2. RTBS Deployment Risk Analysis
73 risks identified
13 Opportunities, 60 Threats 15 class IV, 21 Class III
• 5:1 distribution between Threats and Opportunities is reasonable, given project
scope and timescale is already set
• Flat distribution of risks across the four classes - fairly encouraging at this early
stage of the project
– The number of class III & IV risks should diminish during BUP and PD
(although new risks may emerge)
– Half of class III & IV risks already have plans in place; we have to develop
plans for the others
• Recommend that the project appears on the Business risk register
– Threats to RTBS deployment Cost and (less likely) Schedule, driven mainly by
complexities involving Contact to Cash and Regional variations
– Some class I & II risks may be upgraded once better understood
– However Jadar risk downgraded – only need deploy simple processes for now
• Potential for improved performance through increased project management effort,
e.g. to help ensure risks that cut across all stream leads are managed
• Next review recommended at start of PD, 2.5 months’ time
30 November 2015 2
3. Opportunity summary
30 November 2015 3
• 13 Opportunities, of which 8 are class III or IV
• All 3 class IV opportunities are rated at Very Likely (>25% probability)
and two have plans in place, one needs a response plan
• All class III opportunities require response plans
1
4
5
3
0
1
2
3
4
5
6
Class I Class II Class III Class IV
No.ofRisks
Risk Class
Opportunity Risk Profile
4. Threat summary
• 60 threats of which 28 are class III or IV
• 12 class four threats, half already have plans in place
– 1 needs regular review - Complexity of regional variations
– 6 have plans in place and will be reviewed before or at PD
– 5 require plans, developed and tested in time for PD
• 16 class III threats, half already have plans in place
30 November 2015 4
15
17
16
12
0
2
4
6
8
10
12
14
16
18
Class I Class II Class III Class IV
No.ofRisks
Risk Class
Threat Risk Profile
5. 8 Class III/IV Opportunities
2 Class IV opportunities, already in plan
• We may be able to increase our rate of continuous process improvement
through capturing the knowledge collected during deployment.
• We may improve the quality and relevance of the data
1 Class IV Opportunities needing management plan
• Decision making may improve if analysts have more time to analyse data
rather than input it to the system (new opportunity introduced by David Muir)
5 Class III Opportunities needing management plans
• If we can find other solutions to augment specific CTC requirements we may
deliver a better solution and improve engagement.
• We may be able to find functionality in RTBS that can offer better solutions
than currently in place.
• We may be able to capture experience and knowledge from this deployment
• The project may be able to control its costs better through deploying good
practice in planning and project management
• RTBS may enable us to implement Contract Management Tracking against
actual customer orders and invoices.
30 November 2015 5
6. 12 Class IV threats
30 November 2015 6
1 Threat needing regular review
• We may encounter intractable problems in deploying all
functionality to some regions
5 Threats needing management plans
• If CTC executives do not supply enough detail on their
requirement, their functional area will not receive what they need
for the future.
• If we do not translate accurately into other languages we can
cause confusion and error.
• If RTBS does not support Carbon Emissions and other reporting
requirements we shall fail to meet legal/regulatory requirements.
• If we do not ensure that the quality system interfaces correctly with
RTBS we risk alienating customers by releasing faulty or wrong
product.
• We may import personal data that weakens protection against data
privacy legislation, particularly region-specific legislation.
7. 12 Class IV threats (continued)
30 November 2015 7
6 Threats with plans in place but needing regular review
• If we do not perform BUP and PD well we shall fail to capture
requirements and may then deploy the system in a sub-optimal
way.
• As one of the first BUs to deploy in some regions, we shall
probably incur additional costs and disruption during deployment.
• If we find that other regions do not comply with RT current
business processes we shall encounter problems with deployment.
• If our Master Data Definitions contain inconsistencies across
regions we shall incur operational problems.
• If we do not estimate the full capital cost correctly, or fully identify
the scope and requirement, or successfully manage our risks, we
may dramatically exceed the expected capital budget and / or
timescale for go-live of the RTBS deployment.
• If we do not test the system properly before go live we may incur
significant problems during go-live.
8. Cause and Consequence analysis
30 November 2015 8
• 8 risks driven by the cause “CTC complexity”
• 4 opportunities, 4 threats
• 1 class IV, 4 class III, 2 class II/1
• 10 risks driven by the cause “regional complexity”
• 1 opportunity, class II
• 9 Threats, 6 class IV, 1 Class III, 2 Class II
• 44 risks directly impact economic performance consequence
• 33 threats
• 11 opportunities, including 4 class III
• 30 risks directly impact workforce relations consequence
• 4 opportunities including 2 class III
• 26 threats, including 2 class IV and 5 class II
• 23 risks directly impact compliance consequence
• 1 opportunity, only class 1
• 22 threats, including 6 class IV and 6 class III
CTC risks are quite balanced between opportunities and threats.
The imbalance of threats in the other categories indicates a
likelihood that some consequences will be felt
9. 8 Risks driven by CTC complexity
1 class IV, 4 class III, 2 class II/1
30 November 2015 9
Threats – 1 class IV, 2 class III, 1 class II
TA0101 If CTC executives do not supply enough detail on their requirement, their
functional area will not receive what they need for the future.
TG0702 If we harmonize product codes to the full extent possible, we may cause a
lot of disruption
TG0703 If we are not careful in implementing our practices regarding pricing we
may violate anti-trust legislation or price an item wrongly.
TG0701 We may not be able to ship product due to a lack of an authorization code,
due to failure to deliver satisfactory reports to US Customs.
Opportunities – 2 class III, 1 each of classes II & I
OA0102 If we can find other solutions to augment specific CTC requirements we
may deliver a better solution and improve engagement.
