Program/Project Risk Management™ (ISO 31000)

Program/Project Risk Management Workshop is a comprehensive and practical two-day workshop, based on ISO 31000 that introduces the participants to the frameworks, standards, principles, processes, and application of project risk management.

ISO 31000 ERMThe workshop follows the Enterprise Risk Management principles and practices outlined in ISO 31000 and ISO 31010 standards.  The reference book (240 pages) for Program/Project/ Risk Management is: ISO 31000: Enterprise Risk Management.

The workshop incorporates Project Risk Management principles and practices adopted by the Project Management Institute (PMBoK), ISO 31,000, along with examples of public and private risk management frameworks such as those of the US Navy, FAA, and IBM.  The workshop explains the tools and techniques that will aid participants in the implementation of project risk management frameworks, principles, practices and tools.  Participants will be given opportunities to apply the project tools and techniques learned to actual project risk examples. The goal for participants is to be able to minimize risks and maximize opportunities during a project’s life cycle. 

Quality + Engineering risk management experts will introduce participants to critical risk management regulations (ISO, NIST, DOE, FDA, FAA, etc.) and employment opportunities that are arising in many professions.

Workshop Objectives
The objective of this workshop is to provide an understanding of specific project risk management frameworks (focusing on ISO 31000, OMB A-123, and OMB A-11) and their successful application. The workshop provides participants with principles, techniques and tools that will help them to address and mitigate project risks they may encounter.

Upon completion, participants will be able to lead and/or actively participate in project teams and evaluate risks in operational and supply chain projects.  Participants will learn and apply project risk management frameworks, processes, techniques, and tools.  Participants will learn how to develop project risk registers, project heat maps, project risk control templates, project risk strategies, etc.

Workshop Format and Methodology
The workshop focus is on project risk management.  The workshop is delivered through lectures, class discussions, individual and group case studies, and exercises.  The topics to be covered include: identifying, classifying, assessing, and controlling project risks and implementing risk mitigation strategies for identified risks.  The workshop will help participants to understand and to develop risk management skills, and to apply what they have learned on real-life projects.  The workshop format is approximately 1/3 lecture, 1/3 exercise, and 1/3 ‘lesson learned’ discussion. 

Workshop Time Frame

The workshop is designed to be delivered in two days. The workshop is based on the ISO 31000: Enterprise Risk Management workbook (240 pages), which each workshop participant receives.  The first day covers general project risk approaches and methodologies based on well-known standards.  The second day applies in detail ISO, PMI, and other frameworks for risk management with hands on application on real life projects.

Who Should Attend
This workshop is an excellent opportunity for project managers and project team members.  The workshop is also intended for any one who is involved in the design, procurement, and implementation of technical, construction, IT, or service projects, who wish to learn more about project risk management principles and techniques.  Participants will learn and experience first hand the tools that will help them to reduce project uncertainty and volatility around project scope, schedule, quality, and cost variances.

Project Risk Management Tools
Participants will take home a risk management toolbox. The toolbox is a collection of several articles (written by Q+E), risk checklists and forms that can be used with any of the major risk management standards or frameworks.  Project tools include: risk maps, risk templates, risk checklists, risk plans, and other tools.  This toolbox will be used extensively during the workshop to give participants enough practice during the workshop.

Learning Objectives

  • Learn and develop a detailed risk management plan to guide project risk management activities.
  • Learn how to identify risk tolerance for project scope, schedule, cost, and quality risks.
  • Learn how to develop a risk register that is complete and accurate.
  • Learn how to quantify project risks.
  • Learn how to apply cost, schedule, scope, and quality project controls.
  • Learn how to prepare risk response (treatment) strategies to mitigate risks, control risks and maximize opportunities.
  • Develop a ‘Next Steps Strategy’ to implement project risk management.

Workshop Outline

  • Introduction to Risk and Risk Management
  • Understanding risk
  • Risk management approaches
+  Risk management definitions
  • Risk appetite and tolerance
  • Generic Risk Management process
  • Types of risk
  • Exercise: Risk assess current projects that have failed recently
  • Casestudy: Similarities and differences between project risk management standards

PMBOK Project Risk Framework

  • Risk inputs
  • Risk tools and techniques
  • Risk outputs
  • PMBOK risk controls
  • Change management approaches
  • Exercise: Review of PMBOK project risk approach
  • Casestudy:  Critical Infrastructure Protection (CIP) management

Triple project constraints (Plus Quality)

  • Cost control
  • Scope control
  • Schedule control
  • Quality control
  • Exercise: Use variance, and risk controls to manage project risks
  • Casestudy: Typical project variance based risk approach based on Q+E risk management projects

ISO 31000 Framework

  • Discussion of ISO framework approach
  • Principles and guidelines on implementation
  • PDCA (Plan-Do-Check-Act) cycle
  • ISO families of risk based standards: ISO 28000, ISO 14000, ISO 27000, etc.
  • Exercise: Review the ISO framework and learn how risk management is the basis for ANSI, ISO, NIST, and other standards
  • Casestudy:  ISO 27000 IT risk standards

ISO 31000 Framework: Establish the Context

  • Understanding the project environment and project objectives
  • How to plan for risk management processes
  • Risk management planning process
  • Components of risk management plan
  • How to focus on project objective
  • Exercise: Develop a risk management plan
  • Casestudy: ISO 28000 supply chain security risk specification
  • Casestudy: US Navy operational risk management

ISO 31000 Framework: Identify the Risk

  • What is risk identification
  • Approaches to risk identification
  • Risk Identification Process
  • Risk statement and developing a risk register
  • Types of risk and risk categories
  • Practical issues related to risk identification
  • Exercise: Develop a set of risk event profiles
  • Casestudy: RAMCAP CIP or ISO 31000 risk standard

ISO 31000 Framework: Analyze the Risk

  • Introduction to qualitative risk analysis
  • Goal of qualitative risk analysis
  • Tools for risk analysis
  • Likelihood and impact analysis of identified risks
  • Producing heat map (risk matrix)
  • Comparison between the qualitative and quantitative approaches
  • Exercise: Analyze risks and develop a heat map for project risks
  • Casestudy: IT project risk management

ISO 31000 Framework: Treat the Risk

  • Treatment alternatives
  • Definitions
  • Steps for developing risk response
  • Information/documentation required to prepare for risk response planning
  • Tools for generating risk response options
  • Strategies for risk response planning
  • Risk response options evaluation
  • Risk response planning deliverables
  • Exercise: Develop strategies and tactics to mitigate risks 

ISO 31000 Framework:

Communicate & Consult

  • Risk control and treatment communications
  • Risk documentation
  • Risk communications
  • Risk deliverables
  • Exercise: Develop strategies to communicate risk strategies
  • Casestudy:  NERC risk auditing (Yellow Book)

ISO 31000 Framework: Monitor & Review

  • Closing the PDCA cycle
  • Requirements of monitoring reviewing
  • Risk auditing (Value Added Auditing®)
  • Exercise: Develop forms for auditing and monitoring project risks

Business Continuity Planning and Management

  • What is business continuity planning?
  • What are the common used standards, NFPA 1600, BS 25999, ASIS, etc.
  • Implementing BCP
  • Exercise: Develop BCP questions using NFPA 1600

Your Next Steps

  • Develop plan for implementing project risk management
  • Exercise: Discuss and evaluate project risk plans

Contact/Registration Information

Greg Hutchins PE CERM
503.233.1012 or 800.COMPETE (US)