risk analysis findings
TRANSCRIPT
Rio Tinto MineralsRTBS DeploymentNovember 28th 2011
2 May 2023 2
RTBS Deployment Risk Analysis73 risks identified
13 Opportunities, 60 Threats 15 class IV, 21 Class III• 5:1 distribution between Threats and Opportunities is reasonable, given project
scope and timescale is already set
• Flat distribution of risks across the four classes - fairly encouraging at this early stage of the project
– The number of class III & IV risks should diminish during BUP and PD (although new risks may emerge)
– Half of class III & IV risks already have plans in place; we have to develop plans for the others
• Recommend that the project appears on the Business risk register
– Threats to RTBS deployment Cost and (less likely) Schedule, driven mainly by complexities involving Contact to Cash and Regional variations
– Some class I & II risks may be upgraded once better understood
– However Jadar risk downgraded – only need deploy simple processes for now
• Potential for improved performance through increased project management effort, e.g. to help ensure risks that cut across all stream leads are managed
• Next review recommended at start of PD, 2.5 months’ time
2 May 2023 3
Opportunity summary
• 13 Opportunities, of which 8 are class III or IV
• All 3 class IV opportunities are rated at Very Likely (>25% probability) and two have plans in place, one needs a response plan
• All class III opportunities require response plans
1
4
5
3
0
1
2
3
4
5
6
Class I Class II Class III Class IV
No. o
f Ris
ks
Risk Class
Opportunity Risk Profile
2 May 2023 4
Threat summary
• 60 threats of which 28 are class III or IV
• 12 class four threats, half already have plans in place– 1 needs regular review - Complexity of regional variations
– 6 have plans in place and will be reviewed before or at PD
– 5 require plans, developed and tested in time for PD
• 16 class III threats, half already have plans in place
15
1716
12
0
2
4
6
8
10
12
14
16
18
Class I Class II Class III Class IV
No. o
f Ris
ks
Risk Class
Threat Risk Profile
2 May 2023 5
8 Class III/IV Opportunities2 Class IV opportunities, already in plan• We may be able to increase our rate of continuous process improvement
through capturing the knowledge collected during deployment.
• We may improve the quality and relevance of the data
1 Class IV Opportunities needing management plan• Decision making may improve if analysts have more time to analyse data
rather than input it to the system (new opportunity introduced by David Muir)
5 Class III Opportunities needing management plans• If we can find other solutions to augment specific CTC requirements we may
deliver a better solution and improve engagement.
• We may be able to find functionality in RTBS that can offer better solutions than currently in place.
• We may be able to capture experience and knowledge from this deployment
• The project may be able to control its costs better through deploying good practice in planning and project management
• RTBS may enable us to implement Contract Management Tracking against actual customer orders and invoices.
2 May 2023 6
12 Class IV threats1 Threat needing regular review• We may encounter intractable problems in deploying all
functionality to some regions
5 Threats needing management plans• If CTC executives do not supply enough detail on their
requirement, their functional area will not receive what they need for the future.
• If we do not translate accurately into other languages we can cause confusion and error.
• If RTBS does not support Carbon Emissions and other reporting requirements we shall fail to meet legal/regulatory requirements.
• If we do not ensure that the quality system interfaces correctly with RTBS we risk alienating customers by releasing faulty or wrong product.
• We may import personal data that weakens protection against data privacy legislation, particularly region-specific legislation.
2 May 2023 7
12 Class IV threats (continued)6 Threats with plans in place but needing regular review• If we do not perform BUP and PD well we shall fail to capture
requirements and may then deploy the system in a sub-optimal way.
• As one of the first BUs to deploy in some regions, we shall probably incur additional costs and disruption during deployment.
• If we find that other regions do not comply with RT current business processes we shall encounter problems with deployment.
• If our Master Data Definitions contain inconsistencies across regions we shall incur operational problems.
• If we do not estimate the full capital cost correctly, or fully identify the scope and requirement, or successfully manage our risks, we may dramatically exceed the expected capital budget and / or timescale for go-live of the RTBS deployment.
• If we do not test the system properly before go live we may incur significant problems during go-live.
2 May 2023 8
Cause and Consequence analysis
• 8 risks driven by the cause “CTC complexity”• 4 opportunities, 4 threats• 1 class IV, 4 class III, 2 class II/1
• 10 risks driven by the cause “regional complexity”• 1 opportunity, class II• 9 Threats, 6 class IV, 1 Class III, 2 Class II
• 44 risks directly impact economic performance consequence• 33 threats• 11 opportunities, including 4 class III
• 30 risks directly impact workforce relations consequence• 4 opportunities including 2 class III• 26 threats, including 2 class IV and 5 class II
• 23 risks directly impact compliance consequence• 1 opportunity, only class 1• 22 threats, including 6 class IV and 6 class III
CTC risks are quite balanced between opportunities and threats. The imbalance of threats in the other categories indicates a
likelihood that some consequences will be felt
2 May 2023 9
8 Risks driven by CTC complexity1 class IV, 4 class III, 2 class II/1
Threats – 1 class IV, 2 class III, 1 class IITA0101 If CTC executives do not supply enough detail on their requirement, their
functional area will not receive what they need for the future.
TG0702 If we harmonize product codes to the full extent possible, we may cause a lot of disruption
TG0703 If we are not careful in implementing our practices regarding pricing we may violate anti-trust legislation or price an item wrongly.
TG0701 We may not be able to ship product due to a lack of an authorization code, due to failure to deliver satisfactory reports to US Customs.
