PVaR - Book review
1 May 2019
Dr. Moria Levy
"PVaR: Project Value at Risk" was written by Nicki Kons in 2016. Nicki Kons, a specialized project manager in the domain of risk management, holds a connection to us through Teva as a friend and also serves as a consultant, lecturer, and researcher in this field. The book sets out to address the diminishing managerial focus on risk identification and mitigation. It does so by presenting an abstract model for risk management within the realm of project management. This model establishes a crucial link between risks and the facets of project output that project managers grasp and vigilantly oversee – specifically, the adherence to project timelines and budgets, as initially planned.
The book covers the following topics:
· Introduction to Risk Management
· Potential Future Trends
Frequently, we need to pay more attention to the significance of knowledge management within the broader project management scope, particularly concerning risk management. It is of utmost importance that we acknowledge this aspect and strike the appropriate balance to ensure a secure voyage toward the pre-established destination while adhering to the planned timeline and budget. Although this summary undoubtedly cannot supplant the experience of delving into the complete book, it serves as a window of insight that will spark a burgeoning interest and inspire further exploration.
Introduction to Risk Management
• Risk Management: An ongoing process aiming to identify risks, assess their severity, and formulate action plans for enhancement. It operates as a managerial tool within the manager's toolkit (ML).
• Quantitative Risk Management: A process predominantly relying on data and applied formulas for identifying and evaluating risks. Widely embraced in stock trading, it offers an objective approach, utilizing numerical analysis for a sense of control and streamlined communication.
• Qualitative Risk Management: A process predominantly relies on human assumptions and evaluations for risk identification and assessment. It's more subjective and practical when data is scarce. Striking a balance between quantitative and qualitative approaches proves beneficial across activities.
• Key Risk Indicators (KRIs): Indicators designed for risk monitoring and control, distinct from Key Performance Indicators (KPIs), though some overlap may occur. For instance, oil price acts as a KRI in the transportation market.
• Overall Project KRIs: A collection of project risk management indicators categorized as "Health" indicators (reflecting risk management itself – treatment rates, exposures, etc., over time) and data linking KRIs to executive business outcomes.
Numerous methods facilitate risk identification, including brainstorming, structured or semi-structured interviews, Delphi, checklists, HAZOP, scenario analysis, etc., ranging from quantitative to qualitative approaches.
Graphs for Visualizing Risks:
Accepted graphical representations for risks encompass a risk matrix (likelihood and impact), a heat map (more sensitive risk visualization), a bubble map (incorporating color, shape, and size dimensions for comprehensive information), and a standard graph (e.g., risk management reserve changes over time).
1. Employing at least two risk detection methods is advisable, favoring those engaging SYSTEM2 thinking (as per Daniel Kahneman's "Thinking, Fast and Slow"). Overreliance on brainstorming should be avoided.
2. Recognize that in an average project, only 60% of risks are detected (the "black swan" phenomenon). Allocate reserves for the entire 100%, not merely 60%.
3. Continually repeat the process of identifying new risks. Addressing existing risks doesn't guarantee the prevention of new ones.
4. Feeling comfortable within the risk management process signifies a risk in itself. Explore diverse methods, enhance existing ones, or seek alternative perspectives.
5. Connect each managed risk to a corresponding risk management plan, falling into categories such as avoidance, risk/impact reduction, risk transfer, or acceptance.
6. Maintain a comprehensive risk database encompassing name, description, numbering, likelihood, impact, score, identification date, root cause, identifying factor, impact timeline, external significance, and responsible entity. Establish a consistent possibility and impact scoring framework and monitor risk changes over time.
7. Post-project, assess the risk management process for insights and improvements in future endeavors.
The PVaR Term – Derived from the Well-Known Financial Term VaR
VaR – Value at Risk: The essence of this term is to offer a succinct response to a fundamental question: what is the potential value at risk in the current context? Its inception traces back to the 1980s and 1990s within the financial domain, gaining prominence through its association with K.P. Morgan. Notably, Morgan received daily VaR values post-closure of the stock exchange, shedding light on the exposed funds. The VaR concept encapsulates three pivotal elements: the monetary exposure at risk, the timeframe of the risk (e.g., the forthcoming day, month), and the level of certainty in the assessment (typically ranging from a minimum of 66% to a maximum of 99%). For example, consider $1 million of investments exposed to risk for the upcoming trading day, with an 80% level of assessment certainty. The merits of VaR (and its integration into the realm of projects) rest in its significant yet uncomplicated nature. It represents a figure easily communicable for managerial decision-making. However, it's crucial to exercise caution: VaR should not stand alone; it forms a singular facet within the broader context and should be complemented by stress tests.
