LightBytes – APM Risk Management and Procurement

In this episode of Bite Size Project Management, George introduces Carl M Downing, the lead APM trainer at Training ByteSize. Carl shares insights on two important areas of project management: Risk Management and Procurement. With a background in the Ministry of Defence (MOD), Carl brings a wealth of practical experience and emphasizes the importance of understanding and managing both risk and procurement throughout a project’s lifecycle.

Hi, you’re listening to Bite Size Project Management, a podcast about all things project, program and IT service management. As always, I’m George and I work for Training Bite Size, a family-run training provider with a passion for project management. Our podcasts will bring you top tips such as how to pass your next accredited exam through to unique industry insights and conversations with industry experts.

Please let me introduce you to our lead APM trainer, Carl M Downing. He’ll be taking you through the key areas of risk management and procurement this afternoon. Carl M has a wealth of pragmatic experience in project management and has a fantastic way of bringing a guide and some methods to life, which helps with the retention of the information.

Carl M, over to you. Thank you very much, Jim. Afternoon, everyone.

Welcome back to the interview because I see a few names here I recognise. Yeah, so I’m Calum. He teach the APM stuff, project management training, the training bite size.

Experience is probably within MOD. That’s my background. So today, I’m going to talk about risk management and procurement.

We’ll start with risk management. If you have any questions for me at all, pop them in the chat. If you want to ask me a question, there’ll be key points to breaks.

We can pause as in the material. You’re welcome to unmute and ask questions that way. But for now, risk management.

This is something that affects everybody. Risk management, whether you run projects or have never run projects in your life or have never been involved in any project in life, though to be fair, I find that unlikely. You won’t have been.

Everyone’s done a project in some way. She performed my thanks to really my belief. But everyone manages risk.

So if you’ve ever brought a raincoat with you to a stay at home holiday, so if you’ve holidayed in Britain in the summer, I bet you brought a raincoat. Risk management is everywhere. If you drive a car, you manage risk.

If you go on holiday, you manage risk. If you travel anywhere, you’re managing risk. If you do anything, you’re thinking about the risk.

If you go shopping, you’re thinking about the risk of not getting it. You’re always thinking about risk. It’s just we don’t plan for it so much.

But project management is about how we plan and manage risk properly. So we capture it, we record it, we monitor it, we track it. It’s about that effectively.

But it’s something we do all the time without even thinking risk management. So it’s worth keeping that in mind. So risk, the definition of risk, just a generic definition is this idea of an uncertain event.

It’s something that might happen, but might not. So it might rain. Look out the window.

It might rain later on. It might not. So something that might happen, that if it were to happen, would affect the project in some way.

So it will affect our ability to achieve the project’s objectives. But it’s not a guaranteed event. It’s not something that has happened or is definitely going to happen.

It’s something that may happen. And this is the thing I think is really important. I don’t think it’s really mentioned on this slide, actually.

But something I think is very important to keep in mind with risk is that it can be a positive impact. When we talk about risk, we immediately assume bad. This is going to something that could happen.

It’s going to be a bad thing. Not necessarily. We have this idea of opportunity.

So threats being your negative impacting sort of things. And then your opportunities being your positive impacts. There’s an opportunity to win the lottery.

For example, you might win the lottery. You probably won’t. But there’s an opportunity to win the lottery if you enter the lottery.

So that’s also arguably part of risk management. This idea of it’s not just looking for the bad news. It’s looking for what advantages, what possible things might happen that will positively affect the project.

In fact, there is at the bottom there, minimizing threats and maximizing opportunities. It would be very unusual for me to have put a slide together that didn’t have that on it. But there it is at the bottom.

So you’re maximizing these opportunities, these positive events that may impact your project in a good way. So I challenge you in a way, I suppose, if you have seen a risk register or worked through risk registers, I challenge you to have a look through it so you can find any opportunities. Because I would, with reasonable confidence, I would say about there will be any end there for your projects.

So it’s worth looking through them. Because you’ll often find with threats, there’s often opportunities in them. And in opportunities, there are threats.

High risk, high reward, as they say. So the process for managing risk, which is, this is a generic process, the APM use this if you have a common any courses with us, you’ll see this on PFQ and PMQ as well as in other materials as well. You’ll see something along these lines.

So this bit here, initiate, is not really the first step. First step, it’s more a foundation. Because we need to have done this before we can start managing risk.

So when it says define risk management scope and objectives, there’s a couple of things that that means. We have this idea of something called risk appetite. So risk appetite is this idea of how much risk we’re willing to take.

So some people will be willing to take more risk than others. So some people will be happy to enter the lottery every week. Some people don’t ever enter the lottery.

Some people will happy to gamble. Some people will not. That’s risk appetite.

People have different attitudes to risk. The problem is on most projects, certainly in industry, this very unlikely you’ll have the only person delivering it. Most of the time you’ll be working within or leading if you’re a project manager, a team of people who will all have their own appetite for risk.

And that’s a huge danger in that to me, this isn’t a risk. Whilst to you, it might be. So what we need to do in this initiate step is agree the risk appetite with a particular person.

So we need to make sure that we have a person who is known as the sponsor, who’s the financial kind of the purse strings, as it were for the project. They have to be a bit more around in that role than that. But that’s a simple way of thinking of them as the purse strings.

And they take the term I refer to as primary risk taker. They’re the ones who are taking the financial hit if the project ends up being in a total disaster, the business will shout at the sponsor effectively. So I need to make sure I sign off or agree the risk appetite with the sponsor because the risk appetite I need to make sure is we’re using to monitor and measure risks against.

So that’s what that first step means. The other thing we need to make sure we’ve done before we start kicking off with the risk is make sure we’ve defined a risk register as well. So we have this formal document that will be capturing risks within.

We do not want to be just going, I’ll remember the risk for tomorrow. I’ll just think about it. Risks in projects need to be formally captured.

