Measuring Change Risk for OrganisationalDecision Making Through a Hierarchical ModelProcess ApproachProcess Approach

Charalampos Apostolopoulos ,George Halikias, Krikor Maroukian, Georgios TsaramirsisCity University London, City University London, King’s College London, King Abdulaziz University May 2014

CRAM (Change Risk Assessment Model) is a novel model

In Brief:

CRAM (Change Risk Assessment Model) is a novel modelapproach which can significantly contribute to the missing formalityof business models especially in the change(s) risk assessmentarea.

Project Management has long established the need for riskmanagement techniques to be utilised in the succinct definition ofassociated risks in projects and agreement on countervailingassociated risks in projects and agreement on countervailingactions as an aim to reduce scope creep, increase the probabilityof on-time and in-budget delivery.

U t ll d h dl f i d l itUncontrolled changes, regardless of size and complexity, cancertainly pose as risks, of any magnitude, to projects and affectproject success or even an organisation’s coherence.

A dAgenda

Significance11

22 CRAM’s Processes22

33 CRAM’s Tree HierarchyCRAM’s Tree Hierarchy

44 CRAM’s Key Factor’s Analysis

55 Summary

C S fCRAM’s Significance

• Ideally, a change or consequence based upon a decision should have a fairly highlevel of predictability and thus a low level of a failure risk materializing which wouldsignificantly undo the decision taken.g y

• CRAM’s significance lies in the fact that focus is given specifically in the interrelationof project environment changes and associated risks which can be assessed.

• The proposed model can be applied in a variety of business sectors irrespective ofsize and complexity taking into account major environmental factors.

• The hierarchical modelling approach which CRAM is based on, is flexible enoughthat, except the analysed and described change risk attributes; on per project basis,these can be fully customised based on customer’s or even organisation’srequirementsrequirements.

CProject Risk Categories

Project Risk Categories

Technical Project

Quality Legal

Performance Environmental

Change ScopeChange Scope

Organisational Quality

External / Internal Schedule

Business Process

Cultural Requirements

CRisk Curve

Risks have a tendency to grow exponentially with time if left unmanaged.Drake (2005a, 2005b), cited via Service Transition v.3, p.143; TSO (The Stationery Office), UK 2007

Figure 1: Risk Profile

C CChange Categories

Change Categories

Individual Rules / Regulationsg

Organisational Evolutionary

Cost cutting Revolutionary

P St t iProcess Strategic

Cultural Transformational

Technical Proactive /Reactive

Planned / Unplanned Technological

CCRAM’s Processes

• CRAM is composed of three interrelated processes which are continually recordedand monitored. CRAM’s processes accomplish specific risk objectives (identification,assessment, monitor & control) which are applied to projects or at a greater extend tobusiness environments with a view to facilitate and control change.

Risk IdentificationRisk Identification

Risk Monitoring & ControlRisk Assessment

Figure 2: CRAM’s Triple Process

fRisk Identification Process

The primary goal of Risk Identification is to recognise the threats and opportunities whichmay affect the project’s objectives and consequently deliverables.

Irrespective of risk categorisation, CRAM proposes the following tools and techniques sop g , p p g qas to identify change risks:

• SWOT analysis• Change/Risk surveys• Change/Risk surveys• Delphi technique• RACI diagrams• PERT diagrams

PESTEL l i• PESTEL analysis• Risk Breakdown Structure (RBS)• Interviews• Brainstorming sessions

Of course, potential risks and required changes can be identified and decided during theentire lifecycle of the project. Nevertheless, they have to be assessed and monitored thesooner the possible.

Risk Assessment Process

A simple definition of risk in terms of probability of occurrence and its related impact isgiven by the formula :

• Risk = Probability x ImpactRisk = Probability x Impact

The majority of quantitative methodologies use extensively probabilities being rather lessambiguous and imprecise; meaning that they are more objective as far as the assessmentof the information and data on identified risks is concernedof the information and data on identified risks is concerned.

Estimation can facilitate project risks in terms of the probability of occurrence and impact.

Evaluation assesses the overall effect of all identified risks aggregated together SomeEvaluation assesses the overall effect of all identified risks aggregated together. Somekinds of risks, like for example financial risks, can be evaluated in numerical terms.

(C )Risk Assessment (Cont.)

Risk Assessment can be accomplished with the aid of a variety of methods andtechniques, such as for example: Simulations, Monte Carlo analysis, CPM (Critical PathMethod), AHP (Analytic Hierarchy Process), risk maps, Bayesian probability and statistics,probability trees or even fault tree analysis.

Concerning evaluation, this can be indicatively accomplished for example by a means ofbenchmark questions, like for example:

• Were all implemented non-standard changes assessed?• Did the approved changes meet the intended goal?• Concerning result does it satisfy stakeholders and more specifically conform toConcerning result, does it satisfy stakeholders and more specifically conform to

customer requirements?• Were there found any unplanned changes; which are the associated risks?• Concerning the implementation phase, did it exceed the project’s constraints?• Are the results documented, for example, in the change risk log?

