[an error occurred while processing this directive]
Go to previous section of document Link to chapter contents   Go to next section of document

Manage Risks

The purpose of risk management is to examine and control relevant risks, to ensure successful delivery of the project. It is essential that risk management begin early in the SCM process. High-value purchases and complex projects of lesser value require the preparation of a specific risk management plan and ongoing risk assessment throughout the project's entire life cycle; however, in less complex and lesser value projects, a plan to deal with risk should be an element of the Individual Purchase Plan. During Process Step 1: Identify Needs, due attention must be paid to identifying risks, their impact, and possible Postal Service response to the risks. This stage is part of the larger risk management process, which evolves throughout the supply chain, and ensures that risks are understood and mitigated to the greatest extent possible.

A risk is a potential event or future situation that may adversely affect the project. Identifiable risk factors contribute to a potential risk. If a risk occurs, there will be consequences that may significantly impact the project. For example:

Risk factor - a new technology is being used for the first time

Risk - adoption of the technology is more difficult than anticipated

Consequence - the delivery of a project is late.

A risk may be caused by more than one risk factor, and, conversely, a risk factor may result in more than one risk.

Risk Management Process

Risk management comprises five steps:

1. Identification - search for and locate risks

2. Analysis - transform risk data into decision-making information

3. Response planning - translate risk information into executable plans and actions

4. Tracking and control - monitor risk indicators and take corrective actions

5. Reaction - implement risk actions in response to actual risk occurrence

Analysis, response planning, and tracking are performed iteratively throughout the execution of the project, as illustrated in Figure 1.9.

Figure 1.9

Risk Management Process

risk management process

Return to top of page

Benefits of Risk Taking

A certain amount of risk taking is inevitable to achieve objectives. Continuous risk management provides a disciplined environment for proactive decision making to:

Continuously assess what can go wrong (risks)

Determine which risks are important to deal with

Define and implement strategies and plans to deal with those risks

Continuous risk management requires that risks be identified throughout the project, not as a one-time-only activity during project planning. Risks must be analyzed on an ongoing basis to address changing project conditions and priorities. As new risks are identified, strategies and plans to deal with them must be developed. The Client and Supply Management may make the decision to stop the project, based on an unacceptable level of risk.

Risk Identification

Risk Identification is a systematic attempt to specify threats to the project (estimates, schedule, resource loading, etc.). By identifying known and predictable risks, the Client and Contracting Officer take the first step toward avoiding them when possible and controlling them when necessary.

While it would be impossible to anticipate the complete universe of risks, the aim is to clearly identify the 20 percent of risks that would have 80 percent of the potential impact (Pareto Principle [80/20 Rule]). The following activities are useful for clarifying and identifying risks:

At the initial stage of risk identification, convene a brainstorming session of the Purchase/SCM Team, during which each member has an opportunity to identify a few project risks.

Interview stakeholders responsible for ongoing programs and projects, and consider the opportunities/impact of the current activity.

Check with suppliers regarding their plans for delivering the desired outcome.

Discuss with all parties involved their understanding of the mission, aims and objectives, and plans for delivery of project results.

For repeating projects, create a risk checklist that focuses on a subset of known and predictable risks.

Ask "so what?" after each potential risk is identified, until a clear cost or consequence of the potential effects of a risk, or an issue that needs resolution, is identified. For example:

- Statement: "Project duration will be greater than 36 months."

- Question: "So what?"

- Answer: "Project staff may be unwilling to work on the project for all 36 months."

- Question: "So what?"

- Answer: "The risk is that the project will take 10 percent more time than currently budgeted, to allow for the learning curve as new personnel join the project. There is also an issue that staff changes in mid-project are not acceptable to the Client."

Return to top of page

Risk Analysis

Risk analysis involves the following major activities:

1. Evaluate the properties of a risk to determine the expected impact and probability of the risk's occurrence. Each risk is categorized as high, medium, or low, based on the impact of the risk on the various project elements (e.g., cost, schedule, and quality).

High risk - a major problem exists with definite, serious financial exposure and/or customer dissatisfaction. Failure to manage the risk would result in project failure. Aggressive management action is required to bring the project under control.

Medium risk - a significant problem currently exists that requires corrective planning. A probability exists for exceeding estimates or budgets, customer dissatisfaction, and/or limited financial exposure. Failure to manage the risk would result in degradation of the project performance. Management action is required to bring the project under control.

Low risk -the project is currently under control. However, existing or potential problems have been identified that will require positive management attention to maintain stability.

