PRINCE2 Themes

Prince 2 identifies 7 themes that the project must address continually.  By integrating these themes in its normative processes, PRINCE2 ensures that the themes are addressed.
The PRINCE2 themes are:

1. Business Case – why the project is being undertaken
2. Organization – for PRINCE2, the project is the project organisation. This theme describes the roles and responsibilities.
3. Quality – is about defining and refining the quality attributes of the product, and how the project will meet those attributes.
4. Plans – activities are planned for.  PRINCE2 defines the plans that need to be developed and the steps to undertake to prepare those plans.
5. Risk – PRINCE2 describes how project risks can be managed.
6. Change – assessment of the impact of change to the project
7. Progress – the monitoring and control of the project to ensure it remains viable and what steps to take if reality deviates from plans.

Risk - What Can Go Wrong

There are so many definitions of risk.

The newer versions include 'positive risk' and variations thereof. These definitions try to be very inclusive, to make sure they cover all possible perspectives and manifestations of risk. It can be a bit confusing. Some days

I am tempted to find a simple, clear, usable definition of risk.

I am not yet convinced that 'positive risk' should have the word 'risk' appended to it. On those days when I look at risk management as 'the management of uncertainty' I have no problem accepting that positive risks belong to this domain.

But for now, I will use as the most basic definition of risk:

Risk = what can go wrong.

Risk management = managing what can go wrong

The ‘wrong’ already implicitly includes a reference to our objectives.  If something can go wrong from our point of view, it means something going wrong in relation to our interests.  Something that doesn’t affect us is not something going wrong. So I don’t have to extend it to ‘something that can go wrong with regard to our objectives’  (in any case, I prefer to use ‘interests’ rather than objectives).

The ‘managing’ in ‘managing what can go wrong encompasses identification, assessment, and mitigation.

Let’s see how far these definitions will let me go.

Review of "The Failure of Risk Management: Why It's Broken and How to Fix It" Part 2

In Chapter two of his book, Douglas Hubbard's discusses where the risk management industry has been and where it currently thinks it is.

The chapter starts out with a very brief history of risk management ('800 words' according to the author), tracing the route from the discovery of mathematical probabilities, to its initial commercial application in insurance, and finally down to the modern day emerging 'new character' or risk management, incarnated in regulations like Basel II, and in applications like Enterprise Risk Management. His history is not very complimentary, comparing today's state of risk management as similar to the Old West gold rush towns, where things look brightly painted and pretty, but built on shaky foundations and filled with snake oil peddlers.

His history aligns quite well with Peter Bernstein's own summary, although at a very very high level and, I suspect, very much framed to support his thesis (which I suppose is what the rest of the book is about).

Hubbard then makes a brief discussion of the common risk assessment approaches (expert intuition, weighted scoring, probabilistic models, etc) and suggests that some of these are not up to par for the role risk management is playing (corporate growth survival, after all) and will probably need to be dispensed with.

The next section covers risk mitigation approaches. He has a brief treatment of the common approaches (what risk management book doesn't?): avoid, reduce, transfer, retain. The most interesting part of this section is his list of examples of concrete manifestations of risk mitigation approaches (in contrast to the abstract approaches of
avoid, reduce, etc. His list includes selection processes, contractual risk transfer, insurance, liquid asset position, etc.).

In the final section, Hubbard discusses 3 major surveys of enterprise risk management, conducted by Aon, The Economist, and Protiviti. The surveys show what the executives in these companies thought about what their top risks are (reputation, market, human capital, and regulatory environment figure very high). The surveys indicate that risk management is present in those companies primarily because they are being required to have it (a necessary evil). It also shows that risk
management is well represented and increasingly so at the board level.  The executives seem pretty confident that they are doing risk management well.

Hubbard suggests that that is not the case at all.

The Duck Hunters

Duck hunters shoot ideas as soon as they hear of them.  This is a recipe to become a mediocre team.

Imagine yourself in one of your project meetings.  This particular meeting proceeds just like any other meeting.  You look around checking everyone’s faces. You can plainly see on everyone that unmistakable look that they’d rather be elsewhere.  Everyone knows this meeting is a waste of time.  The meeting conveys nothing that can’t be broadcasted by more efficiently and effectively by email.  But it is a long held ritual and apparently must be perpetuated.

All the ingredients that make up dull meetings are here: meaningless status updates,  the obligatory round-the-table ‘what are you working' on’ exercise, and finally, the question: ‘Is there anything else?’

