Managing Risks on Defence Projects Through the Use of CPM Scheduling - A Better Way
By: Ed F. Blow, CPEng

Introduction
This paper comprises three parts.

The first part discusses the current risk management methodologies utilised by the Australian Defence Force (ADF) and how these methodologies are utilised to address the unique nature of risk in Defence acquisition and the widened spectrum of capability that is a consequence of the “Force 2020” document. It also proposes an alternative and innovative approach to managing risk in the Defence environment.

The second part discusses the five ADF characteristics identified in Force 2020 and risk management issues associated with these characteristics. It also discusses how various risk management methodologies have been used to address the often competing and conflicting demands of various stakeholders.

The third part discusses the ways in which risk management methodologies have been traditionally applied in Defence projects and the limitations of these methodologies, and the benefits of replacing these methodologies with the alternative approach. It also discusses the importance of CPM scheduling in enhancing Defence risk monitoring and control, the quantification of both stakeholder and schedule risk, and the way in which risk management and CPM scheduling work together to improve project performance.

1.0 Risk Management In Defence Projects
Traditionally risk management methodology in Defence has been project focussed and understood to be an integral element of the project specific management function. This focus has been a two edged sword: It has provided the benefit of timely identification of project specific risk, but it has also tended to promote a risk management regime that follows the traditional “stovepipe” approach associated with capability development. When the increased variety and complexity of Defence projects are added to this tendency, there develops an increased risk of interfacing problems when capabilities developed by different project teams are integrated. For example, increased risk is frequently reflected in the number of issues that arise when new command and support system capabilities, often associated with different platforms, are brought together and expected to work seamlessly. It is unresolved interface issues and the delays caused by the increased complexity of defence projects that have largely led to criticism of the management and governance in Defence projects.

Added to the risk associated with interfacing issues are the emerging technological complexity and the diversity of operational demands. Necessity has provided the impetus for the ADF to continue to enhance its capability in tactical planning, effective command and support systems and the vigorous and coordinated execution of operations involving rapid deployment of balanced forces. This necessity arises from the need to keep Australian military formations at a high level of efficiency with minimum levels of attrition, whilst engaged in operations in Afghanistan, East Timor, Iraq and the Solomens. The excellent performance of Australian forces thus far, despite the growing impact of interface issues, is a matter of national pride. However the complex and varied nature of modern theatres of operation makes it vital that the ADF place additional emphasis on resolving interface issues and the mitigation of the risks associated with these interface issues, before they have a more profound effect on operations.

At this point an important distinction needs to be made between Risk Profile and specific Risks.

The Risk Profile is the environment of risk determined by technological complexity, goals (such as program and project deliverables), financial and contractual constraints. The Risk Profile can be viewed from a qualitative and a quantitative perspective but it is the starting point of risk assessment, as it provides the global and all encompassing view of the risk. The risk profile often remains fundamentally unchanged through the life of a project as the Risk Profile identifies and reflects the underlying source(s) of all the risk to all parties, including the governance bodies.

Specific Risks, on the other hand, are individual type risk items associated with either stakeholder risk or schedule risk, or both. Many specific risks arise and many disappear during the project life cycle. The traditional approach to risk assessment is to focus exclusively on specific risk, and as result more often than not, many specific risks identified using this approach are actually consequences of underlying sources of risk that may not have been identified. The convention has been for organisations, and those in the defence industry have not been an exception, to view risk management as starting and often finishing with a listing and the management of specific risks, through the utilisation of what has been considered to be tried and proved methodologies, such as risk facilitators, brainstorms, checklists, exhaustive risk workshops and surveys. The conventional approach has been based on a hope that the “scatter gun” approach will result in a comprehensive list of risk items that can be quantified and mitigated against.

Government ministers, boards of directors and company executives are often frustrated that the conventional approach to risk management leads at best to a quantified risk register that is current for a very limited time. At worst, the shear volume of the risk items nominated reflects a subjective, if not speculative, selection of risk elements that may actually obscure the underlying sources of risk. Apart from this frustration, the fact that so much effort and cost can be expended in risk quantification for the purposes of identifying the level of contingency and the potential impact on company share value is more often than not observed to be a moving target creates a balance sheet headache.

It is my contention that the better way to identify and manage risk is to utilise a methodology, such as the Pegasus GAPP Analysis™, that is focused on identifying the underlying source(s) of risk and developing a risk profile not only for projects and programs but for company wide operations. Unlike the conventional “scatter gun” approach, such a methodology is focused on the objective in the identification of underlying sources of risk. Interestingly, this methodology consumes significantly less time, labour resources and labour hours than the scatter gun approach. In any case it is a methodology that is well suited to projects, programs and companies that operate in a demanding and technologically complex environment, such as the Defence industry environment, where interface issues and technological complexity are significant factors.

