the plan risk responses process (Step 5).

Step 3:  Qualitative risk analysis

Opening comments

The qualitative risk assessment process is performed to assess and prioritise the individual project risks and opportunities, as listed in the risk register, for further analysis or action, based on their probability of occurrence and potential consequences.  Qualitative risk analysis also ensures that each high-priority risk has an owner who will take responsibility for planning an appropriate risk response and ensuring that it is implemented.

Probabilities and potential consequences

Qualitative risk analysis is best performed by a group of project management and risk management professionals.  It is performed by considering probability and potential consequences of each of the risks in the risk register, based on the definitions of probability and impact for the project as specified in the risk management plan.  Probabilities and consequences must be carefully assessed and regularly reviewed and updated throughout the project life-cycle. In reviewing completed projects, it has been found that issues causing poor project performance, were often captured in the risk register, but not addressed because of low perceived impact.

Results are then mapped on the risk matrix, an example of which is shown in Figure 1.  This enables the prioritisation of risks for further (quantitative) analysis and planning of risk responses.

Project Risk Management 2 Fig 1

Figure 1:  Risk matrix with risks qualitatively assessed and mapped

Typically, risks falling in the red and orange squares necessitate further action, whether it is in the form of planning risk responses or performing quantitative risk analysis, if this process is required in the project risk management plan.

Step 4:  Quantitative risk analysis

Opening comments

Quantitative risk analysis is not required for all projects.  A robust quantitative analysis depends on the availability of high-quality data about individual project risks and other sources of uncertainty, as well as a sound underlying project baseline for scope, schedule, and cost.  A quantitative risk analysis provides a monetary value in probabilistic terms for the overall project risk.

It usually requires specialised risk assessment software and expertise in the development and interpretation of risk models and can prove costly in terms of time and money. It also consumes additional time and cost. The need for and use of quantitative risk analysis for a project will be specified in the project’s risk management plan.

Data analysis

A selection of data analysis techniques can be used for quantitative risk analysis, including:

  • Simulation: Simulations are typically performed using Monte Carlo analysis.  Computer software is used to iterate the quantitative model several thousand times. The input values (e.g., cost estimates or duration estimates) are chosen at random for each iteration. The output is a predicted S-curve of predicted total project cost;
  • Sensitivity analysis: Sensitivity analysis helps to determine which project risks have the most potential impact on project outcomes. It correlates variations in project outcomes with variations in elements of the quantitative risk analysis model; and
  • Decision tree analysis: Decision trees are used to support selection of the best of several alternative courses of action. The end-points of branches in the decision tree represent the outcome from following that path.

Outputs

The project risk report must be updated to reflect the results and findings of the of the quantitative risk analysis.  The project risk report would, in general, show the monetary value of the unmitigated risk profile, the mitigated risk profile, as well as the expected cost to implement the risk management plan.  The cost of implementation can then be compared with the expected risk reduction quantum to judge the effectiveness of the plan.

Step 5:  Plan risk responses

Opening comments

Once risks have been identified and assessed, the next step is to decide on the appropriate action to take based on the risk information available.  Step 5, the planning of risk responses, involves developing options, selecting strategies, and agreeing on actions to address overall project risk exposure, as well as how best to address individual project risks and opportunities.  This section is divided into strategies to deal with risks, or threats, and those to deal with opportunities.

Strategies for risks/threats

Five typical response strategies for risks/threats are to:

  • Escalate: Escalation is appropriate when the project team agrees that a threat is outside the scope of the project, or that the proposed response would exceed the project manager’s authority.  Threats are then escalated to appropriate and higher levels in the organisation. Escalated risks should remain on the risk register for follow-up;
  • Avoid:  Use this strategy to eliminate uncertainty by reducing scope, changing to more proven technologies and methods, and designing in redundancy, thereby reducing the probability of the risk impacting the project to zero;
  • Transfer:  Use this strategy to transfer the liability or ownership of the risk to others by renegotiating contracts, using risk sharing or taking out appropriate insurance. It often involves payment of a risk premium to the party taking on the threat;
  • Reduce:  This strategy aims to reduce a risk to acceptable levels by reducing the probability of an occurrence through preventive actions, and/or reducing the severity of impacts when things go wrong through contingency actions; and
  • Accept:  Accept the risk as is and be willing to live with the consequences. This may be appropriate for low priority risks or where it may not be possible or cost-effective to address a threat.

