5. Managing Change is Managing Projects
“Organizations are basically systems of people using
resources to accomplish enterprise mission. Changing how
an organization works is thus fundamentally about changing
how people work and relate to each other.
Organizational development projects are meant to be a
planned process of change for the people in an organization
culture, often using management principles and behavioral
processes.
A major reason why some of these changes fail is because
the action that is planned and undertaken is not treated as a
project and not managed as a project.”
David I. Cleland
5 Project Risk Management_박영민_2010
7. Enterprise Risk Management?
Integrated Risk Management?
Increased risk and reward due to new technologies & new
business methods resulting in
Uncertainty
Complexity
Rapid product obsolescence
Increased outsourcing
7 Project Risk Management_박영민_2010
8. Case Study: Ericsson vs. Nokia
In March of 2000, lightning struck a semiconductor
manufacturing facility owned by Philips Electronics
(see, e.g., Latour, 2001). It caused a fire that lasted about 10
minute and shut down the plant for only a few weeks. But the
plant was the sole source of critical semiconductor devices
used by Nokia and Ericsson to produce mobile phone
handsets. The resulting supply disruption threatened to halt
cell phone production for both firms.
Latour, A.(2001). A fire in Albuquerque sparks crisis for European cell-phone giants – Nokia
handles shock with aplomb as Ericsson of Sweden gets burned, The Wall Street
Journal, January 29.
8 Project Risk Management_박영민_2010
9. Case Study: Ericsson vs. Nokia
At Nokia, the event received immediate executive-level attention.
Nokia launched a textbook crisis management program. Within
two weeks, Nokia officials were in Asia, Europe, and the United
States securing alternative sources of supply. Despite the
fire, Nokia experienced only minimal production disruptions.
Ericsson was far slower to react. It had no contingency plans in
place to manage the disruption. Information about the event
percolated slowly up to executive management. By the time the
company began to mount a serious response, it was already
too late. Nokia had locked in all alternative source of supply.
9 Project Risk Management_박영민_2010
10. Case Study: Ericsson vs. Nokia
The business impact on Ericsson was devastating. The firm
reported over $400 million in lost revenue as a result of the
supply shortages, and its stock price declined by over 14%.
Nokia gained three points of market share, largely at
Ericsson’s expense. Some time later, Ericsson stopped
manufacturing cell phone handsets and outsourced
production to a contract manufacturer.
10 Project Risk Management_박영민_2010
11. Business Risk Examples
The Ericsson case is not an isolated incident. Firm face a wide variety of
business risks, many related to their extended value chains. Poor demand
planning and risky purchasing contracts at Cisco System recently
precipitated $2.5 billion in inventory write-offs and led to massive layoffs
(Berinato, S. (2001). What went wrong at Cisco, CIO Magazine, August 1 2001)
Difficulties implementing supply chain management software at Nike led to
severe inventory shortages, impacting third-quarter revenue by $100
million and shaving almost 20% off the firm’s market capitalization. (Los
Angeles Times, April 2. 2001).
In a case subject to widespread public scrutiny, quality problems with Ford
Explorers using Firestone tires resulted in more than 100 highway fatalities
and forced massive tire recalls (Aeppel et al., 2001; Bradsher, 2001;
Kashiwagi, 2001). This not only created a potential multibillion-dollar legal
exposure for the two firms, but also led to significant loss of brand
valuation.
11 Project Risk Management_박영민_2010
13. Market Risk
is uncertainty caused by fluctuations in the market prices of
financial or nonfinancial assets. For example, when a firm has
operations in multiple countries, changes in foreign exchange
rates can have a significant impact on both the income
statement and the balance sheet. Changes in interest rates
can affect a firm’s interest expense, the value of its loan
portfolio, and the market value of its debt. Price changes for
commodities such as heating oil and electricity can have an
impact on the cost of keeping factories and office buildings
running, and price changes for commodities like steel and
copper can affect the cost of goods sold.
13 Project Risk Management_박영민_2010
14. Credit Risk
is the risk that parties to which an enterprise has extended
credit will fail to fulfill their obligations. Customer defaults, or
delays in making anticipated payments, can have varying
impacts on an enterprise. These range from transient effects on
liquidity to ratings downgrades or even bankruptcy. It might
seem that credit risk should primarily be a concern for financial
services firms, but this is not the case. As recent experience in
the telecommunications and computer industries has shown, a
heavy credit concentration in a risky customer segment can
sometimes lead to severe financial repercussions even for
industrial firms.