And you may have done this. If you’ve ever gone on holiday and you’ve sat down and go, I need to make sure I’ve done this and do this. That’s you capturing things that you need to make sure have happened or you avoid.

So you are pack sunscreen. That’s you identifying a risk and then doing something about it. But if you write it down, that’s the that’s now recorded and you can refer back to it.

So with risk, we need to make sure any risks we identify are captured in a risk register. So initiate is about setting up that risk register. Make sure we’ve got that document ready to go.

So it needs to be formally captured. So identification then is the first proper step of risk management. We identify threats and opportunities.

And this is we can use as a load of ways of identifying threats and opportunities. So we’ve got past experiences, workshops, brainstorming sessions, speaking to experts, interviews with those experts, surveys of experts, speaking to your sponsor, project documentation, standards. There’s loads and loads of ways of identifying risk assumptions where we make an assumption and think, well, I assume it’s going to rain later.

And assumptions are a bit dangerous, though, because it’s a bit of a guess. So you need to perhaps if I’m saying I assume it’s going to rain later, maybe need to check the weather forecast if there’s any data to back that assumption up. But I could still do them, especially at the start of the project, I might have to.

So there’s loads of different ways of identifying risk. And when we identify the risk, it must be captured in that risk register. Those are nothing will happen with it.

It must be formally recorded because then we can refer back to it. We can monitor it. We can use it for lessons learned for future projects.

We can avoid it again. So we want to don’t repeat the same mistakes. We want to we do want to repeat our successes.

So. But identifying risk is a collaborative thing. We don’t want just one person identifying risk.

It needs to be everyone in a way. Effectively, everyone can identify risk to a project. But I would really want to speak to my project team about that, because my project team should be made up of people who have got experience, who are experts, who have backgrounds that are different to mine.

Again, project manager, I don’t need to know everything. I surround myself with people who do know the things I don’t know. And I want to engage with them.

So I want to make sure that the project team have access to the risk register as well so that they can capture the risks in it. So it shouldn’t be just one person hoarding it to themselves. And I’ll write it down when I’m happy to.

It should be a group effort to identify this risk. And it sponsor, can identify risk. The users of the product can identify risks.

The business can identify risks. Anyone can identify risk. If they do, it must be formally recorded in this risk register.

Analysis them. And I’ll show you an example of analysis in a minute. Is to quantitatively and qualitatively analyze the risk.

So to understand how impactful it is. So we compare the impact and probability. So impact is if it hits the project, it does occur.

What’s the impact going to be on the project? Is it really high? Is it relatively low?

Is it hardly anything at all? Is it medium? What level of impact is it going to have?

And then probability going back to that initial statement at the start, which is risk as an uncertain event, it may not happen. Well, probability is, well, how likely is it to happen? So for example, it’s quite likely within the next two weeks it’s going to rain.

In fact, it’s very likely because, you know, we’re in British winter. So probability can be assessed as well as the impact. And we want to compare those two things.

Now, qualitative and quantitative. Losing the name a little bit there. So qualitative, you may have come across this when you, I’ll show you a grid in a minute, but you may have seen what we call risk matrices or probability impact grids or just simply risk analysis.

They are usually done on a grid. And you will often see them with colors on them. So green, amber and red, or sometimes known or otherwise known as rag rating, red amber green, with green being relatively low risks, amber being your medium risks, red being your critical risks.

And that’s qualitative scoring. It’s high level. It’s simple.

Red means critical. Green means not so worrying. Amber means it’s kind of media.

It’s concerning, but not the end of the world. It helps us to very quickly understand the severity of the risk. Red is high severity.

The problem is it’s not detailed enough. It helps us to communicate quickly. It helps to assess it quickly.

It helps to understand it quickly, but it’s not very detailed. It does get limited when we start prioritizing risk. Because we’ll have, if you’re working on a project, probably loads of risks.

Every project is risky. You can’t get away from it. It’s inevitable.

So we have to be mindful of that fact. We may need to prioritize risks. And quantitative scoring gives the risk an actual number.

And I’ll show you how we do that. But effectively, all we do is we put numbers on the axes of this grid, which I’ll bring up in a sec. And this will allow us to multiply the probability by the impact, and it will give us a risk score.

And that risk score can then be used to compare the risks, prioritize the risks, track the risks, et cetera. And then after the analysis, by understanding how severe the risk is, how likely it is to happen, how probable it is to happen, how impactful it is going to be if it does happen, or if it could be if it does happen, that will help us to understand what kind of response we want to take or want to enact. So you may have heard the term mitigate risk.

That’s a very specific term, that one. The APM, and I prefer this as mentally, use the word response, because you don’t mitigate an opportunity. You mitigate threats.

You don’t mitigate opportunities. So responses are kind of more broad. It’s a broader term, which I think encompasses the fact that opportunities are part of all this.

So respond to threats, we respond to opportunities. And I’ll go through the responses in a minute. And a step that I often see getting catching people out, actually, this one, or people not doing it, catching people out, closure.

So closing down the risk means in our risk register, we’ve got a risk we’ve identified. We’ve put the analysis so that quantitative or qualitative score, quantitative and qualitative score, will go in our risk register, along with the chosen response that we’ve identified. All of that will go in the risk register.

Closure is once the risk is dealt with, so gone, this is removed, or it’s happened, or it’s passed us by, or whatever, it needs to be closed down in the risk register. It needs to be indicated, it needs to be marked as this is gone. So we leave it in the risk register, don’t delete it, we leave it in there, but make it very clear that that risk is closed.

Because if we leave risks open, people will end up spending resources on them or time on them, even though the risk is no longer a thing. And it’s especially important for things like lessons learned on future projects, et cetera, because we have a bank of risks that we can see how they were responded to, how they were closed, what caused them to close, so we can then build that into our plans for future projects and learn from our lessons, rather than just shove lessons in a drawer and never look at them again. So that closure is important for our record keeping and audit trail for our risks.