The above strategies serve the purpose of lessening the risks, i.e. moving out of the red, or orange, zone and into a lower risk area.  When action is taken to reduce the probability of an occurrence, it is called preventive action.  Where action is taken to minimise the severity or consequences of an impact, it is called a contingency action.

Avoidance and reduction of risks are normally the most effective as the work remains within the project team.  Escalation often leads to inaction by the higher party, unless the follow-up is effective.  Contractual risk transfer is mostly ineffective.  Be aware that risk acceptance may be based on inaccurate assessment of potential consequences, leading to serious problems later.

Strategies for opportunities

Similar to the above, there are also five response categories for dealing with project opportunities, as follows:

  • Escalate: Escalation is appropriate when the project team agrees that an opportunity is outside the scope of the project, or that the proposed response would exceed the project manager’s authority.  Opportunities are then escalated to appropriate and higher levels in the organisation;
  • Exploit:  Use this strategy for high priority opportunities where the project team wants to ensure that the opportunity is realised. Take actions to achieve identified benefits by increasing probability of the occurrence to 100%;
  • Share:  Transfer ownership of an opportunity to a third party so that it shares some of the benefit if the opportunity occurs. Sharing opportunities can be achieved by special-purpose companies or joint ventures;
  • Enhance:  This strategy aims to improve the probability of an occurrence, or potential benefits of an opportunity. Taking steps to improve the probability of an occurrence by focusing on its causes is normally more effective than attempting to improve benefits; and
  • Accept:  Accept the opportunity as is, without taking any proactive action. This strategy is appropriate for low-level opportunities, or where it may not be possible or cost-effective to intervene.

Step 6:  Implement risk responses

Opening comments

This step is the process of implementing agreed-upon risk response plans.  The key benefit of this process is that it ensures that agreed-upon risk responses are executed as planned, to minimize individual project threats, and maximize individual project opportunities.

Monitor actions and progress

Risk owners are responsible for implementing the agreed-upon risk response plans.  Progress with actions resulting from the implementation of risk responses must be monitored and managed by the responsible parties, namely the business manager, project sponsor and project manager.  If actions are not taken, as agreed for the high-level risks, the total risk management action will be a waste of time and a failure.  Progress with actions is monitored on, at least, a monthly basis at project review meetings.

Residual risk

Residual risk is the risk that remains after acting on a high-level risk (red or orange zone) on the matrix. Only once the agreed action steps, based on the five risk response strategies, have been completed, can a risk be reassessed, and the residual risk plotted on the risk matrix.

Step 7:  Monitor project risks

Opening comments

Step 7 is the process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, identifying and analysing new risks, and evaluating the effectiveness of the risk process throughout the project.

Risk review

The project risk register needs to be reviewed on a frequent basis, because new information may come to light, situations may change rapidly which necessitate the reassessment of probabilities and consequences, and new opportunities may arise.  Also, once contingency and preventive actions have been completed, the risk rating should be changed to the residual risk.  It is proposed that the project risk and opportunity register is reviewed on a quarterly basis.

Risk audits

The integrity of the project risk management process is the responsibility of the project manager.  Risk audits can be used to determine if the project’s risk management plan is followed as described, or whether remedial steps need to be taken.  Frequency of risk audits should be as per the project risk plan.

Concluding remarks

Proper project risk management is an integral part of any project.  It is an iterative process which continues throughout the project cycle.  However, the process as described in this series of two articles is relatively simple to implement and follow.