14 Project Risk Management_박영민_2010
15. Operational Risk
refers to risks caused by the way a firm operates its business.
It includes risks associated with technical failures, losses
caused by processing errors, and quality and cost problems
caused by production errors. It also includes losses due to
human error, such as fraud, mismanagement, and failure to
control and monitor operations effectively.
15 Project Risk Management_박영민_2010
16. Business Risk
is caused by uncertainty associated with key business
drivers. Business risk tend to be more strategic than other
risks and can be the most difficult to manage. Business risk
factors include the overall state of the economy, fluctuations
in customer demand, supply disruptions, competitive actions
by rivals, technological change, legal liabilities, and
regulatory changes.
16 Project Risk Management_박영민_2010
17. Risk Characterization
Probability of
Occurrence Low Severity High Severity
High Likelihood High Likelihood
IV II
Low Severity High Severity
Low Likelihood Low Likelihood
III I
Severity of
Impact
17 Project Risk Management_박영민_2010
18. A survey says . . .
Executive interest in enterprise risk management programs is
growing. In a survey of more than 200 CEOs and senior
executives at firms from a diverse set of industries
(E.I.U., 2001), more than 40% of the respondents reported that
they were managing risk on a formal enterprise risk
management basis. Almost 20% more planned to do so within
a year, and more than 70% planned to do so within five years.
At present, only 15% of the firms managed risk on a corporate-
wide basis. However, more than 40% expected to do so within
three years.
E.I.U. (2001). Enterprise Risk Management : Implementing New Solutions, Technical
Paper, The Economist Intelligence Unit Limited, London and MMC Enterprise Risk, New
York.
18 Project Risk Management_박영민_2010
19. Enterprise Risk Management
Effective Risk Management
Add value during times of crisis
Improve financial performance
Increase customer satisfaction
Exploit new business opportunities
19 Project Risk Management_박영민_2010
20. Microsoft’s Risk Management
“Risks differ from problems or issues because a risk refers to the
future potential for adverse outcome or loss. Problems or
issues, however, are conditions or states of affairs that exist in
a project at the present time. Risk may, in turn, become
problems or issues if they are not addressed effectively.”
20 Project Risk Management_박영민_2010
21. Project Risk Management Definition
Project Risk is an uncertain event or condition that, if it
occurs, has a positive or negative effect on a project’s
objectives. Project objectives include
scope, schedule, cost, and quality.
프로젝트 리스크는 발생할 경우 긍정적 또는 부정적으로 프로
젝트 목표에 영향을 미치는 불확실한 사건 또는 상황이다. 프
로젝트 목표에는 범위, 일정, 원가 및 품질이 포함된다.
21 Project Risk Management_박영민_2010
22. Project Risk Management Definition
Project Risk Management includes the processes concerned
with conducting risk management
planning, identification, analysis, responses, and monitoring
and control on a project.
프로젝트 리스크관리: 프로젝트에 대한 리스크관리 기획, 리
스크식별, 분석, 대응 및 감시 통제의 수행과 관련된 프로세스
가 포함된다.
22 Project Risk Management_박영민_2010
23. Project Risk Management Definition
The objectives of Project Risk Management are to increase
the probability and impact of positive events, and decrease
the probability and impact of negative events in the Project.
프로젝트 리스크관리의 목표: 긍정적인 사건의 영향 및 가능
성을 증가시키고, 프로젝트에 대한 부정적인 사건의 영향 및
가능성을 감소시키는 것이다
23 Project Risk Management_박영민_2010
24. Project Risk Management Definition
Project Risk Management aims to identify and prioritize risks in
advance of their occurrence, and provide action-oriented
information to project managers. This orientation requires
consideration of events that may or may not occur and are
therefore described in terms of likelihood or probability of
occurrence in addition to other dimensions such as their impact
on objectives.
24 Project Risk Management_박영민_2010
25. 리스크관리는?
프로젝트 리스크는 모든 프로젝트에 존재하는 불확실성에서 비
롯된다. 알려진 리스크는 식별되어 분석된 리스크이다. 이러한
리스크에 대해서는 대응책을 계획할 수 있다. 알려지지 않은 특
정 리스크는 사전 대응적 방식으로 관리할 수 없으므로 프로젝
트 팀에서 우발사태 계획(Contigency plan)을 세워야 한다.
25 Project Risk Management_박영민_2010
26. 리스크관리는?