& CRisk Monitor & Control Process

The Risk Monitoring and Control process mainly intends to: identify, analyse, controland track new risks. Risk monitor and control can be accomplished with the aid of avariety of methods and techniques, such as for example:

• Risk Reassessment• Meetings (consultation, status update) • Variance Analysis• Trend Analysis• Risk Auditing

Alongside the aforementioned CRAM processes an ‘Experts’ Judgment’ may be provenoverall constructive. An expert might be, for instance, an individual (project manager,change manager) of a group of executives (Project Steering Committee, Change AdvisoryBoard) which can influence and advice on CRAM resultsBoard) which can influence and advice on CRAM results.

CCRAM’s Tree Hierarchy

• CRAM hierarchical tree consists of one(1) core (root) node, eight (8) parentnodes, five (5) child nodes and itsrespective sixty one (61) attributes Forrespective sixty-one (61) attributes. Forexample, ‘Communication’ parent nodeconsists of seven (7) risk attributes(sub-factors).

• Depending on the scope anddeliverables of a project, CRAM’snodes and related risk attributeshierarchy per level can change so as toaccommodate more of fewer criteria.

Figure 3: CRAM’s Hierarchy Tree

CCRAM’s web page

http://www.changemodel.net

fLeadership Definition

• Leadership: Project success is accounted in many ways to strong leadership and commitment toproject scope and objectives. Active leadership remains important throughout the entire projectlifecycle, with the application of skills and determinacy to succeed. Therefore, efficient resourcemanagement is necessary to complete each task in its predefined priority. Senior management’sg y y gaccountability is key to effective decision making in the context of ‘firm but fair’ handling, to inspireand lead the project team in achieving high performance levels and overall high adaptation rate toproposed and authorised changes.

Attributes:

- Active- ExperiencedExperienced- Strong- C-level engagement- Authority

Firm but Fair- Firm but Fair- Strategic

Definitions of CRAM’s Risk Attributes can be seen at: www.changemodel.net

C fCommunication Definition

• Communication: Refers to the exchange of ideas or information among stakeholders e.g. projectmanager, team members, board of directors, which are related to change and associated risks.The more complex the organisational structure or the proposed changes, the more communicationchannels have to be engaged. Effective communication is a bi-directional activity which has to beg g ycontrolled and monitored. Communication is an important business environment factorincorporating cultural values) as project’s success is highly dependent on communication.

Attributes:

- Effective- Trustful- Involvement (participation)- Supportive- Common Vocabulary- Knowledge SharingKnowledge Sharing- Conflict Management

C fCulture Definition

• Culture: Collection (but not limited to) of beliefs, attitudes, core values, ways of acting andthinking shared among members or organisations. Culture can impact the way of businessconduction, decision making process, communication attitude and in effect influence projectsuccess. A supportive, knowledge sharing organisational culture can be enough ‘risk taking’ so asg g g g gto match complicated project’s scope and objectives with success. A risk averse business culturemight be problematic against accepting proposed changes which in turn, might cause problems toover decision making, communication and leadership of the project.

Attributes:

- Integrationeg a o- Leadership- Communication- Corporate Values- Rewards Innovative- Rewards Innovative

S

• Changes and the process of managing related risks differ among organisations and business cultures As

Summary

• Changes and the process of managing related risks differ among organisations and business cultures. Asfar as change risk assessment modelling is concerned, there is no one-size-fits-all or all-you-can-eat model.

• Each customer is different, but what stays the same is the expectation and demand for project success,delivery of services and overall customer’s expectations conformance. Each project may require differentdelivery of services and overall customer s expectations conformance. Each project may require differentchanges and handling which may be reflected in culture, leadership, decision making, norms and directivesand consequently in the general way of implementing and managing projects.

• CRAM attempts to take into account various environmental risk factors which influence project success.p p jThese risk factors are modeled, and can be assessed numerically in a top-down hierarchical model.Nevertheless, not all risks are the same or have the same priorities.

• An overall aim of CRAM would be its adoption in project business scenarios on a consistent and repetitivebasis so as to identify patterns related to all parent nodes described previously.

• Finally, CRAM does not actually dictate any direct or indirect walkthrough; rather it is regarded as astructured approach for facilitating change risk effectively.

• Even if for example, no project management framework is adopted, CRAM has exactly the samecapabilities concerning change risk identification, assessment and monitor and control processes.

“I do not believe you can do today’s job with yesterday’s methods and be in business tomorrow”

Nelson Jackson

Ch Ri k f O i ti l D i i M ki Th hChange Risk for Organisational Decision Making Througha Hierarchical Model Process Approach

Questions?

Thank You!

charalampos.apostolopoulos.1@city.ac.uk Research conducted at City University London