Risk management activities can require significant time and effort.  Provision must be made in the project cost estimate for risk management activities and for the appropriate risk responses.  The inclusion of risk management professionals on the project team is recommended to facilitate the risk management activities.  Risk management professionals should be an integral part of the project team to ensure a good understanding of the project and the environment within which it is being executed.

Effective risk management will certainly improve the probability of success for any project or programme.

References

Steyn, J.W., 2018, Introduction to Project Risk Management: Part 1 – Planning for risk management.  Available from http://www.ownerteamconsult.com/publications/  Accessed during January 2018.

PMI (Project Management Institute, Inc.), 2017, A guide to the project management body of knowledge (PMBOK Guide), 6th ed. PMI Book Service Center, Atlanta.

Contact OTC for assistance with project risk management in your organisation.

Introduction to Project Risk Management – Part 1 – Planning

Introduction to Project Risk Management – Part 1 – Planning

By Jurie Steyn

This article is the first of a two-part series of articles on the basics of project risk management.  The two parts are as follows:

  • Part 1: Planning for project risk management; and
  • Part 2: Identify, analyse, action and monitor project risks.

Part 1 deals with the first step of the project risk management process, namely the planning step.  Part 2, to be published next, deals with the implementation of the project risk management plan.

Introduction

Life is uncertain, and projects are unique, complex in nature, based on assumptions and done by people.  Projects are therefore subject to a plethora of uncertainties, i.e. risks and opportunities, that can affect the project and business objectives.

Although the activity is normally referred to as project risk management, it covers both risk and opportunity management.  Potential positive and negative outcomes deserve equal attention.  Therefore, the objectives of project risk management are to increase the probability and/or impact of opportunities and to decrease the probability and/or impact of risks, to improve the likelihood of project success. Risks and opportunities represent two sides of the same coin, but with a very different impact.  The definitions of risks and opportunities should emphasise the differences and similarities, as follows:

  • Risks are defined as uncertain future events or conditions that, if it occurs, could negatively influence the achievement of business, or project, objectives.
  • Opportunities are defined as uncertain future events or conditions that, if it occurs, could positively influence the achievement of business, or project, objectives.

This introduction to project risk management is aligned with the PMI Global Standard for project management, namely the PMBOK Guide, 6th edition, which incorporates ANSI/PMI 99-001-2017 (PMI, 2017).

Overview of Project Risk Management

Project risk management covers all the activities and processes of planning for risk management, identification and analysis of project risks, response planning and implementation, and risk monitoring on a project.  There are seven project risk management steps, as illustrated in Figure 1.

PRM Fig 1

Figure 1:  Project risk management overview

The seven steps are as follows:

  • Step 1 – Plan Risk Management: The involves finalising the methodology to be used for risk management on a project. Details can differ from project to project;
  • Step 2 – Identify risks and opportunities: The process of identifying individual project risks and opportunities in a manner which makes analysis possible;
  • Step 3 – Perform qualitative risk analysis: The process of assessing and prioritising individual project risks and opportunities for further analysis or action, based on their probability of occurrence and potential consequences;
  • Step 4 – Perform quantitative risk analysis: The process of performing numerical analysis to determine the most likely outcome of identified high priority risks and opportunities;
  • Step 5 – Plan risk responses: The development of risk reduction options, strategy selection, and agreement on preventive and contingency actions to reduce overall project risk exposure;
  • Step 6 – Implement risk responses: The process of implementing agreed-upon risk response plans by the risk owner, according to the agreed upon timeline; and
  • Step 7 – Monitor risks: Monitoring the progress with the implementation of agreed-upon risk response plans, identifying and analysing new risks, and evaluating risk process effectiveness throughout the project.

Unmanaged risks may result in problems such as schedule and/or cost overruns, performance shortfall, or loss of reputation.  Opportunities that are exploited can lead to benefits such as schedule and/or cost reductions, improved overall project performance, or reputation enhancement.