The relevance and uniqueness of Defence industry interface issues can be illustrated by a review of the five ADF characteristics, identified in Force 2020.

Firstly, Defence risk management will continue to focus on the project life cycle. This includes the capability planning, approvals, material acquisition and transition phases, and the operational (sustainment) and disposal/replacement phases all of which are linked at a project office level. This focus is needed to expose the impact of decisions in one phase of the life cycle upon the activities and outcomes in subsequent phases. This is a particularly important focus of project teams within the Defence Materiel Organisation (DMO). For example, the acquisition and enhancement of Defence command and support capability frequently involves significant diversity in terms of technology, technology development, novel operational requirements, scarcity of skilled resources and catastrophic consequences of failure. Project teams must consider these as well as political agendas and constraints that may have consequences if overlooked.

Unlike the DMO project teams however, leaders in government and industry are accountable to taxpayers, boards, financiers and shareholders for a level of governance that is guided by informed decision making. The decision making involves the consideration of the impact of uncertainty, both from the narrow perspective of the specific project and program aims, to ensure that acquisition and sustainment activities effectively support the application of military assets, and from the wider perspective of the global need to address social, political, national and international interests. However leaders cannot make informed decisions if their risk management processes are unable to unambiguously identify the level of uncertainty and all the sources of risk underlying the complexity of projects and programs. Company executives understand that what may appear to be a minor command and support issue in the capability planning phase from a narrow “stove pipe” project focus, may have a profound impact from a global perspective on the manner of acquisition, the effectiveness in sustaining the capability for the warfighter and on interfacing with other ADF capabilities and joint operations with allies.

It is important to note that a large Defence project, in terms of size or cost, does not necessarily make it a complex project. Projects that are small but with significant levels of both sequential and reciprocal logical activity interdependencies would be considered more complex. More will be said about such complexity in section 4.

The second characteristic is that risk management in the ADF is dynamic in that as a Defence project evolves through the different phases of the project life cycle, the level of exposure to specific risk often changes. For example, the possibility of project failure, from a technical perspective during the acquisition phase, will generally disappear once the capability has been operationally tested, accepted and proved. The potential risk of withdrawal of project funding is diminished once Second Pass Approval for the project is achieved. Additionally, the consequences of a potential risk in one phase may not have an impact until later phases. For example, a decision to implement a particular functionality during the acquisition phase may create a potential risk in the sustainment phase, in that the sustainment group may have difficulty in supporting the functionality during operations. The important point here is that the risk profile must take into account context and level(s) of exposure.

The third characteristic is that the focus in the ADF must be on the risk to stakeholders rather than the so called risk to the project. The reason for this is that the concept of risk is a human construct to explain uncertainty in human endeavours. If stakeholders did not exist then there would be no reason to adopt a concept of risk. In this respect, it is more appropriate to refer to stakeholder risk rather than project risk. A critical stakeholder in Defence projects is the warfighter, as the individual warfighter’s effectiveness is dependent upon the capability meeting the performance requirements. Other ADF stakeholders would be Capability Division personnel, who are responsible for the overarching design, senior ADF officers, who are responsible for the successful performance of the project, the project office, who are responsible for acquisition, transition, and sustainment personnel, who are responsible for operational support. External to the ADF are stakeholders such as the Senior Bureaucrats and Government Ministers, the general public and industry boards of directories. Though each stakeholder may consider that they are exposed to specific and unique risks, in reality all stakeholders are exposed to the underlying sources of risk and uniqueness impact on stakeholders resides in the level of risk and or the consequences. In terms of risk management, the methodology for identifying, monitoring and controlling the risk profile is discussed in subsequent sections.

The fourth characteristic of ADF risk management is that it primarily, but not always, involves the qualitative analysis of risk more than quantitative analysis. ADF projects tend to be unique “one-off” undertakings that frequently do not allow recourse to experiential based process-type data that would be available for manufacturing, mining or construction. Thus in the ADF environment, it would be almost impossible to utilise a HAZOP type risk identification technique. This means that ADF projects are not conducive to the use of such techniques to quantify the impact of potential risk in terms of experimentally derived probability data for repeatable type activities. As a consequence, different techniques have been utilised by Defence to provide objective analysis against which stakeholders can make informed decisions. There are two traditional techniques, and these will be discussed in section 3. The alternative technique is also discussed.