And this last bit here, risk management is not just you do it at the start, you’ve identified all the risks and then you’ve done it. It’s something you will constantly revisit throughout the project. And again, seeing people get caught out by this, I’ve been caught out by it.

Whereas identified risks at the start and I’ve forgotten to check it again or check it regularly. You want to build this stuff into your things like your reporting processes, into your review processes to make sure you do check your risks regularly, because they will morph, they will change the world changes around the project, the people change the attitudes toward the project and it can change very quickly and very suddenly. We need to be very careful of this, because it’s very easy to forget to look at risks or identify new risks.

And our responses even can introduce new risks, which will need to be assessed and identified and captured, assessed, etc., and responded to. So I’ll talk about that a bit more in a second, but we have to be very careful with this. It’s easy, like stakeholder engagement, which is very related to written management, it’s not just a one off at the start, you want to engage with people all the way through, you want to manage risk all the way through the project.

So this is just a quick summary of what we’ve gone through there. Just to kind of summarize what those steps involve. I want to talk about responses in more detail as well in a second, but just want to clarify proactive versus reactive before I move away from the screen here.

So next to the responses, they got proactive. Now, with risk, we should be taking a proactive attitude towards it. I.e., I make sure I’ve managed the risk before I set off or do anything, but I want to make sure that I’m not taking the risk too seriously.

I’m trying to anticipate what the risk might be, so I can plan for if that risk were to happen. Again, like a raincoat, you don’t wait until you’re on holiday, it’s raining to buy a raincoat, you bring your raincoat with you. Because you think it might rain, even though it’s August in Britain.

I don’t know if you remember the last August, it was a bit wet. So you bring a raincoat before you get to your holiday destination, rather than it starting to rain, I’ll just go with it. So I’m trying to anticipate what the risk might be, because it’s a holiday destination, rather than it starting to rain, I’ll go and buy one.

You can do, but you’re now reacting to it. It’s going to be affecting your project, whilst proactively it reduces it, removes the risk before it happens. So that’s the idea.

And that’s proactive, it should be our attitude to everything in a project, by the way. We shouldn’t just wait for it to happen, we need to plan ahead in projects. With the risk and with everything, like stakeholders, budgets, we need to think ahead, estimate.

So here’s some suggestions on how we identify risks. Some of you may have come across SWOT analysis, so Strength, Weaknesses, Opportunities and Threats. That’s a what we call a prompt list that helps us to identify and consider what we are good at and what we’re not good at, and how they interact with the opportunities and threats that are happening to us.

So opportunities being the positive risk, threats being the negative risks. Brainstorming or mind mapping or thought showers, whatever your preferred term is. I really like those.

I did a lot of them when I worked in projects back in the day, where you get your team together, you get your group of stakeholders together and you discuss it and it’s sharing ideas, sharing perspectives, sharing expertise, sharing backgrounds and you work out from everyone’s experience and from points of view what the risks might be. Structured interviews where you have a specific expert you want to engage with, you want to structure into, you have a series of questions. Assumptions analysis, again, being careful not to leave them as just assumptions.

Prompt lists and checklists, so PESL for example, if you’ve ever come across that, which is where you look at the political environment, the economic environment, social environment, technological environment, legal environment and the environment as in woods, trees, flowers, etc. To identify what risks in that environment might be affecting us. And then the project context is the world around the project.

Again, that’s PESL and stuff like that. The environment we’re delivering in will very heavily influence that PESL stuff, which is a prompt list that helps identify things in the environment. There’s loads.

In fact, there’s loads more than that even. There’s many, many, many, many ways of identifying risks. There’s just a few there.

So this would be the risk analysis. So this is not colored in this one, but what you’d have on a real one, perhaps, is you have, I’ve got one in here, no, you’d have green amber red. I’ve not put it on here because it can be quite variable.

But effectively, if you imagine the bottom left four quadrants as green, and then the middle section of amber and then the outer bit as red, you don’t have to color code it. You will often find that they are, though. The most important thing with this is the scoring system.

It allows you to give the risk a weighted quantity. So you can track it, monitor it, see its change, show, for example, a risk might go from a 25 to a 15. By having a number, you can then track that very easily.

So it might be, for example, that the outer area of this grid might be in red. If a risk goes from a 25 to 15, it’s still red, potentially. So using the qualitative risk rating, so red amber green, is a high-level way to quantify risk.

What’s qualifying risk, technically? Quantifying with a risk score will make it much more refined. Yeah, you can have this very, there’s loads of different ways of doing this.

Rag rating being kind of a generic way. I know some organizations have a more diverse coloring system. I’ve seen black on some of them as well.

So it does depend, but there’ll be something that’s a high-level look at the coloring. And I think very rarely do I see a risk matrix like this without numbers on it. Because it’s about that score, it’s about tracking it.

Numbers are great for tracking. So I imagine if you haven’t seen one of these yet, if you’re working in or around projects, you probably will see one of these at some point. They’re very common.

If you’ve ever done any health and safety stuff, you’ll have probably seen one of these in health and safety. Obviously, we’re talking about project risk here, but the same kind of stuff like risk matrices and everything is used in health and safety. So these are very common, these.

And they’re very kind of quite standardized at this point. The numbers depend on the risk appetite of the business, of the sponsor, and all the governance, the rules the business follows. But effectively, there’ll be only some kind of system that will look along those lines to analyze the risk and give it a waiting.

So the response is them. So threats. The analogy I think of, I’m going to be keen on driving if you might not be able to see it, but there’s a little Lego car just there.

I’m rather keen on cars. I enjoy driving. So I think of driving when I think of this, because driving is full of risk at the end of the day.

