Thursday, December 29, 2016

Automation Technologies Pty Ltd

4 Critical Questions to Consider during Change Management Planning

change management planning

There is nothing constant in this world, except change; so the cliché goes...

Change is risky and can happen anytime throughout the operation or lifespan of a business. There are changes that are worth the risk, and changes with associated risks that are not that worth taking on at all!

When you plan to effect change in business (even in the smallest aspect of your industry) you need to thoroughly plan for it - Failing to plan ahead is an excellent way of setting yourself for future failures.

The change management planning process provides you with a “road-map” that you can follow to affect the change.

A change management plan should include:

  • The purpose and the goal of the change in your business
  • Associated costs and resources required
  • Timetable for change implementation
  • Risks associated with implementing change

Here are key points to consider during your strategic change management planning.

These factors are interdependent and all related to one another; it is debatable which really is the most important of them all and will generally depend on your business (size, industry, etc.) and the change you are implementing.

Reason for Change

Reasons vary depending on your business needs. Some companies implement change management to improve distribution and marketing, while others execute change management to improve employee performance or reduce operational cost.

At the end of the day, the overall goal of change management is to increase efficiency and profitability.

Q1: Will your planned change improve business efficiency and profitability?

Costs and Resources for Change

Some businesses underestimate the costs and the resources required for the implementation of their change management. Ideally though, these should be some of the first and foremost issues to consider.

All changes in a business, whether it be for improvement of employee performance or other changes in the business processes, have costs attached. It’s important to know the reason for change management so that you can estimate how much cost will be involved allowing you decide whether the change is warranted.

Q2. What will be the cost to implement your change and what will the return on investment (ROI) of your change be?

Timetable for Change Implementation

Some changes require a longer period of time to be implemented, while others require only months for the implementation. The timetable for change management is also one factor to consider along with its associated cost implications.

Generally, the longer the change management execution, the more costly it will likely be. But, as this is not always the case, analysing the reason for change management and its effect on your change timetable is important during planning.

Q3. How will the change timetable impact your business?

Departments & Personnel Affected by Changes to Business Processes

This is the most critical of all, but not necessarily the most important. Departments, or employees in particular, are the heart of a business. Some personnel might be receptive to change while the others are resistant to it. When changing business processes, you need to consider the positive and negative effects it may have to certain staff members and also to your business.

However, if the business processes really have to be changed for say, the viability of the company, then the positive effects from change will be your sole priority and focus.

Q4. How will staff react to change? Will they be receptive or resist, and how will you deal with this?

Change Management Planning Infographic

Why You Need a Change Management Plan

Change management planning helps to control the negative effects to your business. Answering these four key questions will provide you with some clarity on the viability of implementing change in your business.

Have a good reason:

- If you are making changes that don’t directly improve efficiency and profitability, you are wasting time and resources.

Make sure it’s worth the cost:

- If you are implementing a costly change, then make sure you are getting some return on this investment

Make sure the timetable fits your business:

- Make sure you have adequate time to implement your change and ensure it doesn't have impacts on your business if it goes overtime

Understand how the change will affect your employees:

- Will staff resist? Will you need to let go of potentially troublesome staff members? What will it cost to replace these staff members?

These are a few of the reasons why change management planning is important and required for all changes in your business.

If you believe there is a need to make changes in your business, you must have change management plan.

Subscribe to our mailing list

Tuesday, December 20, 2016

Automation Technologies Pty Ltd

Why You Need a Risk Management Plan

Why you need a risk management plan

When it comes to risk management, having a plan is the key to a safe, functional workplace. More often than not, most work-related incidents can be avoided by implementing a sound risk management plan.

With risk comes uncertainty. And with uncertainty comes the potential for errors. It’s little wonder why then that the process of identifying and managing risks is an essential part of project management.

Errors can be costly. They can not only affect the overall performance of a business’ operations, but also the health and safety of those involved.

The trick is to devise a method to reduce the number of workplace errors. A set of instructions; a plan for those involved in the project. A plan that takes out the ambiguity and complexity of a given task or problem.

If we apply this same logic to risk management, then we can ensure:
  • that risks are being properly managed throughout the life-cycle of a project,
  • that the impact of risks to the business and its individuals will be minimal,
  • and, that strategies and processes are in place in the likelihood of a risk materialising.

What is a Risk Management Plan?

Risk management plans are documents created by project managers that outline project risks, their potential impact on a project and define the responses used to control identified risks.

Often the risk management plan is included in a Project Management Plan or Business Plan, but it may be maintained as a standalone document for large, complex projects.