The more experienced members of the team keep silent.  However, Jack, a new and young member of the team, nervously, tentatively, makes a suggestion:  “Uhm… I was just thinking… uhm… you know how we are implementing the database for this system… I was just thinking, have we determined all the end users who will be using this system?  I was just thinking, they might have different needs and I’m not sure the database as currently designed will be able to handle all their needs. I was just thinking we should maybe make a list of the different kinds of stakeholders and what their needs are”

Jim, the project manager replies dismissively:  “We’ll just be making extra work for us that way. I think you’ll find that even the stakeholders don’t know what they want.”

Bang! A Duck Just Got Shot Down

The project manager’s dismissal of Jack’s suggestion, apparently without even giving it its deserved consideration, is equivalent to shooting down ducks as soon they get spotted. 

Duck? An idea duck.  People who shoot down ideas as soon as they get raised are what I call duck hunters. The moment they hear an idea, they take aim and fire: Bang! Another idea shot down.

Some people are so good at shooting down ducks, almost as soon as they take flight, they are the equivalent of professional duck hunters.  Maybe they find pleasure in shooting down ideas – maybe an ego boost.  Maybe they’re trying to act decisively, but what’s the broader impact to the project?

Let’s take a broader view.

How would Jack feel?  He has put forward what he obviously thought was a good idea, something that he thinks will benefit the team.  But his idea just got shot down, almost not taken seriously.  You can be sure he is anything but more motivated. Next time, he might try again, and when his duck get shot down again, his attempts will come less and less often, until it finally stops.  When people notice their ducks being shot, soon they will stop introducing new ducks. 

How would other project team members feel?  Maybe some of them agree with the project manager.  Maybe some of them agree with Jack?  All of them will notice – at different degrees – how Jack’s idea was shot down.  They will think twice about raising their own ideas.

An environment not conducive to inviting ideas has just been established.  Whether this negative environment continues and reinforces itself to the detriment of the team, or gets weaker allowing more ideas to come up, depends on the next meetings.  If the same thing happens, it will reinforce the negative dynamics. 

When the Ducks Go, the Team Goes

A project team that raises no new ideas, soon becomes a mediocre team, unable to produce anything but the dullest, plainest possible product.

High quality people don’t want to be part of mediocre teams.  A mediocre team will soon experience an exodus of its brightest and most passionate members.  First the exodus will happen intellectually and emotionally.  People will start to tune out.  The team members will still be physically part of the project, but their minds and their passions have long gone.  It is only a matter of time when they also leave physically.

Avoiding Duck Hunting

How does one avoid this problem?  The solution comes from the top.  It must establish a management system where ideas a actively solicited, and rigorously considered. 

I would suggest putting up an idea log, where ideas can be put forward, and discussed and considered, and then rejected, accepted, put on hold, modified, or otherwise acted upon is.  Having a history of ideas generated is a terrific tool for documenting lessons learned.  (Of course, depending on the organisation’s culture, this could be a terrible witch-hunting tool as well).

Save the Ducks

Next time you’re in a meeting, watch for ducks, and for one day -- just one day --  make a note to leave your gun behind and don’t bring it to the meeting.

Risk Versus Risk

One of the most critical processes in managing projects are those addressing project risks.  Some writers go so far as to call risk managent 'project management for adults'.  The implication being that if you’re not doing risk management in your project, then you’re just a kid, you haven’t grown up yet, and have no place among grown-ups (I agree with this view, by the way).

When asked what risk is, quite a few will give an answer that goes something like: 'a risk anything that can go wrong.'  In this view, a risk is something that can go wrong, and therefore risk management is about addressing those things that can go wrong.

But there is another, less commonly known, view of risk.   In this view, risk is something uncertain that may affect the project.  Not something necessarily bad, but something uncertain. 

Let's suppose you are planning a picnic for tomorrow.  Being an adult, you have prepared a risk management plan (your picnics may be boring, but they are predictable).  You have an entry for weather in your risk plan.  In the first view of risk, you look at the weather and look for something that could 'go wrong' that could negatively affect your picnic.  Is it going to rain tomorrow?  If there's a chance of rain, what can we do to mitigate the effects of this rain on the picnic? Perhaps bring an umbrella.  Perhaps plan to hold the picnic nearby an accessible shelter, to make escaping from the rain easier.