리스크는 프로젝트를 구상하는 순간부터 존재한다. 사전 대
응적인 방식의 리스크 관리 없이 프로젝트를 진행하면 발생
한 리스크가 프로젝트에 미치는 충격이 증가하며 프로젝트
를 실패로 이끌 가능성이 높아진다.
26 Project Risk Management_박영민_2010
27. Role of Project Risk Management in PM
There is a paradox about project risk that affects most projects.
In the early stages of a project, the level of risk exposure is at
its maximum but information on the project risks is at a
minimum. This situation does not mean that a project should
not go forward because little is known at that time.
Rather, there may be different ways of approaching the project
that have different risk implications. The more this situation is
recognized, the more realistic the project plans and
expectations of results will be.
A risk management approach is applicable throughout a
project’s life cycle.
27 Project Risk Management_박영민_2010
28. Role of Project Risk Management in PM
Project Risk Management is not an optional activity: it is
essential to successful project management.
It should be applied to all projects and hence be included in
project plans and operational documents. In this way, it
becomes an integral part of every aspect of managing the
project, in every phase and in every process group.
Project Risk Management is not a substitute for the other
project management processes
28 Project Risk Management_박영민_2010
29. Principles and Concepts
Project risk is an uncertain event or condition that, if it
occurs, has a positive or a negative effect on a project’s
objectives.
Overall project risk represents the effect of uncertainty on
the project as a whole. Overall project risk is more than the
sum of individual risks on a project, since it applies to the
whole project rather than to individual elements or tasks.
Project Risk Management processes should be repeated
and the corresponding plans progressively elaborated
throughout the lifetime of the project.
Project Risk Management cannot take place in isolation.
Success relies heavily on communication throughout the
process
29 Project Risk Management_박영민_2010
31. 프로젝트관리 프로세스 그룹 연관관계
기획 프로세스 그룹(20) (Planning Process group)
프로젝트관리 활동 순서
계획서 개발(4.2) 배열(6.2)
활동 정의 일정 개발
(6.1) (6.5)
요구사항 수집 활동 기간
(5.1) 산정(6.4)
활동 자원
산정(6.3)
범위 정의 원가 산정 예산 결정
(5.2) (7.1) (7.2)
WBS 작성 품질 계획
(5.3) (8.1)
인적자원 의사소통 계획 조달 계획
계획서 개발(9.1) 수립(10.2) 수립(12.1)
리스크 관리 리스크 식별 정성적 리스크 정량적 리스크 리스크 대응
계획 수립(11.1) (11.2) 분석 수행(11.3) 분석 수행(11.4) 계획 수립(11.5)
31 Project Risk Management_박영민_2010
32. 리스크관리 프로세스
리스크 관리 계획수립 프로젝트에 대한 리스크 관리 활동을 수행하는 방
법을 정의하는 프로세스
리스크 식별 - 프로젝트에 영향을 미칠 수 있는 리스크를 식별하고, 리스크
별 특성을 문서화하는 프로세스
정성적 리스크 분석 수행 - 리스크의 발생 확률과 영향을 평가하고 결합시
켜 추가적인 분석 또는 조치를 위하여 리스크의 우선순위를 지정하는 프로세
스
정량적 리스크 분석 수행 - 식별된 리스크가 전체 프로젝트 목표에 미치는
영향을 수치로 분석하는 프로세스
리스크 대응 계획수립 - 프로젝트 목표에 대한 기회는 증대시키고 위협은
줄일 수 있는 대안 및 조치를 개발하는 프로세스
리스크 감시 및 통제 - 프로젝트 전반에서 리스크 대응 계획을 구현하
고, 식별된 리스크를 추적하고, 잔존 리스크를 감시하고, 새로운 리스크를 식별
하고, 리스크 프로세스의 효과를 평가하는 프로세스
32 Project Risk Management_박영민_2010
33. 리스크 관리 개념 - PMBOK 리스크관리 프로세스
리스크 식별 및 평가
1 2
정성적/정량적 3
리스크 관리 기획
리스크 분석 리스크 순위
리스크 식별
리스크 계량화
새로운
리스크
7 6 5 4
결과문서화 결과 측정 리스크 감시 리스크
및 통제 대응 기획
전략 재 개발 리스크 통제 리스크 완화
33 Project Risk Management_박영민_2010
34. 리스크 관리 개념
Typical Life Cycle Profiles
높은 리스크 발생확률 높은 리스크 영향
프로젝트 생애주기
착수 및 기획단계 실행 및 종료단계
Concept Development Implementation Termination
Opportunity & Risk
Period when
Highest Risks
are Incurred Period of Highest
Risks Impact
Amount at Stake
Time
34 Project Risk Management_박영민_2010
35. 리스크 관리 개념 - Risk & PM Knowledge Area
프로젝트관리통합
범위 LIFE CYCLE과 의사소통
환경적 변수
기대 사항
및 타당성 IDEA / 자료
교환
요구사항 프로젝트 리스크 가용성
품질 인적자원
표 준 (PRM, ERM) 생산성
일정목표 서비스,
제약 공장, 자재
원가 목표
일정 제약 조달
원가