A risk management plan should at a minimum, cover the following points:
  • Risk management strategy
    • The method used to identifying and analysing risks
    • The frequency that the risk register will be reviewed and updated
    • The responses used to manage risk; commonly these are Avoid, Mitigate, Transfer or Accept
  • Risk Responsibilities
    • Outlines the ownership of risks and who is responsible for managing identified risks
  • Risk Register
    • A table of project risks with information on risk rating, negative or positive outcomes and controls

Why You Need a Risk Management Plan

So, why is a risk management plan so important?

Well, to answer that question, let’s have a look at the following case study:

The Deepwater Horizon disaster - which resulted in 11 fatalities and 5 million barrels of oil being spilled into the Gulf of Mexico - was brought on due to a series of risk management failures.

Risk Management Disaster
Photo: Telegraph UK

According to a federal report,
“The blowout at the Macondo well on April 20, 2010, was the result of a series of decisions that increased risk and a number of actions that failed to fully consider or mitigate those risks.”

It found,
“ evidence that BP performed a formal risk assessment of critical operational decisions made in the days leading up to the blowout. BP's failure to fully assess the risks associated with a number of operational decisions leading up to the blowout was a contributing cause of the Macondo blowout.”

Perhaps the biggest thing come from the fallout of such an event was the failure to notice and react to the “warning signs”. The simple things that could have been done to prevent this disaster show just how important implementing and following risk management protocol is.

No matter how carefully you plan your project, you will likely run into unexpected issues at some point. The purpose of the risk management plan is to identify these potential issues when they are still risks, and develop strategies to deal with them.

The purpose of a risk management plan is to provide the following benefits to a project:
  • Reduce scope creep
  • Reduce project delays
  • Reduce costs & variations
  • Take advantage of opportunities (aka. positive risks)

When do you need to develop a Risk Management Plan?

Short Answer: Straight away! Start your risk management planning process as soon as a project is initiated.

Longer Answer: Your approach to managing risk will change depending on the phase of the project.

Risk Management Planning

01 Initiation Phase

Project initiation represents the project stage with the most risks; the majority being unknown risks. The primary purpose for analysing risks in the initiation stage is to weigh the benefits of project success and ROI against risks, to help decide whether a project should continue into the planning stage.

02 Planning Phase

In this phase, you should begin to identify risks based on planned project activities - You can use the project's Work Breakdown Structure (WBS) as a guide.

Your Risk Management Plan should have all key information and an initial risk register completed by the end of this phase.

03 Implementation Phase

As a project progresses and tasks are completed successfully with no loss, the number of project risks will reduce.

The Risk Management Plan should be reviewed on regular intervals during this phase (as documented during the planning phase) to assess risks that are no longer relevant and to identify new risks which may have arisen.

Make sure you utilise a suitable method of document control to manage your risk management plan documentation!

04 Project Close Phase

At the project close, risk transfer/sharing agreements should be concluded to avoid disputes between external parties and all existing risks should have been mitigated or avoided. A final estimate of the cost of issues due to risks occurring can be made and added to your project documentation.

What you should include in your Risk Management Plan

What you need before your start:

  • The project proposal or initial plan
  • Knowledge of the project, or access to experts to help identify risks
  • Knowledge of stakeholders
  • Related Standards and Government Regulations
  • (Optional) - Business unit or Department project management procedures & guidelines
  • (Optional) - Corporate Business Plan with relevant governing information about the Business Unit/Department

Sections to Include

  • Document Control
  • Executive Summary
    • A summary of how risks are identified, analysed, frequency of review and reporting
  • Introduction
    • Discuss the purpose of the document
  • Risk Identification & Analysis
    • Refer to the risk register
  • Risk Response
    • Outline how you will respond to risks.
    • Comment on how key risks will be dealt with, who is responsible and associated costs
  • Risk Monitoring
    • Outline how often the risk register will be reviewed and who is involved
    • You can also make mention of how often the status of risks will be reported to stakeholders
  • Roles and Responsibilities
    • Outline the roles that key stakeholders have in the risk management process: Steering Committee, Project Manager, Project Team
  • Appendix - Risk Register
    • If you are managing your risk register using a spreadsheet or risk management software, provide a snapshot in each revision of the risk management plan as an appendix


Quote plan to fail and fail to plan

As Benjamin Franklin once said, “Failing to plan is planning to fail”.

The main thing to take away from events like the Deepwater Horizon disaster is that planning is the key to mitigation. And a failure to plan can be catastrophic!