The remainder of this article focuses on the first of these seven steps.  The remaining six steps are covered in a follow-up article, to be published next month.

Step 1:  Plan risk management

System requirements

Effective risk management requires a conducive company culture, as well as the necessary risk management processes, structures and budget to identify, assess and address potential opportunities and adverse effects.

In the planning step, the risk management methodology, assessment tools, responsible parties and timing of risk management activities are fixed.  This implies that the typical risk and opportunity categories are defined, the processes to be used for identifying risks are identified and risk assessment tools, such as a project specific risk matrix, are finalised.  Responsible parties for driving the overall risk management process are identified and the timing and frequency for risk management activities are scheduled.

As a minimum, the risk management planning step should include management commitment, defined roles and responsibilities, clear risk statements, pre-determined risk categories, a custom risk matrix and a risk register.  It should also allow for risk prevention and the reporting of residual risk.  These are discussed in more detail in the following sections.

Risk roles and responsibilities

Risk management is the responsibility of the most senior member of a business or a project team, assisted by one or more risk management professionals.  For a business it is the chief executive officer and for a project it is the project manager.  However, every member of a business or project team has a duty to manage risks in their areas of responsibility.

For a typical project, risk management roles and responsibilities are as follows:

  • Project sponsor:  The sponsor has overall accountability for all project execution and business risks.  The sponsor owns the integrated risk management process;
  • Project manager:  The project manager is responsible for implementing an integrated risk management process for the project;
  • Project track leaders:  Responsible for risk identification, risk assessment, development of preventive and contingency actions and implementation of allocated risk actions within their areas of responsibility;
  • Risk management professional:  Oversees the risk management process, provides guidance and direction, and helps facilitate the process, and;
  • Functional managers:  They provide input into the risk management process at functional level and ensure that technical integrity is maintained

Risk statements

It is always beneficial to start with a SWOT analysis of a business or project to identify potential risks and opportunities.  Weaknesses and Threats give rise to risks and Strengths and Opportunities lead to opportunities for achieving the objectives.

Risk statements need to be structured descriptions of the risks which separate cause, risk and consequence.  For example: Because of (1) an existing condition, an (2) uncertain event may occur, which would lead to (3) an effect on the project objectives.  In this case, the numbering refers to:

  1. The Cause;
  2. The Risk or uncertain event, and;
  3. The Consequence.

Writing risk statements in this manner makes the risk assessment process much simpler.  To force the writing of risk statements in this format, use a table with three columns entitled Cause, Risk and Consequence.

Risk categories

There are many different types of risks, or impacts, that can affect the sustainability of a business.  Similarly, there are different risks that can affect the viability of a project.  Although it is not essential to group risks according to predefined risk categories, it does make sense to keep like risks together. The biggest benefit of having risk categories, is the fact that it triggers the risk management professionals when identifying risks and opportunities for a business or project.  This ensures that all types of risks are covered.

In our consultancy, we use nine risk categories when grouping risks and opportunities and we use the acronym STEEPCOIL as an aide memoire to remember them, as shown in Figure 2.

PRM Fig 2

Figure 2:  Risk categories

These risk categories are described in more detail below:

  • Social risks:  Social risks cover the well-being of the workforce and the community.  The includes the health and safety of these stakeholders.  It also addresses matters like relocation, skills shortages, corporate social investment and training;
  • Technical risks:  This addresses the risk that the selected process technologies will not meet the business or project objectives, i.e. product quality and plant availability issues.  First-of-a-kind technologies and large scale-ups of proven technologies are normally problematic;
  • Economic risks:  Economic and financial risks cover the profitability of the venture.  It includes issues like equipment cost, feedstock and product prices, logistics cost, effect of project cost overruns, effect of schedule slip, etc.;
  • Environmental risks:  This covers potential impacts on air, water and groundwater, as well as smells, noise and visual impacts on stakeholders.  Included are compliance and reporting risks to the responsible authorities, in line with the environmental management plan for the facility;
  • Political risks:  This addresses the likelihood of political instability and strikes in the country and region where a facility is being planned or operated.  Will the process facility be a high-profile target in case of instability?  Will political risks influence the supply chains?
  • Commercial risks:  Commercial risks include potential problems associated with contractual agreements which can lead to delays, cost overruns or counterclaims.  Here we include risks associated with the marketing of final products and the governance thereof;
  • Organisational risks:  Organisational risks cover the structure and ownership of the company responsible for the establishment and operation of a process facility.  What are the risks that a specific partner brings to the deal?  It also addresses the issue of having a lean organisation structure and suitably qualified and experienced personnel in key positions;
  • IT risks:  Information technology risks are shown separate from the technical risks due to the unique character thereof.  Chemical plants require process control systems, communication systems and business systems to interact and function seamlessly, and;
  • Legal risks: These are risks associated with the specific legal framework within which the business must operate.  Are carbon taxes applicable? What is the likelihood of it becoming a reality?  What legislation is in the pipeline that can impact on the sustainability of a venture.

Risk matrix

Risk assessments can be qualitative or quantitative.  Stochastic modelling is required for quantitative analysis and is considered optional.  Qualitative analysis is always required.

Qualitative analysis is performed using a two-dimensional risk matrix, with the probability of an occurrence along one axis and the consequence of the occurrence along the other axis.  A group of assessors weighs up each risk statement and scores it in terms of probability and consequence, i.e. plots the risk on the matrix.

Risk matrices can anything from a simplistic 2x2 matrix to a very complex 7x7 matrix.  Risks with a low probability and insignificant consequences do not warrant further investigation.  However, high probability risks with significant impacts require attention.   We normally use a 5X5 matrix, which affords sufficient resolution for most applications, for our projects.  An example of a 5X5 matrix is shown in Figure 3, with definitions for a variety of categories.  The numbers in the coloured squares represent the product of the probability and consequence ratings.

The squares of the matrix are colour coded as follows:

  • Green: Low risk;
  • Yellow: Medium risk;
  • Orange: Significant risk; and
  • Red: High risk.

PRM Fig 3

Figure 3:  Illustrative 5X5 risk matrix

The company’s level of risk tolerance determines the placement of the colour squares and which risks will be further addressed.  Companies, or projects, with a high appetite for risk will have a smaller area covered by red and orange squares than those who are risk averse.  Typically, risks falling in the red and orange squares necessitate further action. The risk matrix must be finalised, and agreed to, before proceeding to later steps in the risk management process.

Risk register

The risk register is a live, structured document where risks are captured and managed.  Each risk is assigned a specific risk owner who is the person responsible for the risk reduction actions.

The risk register has provision for a unique risk number, risk category, risk description, and the current risk assessment.  For those risks where further action is required (orange and red risks), provision is made for preventive actions, which reduce the probability of an occurrence, and contingency actions, which reduce the consequence of an occurrence.  On completion of the actions a residual risk assessment is performed to determine if a risk has been adequately addressed.

We prefer to maintain separate risk registers for the project implementation phase and for the operations phase.  Although there will certainly be much duplication, it helps to maintain focus where it is necessary.

Project risk management plan

The output of the planning for risk management step is captured in a project risk management plan.  The risk management plan describes how risk management activities will be structured and performed for a specific project. The risk management plan may include some or all the following elements, most of which have been discussed in detail in the preceding paragraphs:

  • Risk philosophy: Describes the generic approach to risk management on a project. Highlight differences from the norm, if any;
  • Methodology: The risk management procedures, tools (including the approved risk matrix) and sources of data that will be used;
  • Roles and responsibilities: Who is responsible to lead and support the different risk management activities;
  • Funding: Identify funding required for risk management activities and establish protocols for application of funds;
  • Timing: Specify the timing of the different risk management activities along the project timeline and the frequency of meetings;
  • Risk categories: Use the STEEPCOIL example or any other preferred risk breakdown structure;
  • Definitions of risk probability and impacts: These must be specific to the project context, and reflect the risk appetite of the organisation and stakeholders;
  • Reporting format: Here we define how the outcomes of the project risk management process will be documented, analysed, reported and communicated; and
  • Tracking and auditing: Risk audits may be used to consider the effectiveness of the risk management process.