The fifth characteristic is the unique nature of ADF capability. Prior to 2000 the ADF was primarily focused on defending Australia against invasion by hostile conventional forces. The 9/11 New York attack and the Bali attack revealed that the face of the enemy in the 21st century is different to his face in previous conflicts. Our spectrum of operations has been widened to meet this new threat. Accordingly, in 2002 the Department of Defence implemented the “Force 2020” strategy. This strategy has widened the spectrum of ADF capability to become “combat capable, rapidly deployable, highly adaptive, responsive to change, and thoroughly professional”. Specifically there are five dimensions of this capability:

2.1 Concurrent Operations
In addition to war fighting and national survival the spectrum of operations now includes assisting with emergency relief and assisting allies where such assistance is in our interests. This has placed additional demands on our logistics, planning and command and control capabilities. A major risk associated with this capability is that the ADF may procure military assets that are not sufficiently adaptable to meet future changes in the threat scenario. If the ADF procures military assets to essentially meet the current scenario of small localised operations, the ADF may limit its effectiveness in operations against a determined and well equipped conventional military force. The risk is that by spreading capability across different operations there is potential to fail to meet some, if not all, objectives.

There is also the risk that the rules of engagement, associated with some operations, may prevent the application of some critical ADF capability, and emerge as insurmountable obstacles in achieving objectives. For example, the ADF relief effort in Indonesia, following the tsunami of 2005, was subject to a terrorist threat, but because the rules of engagement prevented the application of more robust ADF support, the ADF was forced to withdraw all but essential personnel.

Additionally, increased cooperation between the ADF and allies and industry also introduces a significant security risk in terms of classified project material, essentially because more people will need access to classified material.

2.2 Seamless Integrated Force
The concept of teamwork has been extended to all arms of Defence, the wider community (industry) and our allies. The ADF focus has changed from being a “Joint” Defence force to a “seamlessly integrated” force that maximises the “collective war fighting capability”. This capability fits in well with the ADF tradition of “mateship”. There is a potential risk associated with acquisition of the optimum mix of specialised military units, military platforms and command and support systems to engage in different types of operations. The mix would depend upon the anticipated scale of operation, the objectives, battlespace (terrain, naval and air considerations, support requirements), the military capability of any hostile forces, rules of engagement and political constraints. For example, the absence of one or two critical military assets (such as air support) may result in the loss of control of the battlespace and, in the extreme case, mission failure.

There is also a potential risk associated with defining the level at which tactical planning should occur. Strategic planning would clearly be at the “joint” level, but the appropriate level of tactical planning would vary from operation to operation. If tactical planning is at too high a level, there is likely to be an inefficient or ineffective application of the military assets available. If tactical planning is at too low a level there is likely to be an unsatisfactory level of coordination during the operation.

2.3 Interoperability
Australia has strong historical, social, cultural and military links with the US, UK and New Zealand. This has been expressed in shared military experience, support and mutual enhancement. This is unlikely to change, and a natural progression from this is the concept of interoperability whereby the ADF works in concert with Australia’s traditional allies and regional neighbours. Interoperability is a capability that enhances mutual support and promotes effective sharing of resources. A distinct advantage of interoperability is the potential to utilise military assets of other formations to enhance one’s capability. However this advantage is a two edged sword, because reliance upon other formations carries the risk that one may become vulnerable, due to the lack of self sufficiency, during the heat of battle.

Interoperability may hinder the implementation of technological advancements in the ADF arsenal of weaponry, because of the need to retain interoperability with allies, rather than implementing world best practice. Interoperability may also result in a reduced flexibility in implementing changes in battlespace tactics necessary to address changes in tactics of hostile forces. Increased interoperability with allies introduces a new potential security risk, primarily because of the need for access to classified material by a larger group of people.

2.4 Network Centric Operations
Hand-in-hand with the concept of a seamless integrated force is the concept of Network Centric Operations. This concept treats all the platforms in a military operation as “nodes” in a network that connect share and access data to create a common, real-time “battle-space” picture. In theory Network Centric Operations enables a more coordinated and effective offensive potential. This concept differs from the conventional “platform centric” approach, which has the potential to fragment an operation into a series of uncoordinated separate platform centric operations. The concept of Network Centric Capability involves an increased complexity in communications and command and support technology. The concept requires sufficiently robust technology to allow real time sharing and access to information by all military platforms in the network. As the complexity increases so too does the risk to the operation if the technology fails.

Network Centric Capability requires a highly coordinated command and support structure that can process the increased number of variables associated with coordinating all military assets across all services. There is a potential risk that some critical factors may be inadvertently overlooked in the project capability planning phase.

2.5 Effects based Operational Focus
Planning for effects based operations is focused on the desired effects first, rather than the specific platform solutions. It is aimed at the “big picture” of meeting the broader security challenges, as well as specific military goals. It is defined as the “application of military and other capabilities to realise specific, desired operational and strategic outcomes in peace and war”. Planning towards the desired effects must be balanced with planning the detail. Often in military operations, the devil is in the detail. There is a potential risk that what might appear on paper to be a minor detail in a military operation may become a major threat to the successful completion of the mission.