So if there’s a risk, I could get a flat tire. So if I am driving to work and there’s a threat of me driving to work and getting a flat tire and therefore being late to work, that would be a threat. That’s a negative risk.

Well, it depends on your view of work, I suppose. But anyway, for me, it’d be a negative risk. Just in case my manager’s online.

Anyway, there’s a threat that I may be late to work as a result of a flat tire. And I could prevent that by taking the train. There’s no way I can be late to work as a result of a flat tire if I took a train.

None at all. However, there’s a new risk now of the train being late or overcrowded or whatever. So preventing it is I stop the action at least there is ever happening.

But it’s probably going to introduce a new risk, which would need to be assessed and understood. So it’s quite a severe response. That one is removing the risk entirely, preventing or avoiding it.

Reducing it would be I check my tires before I set off. I check them for wear and tear, checking for nails. I make sure I have a spare tire in the back of the car.

So reducing is either I reduce the probability or the impact. So I can reduce the probability of me getting a flat tire by checking the tires and the pressures before I set off. I could reduce the impact or would be as late to work by bringing a spare tire in the back of my car with me or a tire repair kit or something.

That would be reducing the risk. So that’s us as the project team and project manager. We’re taking action to reduce the probability or the impact of the risk.

Back to an acceptable level. We can’t always do that to be fair. But we can try sometimes just reducing it back to a point where we can just live with it.

Accept is where we acknowledge the risk exists. So I know that my tire could get flat, but I don’t check it. Don’t ensure I have a spare tire.

I don’t do anything at all. I just get flat tire, get flat tire. So I’m aware that it exists, but I’m not taking any action against it.

This does not mean ignore it. This means to monitor it. And this is where we might introduce this reactive response to risk.

We might have a backup plan that will only kick in if certain trigger points are met. But again, I’m not going to go into that level of detail today. But effectively, we have no action to be taken, but we will continue to monitor the risk if it gets worse or changes or moves or whatever.

And if it moves in a certain direction, we might have a backup plan that will initiate once that trigger is met. But anyway, the last of the three or the four responses to threats is transfer. So this would be something like taking a taxi to work.

So rather than I drive, I take a taxi. If the taxi driver gets flat tire, the taxi driver has to get out of the rain and change it. I don’t have to pay for a new tire.

The taxi driver will have to sort the taxi company. We’ll have to sort out that. However, I will be paying the taxi driver for their services.

And their price will include risk management. Again, if we’re taking the risk, we’ll bump up the price. Because if we get a flat tire, we want you to cover some of the cost of it.

So insurance is probably, I would argue, is the most common form of transference in a project. We have to be mindful of this, though. There’s a little bit of a misunderstanding around transfer.

And I’ve seen it in big industries as well, where they think once you’ve transferred it to someone else, it’s their problem. And that’s not the case. So with the taxi driver analogy, yes, if the taxi driver gets a flat tire, I don’t have to pay for a new tire.

I don’t have to get out of the rain and change the tire. However, I’m still late for work. So we have to be mindful of that just because we transferred it to a third party doesn’t mean we got rid of it.

It means they’re managing it on behalf of their own. They’re the risk owner. They’re managing it for us.

So that’s how we respond to a threat, the negative risk. For opportunities, this is looking at the positive. So we can exploit it.

So if you imagine we’re going to enter a raffle, if I enter a raffle, there’s an opportunity to win a raffle. I could buy a ticket. That would give me an opportunity to win the raffle.

I could enhance that opportunity by buying rather one ticket, or I could buy five tickets. That would increase the chances of me winning the raffle and enhance the chance, so to speak. If I wanted to exploit it, that would mean buying all the tickets.

So this is to guarantee it happens or to take full advantage of the opportunity to maximize it because it’s going to require a change of project scope. It’s a bit like the opposite of avoid effectively. Avoid means you’re going to change something about your project to remove the risk or that remove the threat.

Exploit is we’ll have to change the scope in order to take advantage of it. So that will probably have to be signed off with someone like the sponsor, the senior leader, who will authorize that because it’s too much of a change to just go ahead and do. Enhanced means we use the contingency budget, so the pot of money we set aside to manage risk.

We could use that and we could just run the opportunity without any additional permission, but it’s increasing the chances of opportunity rather than guaranteeing it like exploit wood or ensuring it’s a biggest possible impact like exploit. Share is a bit like the opposite of transfer is that I would bring a third party on to collaborate. So if I wanted to, for example, I can’t afford to buy all the tickets to the raffle, but if I buy 10, you buy 10, we now have a much better chance of winning the raffle.

And then when we win the prize, we’ll share the prize between us. You’ll take a bit of it and you’ll take a bit of that there or whatever. I met someone on a course once and they were talking about how they did this and this is where I’ve got the story from with a friend where they entered a raffle and the raffle was a wheelbarrow full of chocolate, I think it was, and or alcohol, I think it was actually, I think about it.

And her friend needed a wheelbarrow. She, the person who was telling me the story did not need a wheelbarrow, but she would love a big wheelbarrow full of chocolate and alcohol. She didn’t leave the wheelbarrow.

So they decided to enter into a syndicate, which you may have done at work for lotteries and things like that. And they both bought these 10, 20 tickets each and they won. And one of her friends had the wheelbarrow and she had the person who was telling the story had the chocolate and the alcohol and they both went.

So they shared the, shared the opportunity. The last one is to reject it. You see the raffles available, you know the opportunity is there, but you think, no, I’m not going to do it.

It’s the opposite of accept. We’re not going to take any action. We know it’s there, but we’re going to continue to monitor it, but we’re not going to do anything about it right now.

So those, how we respond to threats and opportunities. So before I move away from risk and into procurement, I’m going to clarify this idea between the issues and risks. So risks are uncertain events that may happen.