PVaR – Project Value at Risk:
Let's initiate by establishing the definition of a Project: an exclusive endeavor characterized by defined parameters, requisites, a designated commencement and culmination date, and a designated budget. PVaR pertains to the project's value – the successful delivery of intended outcomes to the customer, whether an internal or external entity. It addresses the risk inherent in delivering this value concerning 1) temporal restrictions and 2) financial constraints. Examples of PVaR encompass a PVaR of 75% over ten months, denoting the project's anticipated completion with 75% certainty within the stipulated timeline; a PVaR of 85% for a million dollars, indicating the project's likely achievement with 85% certainty and a budget not surpassing $1 million.
Crucial to acknowledge – although resembling an index, it fundamentally embodies a shift in perspective. It equips project and organization managers with an intelligible numeric measure that guides their actions. Nevertheless, this index doesn't substitute comprehensive risk management, which aids risk identification and elevates certainty percentages. Its purpose is to steer managers towards informed actions grounded in the acknowledged level of risk concerning time and budget. Adaptable to diverse project types, whether within private or government institutions, spanning domains like contracts, finance, construction, or computerization, PVaR offers a versatile methodology.
How to Achieve the Anticipated Value?
1. Identify Risks.
2. Formulate Actions and Analyze Resources:
• Develop action plans for both the project and risks.
• Allocate time and budget to activities within these plans (including task dependencies).
3. Calculate the Risk: Follow the steps outlined below.
4. Visualize PVaR as a Graph and Incorporate Certainty Levels Based on Simulation Outcomes.
Several methodologies exist for calculating PVaR. Although we won't delve into every calculation here, we'll highlight the primary approaches:
• 3-Point Estimation Process: Assign minimum, maximum, and expected assessments to each task and interpolate between them.
• Lite Estimation: Multiply the allocation of each activity by the average budget/time deviation coefficient, utilizing historical performance data from the organization.
• Statistical Evaluation: Employ simulations based on the Monte-Carlo algorithm to determine the adherence to initial assessments for each activity and subsequently derive deviations.
It's vital to acknowledge that only some organizations are mature enough for a comprehensive assessment (mainly if it's a novel endeavor), and projects might not always possess sufficient data (e.g. when seemingly related activities have no actual interdependency). In such scenarios, opting for a more straightforward method like organizational assessment is advisable. Proficient practitioners can go beyond risk assessment and delve into the underlying risk sources (sometimes, a single factor can influence multiple risks). These sources can then be integrated into risk assessments, for instance, by incorporating them into Monte Carlo algorithm-based planning.
Nevertheless, it's essential to assess risks and implement action plans for prevention, reduction, or transfer. Waiting for risks to materialize is imprudent. Furthermore, conducting sensitivity tests to evaluate the repercussions of these action plans in various scenarios on the projected total cost and time of the project is highly advantageous. An important observation: Organizations utilizing an EVM index can leverage it for risk assessment.
What if the organization isn't prepared for any of these methods? Adopt a WorkAGILE approach or employ any other strategy to safeguard against deviations in project time and budget.
It's a familiar fact, yet it holds paramount importance in conveying PVaR effectively. Why? Because some individuals may need more interest or help to grasp its significance. Moreover, varying factors attribute different connotations to it. Additionally, some might be reluctant to acknowledge their limited comprehension of the presented risks' import. So, who should you direct your communication efforts towards? Across diverse levels, organizations, and projects, the intended recipients of PVaR include:
• Organizational Management
• Chief Financial Officer
• Operational Units
• Project Teams
1. Emphasize the importance of conveying the term itself (PVaR) and establishing its distinctive brand. A well-defined name facilitates...
2. Highlight the essential correlation between PVaR and other key value indicators (such as profit, reputation, innovation, etc.).
3. Recognize that the ISO-31000 standard underscores the obligation of effective communication.
4. Sustained communication forms the bedrock for enabling cross-organizational comparisons.
Potential Future Trends
What Awaits Us After the Implementation of PVaR, as Illustrated Above? An array of possibilities unfolds. Below, we delve into some captivating prospects:
• Opportunity Management: Organizations may transition from an exclusive focus on risk management to embracing opportunity management. In this emerging paradigm, PVaR would also contribute to opportunities management.
• Heightened Quantitative Risk Management in Projects: The project landscape predominantly leans on qualitative risk management. The introduction of the PVaR concept has the potential to stimulate a shift towards more robust quantitative risk management within projects.
• Advancement of Knowledge-Based Processes in Risk Management: The arena of project risk management processes and methodologies offers ample scope for refinement. An optimistic trend entails continuous improvement in this knowledge domain, paving the way for more methodical and comprehensive approaches in the future.
• Strengthening Personal Proficiency of Project Team Members in Risk Management: Another foreseeable, or at least aspirational, trend envisions the expansion and deepening of risk management skills. This could encompass not only dedicated risk management specialists but also all members of project teams. Is risk assessment a component of employee evaluation tests? The answer remains uncertain, yet the author's aspirations are lucid and apparent.
So, what lies in the actual future? What evolutions await, and within what time frame will they unfold? The road ahead stretches long, and we should grasp the chance to embark on this journey, savoring each step of the way.