3 Risk Management Methodologies in Defence Projects
The previous section discussed the characteristics of Defence projects, and raised the distinction between risk profile and specific risk, the distinction between qualitative and quantitative risk analysis, and the notion that risk management in the Defence environment must be focused on firstly identifying the underlying sources of risk rather than the listing of risk items. This section provides an overview of the two risk management methodologies that are currently utilised in the management of Defence projects and their limitations, and describes the benefits of the alternative approach to risk management that starts by identifying the underlying sources of risk and Risk Profiling.

3.1 The DMO Risk Score Card
DMO project teams are tasked with the preparation of regular Project Risk Score reports, in accordance with the instructions and guidelines in the “Project Risk Score Guidance Information” documentation. The DMO Project Risk Score card is intended to provide an indication of the level of risk inherent in Defence projects at key points in the project lifecycle. This method of risk reporting is used by senior DMO management to identify projects that are potentially exposed to high levels of risk. Some private companies in the Defence industry have started to apply this methodology in their tender responses to the DMO.

The Project Risk Score methodology comprises an assessment of the level of risk associated with seven Attributes associated with each and every project:
• Schedule,
• Cost Estimate,
• Requirements,
• Technical Understanding,
• Technical Difficulty,
• Commercial, and
• Operation and Support.

The higher the score against a particular Attribute, the lower the risk. Thus, because the maximum score for each attribute is 10, the maximum score for any project is 70 indicating a low risk project. These Attributes are used to represent key sources of risk in Defence projects. For example, projects in the capability development phase would be assessed as having Attributes in the risk score range of 1 to 5. Projects in the acquisition phase are expected to have Attributes in the range 6 to 10.

In relation to the overall project risk, the scores for the Attributes are summed and the total compared against the so called “life-cycle gates”, to provide an indication as to the level of exposure to risk. There are 13 “life-cycle gates”, each of which represents a benchmark for the progressive retirement of risk as a project moves through the various “gates” of the project lifecycle. The 13 ‘life-cycle gates” and the appropriate benchmark score for each life-cycle gate are listed in the table below:

Benchmark Score Project Lifecycle Gate
13 Enter Defence Capability Plan
16 Decide Viable Capability Options
21 1st Pass Approval
30 Industry Proposals/ Offers
35 2nd Pass Approval
42 Enter Contract
45 Preliminary Design Review(s)
50 Critical Design Review(s)
55 System Integration and Test
57 Acceptance Testing
64 Final contract Acceptance
69 Acceptance Into Service
70 Project Completion

The application of this methodology can be understood by return to the earlier example. If each of the seven Attributes for a particular project are scored at 5, then the total risk score for the project is 35. This means that the project is sufficiently mature to proceed to second pass approval.

The benefits of this methodology of risk reporting are that it is a systematic and standard approach to monitoring the risk status of projects, and provides an objective standard against which the level of risk exposure of different projects can be compared. It also provides a means of prioritising projects in terms of risk exposure, and identifying specific sources of risk in particular projects.

The limitations of the Risk Score Card approach are that it essentially follows the traditional “stove pipe” approach to Defence projects, it is likely to fail to adequately address interfacing issues and, in practice, tends to limit identification of risk to specific risks that fall within the categories. At worst this approach may actually overlook important underlying sources of risk.

A further limitation in applying the Risk Score card as a “one-size-fits-all” type methodology across all Defence projects, is that every Defence project involves a unique set of inputs that are related to the application of different technologies, specific operational requirements, specifically skilled resources and varying levels of uncertainty. There are also political, social and cultural forces that are operating in the background that can have a unique impact at any time in the project phase or in the sustainment phase. The uncertainty in the initial inputs and the uncertainty associated with unexpected events during a project life cycle, such as instances where some requirements are found to be unachievable and some requirements need to be changed, are best addressed by a more flexible approach in managing risk.

3.2 The Project Risk Register
The more flexible approach adopted by Defence to manage risk is to utilise a costed Project Risk Register. This register lists items of risk to which the project is exposed, and quantifies this exposure in terms of exposure cost, treatment cost, residual cost and schedule impact. The items of risk are systematically listed either in categories, such as “Technical”, “Commercial” and “Environmental”, or as a series of risk items that are each traceable to an element in the project Work Breakdown Structure (WBS). In practice the second type of listing has the important benefit of traceability to the WBS (and therefore the schedule) and provides a systematic approach to addressing all the project scope. In any case either approach involves all stakeholders in the application of brainstorming techniques, completion of risk checklists or risk workshops to populate the risk register in the hope that the risk exposure for each and every stakeholder is captured.