What we have found is that during the life-cycle of a project, you can practically implement risk plans at any stage. The risks during each stage may change and require different approaches.

Outlined above is a rough template as to how you should structure your plan. However, as to how go about implementing these steps is completely up to you.

By breaking down risk management into smaller, manageable steps, you can decrease the likelihood of a risk materialising, and effectively eliminate (as best you can) the likelihood of catastrophic events.

Subscribe to our mailing list

Monday, December 19, 2016

Automation Technologies Pty Ltd

5 Essential Steps for Effective Project Risk Management

Within every industry, every project, every task, every decision - there is always risk. Inevitably, some risks you can avoid, and some you simply just can’t.

Let’s face it - risk management is highly contextual. Depending on your age, your industry, your role or position etc. risks don’t always manifest themselves in the same way.

The reality is, risks evolve and change over time and there’s never going to be a foolproof method to avoiding all risk. There are, however, ways to minimise it and this is where Risk Management come into play.

To get an idea of how it functions, let’s look at the following example…

After working for 25 years as a process manager, Matt is increasingly faced with the challenge of constantly delivering at a high service level or quality in an ever-changing environment.

He is faced with having to avoid potential pitfalls in his daily business operations, whilst also having to upskill and train others that are working beneath him. With this comes the risk of not only unexpected events disrupting normal daily operations, but also the potential for mistakes to occur (whether intentional or not).

This in turn affects his output, as more time is spent needlessly worrying about things that aren’t adding value to the business.

If it were somehow easier to identify, measure and mitigate the types of workplace risks he encounters, he’d be able to:
  • define the problem more quickly, 
  • perhaps find an easier or predefined solution to the problem, 
  • and provide faster information to his colleagues.
Fortunately, best practices are available to him, and he need not look far for effective risk management strategies.

Whilst many industries have their own procedures for identifying, measuring and mitigating risks, they all encompass some common characteristics.

Here are the top 5 essential steps to effective risk management.

5 Steps for Project Risk Management

1. Plan

Start your risk management straight away. That’s right... as soon as the project begins, so should project risk management.

The number of risks impacting a project declines throughout the project's life as the project progresses and milestones are reached.

This means there are far more potential risks which could impact your project! To avoid early issues arising and potential financial implications or delays, start identifying risks immediately.

Some key points to take into consideration during planning are:

  • Utilise risk management standards for more information like ISO 31000 and the Project Manager Institute’s PMBOK Handbook
  • Identify key stakeholders and nominate who the risk owners will be
  • Compile a document or database to track and record risks which will outline risks and responses and control strategies. This is crucial and will become your core project risk management strategy
  • While a qualitative analysis is a key step in the process, you may wish to skip the quantitative analysis. This will depend on the size of your project and financial implications due to risks occurring
  • Certain project risks at project completion will become operational risks. These should be identified along with new risks and acknowledged at project handover
  • Continually review the risks throughout the project. Close risks if they have zero probability and list newly identified risks
  • Ensure everyone has visibility over the risks and risk register, encourage all project members to contribute
  • Determine how “Unknown”, unidentified risks will be handled if they occur

2. Identify Risks & Create a Risk Register

Developing an adequate risk register is an important step in the risk management methodology.

The PMI details that a risk is “an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives such as scope, schedule, cost, or quality.”

There are three takeaways from this statement:
  1. A risk is an uncertain event - Risks that occur are no longer uncertain and become Issues
  2. Risks either have Positive or Negative implications on a project
  3. Risks may impact any stage of a project
Identifying project risks can be a challenging task as there are so many factors that impact the outcome of a project; social, financial, timing, etc.

The suggested approach for identifying risks is:
  • Utilise existing knowledge and previous experience. One of the best ways of creating a risk register is to base it off prior documentation from similar projects such as charter, budgets, schedules, plans, etc.
  • Enlist the assistance of experts who will have greater experience and breadth of knowledge
  • Brainstorm within a team, or if your project is quite large and consists of various teams, have each team perform brainstorming and compile risks that they have identified
  • Utilise theoretical techniques like root cause analysis or the Delphi technique
  • Research case studies from other projects; these are often available in educational text books and other sources.

Risk Management - Probability Chart

Once you have compiled your list of risks, transfer them into your risk register management software or risk register spreadsheet template and get ready to analyse.

At the end of the identification step, you should be aware that there will be unknown risks that have not yet been identified. The challenge in this step is to maximise identification of the known risks and minimise potential unknown risks.