35 Project Risk Management_박영민_2010
36. 리스크 관리 개념 - Risk Breakdown Structure
36 Project Risk Management_박영민_2010
37. 리스크 관리 개념 - 계약 방식 및 리스크 관리
CPPC (Cost Plus Percentage of Costs)
Seller risk lowest (1)
Buyer (owner) risk highest (5)
CPFF (Cost Plus Fixed Fee)
Seller risk low (2)
Buyer risk high (4)
CPIF (Cost Plus Incentive Fee)
Seller risk medium (3)
Buyer risk medium (3)
FPI (Fixed Price with Incentive)
Seller risk high (4)
Buyer risk low (2)
FFP (Firm Fixed Price) (Turnkey, Lump sum)
Seller (contractor) risk highest (5)
Buyer risk lowest (1)
37 Project Risk Management_박영민_2010
38. 리스크관리 개념 - 계약의 리스크 관리
계약 형태와 Risk Allocation 관계도
Scope of work Very little Partial Complete
Uncertainty High Moderate Low
Degree of risk High Medium Low
100%
Suggested risk
allocation Owner(Buyer)
Seller(Contractor)
100%
Contract types CPPC CPFF CPIF FPI FFP
38 Project Risk Management_박영민_2010
39. 리스크 관리 개념 - Risk Responsibilities
프로젝트관리자
리스크 평가 완수와 지속적인 갱신 보장
프로젝트 팀
리스크 평가 보고서 개발
리스크 평가 보고를 기초로 한 리스크 관리 계획 개발
리스크 관리의 궁극적 책임
Project Sponsor
책임의 위임 (Delegation)
프로젝트 리스크 프로젝트관리자(PM)에게 위임
부서 리스크 기능 관리자(FM)
39 Project Risk Management_박영민_2010
40. PM’s Role for Project Risk Management(1)
• Encouraging senior management support for Project Risk
Management activities.
• Determining the acceptable levels of risk for the project in
consultation with stakeholders.
• Developing and approving the risk management plan.
• Promoting the Project Risk Management process for the project.
• Facilitating open and honest communication about risk within the
project team and with management and other stakeholders.
• Participating in all aspects of the Project Risk Management
process.
• Approving risk responses and associated actions prior to
implementation.
• Applying project contingency funds to deal with identified risks that
occur during the project.
40 Project Risk Management_박영민_2010
41. PM’s Role for Project Risk Management(2)
• Overseeing risk management by subcontractors and suppliers.
• Regularly reporting risk status to key stakeholders, with
recommendations for appropriate strategic decisions and actions
to maintain acceptable risk exposure.
• Escalating identifi ed risks to senior management where
appropriate: such risks include any which are outside the authority
or control of the project manager, any which require input or action
from outside the project, and any for which the release of
management reserve funds might be appropriate.
• Monitoring the effi ciency and effectiveness of the Project Risk
Management process.
• Auditing risk responses for their effectiveness and documenting
lessons learned.
41 Project Risk Management_박영민_2010
42. Good Risk Management Practice
Project Risk Management should recognize the business
challenges as well as the multi-cultural environment associated
with an increasingly global environment including many joint
venture projects and customers, suppliers, and workforces
spread around the globe.
Project Risk Management should be conducted on all projects.
42 Project Risk Management_박영민_2010
44. Critical Success Factor for Project Risk Management
Recognize the Value of Risk Management — Project Risk
Management should be recognized as a valuable discipline that provides
a positive potential return on investment for organizational
management, project stakeholders (both internal and external), project
management, and team members.
Individual Commitment/Responsibility — Project participants and
stakeholders should all accept responsibility for undertaking risk-related
activities as required. Risk management is everybody’s
responsibility.