There are a number of Risk Management software tools that the DMO has investigated in an effort to standardise the risk identification and recording process, however at this stage, the author is not aware of any particular software package that has been applied to all DMO projects. It is the author’s experience that care must be taken in implementing Risk Management software packages to avoid creating such extensive and complex data records that the database itself becomes a potential source of project risk. Sometimes an excessive number of risk items can be more a listing of impacts and consequences, and may even hide the real underlying causality and source of risk.

Quantification of each risk is in accordance with AS/NZS 4360 . A typical costed risk register is illustrated in the picture that follows. Though the risk register includes quantitative best estimates in the columns labeled “cost” and “schedule impact”, the overall risk levels in the “rating” columns are specified in qualitative terms, such as “extreme”, “high” and “medium”. This is because, in general, the quantitative figure associated with each risk item is an estimate and may not sufficiently reflect the severity of the risk, and a qualitative assessment that takes into account probability and cost/schedule impact, is more appropriate. As a general rule risk items in the risk register are traceable to items in the Work Breakdown Structure (WBS) described in the following section. At times a risk item can be so extensive that it has an impact on several WBS items. At other times the potential consequence of a risk item can increase dramatically if the activity against it moves onto the critical path. This will be discussed further in the following section.

Risk Registers are dynamic documents, because the impact and nature of risk items can change with time and as a project moves through different stages. For example, the potential that insufficient funds are available will disappear once the funds have been allocated. Thus the risk register must be reviewed and updated on a regular basis.

The benefit of the Risk Register is that it offers an objective means of quantifying the level of contingency (dollars and float) required for the project. The register also provides a systematic and coordinated approach to the recording of mitigation measures, the responsible parties and the quantification of treatment costs and residual risk. It also provides a means of prioritising and categorising risks in terms of cost and scheduled impact and severity.

The limitations of this method are that it, like the Risk Score card method, essentially promotes the traditional “stove pipe” approach to Defence projects, and in practice fails to take into consideration all interfacing issues. It also promotes a scatter gun approach to identifying specific risks, which as was pointed out, generally results in a listing of consequences rather than underlying sources of risk.

Another important limitation is that government and industry leaders are generally not confident in the accuracy of this method in calculating the level contingency required to cover the risk. A common complaint is that the level of contingency is frequently a best guess, arrived at by questionable estimating techniques, and almost without fail will vary according to when and who does the calculation. As noted in the previous section, Government ministers, boards of directors and company executives are often frustrated that the conventional approach to risk management leads at best to a quantified risk register that is current for a very limited time. At worst, the shear volume of the risk items nominated reflects a subjective, if not speculative, selection of risk elements that may actually obscure the underlying sources of risk. Apart from this frustration, the fact that so much effort and cost can be expended in risk quantification for the purposes of identifying the level of contingency and the potential impact on company share value is more often than not observed to be a moving target creates a balance sheet headache.

3.3 The Risk Profile
As indicated in the previous section a way to identify and manage risk is to utilise a global methodology, such as the Pegasus GAPP Analysis™. This methodology is focused on identifying the underlying sources of risk and developing a risk profile for projects, programs and company wide operations. Unlike the two methods currently utilised by the DMO (the Risk Score Card and the Costed Risk Register) this methodology is focused on developing a risk profile that is objective in the identification of underlying sources of risk.

The methodology involves a focused review of the project, program or company operations within the total environment. This total environment comprises the technological complexities, goals (company, program and project deliverables), financial, political and contractual constraints and requirements, and the interfacing with other operations. The purpose of this review is to identify the underlying sources of risk. Unlike conventional methodologies, the GAPP methodology is characterised by the development of a consistent and objective risk profile that generally remains current through the life of the project or program, and through the operations performed by the company.

Once the underlying sources of risk are unidentified they are tabulated as a Risk Profile. The risk profile can then be used to identify consequences and impacts. Interestingly, the risk profile identified using this global type methodology generally remains fundamentally unchanged through the life of projects as the Risk Profile reflects the underlying sources of all the risk. It is Nielsen-Wurster experience that traditional approaches to risk management generally result in mistakenly listing consequences rather than risks, resulting in many hundreds of so called risks, that frequently obscure the underlying sources of risk.

Once the consequences and impacts are identified then the risk profile can be quantified in terms of cost and schedule using standard metrics associated with each source of risk.

The benefits of this methodology are that it identifies the underlying sources of risk, and in doing so consumes significantly less time, labour resources and labour hours than traditional approaches. Another benefit is that there are often metrics for each source of risk that can be used to quantify impact in terms of cost and schedule. It is Nielsen-Wurster experience that the traditional approach to risk management often results in very subjective estimates of cost and schedule impact, which in practice are given little credibility by boards and directors.