And the project manager and the team will have the authority to manage them. Issues are things that are certain. They are things that have either happened or happening or definitely going to happen.

And they’re never positive like a risk can be. There’s always a major problem. And because they’re a major problem, they must be dealt with above the project manager.

The PM doesn’t have the authority to deal with it. So you escalate it up the chain, probably to someone like the sponsor. Issues are major problems.

They’re not day to day. They are only, again, where the tolerances are. That’s part of the initiate step.

I’m not going to go through that today. But there’ll be some line in the sand somewhere that says, if this happens, it goes above this line, it’s no longer the project manager’s authority. It has to be escalated.

Be careful with differences between risks and issues, especially if you’re doing PFQ, because they do often ask that. They will, they can ask what the difference between issues and risks are. So just think to be mindful of issues being major problems, certain events.

They’re not uncertain anymore that will affect the project in a negative way. And they cannot be dealt with by the project manager. But cool.

That’s a very quick, squizzed through risk management. Now’s an opportunity to ask any questions for me or of me. Do they have any questions at all they’d like to ask, either in the chat or speaking up?

No. Okay, cool. There’s another opportunity then.

So, you know, let me know. Cool. In which case then moving on to procurement.

Procurement then in a nutshell is buying stuff. Actively. So fancy they’re saying buying things.

But it’s buying stuff externally. So when you see the word if you ever do the qualifications, if you see the word external, generally, so 99 times of 100, when the APM use the word external, they don’t mean outside the business. They mean outside the project.

So procurement is procuring or buying of goods and services or securing, I suppose would be without using the word by securing the any goods and services from external providers. So that could be externality of projects. It could be still within the business.

So MOD we used to do that quite a lot. We’d procure resource from other parts of MOD or and more typically we’re buying from a supplier, some kind of someone outside the business who we are. We require their services or something they provide for us.

So yeah, in a nutshell, buying stuff. So you may have come across the term SLA service level agreements that might bring a few bells, but that’s kind of the same thing. So something we’re going to need to do as part of our planning.

So this will start fairly early. This probably is part of our business case, but certainly will become a major part of our planning is to create our procurement strategy. So what strategy being the clue there is that it is going to outline how we’re going to go about buying stuff.

So this will include whether we want to make it ourselves or we’re going to buy it in. So we’re going to be able to do that. And thirdly, the clue there is that it is going to outline how we’re going to go about buying stuff.

So this will include whether we want to make it ourselves or we’re going to buy it in. So make or buy a fairly selfish mind tree, hopefully that we’re going to. Do we have the resources capacity expertise to create it ourselves, in which case we’ll own all the intellectual property rights will own.

We have control over it, but we’re taking all the risk versus buying it in where we get someone else with expertise to do it quickly, or more effectively than us. Very important decision that one, make or buy. Single, integrated or multiple.

So this is effectively deciding whether we want to work with one supplier or multiple suppliers. So do we want to have one point of contact or do we need multiple points of contact for a more complicated requirement? Integrated means we are working collaboratively with them in that they are integrated into our project or integrated into our organization.

You might find that as part of things like framework agreements, which is where you have like an overarching contract that everything falls under. Anyway, I’m not going to go into that today, like I said. High level webinar.

Contractual arrangements. So this is the type of relationship. I would say the most common, the one you probably will have heard of, is subcontracting or prime contracting.

So we want to work out what type of relationship we want to have with our suppliers. We want just one contract. We want multiple contracts and what kind.

Supplier selection process. So what’s our route to tender? So what’s our route to buying stuff, which I’m going to talk through shortly in a second.

Types of contracts. So the contractual terms and conditions. So what stands we want to meet, what process we need to meet, what commercial practices we want to do, how long we want it to be, if that’s something we’ve decided on already.

So we want to think about our terms and conditions before we go anywhere near writing or agreeing any contracts with people. We want to make sure we’ve got some kind of tees and sees ready to go. And then payment mechanisms.

So this is how we’re going to reimburse or pay our suppliers. So there’s a few. And again, some of them may have heard of.

Victor Price, for example, may have come across. And then a few comments about this. So as a project manager, you might be.

I wasn’t in MOD. I was originally when I joined MOD. I was a commercial officer.

So I was a procurement person. But best left to procurement professionals, because this is a minefield of legislation procurement. So we don’t even want to be mindful of that.

We want to make sure we have someone involved in this who is an expert, who has had the training, is aware of the legislation, is aware of the threats of procuring badly or doing things without being transparent. So we need to be very mindful of this. I’ll talk about risk and everything in a second sense, why it’s part of this.

When we’re agreeing our contracts, when we’re agreeing our payment approaches, deciding how much risk we retain versus how much they share. So for example, make or buy is a really good example of that, is if we make it ourselves, we retain all the risk. We’re making it ourselves, we own the risk then.

Which is great in some ways, because it gives us all the opportunities. We have complete control. Equally, if something goes wrong, then it’s all on us to sort.

Whilst if a supplier is building it for us or making it for us, and we’re buying it off of them, then they’re taking all the risk. But they will require compensation for taking the risk. And when you transfer the risk, you also transfer opportunities to those positives as well over to them.

So a lot of, hence why it’s in this area, because there’s a lot of risk consideration when you’re doing procurement. So supplier selection then, again, this is a very quick whiz through this. So research is we want to look at previous, so imagine if you’ve ever bought something significant, like a car or a house or whatever, you’ve probably looked at the market first.

I doubt very much, you may have done, fantastic if you have, I wouldn’t do this. I’ve always, I’ve looked at cars, I’ve always done some very serious research beforehand. I’ll look at what suppliers are out there, I need to know what kind of car I need, so what my requirements are, so what do I need, who’s done it before, any pre-existing solutions.

We don’t do my research. And I imagine most of you have Googled stuff before buying it, reviews and things like that, that’s that bit. So that research is a key foundation, we need to do that, and it will be needing to be based on our requirements, our scope, our specification to understand.