In the second view, we look at the weather not as something that is the harbinger of something that can go wrong, but simply something uncertain.  So there's a 50% chance of rain.  Let's prepare for that eventuality.  But there's also a 50% chance of no rain. Let's also prepare for that happy eventuality as well -- perhaps plan to go to a place with a nicer view if the weather clears up.

With this second view, risk is not simply viewed as about bad circumstances that can happen, but simply about all uncertain circumstances. Circumstances which can indeed turn out bad (and whose effects we should be ready to address), but which can also turn out good (which we should be ready to take advantage of).

In the first view, we simply prepared ourselves for the worst.  But in the second view, we also prepared ourselves for the best.

Assumptions

Until we develop the ability to see the future, projects and programmes will have to be run in the face of uncertainty.

In the absence of complete information, assumptions will have to be made. Otherwise decisions cannot be made and activities will stall. At least some of these assumptions are documented in the projects. In the more badly run projects, the assumptions are there uncritically reviewed. Because a project is proceeding as if these assumptions are valid, it is critically important to review the assumptions.

You are trying to cross a bridge and making the assumption that the floor is sound. You have several choices: make the assumption, and proceed to walk normally as if the assumption is correct. You can also make the assumption, keeping in mind that you could be wrong, and proceed with caution, testing every step to see if the assumption holds. You can also, before, proceeding, inspect the bridge, and gather more information about the assumption. How likely is the assumption to be correct? How likely is it wrong? Apart from
physical inspection you can observe the environment. Are locals crossing the bridge? Are there local experts who know if the bridge is sound?

Because the assumptions are the 'floor' on which the programme will be proceeding, it is critical to review these assumptions to see how sound they are. These assumptions should be looked at with the following filters:

• Are they complete? Are these the only critical assumptions?
• Are they valid? Are we making assumptions about things that are not already known to be false?
• Do we have a plan for reviewing the assumptions at a later date, when we may have more information and able to verify or reject the assumptions.
• Have we identified the risks that will arise if the assumptions on which we are proceeding are proven false?

ERM is an Integrative Approach to Risk Management

Risk management as traditionally practiced in organisations, tended to be silo-based.  Risks originating from one area is expected to be managed in that area which is assigned the responsibility for managing, while risks originating from another area is managed by that area. 

One reason Chapman gives as to why this approach developed is our tendency to compartmentalise. Our analytical mindset approach to problem solving leads us to split things into their basic components, to make them easier to manage. 

Over the years, there have been growing recognition that the silo-based approach is flawed.  The impact of risks span across silos -- a breakdown in manufacturing leads to impacts well beyond the manufacturing department.  Mismanagement of risk in one silo affects other silos, which may not be prepared for that risk because they had assumed that other area was managing that risk.  

ERM is a new approach to managing risk.  The thrust is of ERM is the integrative management of risks, understanding the interdependencies, their impacts, and areas where they can be leveraged so that addressing a single cause can prevent multiple risks.

Reference: Chapman, Robert. Simple Tools and Techniques for Enterprise Risk Management 2006.

Tools and Techniques of Enterprise Risk Management, Part 1

I’m going to go through Robert Chapman’s ERM book.  Based on the table of contents, the first part of the book what ERM is. Part II is about ‘The Appointment’ or what I think is a discussion of the engagement process.  The table of contents covers topics about interviewing the client, preparing the proposal, and implementation (of what, I am not sure yet).

Part II covers the Risk Management Process.  It seems to be about a fairly standard process: Analysis of the Business, Risk Identification, Risk Assessment, Risk Planning, and Risk Management.

Part IV covers ‘Internal Influences’ which I think is about internally generated risks.  The table of contents says it covers Financial Risk Management, Operational Risk Management, and Technological Risk.

The final part covers ‘External Influences’ which seems like about risks generated externally.  It discusses Economic, Environmental, Legal, Political, Market, and Social risks.

Finally there are 14 short Appendixes which discuss techniques like SWOT, PEST, VRIO analysis, Change Management, among other topics.

Ten Rules of Effective Language

One of the challenges risk professionals wrestle with is how to convince stakeholders to take specific actions,  such as proactively identifying risks. These stakeholders can be individuals, or they can be organisations.  While these stakeholders are not necessarily reluctant to comply with the requirements of proper risk management, they do have to deal with their own realities, including other demands on their energy,  or simply a perception that risk management is a waste of time.