4.0 The Applications od Risk Management Techniques to CPM Scheduling in Defence Projects
The previous two sections provided and overview of the risk management methodologies used in Defence, and the alternative GAPP approach that would be of benefit if applied in the Defence environment. This section discusses the two ways in which Defence risk management methodologies and the alternative approach can be used in conjunction with Critical Path Management (CPM) to firstly allow accurate monitoring and prioritising of stakeholder risk in relation to project status and project schedule integrity, secondly, to provide a means of quantifying the impact of “schedule” risk on critical activities, thirdly, to identify those activities that are not currently critical, but have the potential to become critical if not closely managed, and fourthly to identify mitigation measures and quantify opportunities that will improve project performance.

In essence the DMO project scheduling methodology comprises a mix of Prince 2 and an internal DMO methodology referred to as IPSSR (Improved Project Scheduling and Status Reporting). The project scheduling methodology is aimed at constructing project schedules such that the project can be managed in phases (or stages) with each schedule traceable to a product based WBS and at a level of activity granularity that is sufficient to capture the complexity of the project. Generally the WBS is to level III granularity and the project schedule is to a minimum of level IV granularity. There are no hard and fast rules, but the critical factor is that the products in the WBS must be sufficiently defined in a WBS dictionary such that the activities that comprise the schedule are discrete and unique and will not be the source of duplicated effort.

The activities in the schedule are logically linked by sequential and reciprocal interdependencies, such that the total duration of the project is represented by a single critical path. Defence project schedules are structured such that all activities in the network are related by logical dependencies. Activities are not date constrained, except in instances where activities are constrained by fixed dates that are externally imposed on the project. This structure allows the schedule to operate in a “logical” manner, such that both the critical path and “potential” critical paths can be identified. This structure allows project teams and management to focus their effort appropriately on the activities that are critical or potentially critical. It also allows the team to identify instances where there is convergence between a specific high impact source of risk and a specific activity (or activities) on the critical path.

This sounds simple, but the devil is in the detail. Firstly, as noted earlier, Defence projects generally involve technological development and the interfacing of complex software and hardware systems. Secondly, Defence projects include a wide spectrum of stakeholders, such as the warfighter whose capability is to be enhanced by the project, the particular platform for which the capability is intended, the Defence Project office responsible for successful performance of the project, the security organisation that is to vet security issues associated with the project and the contractor and subcontractors engaged in the actual delivery of the project. Both the technical issues and the stakeholder issues increase the complexity of the project, and increase the level of risk exposure.

Besides, the sources of risk that impact the stakeholders there also exists sources of risk that have an impact on the schedule. This is the sources of risk that have a consequence on the structure of the project schedule. An example of the application of a quantitative approach to schedule risk follows. For obvious reasons the project is not real, and bears no relationship to any past, present or future Defence project. It is merely representative of a typical schedule ultilised in Defence projects.

4.1 Schedule for Project X System Upgrade
In the case of the example Project X, there are a number of activities on the critical path, including the implementation of ECP (Engineering Change Proposals) in the software. The critical path also includes the preparation of documents, testing and the resolution of software failures. Each of these activities has a potential for an increase in duration, and thus each can delay the completion of the project. Additionally, there are activities that are very close to the critical path, such as the activity below titled “Very Special Analysis”, which has a total float (total slack) of 16 days. If this task takes 16 days longer than the planed 30 days duration, then it will migrate to the critical path.

Activities that are on the critical path, or are close to the critical path and have the potential to migrate to the critical path, need to be closely monitored, particularly in the case of activities that involve the resolution of software issues and/or the development of software. Such activities have the potential to be a source of “schedule” risk to the timely completion of the project. Such risk may or may not be related to an underlying source of risk already discussed, as schedule risk is more a function of the structure of the schedule and the way the schedule and the resources have been put together.

An important element of the monitoring process is the quantification of this “schedule” risk.

One way to quantify such schedule risk is to apply a Monte Carlo simulation to activities in the schedule. This type of simulation involves the application of a risk estimate, or slip factor, to the duration of each activity in the schedule, and then utilising iterative random number generation to represent various probability scenarios against each activity and mathematically simulating the “most probable” critical path. Theoretically the greater the number of iterations the greater will be the validity of the simulation.

Unfortunately a major limitation in the application of Monte Carlo simulation to Defence projects is that the validity of the simulation is directly related to the adequacy of the inputs. If the estimates of duration and labour requirements are poor, then the validity of the simulation will be poor regardless of the number of iterations. This means that the activities in the project schedule each need to be provided with reasonably accurate estimates. This can be a daunting, if not impossible, task especially if the schedule consists of many activities, and/or many activities have significant inherent unpredictability.