Concluding remarks

A detailed project risk management plan, as described above, is the desired outcome of the planning for risk management step.  However, this is only the first of seven steps in the project risk management process.  Part 2, covering the remaining steps, will be published in the next Insight Article.

References

PMI (Project Management Institute, Inc.), 2017, A guide to the project management body of knowledge (PMBOK Guide), 6th ed. PMI Book Service Center, Atlanta.

Contact OTC for assistance with project risk management in your organisation.

Project Portfolio Management and Optimisation

Project Portfolio Management and Optimisation

By Jurie Steyn

Introduction

Organisations invest in programmes and projects to ensure sustainable growth and an acceptable return on investments for their shareholders.  Suffice it to say here that a programme is a collection of related projects, linked together by a specific business need and clear benefits.

A project portfolio, on the other hand, is a  collection of programmes and projects that define the totality of an organisation’s investment in change to achieve strategic business objectives.  Van Heerden et al, (2015) describe this in a pyramidal hierarchy, starting from enterprise strategy at the top, down to projects at the bottom, as shown in Figure 1.

PPM Figure 1

Figure 1:  Putting portfolios, programmes and projects in perspective (from van Heerden et al, 2015)

Enterprise strategy informs the strategies of individual business units.  In turn, the business unit strategies should drive the development of a portfolio of programmes and projects to be implemented per business unit.  This portfolio should address the business objectives and needs and be within resource constraints.

In this article, the primary focus is on the management and optimisation of the project portfolios to ensure that business needs are adequately addressed, and value is maximised.

Project portfolio management

Project portfolio management (PPfM) is a coordinated collection of strategic processes and decisions that together enable the most effective balance of business as usual and organisational change in terms of programmes and projects.  PPfM is mainly concerned with aligning projects with corporate strategy, and on methodologies for project valuation, selection and ranking.  The output of PPfM is a collection of selected projects, ranked according to their contribution strategy.

The requirements for effective PPfM in any organisation are shown in Figure 2.  Each of these aspects is discussed in more detail below.

PPM Figure 2

Figure 2:  Requirements for project portfolio management

Referring to Figure 2, and starting at the top, effective PPfM can only be achieved if all the following requirements are in place:

  • Enterprise and business unit strategy: Organisational and supporting business unit strategies exist, containing well-defined and agreed strategic objectives with associated targets and measures.  The portfolio office works closely with strategic planning and performance management departments/functions in linking the forecast impact of the project portfolio with the strategic objectives and performance targets.;
  • Programme and project proposals: Change initiatives, i.e. programmes and projects, must be available for meeting the strategic objectives.  A formal procedure for capturing, categorising, justifying and presenting these initiatives must be in place.  This includes the governance of the PPfM process.  The benefits and strategic contribution of each change initiative must be defined in a business case on a consistent basis to understand the performance contribution.;
  • Human and capital resources: Resources, be it technology, capital or manpower, almost always constrains an organisation’s project portfolio.   The reason for the PPfM process and portfolio optimisation is to maximise value for the business, given the resource constraints.  Four levers can be engaged to manage resource capacity constraints, namely the changing of project timescales, decoupling of development from roll-out, descoping, and removal of projects from the active projects portfolio.;
  • Project portfolio management office: PPfM is a dedicated function that requires suitably qualified manpower.  Depending on the size of the organisation, it can vary from a virtual office with a part-time incumbent, to a fully staffed PPfM corporate office (PPfMO).   The project portfolio management office can be associated with the organisation’s project management office (PMO), but must be sufficiently independent of project delivery so that its analyses are objective and credible, and it is not accused of being biased.;
  • Portfolio management and optimisation principles: The principles and methodology for PPfM must be developed, agreed and used to ensure consistent approaches are applied and to provide a clear line of sight across the portfolio.  Senior management must understand and support the PPfM process.  Of importance here is agreement on the methodologies for optimising the portfolio, because it may lead to the delay, descoping or cancellation of ‘pet projects’; and
  • Reporting and feedback: Performance of the overall project portfolio, as well as performance of individual programmes and projects, should be reported to the organisation’s decision-making bodies in a standardised manner at the agreed frequency.  This allows for closing the loop to the strategic objectives, fine-tuning of the PPfM procedures and other interventions as may be required.  A full review of the portfolio should take place on a regular basis (at least annually), to ensure the portfolio remains aligned with the strategic objectives.