Perception is reality, as the saying goes.  If you want to change reality, you have to change perception.  And one way to change perception is through communication.  A risk professional often needs to organisational action through reports and recommendations and also through interpersonal communication.

Dr. Frank Luntz, who apparently is a highly sought political speech writer, provides ten rules for effective language in his book, “Words that Work”.   I think when he came up with these rules, he was thinking in the in the context of public speeches, political messages,  and media relations.  But his rules seem a useful guide for a launching  a coordinated approach to getting your message across. 

In summary his rules are:

1. Use Small Words.  Use only words that you are certain your audience understands.  Don’t risk getting your message misunderstood. 
2. Use Short Sentences. If you can deliver the same message using a dozen words, do not do so with a thousand.  Not only are fewer words easier to remember, you stand a better chance at having your writing  read.
3. Credibility is as Important as Philosophy. Make sure you are telling the truth.  Very catchy marketing of something false will fool some people for a little while, but not for long, and not again. 
4. Consistency Matters. This is a nice way of saying: repeat the message over and over, using the same words if possible.  Drill the message in. Repeat until it becomes the truth.  And don’t change your message. Don’t change what you are trying to say.
5. Novelty: Offer Something New. Add a new twist on the language or coin a new phrase that capture the message vividly and clearly and memorably.  Definitely avoid clichés. Avoid it like the plague ;-).
6. Sound and Texture Matter. A slogan that makes sound (like ‘Snap, Crackle, Pop!’) helps make the slogan memorable.  Alternatively, come up with combinations of words that make a distinctive sound (‘Melts in your mouth…’)
7. Speak Aspirationally. Show the way to an ideal place. He gives the example of Crest toothpaste’s “Look ma, no cavities”. Tap into the audience’s aspirations and ideals.
8. Visualize.  Paint a picture with your words.
9. Ask a Question. Engage the listener by asking a relevant and memorable question.  Note that it is a single question, not several.
10. Provide Context and Explain Relevance. Make it very clear ‘why’ you are telling them what you are going to tell them. Give context to your message.

Luntz summarises these ten rules with ten words: simplicity, brevity, credibility, consistency, novelty, sound, aspiration, visualisation, questioning, and context.

You don’t have to follow all his rules for every message you want to get across.  I don’t think that’s possible, nor is it Luntz’s intention.  However, the list is useful as a guide for formulating a memorable message.

A Framework for Risk Management

Froot, Scharfstein, and Stein

The purpose of risk management for an organisation is to ensure availability of funds for financing investments.  Risk management does not create new wealth; investment does. Wealth-creating investment is only possible if there are funds available to finance it. Risk management must be used to ensure the organisation has enough funds to finance its wealth-creating investments should events arise that threaten the availability of funds.

The best funds to use for funding investments are funds created internally.  Funds obtained through debt make the company less attractive for further debt, which may result in a dangerous spiral where it cannot obtain debts when it needs them.  Funds raised from equity raise the problem of investors knowing that organisations sell equity when they know it is overpriced.  So despite Modigliani and Miller, who posited that how the funds are obtained is generally irrelevant, internally generated cash is best for funding further investments.

Hedging is one way to insulate the organisation from fluctuations of funds availability.

To determine what to hedge, think about events you wish to hedge against, and understand the impact of that event to your cashflow requirements for funding wealth-creating investments.  For example, if your company manufactures in Europe (Euro) and sells in the USA. Suppose the Euro appreciates thus making sales in the USA slower. Then cashflow is lessened because a) there is less product demand in the USA and b) the value of dollar sales has decreased comapred to Euro, therefore, there is little incentive to further increase production capacity in Europe, therefore there is lessened need for cashflow during the time.  Thus there is little need to hedge.

However, if opposite occurs, and the Euro depreciates, then sales to the US can be expected to increase (cheaper products), however,

Risk management “lets companies borrow from themselves” by shifting funds to when they are more needed.

The goal is to align the internal supply of funds with the demand for funds. The goal is not to insure against the events (such as exchange rate fluctuations) but to ensure the company has the cash it needs during such times.

The company shouldn’t need to worry much about its own stock prices.  That is a problem for individual investors. They can mitigate that risk through diversification.

Choices of which financial instrument to use must not be left to financial engineers. Managers must align the instrument to the corporate goal – which is to ensure availability of cash appropriate to the environment it is hedging against.