OF0202 RTBS may enable us to implement Contract Management Tracking against
actual customer orders and invoices.
OA0103 If we can include in our scope some of the informal systems already being
used (spreadsheets) this will improve efficiency and acceptability.
OD0101 If we can find a way to use RTBS to report letters of credit etc., we can
improve reporting and make it more visible.
10. 9 Threats driven by regional complexity
6 class IV, 1 Class III, 2 Class II
30 November 2015 10
TA0201 As one of the first BUs to deploy in some regions, we shall probably incur
additional costs and disruption during deployment.
TA0202 If we find that other regions do not comply with RT current business
processes we shall encounter problems with deployment.
TA0205 If we do not translate accurately into other languages we can cause
confusion and error.
TA0206 If our Master Data Definitions contain inconsistencies across regions we
shall incur operational problems.
TA0210 We may encounter intractable problems in deploying all functionality to
some regions.
TD0201 We may import personal data that weakens protection against data
privacy legislation, particularly region-specific legislation.
TA0204 If our business blueprint design does not take full account of detailed
local practice and requirements etc. we may encounter operational
problems on go-live.
TA0203 If our change management strategy does not take account of culture and
local practice etc. we may encounter operational problems on go-live.
TD0101 We may fail to meet legal reporting requirements.
11. 33 Threats directly impact economic
performance
30 November 2015 11
1
4
3
2
1
3
2
0
1
6
1 1
2 2
0
1
4
2
1
0
1 1
0
22 2
0
1 1 1
0
1
0
1
2
3
4
5
6
7
Capital Cost ProjectSchedule Operating Costs Annual Production Annual Revenue Total Business
Value
Future Business React/Defend
Costs
No.ofRisks
Threat Risk Profile by Economic Consequence Area
Class I Class II Class III Class IV
11 opportunities directly impact economic
performance, of which 4 are class III
12. 26 Threats directly impact workforce
relations
These include 2 class IV and 5 class III, as follows
TA0205 If we do not translate accurately into other languages we can cause
confusion and error.
TD0201 We may import personal data that weakens protection against data
privacy legislation, particularly region-specific legislation.
TA0301 If we try too hard to utilize all RTBS functionality we may overstretch
ourselves in deploying too much change.
TA0404 If people fail to attend courses when booked we shall fail to train
enough people in time for go live.
TA0407 If we do not test the system properly before go live we may incur
significant problems during go-live.
TC0302 We may trigger union negotiations regarding CBAs or individual
employee contracts or job descriptions.
TE0101 If management do not deploy the process consistently this would
reduce flexibility of the workforce
30 November 2015 12
13. 22 Threats directly impact compliance
6 class IV
TA0101 If CTC executives do not supply enough detail on their requirement, their
functional area will not receive what they need for the future.
TA0202 If we find that other regions do not comply with RT current business
processes we shall encounter problems with deployment.
TA0205 If we do not translate accurately into other languages we can cause
confusion and error.
TA0407 If we do not test the system properly before go live we may incur
significant problems during go-live.
TC0701 If RTBS does not support Carbon Emissions and other reporting
requirements we shall fail to meet legal/regulatory requirements.
TD0201 We may import personal data that weakens protection against data privacy
legislation, particularly region-specific legislation.
6 others at class III
30 November 2015 13
14. Distribution by risk owner
30 November 2015 14
Total,
all
risks
Shared
across
streams
Threats Opportunities
Owners I II III IV Total I II III IV Total
Miller, Jim (RTM) 14 12 1 2 4 3 10 0 2 1 1 4
Velez, JoAnna (RTM) 8 1 0 1 2 1 4 1 1 2 0 4
Rothschopf, Heidi (RTM) 3 2 1 0 1 1 3 0 0 0 0 0
James, Jared (RTM) 1 0 1 0 0 0 1 0 0 0 0 0
Bush, David (RTM) 10 7 2 4 2 1 9 0 1 0 0 1
Delahousie, Dave (RTM) 1 0 0 0 0 1 1 0 0 0 0 0
Boothe, Melissa N. (RTP) 1 1 0 1 0 0 1 0 0 0 0 0
Gibson, Rick (RTM) 13 9 3 3 3 2 11 0 0 1 1 2
Hanson, Tim (IST) 3 0 1 2 0 0 3 0 0 0 0 0
Reece, Dane (RTM) 13 10 4 3 2 3 12 0 0 1 0 1
Bates, Brian (RTM) 1 1 0 0 1 0 1 0 0 0 0 0
Antal, Rod (RTM) 1 1 0 1 0 0 1 0 0 0 0 0
TBD Plan & Manage 4 1 1 1 1 0 3 0 0 0 1 1
Total 73 45 14 18 16 12 60 1 4 5 3 13
Risk ownership is concentrated with five individuals
• Four of these will be able to share a number of their risks across all the
stream leads
• The exception is JoAnna Velez, who owns 7 risks specific to CTC
15. Process Recommendations
• Next review recommended at start of PD, in 2½ months’ time
– Some risks may be ready for review earlier
• Class 2 risks should also be reviewed at PD stage
– E.g. Threat TA0406 – “If training is not effective, people will not
be able to operate the system effectively” may be upgrade if the
cost model proves to be complex to use.
• Recommend that the project appoints a risk register manager
for day-to-day management of the risk register
– Ensure up to date risk profile is available during changing period
of BUP and PD
– Help those Risk Owners who have risks shared across the
stream leads to co-ordinate action delivery and status update
• Each stream lead should develop and manage their own list of risks
within their own stream, ready for possible escalation to this risk
register at a later date.
30 November 2015 15