3. Risk Analysis

Qualitative Analysis

You’ve probably seen the green, yellow and red risk matrix? These matrices are a way to view the qualitative risk management step in a graphical form. This is a form of Probabilistic Risk Assessment (PRA) which is the common approach for project risk management.

This step allows you to assess the likelihood of a risk impacting your project, in a positive or negative way and provide you with a clear idea of how to go about responding to the risks.

Managing Project Risks

The two factors used for ranking a risk are:


This is the likelihood of the risk occurring, usually scored between 0 - 1. Any risk that has a probability score over 0.9 is very likely to occur and should be treated as a certainty!

You can determine the probability using:
  • Event Tree Analysis or Fault Tree Analysis
  • Similar techniques to risk identification, past experience, experts, etc.
  • Utilise a rating chart for a more simpler, standardised approach
The image below shows an example of a rating chart, a very common method used by many companies. The chart is a simple way of estimating probability and reduces the need for higher level technical and mathematical skill.


Impact represents the severity of positive and negative effects on the project if a risk eventuated. Impact can be scored from 0 to 1 or estimated on using a scale of low, medium, high, extreme; which can be later plotted on a risk matrix.

What constitutes as a severe impact (and its associated score) should be determined by the type of project, financial ramifications, safety and other factors important to your business.

Risk Impact Chart

To calculate the risk rating, simply multiply the probability and impact. The results will provide you with a clear range of risk ratings which can be responded to appropriately in step 5.

Alternatively, if you choose to utilise a probability rating chart and impact chart to simplify your process, put your results into the risk matrix to identify the risk ratings.

Project Risk Management Matrix

Advanced Predictive Probability

The qualitative analysis can be further expanded to take into consideration, the future impact date and critical dates. The date should be expressed as a probability multiplier applied to the probability x impact calculation.

The resulting figure will provide a predictive approach to risk management which will constantly change, and increase as the project approaches critical risk dates.

Quantitative Analysis

If your project is highly dependant on financial impacts and particular assets, then you may benefit from applying quantitative analysis. One method for the quantitative analysis consists of identifying the ‘Annualised Loss Expectancy’ (ALE) which is derived from the ‘Single Loss Expectancy’ (SLE) to an asset if a risk occurs, multiplied by the estimated annual rate of occurrence.

The ALE figures provides financial decision makers a justification to plan an appropriate response to certain risks.

There are criticisms of the quantitative analysis, and it is worth exploring this topic in further detail to learn if it is required for your risk management.

4. Plan Responses to Risks

There are generally four response strategies that may be applied to reduce negative risks and enhance opportunities or positive risks:

Avoidance: Eliminate the risk
Mitigation: Reduce severity or probability
Transfer: Transfer ownership to another party
Acceptance: Do nothing

The type of response applied to a risk is dependant on the risk rating determined during the risk analysis. You should decide during the planning stage, the risk rating level that each of the response strategies will be applied to, e.g. for an extreme risk rating (highly likely with severe impact), avoidance would likely be the most suitable strategy.

A risk matrix provides a simple, graphical way of identifying which action or response to take.
project risk management strategies

Avoidance Strategies - High Level Risk
  • Cancel activities which may cause the risk
  • Engage in alternative activities
  • Remove root causes
Mitigation Strategies - Medium Level Risk
  • Reduce scope
  • Increase staff
Accept Strategies - Low Level Risk
  • Make no attempt to minimise the severity or probability
  • Understand the risk may happen and accept to deal with issues as they occur

5. Monitor & Control

Lastly, you need to consistently monitor, identify and review risks on an regular, ongoing basis throughout the entire life of your project. During planning, decide on a reasonable frequency to perform risk reviews - this will depend on project complexity, the length of the project and past experience with similar projects.

  • Review existing risks; remove any risks that no longer pose a threat
  • Are there any new risks? Analyse, respond and add them to the risk register?
  • Is the probability of existing risks changing as the project progresses?
  • Are any risks likely to occur in the near future?

You can monitor the effectiveness of your risk management using audits, reserve analysis, variance and trend analysis. Use the results from these analysis techniques to compliment decision making and assist with implementing improvements to your overall risk management process.

project risk management cycle


So there you have it!

By incorporating these 5 key steps into your project risk strategy, you can effectively reduce likelihood and impact of risk.

What do these essentially provide?

If we look at Matt’s story again, we can see how he’s now more capable to manage risk.

By implementing this strategy, he’ll be able to start immediately identifying and compiling risks with minimal disruption to his daily operations, meaning less likelihood of the risks materialising. He’ll also have a fairly good idea of the types of risks he’ll encounter, which means his risk register shouldn’t take long to fill up.