Opportunities – 2 class III, 1 each of classes II & IOA0102 If we can find other solutions to augment specific CTC requirements we
may deliver a better solution and improve engagement.
OF0202 RTBS may enable us to implement Contract Management Tracking against actual customer orders and invoices.
OA0103 If we can include in our scope some of the informal systems already being used (spreadsheets) this will improve efficiency and acceptability.
OD0101 If we can find a way to use RTBS to report letters of credit etc., we can improve reporting and make it more visible.
2 May 2023 10
9 Threats driven by regional complexity6 class IV, 1 Class III, 2 Class II
TA0201 As one of the first BUs to deploy in some regions, we shall probably incur additional costs and disruption during deployment.
TA0202 If we find that other regions do not comply with RT current business processes we shall encounter problems with deployment.
TA0205 If we do not translate accurately into other languages we can cause confusion and error.
TA0206 If our Master Data Definitions contain inconsistencies across regions we shall incur operational problems.
TA0210 We may encounter intractable problems in deploying all functionality to some regions.
TD0201 We may import personal data that weakens protection against data privacy legislation, particularly region-specific legislation.
TA0204 If our business blueprint design does not take full account of detailed local practice and requirements etc. we may encounter operational problems on go-live.
TA0203 If our change management strategy does not take account of culture and local practice etc. we may encounter operational problems on go-live.
TD0101 We may fail to meet legal reporting requirements.
2 May 2023 11
33 Threats directly impact economic performance
1
4
3
2
1
3
2
0
1
6
1 1
2 2
0
1
4
2
1
0
1 1
0
22 2
0
1 1 1
0
1
0
1
2
3
4
5
6
7
Capital Cost Project Schedule Operating Costs Annual Production Annual Revenue Total Business Value
Future Business React/Defend Costs
No. o
f Ris
ksThreat Risk Profile by Economic Consequence Area
Class I Class II Class III Class IV
11 opportunities directly impact economic performance, of which 4 are class III
2 May 2023 12
26 Threats directly impact workforce relationsThese include 2 class IV and 5 class III, as followsTA0205 If we do not translate accurately into other languages we can cause
confusion and error.
TD0201 We may import personal data that weakens protection against data privacy legislation, particularly region-specific legislation.
TA0301 If we try too hard to utilize all RTBS functionality we may overstretch ourselves in deploying too much change.
TA0404 If people fail to attend courses when booked we shall fail to train enough people in time for go live.
TA0407 If we do not test the system properly before go live we may incur significant problems during go-live.
TC0302 We may trigger union negotiations regarding CBAs or individual employee contracts or job descriptions.
TE0101 If management do not deploy the process consistently this would reduce flexibility of the workforce
2 May 2023 13
22 Threats directly impact compliance
6 class IVTA0101 If CTC executives do not supply enough detail on their requirement, their
functional area will not receive what they need for the future.
TA0202 If we find that other regions do not comply with RT current business processes we shall encounter problems with deployment.
TA0205 If we do not translate accurately into other languages we can cause confusion and error.
TA0407 If we do not test the system properly before go live we may incur significant problems during go-live.
TC0701 If RTBS does not support Carbon Emissions and other reporting requirements we shall fail to meet legal/regulatory requirements.
TD0201 We may import personal data that weakens protection against data privacy legislation, particularly region-specific legislation.
6 others at class III
2 May 2023 14
Distribution by risk owner
Total, all
risks
Shared across
streamsThreats Opportunities
Owners I II III IV Total I II III IV TotalMiller, Jim (RTM) 14 12 1 2 4 3 10 0 2 1 1 4Velez, JoAnna (RTM) 8 1 0 1 2 1 4 1 1 2 0 4Rothschopf, Heidi (RTM) 3 2 1 0 1 1 3 0 0 0 0 0James, Jared (RTM) 1 0 1 0 0 0 1 0 0 0 0 0Bush, David (RTM) 10 7 2 4 2 1 9 0 1 0 0 1Delahousie, Dave (RTM) 1 0 0 0 0 1 1 0 0 0 0 0Boothe, Melissa N. (RTP) 1 1 0 1 0 0 1 0 0 0 0 0Gibson, Rick (RTM) 13 9 3 3 3 2 11 0 0 1 1 2Hanson, Tim (IST) 3 0 1 2 0 0 3 0 0 0 0 0Reece, Dane (RTM) 13 10 4 3 2 3 12 0 0 1 0 1Bates, Brian (RTM) 1 1 0 0 1 0 1 0 0 0 0 0Antal, Rod (RTM) 1 1 0 1 0 0 1 0 0 0 0 0TBD Plan & Manage 4 1 1 1 1 0 3 0 0 0 1 1
Total 73 45 14 18 16 12 60 1 4 5 3 13
Risk ownership is concentrated with five individuals• Four of these will be able to share a number of their risks across all the
stream leads
• The exception is JoAnna Velez, who owns 7 risks specific to CTC
2 May 2023 15
Process Recommendations• Next review recommended at start of PD, in 2½ months’ time
– Some risks may be ready for review earlier
• Class 2 risks should also be reviewed at PD stage– E.g. Threat TA0406 – “If training is not effective, people will not
be able to operate the system effectively” may be upgrade if the cost model proves to be complex to use.
• Recommend that the project appoints a risk register manager for day-to-day management of the risk register– Ensure up to date risk profile is available during changing period
of BUP and PD
– Help those Risk Owners who have risks shared across the stream leads to co-ordinate action delivery and status update
• Each stream lead should develop and manage their own list of risks within their own stream, ready for possible escalation to this risk register at a later date.