Project Risk Management

Project Risk Management

Knowledge Area

Process

Initiating Planning Executing Monitoring & Contol Closing

Risk  Plan Risk ManagementIdentify RiskPerform Qualitative Risk AnalysisPerform Quantitative Risk AnalysisPlan Risk Response

Monitor and Control Risks

Enter phase/Start project

Exit phase/End project

InitiatingProcesses

ClosingProcesses

PlanningProcesses

ExecutingProcesses

Monitoring &Controlling Processes

Project Risk Management

• Risk is an uncertain event or condition that, if occurs, has an effect on at least one project objective.

– increase the probability and impact of positive events (opportunities).

– decrease the probability and impact of negative events (threat).

Risk management objectives

•address the level of risk a project manager or a key stakeholder is willing to take when money at stake is compared to the potential payoff.

Risk tolerance

Prefers an uncertain outcome and may be willing to pay a penalty to take a high risk

Risk Seeker

Risk Averter Not likely to take a risk that is considered a high risk

Plan Risk Management

• The process of defining how to conduct risk management activities for a project.

Inputs

1. Project scope statement2. Cost management plan3. Schedule management 

plan4. Communication 

management plan5. Enterprise environmental 

factors6. Organizational process 

assets

Tools & Techniques

1. Planning meetings and analysis

Outputs

1. Risk management plan

Planning Meetings and Analysis

- plans for conducting the risk

management activities

- Risk management responsibilities

-templates for risk categories

-definitions of terms such as levels

of risk, and the probability and

impact matrix

Risk Management Plan

• Risk management plan describe how risk management will be structured and performed on the project.

.    Methodology (Defines the approaches, tools, and data sources)• Roles & responsibilities (Defines the lead, support, and risk management team members)

• Budgeting (Assigns resources, estimates funds needed)• Timing (when and how often the risk management process )• Risk categories. (Provides a structure that ensures a comprehensive process of systematically identifying risks ).

Risk Management Plan

-Definition of probability and impact 

-Stakeholder tolerances

• Reporting formats how the outcomes of the risk management processes will be documented, analyzed, and communicated.

• Tracking how risk activities will be recorded and how risk management processes will be audited.

• Probability and impact matrix (Risks are prioritized according to their potential implications for having an effect on the project’s objectives.

Project Title: Date Prepared:

Methods and Approaches:

Describe the methodology or approach to risk management. Provide information on how each of the risk management processes will be carried out, including whether quantitative risk analysis will be performed and under what circumstances.

Tools and Techniques:

Describe the tools, such as a risk breakdown structure, and techniques, such as interviewing, Delphi technique, etc., that will be used for each process.

Roles and Responsibilities:

Describe the roles and responsibilities for various risk management activities .

Risk Categories:

Identify any categorization groups used to sort and organize risks. These can be used to sort risks on the risk register or for a risk breakdown structure, if one is used.

Stakeholder Risk Tolerance:

Describe the risk tolerance levels of the organization(s) and key stakeholders on the project.

Risk management plan

Definitions of Probability:Terms used to measure probability, such as Very Low – Very High, or .01-1.0.

Describe the ways of measuring probability: the difference between very high and high probability, etc.. If using a numeric scale, identify the spread between bands of probability (.05, .1, .2, .4, or .2, .4, .6, .8).

Definitions of Impact by Objective:

Specify terms used to measure impact, such as Very Low – Very High, or .01-1.0.

Describe the ways of measuring impact on each objectives. Objectives other than the ones listed here can be used. Define the difference between very high and high impact on the objective. If using a numeric scale, identify the spread between bands of impact (.05, .1, .2, .4, or .2, .4, .6, .8). Note that the impacts on individual objectives may be different if one objective is more important than another.

Probability and Impact Matrix:

Risk Management Funding:Define the funding needed to perform the various risk management activities, such as utilizing expert advice or transferring risks to a third party.

Contingency Protocols:Describe the guidelines for establishing, measuring, and allocating both budget contingency and schedule contingency.

Describe the frequency of conducting formal risk management activities and the timing of any specific activities.

Frequency and Timing:

Describe how often the risk management process will be audited, which aspects will be audited, and how discrepancies will be addressed.