If you go into a shop without knowing what you want to buy, you can end up walking out with something you don’t want, and you’ll be paying a lot more money for it than you should have done. So we want to make sure we know what we’re after, and that’s what research involves. Pre-qualification is we need to check the suppliers we’ve identified, we need to make sure that they’re actually, as we could do it.

So when we do pre-qualification, we essentially send out a questionnaire, or a pre-qualification questionnaire, PQQ, you may have heard the acronym, which is a questionnaires, a standardized questionnaire, based with a scoring system in it, and we send out these questionnaires to all the suppliers who are interested, who have expressed interest, or who we think might be interested in our requirement, based on our research. We’ll send it out to them, and then they have to fill it out, and it’ll be asking them things like, what have you done before, give us a sense of your qualifications, what’s your financial standards status, are you solvent and everything, and we’ll have a standard scoring system so we can compare them against each other. What we don’t wanna do is send different scoring systems to different suppliers, A, because it’s hard to compare them if you’ve used different scoring systems for different suppliers, but also kind of problematic legally, because in this process, we have to be in governance, and in lots of legislation around this, we have to be seen to be transparent and fair, and giving other people harder questionnaires, or more difficult questionnaires than other suppliers, is gonna get us in trouble.

So we wanna standardize questionnaire that’s gonna query them, query their expertise, and see if they’re okay to do it. And if they are, then we can take them further. If they’re not, this acts as a way to shortlist the suppliers, because of sort the week from the chaff, so to speak, so we reduce the potentially list of hundreds of suppliers down to a few.

And once we’ve got that handful of suppliers left from that shortlisting thing we’re doing in pre-qualification, we go to Tender, which is when we give them the full details of our specification, a full requirement, full scope, and say, right, this is what we want you to do for us. And then those suppliers will then bid on that, and say, right, we could do it for this, we could do it for that. They’ll ask lots of questions, and a bit like pre-qualification, if they ask questions, we must be open with their questions and our answers with other suppliers.

We can’t just keep them, we can’t hide questions, we can’t hide answers from everybody, obviously there are exceptions, but because this has to be, I’ll just go back, ethical, transparent, and in line with the organization’s procurement policy and governance principles, we have to make sure we’re open with it. Oops, excuse me, go back. So Tendering is this idea of they place bids, and there’ll be a timeline on there, so we can’t have, the Tendering can’t go on forever, at least have a deadline, so we have all the bids in by a certain time scale.

We’ll then assess the bids, and then we’ll look at awarding one of them to whoever we think is best. Usually for something like value for money or whatever. So we’ll discuss the winning bid, we’ll award the contract to, just the fourth step to a supplier, and then we’ll also provide feedback to the other suppliers as to why they didn’t win.

And the answer were there as well, we discussed why they’ve won with the month’s response feedback for next time, because we wanna make sure we don’t burn any bridges, we wanna make sure the market develops, et cetera. We wanna give other people opportunities in the future. So we’ll award a contract to the winning supplier, based on our criteria, usually you said value for money, so it was giving us the best bang for our buck, and then that contract will then go ahead.

Managing the contract is about making sure the contract is not shut in a drawer until we’ve gotten about. We need to make sure it’s managed actively, not passively. So the contract is the checking up on it, we’re looking at it, we wanna try and anticipate any changes that might need to be made to it, so rather waiting for things to go wrong, if things are sort of looking like they may go wrong in the future, we’ll change it before it goes wrong, rather than leave it in a drawer, never look at it and go, why is stuff going wrong?

And then both us and the supplier getting annoyed. So you try and look after that contract through management, and then the last step is once the contractor, the terms and conditions of the contractor fulfilled, you close down the contract and it’s gone, and that’s it. So I say whiz through the supplier selection process, most businesses you may not use those exact terms, but you will probably find if you were to look at your own businesses, supplier selection, it will look something like that.

It’s very similar, there’s very little deviation from this when you look at procurement processes, it’s gonna be something along those lines, you might have additional steps in there, but it will look like that. So the contractor self then is this legal agreement between two or more parties, and everyone here, since you’re using the internet, will have signed a contract, whether it’s to be to use cookies on a website, or to sign up to Zoom, or if you play video games, require contracts to sign up to now, because they’re all online. If you have a phone, then chances are you might have it on contract, contracts are everywhere, and they’re a legally binding agreement, and ideally they should be written down, because we don’t want any written, we want to be able to provide proof of agreement, we have any verbal contracts that can cause trouble.

And if you’re working internationally, we have to be very careful with this, because different countries have different contract laws. So you have to be very careful of whose laws we’re going to use, whose contract laws we’re going to adhere to. But effectively, yeah, it’s usually, if I give you this, then you give me that.

So if you want to use a website, you have to accept these tracking cookies. If you don’t want to use the website, you can’t, if you don’t want to use the cookies, then you can’t use the website, for example. If you ever curious, have a read through the terms and conditions of your cookies, when you log into a website, have a look at the terms and conditions, and see how much data you’re about to hand over to them.

It’s everywhere, contracts. Well, that last statement there, actually, before we move on. Contracts can be agreed to by anybody, technically, but you’ll usually find in your business only certain parts of your, so certainly by procurement teams, commercial teams, whatever, they’ll be the only ones allowed to agree a contract.

Technically, anyone can, but you’ll often find only certain people have been delegated to the authority to commit to your organization to contract. And again, that’s why you want those procurement experts involved, because they’re usually the ones who have the authority. So these are the contractual relationships.

Comprehensive, again, clues in the name with some of these, really. Comprehensive is we have one contract with one supplier, nice and simple, single-point of contact, very easy to manage, but we’re pushing all our eggs in one basket there. So if that supplier has a problem, then we have a problem.