All is not lost however, because, in practice, the validity of Monte Carlo simulation can be increased by reducing the number of activities against which the simulation is performed. The simulation can be limited to the activities that lie on the critical path or are close to the critical path. If the estimates are carefully selected and verified then the simulation will provide a reasonably valid indication as to the probable duration of the critical path.

Quantification of schedule risk can assist in project decision making. Decisions on mitigation measures will be informed by the prioritisation of stakeholder risks and the quantification of the level of schedule risk. Activities which do not pose a significant stakeholder risk may be mitigated by simply transferring the risk (insurance) or retaining the risk, and accepting the consequences because mitigation measures would be less cost effective. Activities that pose a significant stakeholder risk must be managed and monitored carefully, and if such major risks eventually materialise, even the most effective mitigation measures are unlikely to avoid residual impacts in terms of both cost and schedule.

Activities that lie on or close to the critical path are likely to be a source of schedule risk. Such activities are potential sources of delay. Schedule delay equates to both time and cost, and in some circumstances liquidated damages. Accordingly mitigation plans must be in place to cater for instances where such schedule risks actually eventuate. The mitigation measures may include changing the order in which activities are performed (i.e. altering schedule logic), increasing the number of resources against the activities or perhaps changing the way the work is performed. The mitigation of schedule risk becomes particularly important when there is a convergence of stakeholder risk and schedule risk.

5.0 Conclusion
In conclusion Critical Path Management in project management is vitally linked to both the prioritising and monitoring of the underlying sources of risk, their consequences at different times in the project life-cycle and on the quantification of schedule risk.

This is particularly the case for Defence projects. Defence projects by their very nature are not readily conducive to a quantitative approach to risk management. Although quantitative methods are important in determining the value of project contingency and residual impact in relation to stakeholder risk, and in the quantification of schedule risk for the purposes of forecasting project completion, the nature of Defence projects and their interrelationships make it necessary to take an a more global approach to risk management than the conventional approach currently in place.

Conventional risk management methodologies often expend much effort and cost for the purposes of identifying the level of contingency, but more often than not result in moving target type figures that lead to management frustration.

CPM is utilised to firstly assist in the prioritisation of stakeholder risk, which is vital in terms of knowing which risks to monitor and when, and secondly, identifying potential sources of delay in the schedule to allow a more precise and effective application of quantification techniques, such as Monte Carlo simulation.

Ed Blow is Managing Director, Nielsen-Wurster Asia-Pacific. He is a chartered professional engineer with over 30 years of wide and considerable experience in project management, contract management, claims analysis and preparation, dispute resolution and risk management for communications systems, defence projects, infrastructure projects, building services, communication systems, Information Technology development and mobile plant.

Ed has held various engineering and managerial roles, and has considerable experience in managing engineering design and development teams in rail systems and infrastructure, aircraft structural design, electricity generation, coal fired plant HV transmission systems, earthmoving equipment design and selection, open cut mining, dewatering systems, air-conditioning and refrigeration, conveyor systems, radio frequency design, radar, electronics, mobile communications, electricity generation, transmission and distribution and systems engineering projects.

Ed has also engaged in the analysis of financial and technical data for the purposes of due diligence documentation and for the preparation of claims and counter claims. (...more)

Dr. Patricia D. Galloway P.E., Ph.D., CPEng, PMP, MRICS , F.ASCE, FIEAust, F.ICE, F.AACEi Chief Executive Officer and Chief Financial Officer E-mail: patnwg@aol.com Tel: +1 (509) 857-2235

Congratulations to Pat Galloway, CEO of The Nielsen-Wurster Group, Inc. who was recently elected to the Board of Directors of the Pan American Academy of Engineering. Ms. Galloway recently visited Singapore as part of the National Science Board's initiatives on global partnerships.

Dr. Galloway is a Civil Engineer receiving her bachelor's degree from Purdue University, her MBA from New York Institute of Technology and her PhD from Kochi University of Technology in Japan. She is a licensed Professional Engineer in 10 US States, Manitoba Canada and the Country of Australia. Dr. Galloway is a Past President of the American Society of Civil Engineers (ASCE), the largest civil engineering organization in the world and is the first woman to hold that position in the society’s 152-year history. She has won numerous awards including Purdue's Distinguished Engineering Alumni Award, the Society of Women Engineer’s Upward Mobility Award and was elected to the National Academy of Construction. (...more)

Reza Nikain has joined the National Science Foundation's working group for Renewal of America's Infrastructure. Mr. Nikain is the President and a Principal of The Nielsen-Wurster Group. Mr. Nikain often acts as the Engagement Director on Management Consulting, Risk Management and Dispute Resolution engagements.