Project portfolio optimisation

Project portfolio optimisation (PPfO) is an essential part of the PPfM process. It involves the selection of the best combination of change initiatives (programmes and projects) to ensure that all mandatory needs are met and that the company generates the maximum return on investment for all shareholders under current resource constraints.

PPfO is done with a multi-year view, and aims to prioritise mandatory/compliance projects, current ongoing projects and discretionary projects according to their strategic fit, profitability and risk.  PPfO is a four-step process, as follows.:

  • Prepare project business cases: Prepare and compile business cases for all change initiatives according to a pre-determined methodology and standard.  This is normally done by the proposers and business unit management for their programmes and projects.;
  • Standardise and correct business cases: This is also known as ‘scrubbing’.  The objective is to ensure that all data, assumptions, calculations and logic are correct for all projects so that they can be compared on an equitable basis.  Scrubbed projects should have the correct classification, demonstrate a clear link between strategic objective(s), identify interdependencies with other projects in the portfolio, reflect the most realistic benefit scenario with no double counting, and be error free.;
  • Optimise individual projects: Individual projects are optimised to ensure that projects are the best that they can be in terms of potential benefits versus capital required.  This process was described in detail in the August 2017 Insight Article, entitled Value Chain Optimisation (van Heerden, 2017).  During project optimisation, ways will be explored to reduce capital expenditure, accelerate project implementation timing and increase benefits.; and
  • Optimise overall project portfolio: Prioritise and sequence projects to ensure delivery of strategic objectives, compliance risk, and return on capital invested.  This is done by the project portfolio office in consultation with business unit management.

On completion of the scrubbing step and optimisation of individual projects, project prioritisation can be done.  Prioritising ranks the change initiatives within the portfolio based on one or more agreed measures.  The most common measures are financial metrics (Financial Index (FI), NPV, IRR and payback) or some form of multi-criteria analysis. The purpose of prioritisation is to help senior management and the portfolio governance body answer the following questions:

  • Does the overall portfolio present an adequate return on investment?
  • Is the portfolio balanced in terms of all business units?
  • Does the portfolio support short- and long-term sustainability?
  • Which initiatives should the organisation invest in?
  • What are the most important initiatives?
  • What initiatives must be resourced above all others? and
  • Should any ongoing project be descoped or stopped?

It is only when the proposed change initiatives have been prioritised that detailed project portfolio ‘balancing’, or sequencing, decisions can be made, if considered necessary.  The purpose of the balancing exercise is to ensure that the resulting portfolio is balanced in terms of timing; coverage of strategic objectives; impact across the overall business and business units; stage of initiative development; overall risk profile; and available resources.

Scrubbing and project optimisation will result in changes to the initial profitability and/or capital required for different change initiatives, and thus change their relative priorities.  The balancing step can result in further changes.  The final deliverable from PPfO, which needs to be approved by the project portfolio governing body, is presented in Figure 3.