Two key issues in derivative features is mark-to-market vs over the counter. In the former, you need to top up daily to compensate for short term losses. In the latter you only need to pay at maturity date.  The other feature is linearity vs non-linearity. Futures and forward contracts may have no floor. There is symmetry in your gain or loss. Options allows setting a floor to loss, while keeping the option to benefit from the event.

The Risk-Return Effects of Strategic Responsiveness: A Simulation Analysis

Torben Juul Andersen and Richard A. Bettis

Summary:

Companies in turbulent dynamic markets experience volatility in their performance. The turbulence described here is not only a case of going back and forth, or cyclical changes, but a case of structural changes.   Companies need to undergo learning about the new changes, devise new strategies to adapt to the changed market and implement those strategies.  This is called strategic responsiveness.

The paper creates a simulation model to determine the risk and return effects of being strategically responsive.

Organisations learn in at least three ways. One, they gain new knowledge (perhaps a better mental model) and notice that current peformance can be improved.

First order learning involves improving current processes. Second order learning creates new knowledge which changes practices.  Continuous improvement may lead to very efficient processes that are no longer required.

Competitive advantage arises from knowledge creation which increases range of strategy options.  Market learning which is about acquiring insights about market conditions prepares the way to taking steps to capitalise on the market condition.

The simulation model finds that strategic responsiveness does play a part in improving performance in a dynamic environment.  It does not require perfect learning since perfect learning costs more and the extra cost offsets the improvement in cashflow.  Strategic responsiveness is a way to achieve higher performance at lower risk.

When to trust your gut

Alden Hayashi, Harvard Business Review

Summary:

Many decision situations do not lend themselves to quantitative analysis.  For one thing, the situation may be so complex that quantitative analysis simply cannot be applied. Examples include areas in public relations, which person to hire, research, marketing, and strategy.

In other cases there just is not enough data to perform quantitative analysis.

Even if data could eventually become available, there are times when decisions have to be made quickly, or else the opportunity is gone. There is no time to gather and analyse data in a systematic and rational manner. Situations like this can be expected to become more common in today’s increasingly turbulent and globalized economy, where things can change at the drop of a hat.

Executives in the strategic positions of organisations often face these types of situations.  They have to rely on gut instinct to make their decisions.  Although in some cases they are provided the results of quantitative analysis, the numbers are often biased to show why something is a good thing.  For example, mergers and acquisitions often show why the merger would succeed (from a quantitative point of view).  The executives have to rely on their instinct to tell them why it might not work.

The question for a decision maker then is how to tune in to your inner instincts and how to tune your inner instincts.

Executives and researchers discover that you need to have your subconscious knowledge emerge and connect with your conscious knowledge.  This can be done through meditative activities such as driving, day-dreaming, showering, and so on – it all depends on what works for you.

Our emotions assist in the decision making process by filtering out patterns that do not apply and by emphasising patterns that apply. In a sense, our emotions sort out and shortlist the considerations that our rational part of the brain can work with. When making decisions, be aware of your emotions and take them into consideration.

Gut instinct is simply based on rules and patterns we have within our subconscious. Some patterns may be built-in (true instincts).  Some are acquired through experience.

The quality of our gut instinct depends on the number of patterns our subconscious stores, the variety of patterns, and how it is able to interconnect those patterns.  The number of patterns come from our experiences, the variety comes the variety of experiences.

Instincts do not guarantee correct decisions. We need to continually self-assess our decisions and ‘train’ our instincts.  We can do this be reviewing our past decisions, reviewing why they were wrong, or why they were right.

Finally, it is important not to fall in love with your original decisions, but to keep flexible and adjust it as new information becomes available.

Contemporary Enterprise-Wide Risk Management Frameworks: A Comparative Analysis in a Strategic Perspective

Per Henriksen and Thomas Uhlenfeldt

Summary:

Many risk management frameworks claim to be holistic and ‘enterprise-wide’.  Henriksen and Uhlenfeldt argue that for a risk management framework to be truly holistic and strategic, it must address the strategy creation process and not just the strategy implementation arena.  It is in the area of strategy process where many strategic risks are created. Hence, an enterprise-wide risk management system that does not lend itself to be used in the strategy creation process falls short of the mark. 

The authors investigate 4 ERM frameworks that claim to be holistic: DeLoach EWRM, COSO ERM, FERMA (a precursor to the current IRM Risk Management Standard), and AS/NZS 4360:2004.  Their study reveals that while these frameworks claim to be applicable at the strategic level, they fall short of providing actionable guidance on how risk management can be performed concurrently with the strategic processes.