1. Determine the likely time frame during which the risk can be expected to occur.

2. Determine the probability of risk occurrence. Probability is categorized as high, medium, or low, based on the likelihood that the risk will occur.

3. Based on risk impact, probability, and time frame, determine critical risks and those of the highest priority. It is important to note that priorities change throughout project execution, and it is critical to continually review risks and prioritization.

Analysis of risk factors continues throughout the execution of the project as conditions change. Issues, changes, schedule delays, defects, and staffing anomalies are a few examples of the conditions that may arise that could affect risk.

Return to top of page

Risk Response Planning

Once a risk is identified and analyzed, risk response planning is the function of deciding what, if anything, should be done with a risk. The Purchase/SCM Team should consider the following approaches when responding to the risk:

Acceptance - accepting the consequences of a risk occurrence without further action, but continuing to observe for increased likelihood of occurrence.

Risk transfer - transferring some or all of the responsibility for dealing with a risk to the supplier.

Risk reserve - deciding to use monies set aside as a risk management reserve or risk contingency reserve. As a whole, a risk reserve should be comparable to the probability of costs related to accepted risks and contingency plans that would be implemented, should the risk occur.

Risk containment - two types of risk containment:

Risk mitigation - taking steps to affect risk factors to lessen risk by lowering the probability of a risk occurrence or reducing its effect should it occur.

Risk contingency planning - the development of a risk contingency plan for a particular risk or for multiple risks.

It is important to emphasize that the Postal Service will not be able to control or transfer every risk. On a high level, a risk will fall into one of these three categories, which will affect the Postal Service's ability to respond:

Business risk - whatever affects the Postal Service's ability to meet business objectives. These risks are managed by the Postal Service and cannot be transferred.

Service/operational risk - includes design/build/finance/operate project risk. These risks are managed by the party best placed to do so. Suppliers and Clients share detailed plans for managing risks.

External risk - beyond your control, such as legislation, changes in marketplace, etc. Suppliers and Clients produce and maintain plans for mitigating these risks.

Return to top of page

Liquidated Damages

Liquidated damages are a contractual remedy the Postal Service may use when there are delays in delivery or performance. Liquidated damages are based on an estimate of daily losses that would result directly from a delay in delivery or performance. Generally, liquidated damages are included in all construction contracts.

It is important to remember that providing for liquidated damages usually increases the contract price as suppliers typically factor them into their pricing; therefore, their use should be carefully considered. Liquidated damages may not be used as a penalty for failure to deliver or perform on time. The use of liquidated damages should be included in contracts only when:

Delivery or performance is so critical, and the failure to deliver on time or perform will result in such extensive damage in the form of additional costs or loss of potential savings, that the probable increase in contract price is warranted; and

The amount of actual damages would be difficult or impossible to prove

The rate of liquidated damages must represent the best estimate of the actual daily damages that will result from delay in delivery or performance. A rate lower than the actual estimated rate may be used to avoid excessive price contingencies in proposals. The Contracting Officer must determine and document in each case that the rate is reasonable and not punitive. The rate should, at a minimum, cover the estimated cost of inspection and supervision for each day of delay. Whenever the Postal Service will suffer other specific damages due to a supplier's delay, the rate should also include an amount for these damages. Examples of specific damages are:

The cost of substitute facilities

The cost of lost workhours/productivity

Rental of buildings or equipment

The cost of additional inspection

If appropriate to reflect the probable damages, considering that the Postal Service may terminate for default or take other action, the assessment of liquidated damages may be in two or more increments with a declining rate as the delay continues. To prevent an unreasonable assessment of liquidated damages, the contract may also include an overall maximum dollar amount, a period of time during which liquidated damages may be assessed, or both.

Whenever liquidated damages will be assessed for a supplier's delay, the contract must include Clause 2-10: Liquidated Damages, modified as necessary.

Return to top of page

Risk Tracking and Control

Risks are reassessed every month to confirm their status. As a consequence, new risks may be identified, the impact of the existing risk may be changed, or the risk may no longer have any impact and is removed.

Risk Reaction

In this step, a risk has occurred, action is taken to correct the risk, and the contingency plan is launched (if necessary). Risks are considered closed when they are no longer considered threats to the project.

When the number of risks is small on a project, the Risk Management Plan may be limited to one section of the overall project plan, without details of evaluation and prioritization.

Go to previous section of document Link to chapter contents   Go to next section of document