Mr. Nikain has extensive experience with the analysis of issues on heavy civil and infrastructure projects, power plants, process and petrochemical plants, hydroelectric generating facilities, and mining, resource, and metals industries facilities. Mr. Nikain has testified extensively on project management, workmanship, delay/disruption, project controls, time, resource and cost impacts, overall management and other issues in AAA and ICC arbitrations and U.S. courts and administrative bodies. He periodically lectures on damages quantification, schedule delay analysis methodologies, disruption evaluations and other engineering and analysis issues. (...more)

Professional Organization Activities
Nielsen-Wurster is pleased to recognize the following professional achievements.

We are pleased to announce that Nielsen-Wurster has become a corporate member of Construction Industry Institute. Our senior associates are actively serving on the following committees:

• Bruce Hallock, Senior Associate and Regional Manager, Florida is a member of the Construction Industry Institute research committee Global Project Controls and Management Systems whose objective is to conduct a two year comprehensive review of changes in project controls and management systems to help guide implementation of modern techniques.
  
• Tom Papachristos, Senior Associate and Regional Manager, New Jersey is a committee member of the Optimizing Engineering Value in Capital Projects whose research objective is to clarify and raise the industry's awareness of the broad range of issues and drivers that influence how engineering value on capital projects can be optimized.
  
• Todd Vandenhaak, Senior Associate and Regional Manager, Washington is a member of the Construction Industry Institute research committee examining Leveraging Technology to Improve Construction Productivity whose objective is to conduct a study to understand how past technologies have improved construction productivity and demonstrate how new technologies can do the same to help companies identify emerging technologies with the potentially highest rates of return.
  
• In addition, Patricia D. Galloway, CEO is serving as the representative to the Advisory Board and Kris Nielsen, Chairman is the alternate representative.
  

Project Management Institute - College of Scheduling (PMICOS) In Australia:

The inaugural PMICOS meeting was held on 2 November 2005 in Canberra Australia, under the auspices of the Canberra chapter of PMI with Ed Blow, Managing Director Asia-Pacific as the speaker. Since that inaugural meeting, other meetings have been held in Canberra and Melbourne, and the level of interest in PMICOS has been steadily growing. The considerable increase in the number of mining, infrastructure, defence and construction projects, and the increase in the size, complexity, duration and cost of these projects, has resulted in effective scheduling being recognized as vital to effective project management. Within this environment, PMICOS Australia has a very bright future and Nielsen-Wurster is pleased to be part of that future.

Conference Spotlight

Practical Strategies for Successful International Construction Projects
Unique Hotel, São Paulo, Brazil (invitation only)
November 20-21, 2006

The Conference held in June 2006, “Current trends in Construction Law, International Project Management & Dispute Resolution”, was a huge success, with the attendees calling for a further conference this year to develop the practical applications of key topics in the Latin American construction market. The sponsors, The Nielsen-Wurster Group, Inc., Peckar & Abramson P.C. and Pinheiro Neto Advogados are pleased to offer this second conference in November 2006 to their invited guests.

The following is a brief synopsis of the upcoming Conference.

• Drafting And Negotiating Contracts For Successful Projects - Key Provisions For The International Project
• Claims: Preserving, Preparing, Presenting And Defending Against Claims And Disputes On The International Project
• A Live Demonstration Of The Mediation Of Disputes On An International Construction Project
• Bonus Workshop: PPPs - Public Private Partnerships

Building the Future —Transforming Global Engineering and Construction
Princeton University, Princeton, NJ (invitation only)
November 2-3, 2006 (...more)

Practical Strategies for Successful International Construction Projects
Unique Hotel, São Paulo, Brazil (invitation only)
November 20-21, 2006 (...more)

21st Construction SuperConference
Sheraton Palace Hotel, San Francisco, CA
December 7-8, 2006 (...more)

Achieving Risk Leadership in Complex Project Management
Sydney, Australia
March 21-22, 2007 (...more)

Fourth Annual PMI College of Scheduling Conference - CPM Turns 50: A Birthday Celebration
Vancouver Marriott Pinnacle Downtown - Vancouver, Canada
April 15-18, 2007 (...more)

AACE 51st Annual Meeting
Gaylord Opryland - Nashville, Tennessee
July 15-18, 2007 (...more)

The Nielsen-Wurster Group is celebrating its 30th year of providing private and public clients independent expert advice required to effectively manage the risks inherent in projects, operations, and technology, as well as provide expert analyses in disputed situations. Our extensive experience in power, process, infrastructure, resource, industrial, telecommunications and transportation matters have involved analysis of large and complex projects from all perspectives, including analysis of project changes and changed conditions, design and constructability issues, assessments associated with project and schedule delays, costs overruns, resource efficiency and work quality.

For more information, please go to www.nielsen-wurster.com.