So it doesn’t sort of manage the risk very effectively, but it does allow us to build a good relationship with one supplier, very easy to manage. Sequential is we need something a bit more complicated, but we want that simplicity to retain. We want that one contract at a time.

It could be with one supplier, it could be with many suppliers, but we’ll have multiple contracts one after the other. This is great for flexibility, allows us to adapt future contracts, allows us to build a relationship with a supplier as well, potentially it’s easy to manage because we’re only managing one at a time. However, we have this idea of dependency.

So if one contract has a problem, what’s the knock-on effect to other contracts? Contract delivers late or goes wrong, what’s the effect on future contracts that are perhaps depending on that initial contract to work or previous contract to work? So we have to be mindful of that.

Parallel is rather than having one contract with one supplier, it’s multiple contracts at any given time. So this requires, this gives us diversity, gives us the opportunity to share ideas, especially if we’re working with multiple suppliers in parallel. But also increases complexity, it means it’s harder to build meaningful relationships if we have multiple suppliers as part of parallel and does increase the chances of us being bogged down.

It’s very resource intensive to manage multiple contracts in parallel with each other because we’re trying to maintain all those contracts at the same time. Subcontracting, I would probably argue is the most common. The whole world seems to revolve around this supply chain thing.

Subcontracting is trying to get the benefit of comprehensive whilst allowing us to have the openness and diversity of parallel, in that we have one sort of contract, a prime contract is what we call it, with a prime supplier who are the owners, they’re the leaders of it, and they’re the ones who run everything for us, we are contractors with them. But then if they can’t do it, if they can’t do some work for us, they’ll subcontract it out. And that means that they are then arranging and organizing all the communication with all the subcontractors.

We’re transferring risk to the prime contractor effectively, saying, right, you manage all the risk for us. Which is great, and it means we only have one contractor manage. It means that the prime supplier is taking all that management for us and saving us time.

It means we can build a good relationship with that one supplier, so we only have one contractor to worry about. And it’s gonna help us have that diversity though, because of that subcontracting underneath. But all those suppliers will wanna make money.

And also, if our prime contract is weak, or there’s problems with it, then it will get watered down as it goes further down the supply chain. As subcontractors subcontract out, and there’s subcontractors subcontract out again, it’ll end up with this quite complicated supply chain, potentially, and it introduces all sorts of risks into it, like ethics, quality assurance control, and things. Because the more suppliers are introduced into a supply chain, the more, again, the watered down it gets, I suppose, the best way to say it.

So to be very careful with that, we need a really strong prime contract to make sure that doesn’t happen, and even then it can still happen. If you’re curious to know what I mean by ethics, look up Cobalt mining in the Democratic Republic of the Congo, and see all the problems with that. And 70% of Cobalt, and Cobalt is used in batteries, in phones, in electric cars, and everything, the ethics around it.

Problematic. So subcontracting. It’s great, and the world revolves around it, but it has its own set problems.

Partnering and alliances then, I’ll just bring that to the next slide, is where you collaborate with somebody. You arrange something. It’s like, so there’s a few suggestions you may have heard of joint ventures or framework agreements.

These are such examples of things that might tie in with alliances, where a supplier will collaborate with another supplier, or you as a customer will collaborate with a supplier to both get the benefits of it. So again, going back to risk again, this is like sharing opportunities. If identified there’s an opportunity, we could share it with somebody.

So a joint venture might be someone who’s like an investor. So someone very wealthy, a dragon’s den, for example, an entrepreneur who has money to invest, and then someone says, I’ve got this technical idea. I don’t have the resources or the finances to make this idea successful, but the idea is good.

You have the finances, but not the technical idea. But if we work together, you finance it, and you’ll get some profits. I’ve got the idea.

I’ll make profit off it too, if you help sell the idea. That’s a joint, that’s kind of a very simple way of saying what joint venture is, or an alliance. You’re working together with someone else.

Some are set larder, nearer I live. If you come on a PMQ with me, I’m likely to talk about that. Some are set larder, which is where joint Hinkley Point, see the nuclear power stations, and there’s massive alliance of all local shops and everything to supply catering and everything.

So they’re all over the place. I mean, if you think about it, imagine if you would start sort of looking at your own organizations, you’ll probably find some of these. Certainly framework agreements are quite common, but they’re the long-term benefit.

These are long-term, these. We don’t tend to do them. You may not find they’re done on a project.

If it’s done on a project, it’ll be a very large project, usually not always, but usually it’s safe for very large projects. You tend to find these are done more for program or portfolio level in that we have lots of projects we want to deliver or lots of work we want to do together. So pretty much the last thing I want to talk about is pricing types, so payments and payment mechanisms and how we’re going to pay people back.

So fixed price, clues in the name there. You have a price, it’s the set price, it doesn’t change. But the supplier will say, well, if the price is fixed and you as a customer won’t be paying anymore, then I’m taking the risk there, so I’ll bump up the price.

So if I’m taking the risk, I’m gonna increase the price, so I’m taking the risk. So lump sum or fixed prices where the customer pays a set amount, the supplier takes the risk because the customer’s price won’t change. Cost plus fee or cost plus simply is not the opposite, but I suppose you could view it that way in a way, I suppose.

In that this is where it’s more than estimate, in that we have a, so for lump sum or fixed price, you’ll probably find that the supplier will only agree to do that if there’s a very defined scope. If the scope is a bit vague or it’s liable to change or it hasn’t been very well defined, the supplier’s gonna go, I can’t provide you a really rigid estimate for it. Here’s just a normal estimate, where for example, you might, I’ve done it with a guitar.