PPM Figure 3

Figure 3:  Project priorities after scrubbing, project optimisation and balancing

Figure 3 shows four mandatory projects (M1 to M4), four currently ongoing projects (C1 to C4) and ten discretionary projects (D1 to D10).  The available funds for Year 1, shown in green, is sufficient to do the mandatory projects, continue with the ongoing ones and do five of the ten discretionary projects.  The remainder of the discretionary projects will have to stand over to the following financial year.  Additional, and hopefully more profitable, projects will be identified via the projects pipeline in the interim period and these will be included in the analysis for the next year.

Problems arise if the available funds are insufficient to cover the mandatory and the ongoing projects for any given year.  In this case, no discretionary projects can be started and some of the ongoing projects will have to be delayed.  Alternatively, the organisation can enter negotiations with the relevant governance bodies to reschedule or descope mandatory projects.

Note that discretionary projects D5 and D6 have been switched around in Figure 3: this means that a less profitable project is proposed for the capital budget than would have been the case if only financial metrics were considered.  This shows the potential effect of portfolio balancing, as described above.  A less profitable project can take the place of a more profitable one to balance the portfolio in terms of achieving strategic objectives across all business units, because the available funds are insufficient for an additional large project, or because of project interdependencies.  However, interdependencies are often an indication that the projects in question should rather form part of a programme and be evaluated as such.

Benefits of portfolio management and optimisation

The benefits of PPfM and PPfO are significant when fully adopted.  According to the UK Office of Government Commerce (OGC, 2011), organisations which adopt a portfolio management approach can realise some or all the following benefits:

  • More of the ‘right’ programmes and projects are undertaken with greater financial benefits and measurable contribution to strategic objectives;
  • More effective implementation of programmes and projects via management of the project development pipeline, dependencies and constraints;
  • More efficient resource utilisation, with the option of redirecting resources when programmes and projects do not deliver or are no longer making a sufficient strategic contribution;
  • Greater benefits realisation through exploitation of the capacity and capability created across the organisation for PPfO, and capturing and disseminating lessons learned;
  • Enhanced transparency, accountability and corporate governance of the project selection process;
  • Improved interaction between relevant stakeholders, including senior managers, in understanding and meeting organisational needs and expectations and in communicating strategic objectives;
  • Elimination of redundant and duplicate programmes and project portfolio optimised by the unbundling of projects;
  • Improved awareness of aggregated project risks and steps to minimise these; and
  • Improved cross-organisational collaboration in pursuit of shared goals and assurance on consistent and competent programme and project management.

Concluding remarks

Programme and project management specifically focus on ‘doing things right’, whereas PPfM is more about ‘doing the right things’.  PPfO ensures that projects can be evaluated and prioritised on an equitable basis.

PPfM supports effective corporate governance because it links delivery of the organisation’s strategic objectives with investment in change, in a transparent way that enhances effective accountability.  It also provides a framework of rules, practices and decision-making bodies for managing the delivery of the project portfolio that is consistent with best management practice.  Lastly, it provides an audit trail demonstrating the rationale behind investment decisions.

Remember that PPfM will not make decisions regarding the content of the project portfolio, change initiatives to be included or to be stopped.  However, it will provide the information that enables senior management to exercise informed judgement, and it also makes decision-making more transparent.

Feel free to contact any of our consultants for assistance with PPfM and PPfO in your organisation.

References

OGC (Office of Government Commerce), 2011, Management of portfolios. The Stationary Office, Norwich, UK.

van Heerden, F.J., Steyn. J.W. & van der Walt, D., 2015, Programme management for owner teams: a practical guide to what you need to know.  Owner Team Consultation.  Available from Amazon.

van Heerden, F.J., 2017, Insight Article 040: Value chain optimisation.  Available from http://www.ownerteamconsult.com/publications/.  Accessed on 27 October 2017.

Contact OTC for assistance with PPfM and PPfO in your organisation.