A key weakness lies in the frameworks’ treatment of consolidating, prioritizing, and communicating key risks.  The very point of ERM is to consolidate the key risks faced by the organisation so that it can allocate scarce resources most effectively. The frameworks provide little, if any, guidance on how this consolidation, prioritisation, and organisational communication can be done.

The frameworks also acknowledge that risks can result in positive opportunities for the organisation but provide little guidance on how to take advantage of this.  Since the frameworks are not integrated with the strategy creation process - where the biggest opportunities to identify and seize opportunities exists - the frameworks’ take on positive risks are not that helpful.  The authors recognise that in the real world, preventing losses is the focus of management and identifying opportunities is generally the remit of strategy. 

Hence, while risk management in theory helps in identification and grabbing of opportunities, this is seldom done in practice.  The orientation of the frameworks in the process steps is still heavily slanted toward negative risks.

The frameworks add some value in that they pave the way for common risk language and processes across an organisation.

7 Deadly Sins – Illusory Correlation

Or ‘magical thinking’ as Massimo Piattelli-Palmarini calls it.  This is about making positive correlations even though the supporting data is weak.  Sometimes we notice only data that supports our hypothesis and ignore data that doesn’t.

An example of magical thinking goes like this. We come across a few people who exhibit a certain symptom and also a certain illness, and we associate that symptom with the illness, such that if we see that symptom, then we decide that the illness is also present.

You see someone with red spots, and you diagnose measles.

We forget that sometimes the same symptom appears for a different illnes.  Or the illness is present without that symptom.

7 Deadly Sins – Overconfidence

Massimo Piatelli-Palmarini writes in his deliciously written book “Inevitable Illusions” about the 7 deadly sins of our cognitive illusions.

His first sin is overconfidence. This is where we feel certain about our knowledge of something, but our knowledge does not really warrant such confidence.

He describes experiments where subjects are asked to answer questions and then rate how confident they are about each answer.  Experiments show that our confidence leads our knowledge.

We think we know something more than we really know.

The results of the experiments also bring about something sobering: we are most overconfident in areas we are more knowledgeable about.  That is, the difference between the level of our overconfidence and knowledge in these areas is bigger than the difference between our level of overconfidence and knowledge in other areas - hence we tend to make mistakes of overconfidence in our areas of expertise.

On Issues Versus Risks

Whenever you find yourself in an introductory presentation on risk management, you can expect to hear a question like: “What’s the difference between an issue and a risk?” The expected answer seems to be always: “A risk is something that may or may happen, while an issue is something that has already happened.” 

Correct enough, but this description falls short of conveying any relationship between the two.

Here’s one I coined, I like, and plan to use and re-use: “Issues are the risks you failed to manage, now come to haunt you.”

The sentence makes clear that many of the issues that you face could have been mitigated if only you had done proper risk management.  The assertion is not always true of course.  Some issues just come from unpredictable circumstances, and no risk management is that perfect.  So surely,  there are exceptions, but the strong assertion of the sentence emphasises just that – that exceptions are the exception.

I believe I originally picked up this relationship from Bill Duncan.  A few years ago he quoted someone he knew who said that in a good risk management process, all the issues that arise will have been previously identified in the risk register.  So it’s not my original idea, but I like the “now come to haunt you” bit, which is mine.

Pinpointing the Risk

"It is important to correctly identify the cause from the risk", said the presenter of a risk management process overview.

 

I hadn't given much thought about the distinction between the two, and simply implicitly assumed that I know which is which.  But when I tried to articulate how to distinguish between the a cause and a risk, I felt stuck.  After all, they all seemed to be a chain of event/consequence.

 

Ignoring for the meantime that each event E can be a consequence of any number of events, and that E itself can cause any number of consequence, it is clear that from one point of view, an event E2 can be a consequence of an event E1.  Similarly event E3 can be a consequence of event E2.  So a specific event is both a cause and a consequence.

 

For example, let us suppose we are concerned about the risks our property is facing.

 

Risk: Fire

Cause: Faulty electrical wiring

Consequence: House burns down

 

In this case, we put "Fire" as a risk in our risk register.

 

But what about "Faulty electrical wiring"?  Isn't it a risk as well?

 

Risk: Faulty electrical wiring

Cause: substandard workmanship

Consequence: Fire, leading to house burning down.