I ordered a guitar a couple of years ago, a custom built one, and we did a cost plus fee for that, because he knew that I would likely change the scope and it has done, I’ve added new stuff, but he said, got a set fee, he will charge 15%, or whatever, I don’t know what it is, but 15%, whatever happens on top of it. So cost plus fee is a little bit more flexible with the specification. The supplier will provide an estimate for it, but in order to protect them or ensure they get their profits, they’ll include in the price a fixed fee, either as a percentage or a set amount for work and for materials, et cetera, to make sure they’re not gonna take, so they’re not taking as much risk there.

So with cost plus, customers taking the risk in that the price might change, but equally that allows me more flexibility for supplier though, I’m not taking the risk at all, because whatever happens, I’m gonna get my fixed fee, I’m getting my profit either way. Per unit or unit quantity is price per item, so price per pen, price per brick, price per day, price per hour, where you want to, where you don’t really know for sure how many or something you need, but you want to be able to say with confidence, if you do need more, for example, need someone for five days, and they’re charging 100 pound a day, then you need them, you know, 500 pounds. If it turns out halfway through that week, you need them for another week, you’ll know how much the next week will cost as well.

So it allows you to be flexible with things, but also remain predictable. So per unit rate, then target cost is where, this is, this fourth one is mutual risk. If you imagine fixed prices, the supplier takes the risk, if you imagine cost plus is the customer takes the risk, target cost is mutual is shared, and that we have an agreed price, so it’s very less, it’s 10,000 pounds or something.

And if the supplier says it’s cost 20, we will both contribute to the overspend, both the customer and the supplier. So I’ll contribute, you know, 4,000 pounds on top of the 10, the 10 target price and the supplier will contribute six or something. There’ll be some percentage that indicates how much each party pay on top of, but effectively, if it goes over the target price, there’s penalties and both of us suffer for it.

So we share the pain. On the flip side though, if the supplier or the project comes in or that particular task, whatever it is we’re doing target cost on, comes in under, so for example, if my target price is 10 and it comes in at five, both me as a customer and the supplier, we will share the profit. So we’ll do what’s called gain share.

So pain share, gain share. If we exceed the target, we’ll share the pain, we both have to pay towards the overspend. If it goes below the target though, we’ll both share in the profit and we get the benefits of coming in under.

So it’s a mutual way to incentivize each other to work together. So some last few bits then. So a few considerations when we do our payments is we could pay by milestones, we could pay by key events.

So you’ll often have these marked in your schedule. So when a key task is over or a key event is over, you might submit a payment. You could pay by stages.

So a stage is how you break down your project into manageable chunks. So you could pay at the end of, so if stage could be, we finished the foundations of a house, let’s say. So a stage is how we break down our deployment of the project, our delivery of the project to the management pieces, and it helps us to assess viability.

We’ll have gates at the end of these. And these stages will allow us to pay money or stop the project or whatever. So we might have paying stages as well, where we release cash to suppliers or whatever.

Retention payment is where we hold back a final payment until after a period of use. You may have come across this before where the project’s task or the contractor finishes a piece of work, then you won’t pay them until after a few months a year or whatever. And then if it’s worked and it’s delivered to the standard or it has delivered what you expected it to, you will then make the final payments.

Kind of incentivize the contractor to get it right first time by holding back the last payment. Price adjustment then is where you acknowledge that something in the market, like inflation, interest rates, price materials can fluctuate, and then you’ll incorporate that into your project. So for example, we could have a fixed price incorporating price adjustment, because 10,000 pounds is a fixed price, but in 10 years time, 10,000 pounds won’t be worth the same amount of money.

So we can incorporate price adjustment. So as the price as inflation changes and interest rates change, the price will adjust to accommodate that. So as to account for external factors effectively, things in the market, I used to do it with the price of steel, quite a lot.

Price of steel is very volatile. So we’d incorporate price adjustment whenever you’re doing a project that involves steel, because it would just change constantly. It changes for us and the supplier.

And the last one then, liquidated damages, which is where if the supplier, usually late, it’s usually to do with schedules. If the supplier delivers late, then they owe you compensation for damages caused as a result of a task being delivered late. That is a squiz through procurement.

Very quick squiz through procurement, but that is procurement. Has anyone got any questions for me around procurement or risk or issues? I appreciate we blitz through this, because again, it’s only an hour long.

Anyone got any thoughts for me or questions, queries? Obviously, this is the last opportunity today as well, if you have been attending a few of these, to ask me any questions. No?

Okay, cool. In which case then, I shall hand back to Jim for the final bits then. Thank you, Colin.

Thank you everyone for your attendance, not only in this session, but in the sessions that have been running throughout the day. I think we can all agree it’s been very informative day, lots of information across various topics. And if you haven’t asked any questions that you think afterwards, I’ll shut up after that, or I’d like some more information on a particular topic, then please get in touch with us after the webinar.

And we’ll hopefully get back to you on anything that’s asked afterwards. Should any of you be looking for the next step in your training journey, or you know someone that you feel may benefit from a training course with ourselves, we have a fantastic offer on at the moment. So the offer is if you buy any online virtual classroom or blended course, you will receive a second Foundation Online course for free.

That offering includes some of the courses that APM offers, so the APM Project Fundamentals Qualification, the PFQ, and also the APM Project Management Qualification, the PMQ. So the offer is due to expire tomorrow, the 31st of January, but for you guys, for the attendees to these webinars, we’re actually able to extend the offer until next Friday, so until the 9th of February. So if you guys want any more information on that offer or on anything else for that matter, please contact me on 01270 626 330, or you can email me on gym at trainingbitesize.com.

Once again, all thank you very much for your attendance throughout these sessions. I can say there’s a lot of effort put into these sessions today, so hopefully you all found it beneficial. Have a great evening, everybody.

And once again, thank you very much. Thank you very much, everybody. So that’s it for this episode of Bitesize Project Management.

We hope you’ll tune in again soon for another edition. Until then, you can find out more about the certifications and training packages we offer on our website, trainingbitesize.com. Thanks very much for listening, and we’ll see you again soon.