Managing Risk in Organisations

Introduction

Risk management is a central part of any organisation's strategic management. It is the process whereby organisations methodically address the risks attaching to their activities with the goal of achieving sustained benefit within each activity and across the portfolio of all activities.

The focus of good risk management is the identification and treatment of these risks. Its objective is to add maximum sustainable value to all the activities of the organisation. It marshals the understanding of the potential upside and downside of all those factors which can affect the organisation. It increases the probability of success, and reduces both the probability of failure and the uncertainty of achieving the organisation's overall objectives (Institute of Risk Management (IRM), 2002).

There are many approaches to managing risk in a business setting. The elements that comprise a risk management plan or program are now well established.

However, in addition to developing a suitable framework and structure to manage risks, most organisations are faced with the challenge of how to implement this and maintain its effectiveness. The organisation must learn to develop a 'culture' in the organisation where people attend to risk and risk management as an integral part of doing business.

This case study looks into the risks that one business unit within an organisation exposed to; then goes into developing a risk management framework that hopefully get embedded into organisation's culture.

The Setting

The organisation in this case study is actually the Professional Services or Delivery business unit of an international enterprise, XYZ. The organisation operates as a provider of software and systems enabling value-added services for voice, messaging, mobile Internet and mobile advertising; converged billing and active customer management; and IP communications.

XYZ has a typical corporate structure, comprising a board of directors, chief executive officer (CEO), executive management team and a number of business units.

The Delivery business unit is responsible for providing professional services to customers. Please refer to the Appendix for details on XYZ's Professional Services business model.

While the unit has enjoyed a healthy grow in the past number of years, one cannot ignore the fact that the entire process from pre-sales phase to post-delivery are exposed to risks. Despite this apparent exposure to risks, there is no formally risk management process in place.

That is not to say that the unit is ignorance to risks. Risks are treated at project level rather than at the unit level.

Risks from Begin to End

When XYZ receives an RFP document from a customer, in almost all cases, the customer expects the response including the point-by-point compliance to the requirements, a solution description and architecture, a project plan, a resource plan and price.

As a member of the tender response team, the Technical Lead is responsible for producing the high-level project plan, resource plan and a Delivery Commercials which will be used for pricing of the deal and planning of the project if and when the contract is awarded to XYZ.

In XYZ, Technical Lead is usually an experienced consultant, who climbed up the ladder through his/her years of project consulting. The Technical Lead uses his/her understanding of the required solution, coupled with his/her experience to estimate the effort and timeframe required to deliver such solution; thence cost to deliver.

The Technical Lead has no tools or repository to ensure that the estimation is accurate or the project plan is correct but only his/her experience. The outputs are reviewed by other Technical Leads if the deal is estimated of more than US $1 million.

If the Technical Lead underestimates the effort required, it impacts of the project bottom line. If he/she overestimates the effort which creates the high cost, then the deal may be jeopardised because of the high price (after the profit margin is applied onto the cost).

Part of the Delivery Commercials, there is a high-level 'risk assessment'. This is a fixed set of questions about the customer's capability, the complexity of the solution (especially about the interfaces, the data quality and migration) and System Integrator's capability (if any). Answers to these questions are added up to produce a 'risk factor'. The factor is then multiplied to the base effort estimation, so to add some buffer to the effort.

Once the contract is awarded, the Delivery Organisation forms the project team. As consultants are sourced from around the region for the project, there are a number of issues and risks to be considered:

Consultants working in countries other than their home countries will require working visas. In Australia, foreigners are required to obtain 457 visas enabling them to work. Stricter measures are imposed to ensure the integrity of the 457 visa program, at a time when the demand for skills was high and the program was growing strongly (Department of Immigration, 2009). Furthermore, there is a quota of 457 visas issued in any financial year as well as a limited number of 457 issued to a company. These visas can take up to 2 months to issue. Similar policies are also found in other countries in APAC.

Indian and Chinese consultants are the lowest cost resources, which would help keeping the project cost low. However, they are unfortunately also the highest risk groups of working visa eligible. The company would have to provide assurance that these consultants have the sought skills and they will return to their home countries after the project. Still, there is no guarantee that they will get their visas.

While there is no easy way to ensure the consultants getting visa in time for the project implementation, there are a number of options that the company can look into to reduce the risk of failure to supply resources impacting the project deliveries:

* Identify consultants who have the skill sets that will be highly likely required in most of projects, then apply a long-stay working visas for these first. There may be a cost incurred however, the cost can be built into the expenses and have the customer reimburse.

* Build in a lead time to mobilise resources into project plan to ensure adequate time for logistics.

* Utilise alternate resourcing pool such as subcontractors. This option can substantially reduce the risk of unable to meet project resource requirements; however it poses a number of issues such as:

o Un-utilised

...