Once he’s created his risk register, he’ll then be able to effectively analyse the probability and impact of each risk; he’ll have a sound metric to evaluating risk levels. In turn, by having relevant information about the risks and their severity, he’ll then be able to more effectively devise appropriate mitigation strategies through prioritisation and teamwork.

This process is also ongoing, meaning he’ll be able to measure how effective these strategies are over a period of time.

Subscribe to our mailing list

Thursday, December 15, 2016

Automation Technologies Pty Ltd

Developing Strategies for Operational Risk Management

developing an operational risk management framework

Risks that can potentially affect the overall performance of an organisation are a major concern for business leaders. So, when you take into account that there is an element of risk in practically every single work environment, you can appreciate how vital it is to have adequate an operational risk management framework.

Operational risk management (ORM) provides a blueprint to minimising the impact of certain workplace practices. This is highly advantageous for most industries due to high costs of failure or where “getting it right” is imperative.

In an operational risk management context, “human error” or oversight can be catastrophic; affecting not only business output, but also the health & wellbeing of staff and the wider public.

What is Operational Risk Management?

Operational Risk management is a continuous process of assessing risks, decision making and implementation of responses (i.e. risk controls; avoid, mitigate, accept).

ORM analyses the risk due to ‘human error’, that a company may be exposed to when operating in their chosen industry and excludes financial or market-wide risks.

Operational Risk Examples Include:

Human risks - employee errors, fraud or other criminal activity
Business risks - failed business processes
Systems risks - technology failures, server and database failures
External event risks - any event that disrupts business processes, e.g. weather
There will generally be lower operational risk in a highly automated industry where minimal human interaction required.

Operational Risk Types

Benefits of Operational Risk Management are:

  • Lower operating loss
  • Reduced compliance & auditing costs
  • Early detection of issues
  • Reduced exposure to risks

Developing a Risk Management Framework

Operational Risk Management like other forms of risk management firstly involves planning, followed by risk identification and analyses. After risk controls have been formulated and applied, you will have developed a framework for your ‘risk management strategy’, for the relevant business environment.

Operational Risk Management Strategy

Identifying Operational Risks

Business process mapping is a common approach for identifying operational risks, involving the investigation of business processes and listing any potential risk sources.

Experienced staff members in the relevant department should be utilised in the identification process as they will have a deeper understanding of the business processes that they implement.


Both qualitative (using likelihood and impact) and quantitative approaches to analysing risks are suitable, although quantitative is only useful if there will be a direct financial loss due to the risk occurring.

For a qualitative analysis, you need to estimate the likelihood that the risk will occur and decide on the level of impact this will have on the business.

During the planning phase, developing likelihood and impact rating charts along with a risk matrix can assist decision making in this step. The alternative approach is to use theoretical calculation to determine a likelihood probability and impact rating which can be multiplied to determine a risk rating. Likelihood(%) x Impact = Risk Rating

Risk Response

Operational risk management controls fall under the categories of avoid, mitigate and accept. There are many methods available for reducing unavoidable risks

Risk Reduction Strategies:

  • Procedures & policies
  • Quality assurance
  • Training
  • Safety checks
  • Security measures
  • Reviewing performance
  • Engaging staff and stakeholders

Monitoring & Improvement

Each stage of the risk management strategy should be periodically reviewed and includes reviewing the risk management plan as well.

During the risk response step, it is common to nominate how often, and when, individual risks should be reviewed. Mitigation responses should always be adjusted and improved to cater for changes in the business and industry environments.

Crisis Management

A related topic to operational risk management is crisis management. Even after a careful and thoughtful risk management strategy has been developed, there will still remain unknown risks.

Unknown risks that eventuate can lead to a crisis event which can cause serious disruption to business operations, leading to potential business closures if they are not handled quickly and effectively (i.e. think about the banking sector during the GFC).

To handle the scenario’s it is essential that business implement a crisis response plan and train their staff adequately so everyone in the company understands their role in the event of a crisis.

crisis risk management

Minimise Your Operational Risk!

An operational risk management strategy is a necessary ingredient to minimising the impact of human error and system failures.

By implementing appropriate risk response initiatives, businesses will ensure they can properly identify and address the impact of risky practices, and in turn devise policies to mitigate them.

Businesses that develop a sound risk management strategy - like the one mentioned above - as part of a business solution will also rest assured that their business interests and their assets are well protected from harm and/or exposure.

Put simply, there’s an immense amount of business value that can be obtained from a risk-free workplace, and it starts from making smart risk management decisions!

Subscribe to our mailing list