Open and Honest Communication — Everyone should be involved in
the Project Risk Management process. Any actions or attitudes that
hinder communication about project risk reduce the effectiveness
of Project Risk Management in terms of proactive approaches and
effective decision-making.
44 Project Risk Management_박영민_2010
45. Critical Success Factor for Project Risk Management
Organizational Commitment — Organizational commitment can only be
established if risk management is aligned with the organization’s goals and
values. Project Risk Management may require a higher level of managerial
support than other project management disciplines because handling some
of the risks will require approval of or responses from others at levels
above the project manager.
Risk Effort Scaled to Project — Project Risk Management activities
should be consistent with the value of the project to the organization and
with its level of project risk, its scale, and other organizational
constraints. In particular, the cost of Project Risk Management should be
appropriate to its potential value to the project and the organization.
Integration with Project Management — Project Risk Management does
not exist in a vacuum, isolated from other project management processes.
Successful Project Risk Management requires the correct execution of the
other project management processes.
45 Project Risk Management_박영민_2010
46. 리스크 관리 개념 - 용어 (Terms) PMBOK Guide 4th 용어해설
리스크 / Risk. 발생할 경우에 프로젝트 목표에 긍정적 또는 부정적인 영향
을 미치는 불확실한 사건이나 조건.
리스크 수용 / Risk Acceptance [기법]. 프로젝트 팀에서 리스크 대응책으
로 프로젝트 관리 계획서를 변경하는 방법을 사용하지 않기로 결정한 상황
또는 다른 적절한 대응 전략을 강구할 수 없는 상황을 의미하는 리스크대
응기획 기법.
리스크 회피 / Risk Avoidance [기법]. 리스크를 제거하거나 리스크로 인한
영향에서 프로젝트 목표를 보호할 목적으로 프로젝트 관리 계획서를 변경
해야 하는 상황을 감수하는 방식의 리스크 대응기획 기법.
리스크분류체계 (RBS) / Risk Breakdown Structure [도구]. 잠재적 리스크
의 다양한 영역과 원인을 규명하여 리스크 범주 및 하부 범주별로 정리한
프로젝트 리스크 계통도. 리스크 분류체계는 대개 프로젝트 유형에 맞춰
조정된다.
46 Project Risk Management_박영민_2010
47. 리스크 관리 개념 - 용어 (Terms)
리스크 범주 / Risk Category. 리스크를 잠재적 원인 별로 분류한 그룹. 리
스크의 원인은 기술적 원인, 외부 원인, 조직 특성상 원인, 환경적 원인, 프
로젝트 관리상 원인 등의 범주로 분류할 수 있다. 한 범주 안에 기술력 수
준, 기후, 공격적 산정 등의 여러 하위 범주가 포함되기도 한다.
리스크 관리 계획서 / Risk Management Plan [산출물/투입물]. 프로젝트에
서 프로젝트 리스크관리를 체계적으로 구성하고 수행하는 방법을 설명하
는 문서. 프로젝트 관리 계획서에 포함되거나 별도의 보조 계획으로 존재
한다. 리스크 관리 계획서의 정보는 응용 분야와 프로젝트의 규모에 따라
달라진다. 프로젝트 리스크 목록, 리스크 분석 결과, 리스크 대응 자료가
수록된 리스크 등록부(Risk Register)와 리스크 관리 계획서는 다르다.
리스크 완화 / Risk Mitigation [기법]. 리스크 발생 확률과 리스크의 영향력
을 허용 한계선 이하로 낮추는 방법을 찾아야 하는 상황을 감수하는 리스
크대응기획 기법.
47 Project Risk Management_박영민_2010
48. 리스크 관리 개념 - 용어 (Terms)
리스크 등록부 / Risk Register [산출물/투입물]. 정성적 리스크 분석, 정량
적 리스크 분석 및 리스크 대응기획의 결과 자료가 수록된 문서. 확인된 모
든 리스크에 대한 설명, 범주, 원인, 발생 확률, 목표에 미치는 영향, 제안된
대응 방법, 소유자, 현재 상태 등을 포함한 상세한 정보가 리스크 등록부에
들어 있다.
리스크 허용한도 / Risk Tolerance. 조직이나 개인이 감당할 수 있는 리스
크의 크기, 양, 정도. 리스크 전가 / Risk Transference [기법]. 리스크로 인
한 영향을 리스크대응 권한과 함께 제3자에게 이전하는 방식의 리스크대
응기획 기법.
48 Project Risk Management_박영민_2010