 

So should Faulty electrical wiring then be in the risk register?

 

Kik Piney reminded me that it is essential to be clear first about the objectives when going about identifying risks.  Having just studied ISO 31000:2009, I am aware of the relationship between objectives and risk, but for some reason I left it out.  (I am not too sure about being clear first about objectives before going about identifying risks, because sometimes noticing potential areas where things can go wrong will actually help you know what your objectives are).

 

Now suppose we have decided that our objective is "to protect our property".  In this case, it is clear that the risk is fire:

 

Objective: Protect property

Risk: Fire

Risk: Repossession

Risk: loss of property due to plane falling on property

Risk: loss of property due to earthquake

 

"Faulty electrical wiring" is not a risk. Either the property has faulty wiring or it does not.

 

If the objective instead is 'Acquire a problem-free property', then 'faulty electrical wiring' is a risk.  The property we are considering to acquire 'may or may not' have this characteristic. 

 

Final point: always relate risks to objectives.  Nothing new here. Just a reminder.

Project Success

Bill Duncan comments on the definition of project success (link) and touches on the different dimensions beyond merely completing the project 'on time'.  His thoughts sparked a few thoughts as well.

Success can be defined in several dimensions.  The more success criteria defined, the greater the chance that they will conflict with each other.  Invariably, there will be 'success criteria creep.'  Some ranking of success criteria may be required. Perhaps a ranking system may be of use to rank the success criteria according to importance in order to provide guidance whenever conflicts arise.  For example, while it may be deemed important to achieve each major milestone according to schedule, is that more important than completing the whole project on time?  And is completing the project on time more important than meeting a specified project cost?

Other questions to help rank the success criteria might include:

• What are the consequences of not meeting this success criteria?
• Are we prepared to spend more in order to meet this success criteria (otherwise is just a nice-to-have?)  If so, how much? 
• Is it acceptable to fail to meet a success criteria in order to achieve another criteria?

 

Giving this a little more thought, I find a relationship between project requirements and success criteria: why did we define success this way and not that way? The answer lies in the requirements.  We defined this as a success criteria because it is important.  It is important because <project requirement>.  A simple example: success critera A: the stadium is ready for use by March 11, 2011.  Why?  Because a large event is going to use it on March 25, 2011.  Failing to make the stadium available by March 11 means a failure to hold the event.

In Praise of Bibliographies

One of the best things about books are their bibliographies.  Sometimes a book's bibliography is worth more than the book itself.  If it is any good, the bibliography arms you with a map, or a mini-library, to other treasures about the subject you are reading about.   

When you are reading the very first book you have read about a subject, the bibliography is often a map to a new world. If it's a good bibliography, it leads you to treasure. But sometimes it can lead you to a rubbish pile. 

I always skim through the bibliographies of each book I read, marking down titles that may interest me next. 

It’s still vivid in my mind the occasion when I first came across Patrick Henry Winston’s “Lisp”. I remember exactly where I was.  I found a copy at our school library. I was in university, somewhat new to programming, but already infected by an intense interest in computer science, a subject I only had recently discovered. 

I had already read perhaps a dozen Pascal and Fortran books before picking up “Lisp”, but Winston’s was the most wonderfully strange computer programming book I had come across then (and still since). 

First was the very strange programming language (Lisp was not like normal procedural languages).  Then the domain was very new to me (it was the first book I read about Artificial Intelligence).  But it was also because Winston had a quirky writing style.  Looking back later, and understanding his academic interest in how humans learn, I’m sure this style was deliberately designed.

His book imprinted in my mind the names of dozens of computer scientists in the AI field. Names like Marvin Minsky, Douglas Lenat, Elaine Rich, and others whose very unusual sounding names (to me back then) felt like they were not normal humans, but members of a different breed, a strange breed, an alien breed. I swore to read all of them.   

Not all bibliographies are good (and by bibliography I include ‘References’). But, off the top of my head, authors who are great at compiling bibliographies include Andrew S. Tanenbaum, C. J. Date, Jeffrey D. Ullman, Douglas Comer.

Sometimes I forget how I learned about a book. I estimate that of all the books I’ve read or intend to read, the vast majority were inspired from a bibliography of some book I read.

So I thought it might be a fun exercise to list down some key books that have influenced me, write down their bibliographies (I’ll limit it to books only), and see how they are connected.

This is a tedious exercise so it will happen slowly, and when time permits.