Risk Audit Approach

Identify Risk

• the process of determining which risks may affect the project and documenting their characteristics

Inputs

.1 Risk management plan

.2 Activity cost estimates

.3 Activity durationestimates.4 Scope baseline.5 Stakeholder register.6 Cost management plan.7 Schedule managementplan.8 Quality managementplan.9 Project documents.10 Enterpriseenvironmentalfactors.11 Organizational process assets

Tools & Techniques

1. Documentation reviews2. Information gathering techniques

3. Checklist analysis4. Assumptions analysis5. Diagramming techniques

6. SWOT analysis7. Expert judgment

Outputs

1. Risk register

• Documentation Reviews -review of project documentation, including

plans, assumptions, previous project files, contracts, and other information.

-The quality of the plans, as well as consistency between those plans and the project requirements and assumptions, can be indicators of risk in the project.

• Information gathering techniques

– Brainstorming

– Delphi technique:

– Interviewing

– Root cause analysis:

•Examines project from all SWOT perspectives: • Strength• Weakness• Opportunity• Threats

SWOT Analysis

• .3 Checklist Analysis - developed based on historical information - The team should make sure to explore items

that do not appear on the checklist. - The checklist should be reviewed during

project closure to incorporate new lessons learned .

Diagramming Techniques

• Cause and effect diagrams

useful for identifying causes of risks.

• System or process flow charts.

These show how various elements of

a system interrelate,

and the mechanism of causation

• Influence diagrams. These are

graphical representations of

situations showing causation

influences,

Risk Register

List of identified risks.

-the list of identified risks,

-The root causes of those risks

-the fundamental conditions of risks

List of potential responses.

- Potential responses to a risk may

sometimes be identified during

the Identify Risks process.

Include

RISK REGISTERProject Title: Date Prepared:

Risk ID

Risk Statement Probability Impact Score ResponseScope Quality Schedule Cost

Description of the risk event or circumstance.

Likelihood of occurrence

Impact on each objective if it does occur.

Probability X impact.

Description of planned response strategy to the risk event.

Revised Probability

Revised Impact Revised Score

Responsible Party

Actions Status Comments

Scop

e

Quality Schedul

e

Cost

Likelihood after the response strategy.

Revised impact on each objective after the response strategy.

Revised probability X impact

Who will follow through on the risk and response.

Actions that need to be taken to address the risk.

Open or closed.

Any comments that provide information about the risk.

Perform Qualitative Risk Analysis

• The process of prioritizing risks for further analysis of action by assessing and combining their probability of occurrence and impact.

Inputs

1. Risk register2. Risk management plan3. Project scope statement4. Organizational process assets

Tools & Techniques

1. Risk probability and impact assessment

2. Probability and impact matrix

3. Risk data quality assessment

4. Risk categorization5. Risk urgency assessment

6. Expert judgment

Outputs

1. Risk register updates

Probability Impact Matrix

• Different matrices can be used for cost, time, scope• It helps guide risk responses (priority action & response strategies)

Risk Data Quality AssessmentA qualitative risk analysis requires accurate data. Analysis of the quality of risk data is a technique to evaluate the degree to which the data about risks are useful for risk management.

Risk Breakdown Structure (RBS)

• Showing risk categorization• Help to ensure a comprehensive process of systematically identifying risk to a consistent level of detail

Risk Urgency Assessment-Risks requiring near-term

responses may be considered

more urgent to address.

-the assessment of risk

urgency can be combined

with the risk ranking from the

probability and impact matrix

to give a final risk severity

rating.

Risk Register Updates

• Update/add additional information to previous output i.e. Risk Register, which include:

– Relative ranking/priority– Risk grouped by categories– List of risk requiring additional analysis in the near term– List of risk for additional analysis and response– Watch-list (non-critical or non-top risks)– Trends– Cause of risk requiring particular attention

QUESTIONS?

1-During which stage of Risk planning are risks prioritized based on probability and -impact?

A-Identify Risks

B-Risk management plan

C-Perform Qualitative risk analysis

D-Perform Quantitative risk analysis

2-Mohamed has joined as the Project Manager of a project. One of the project documents available to Mohamed lists down all the risks in a hierarchical fashion. What is this document called?

A-Risk Management Plan.

B-List of risks.

C-Risk register

D-Risk Breakdown Structure

3- Project risk management includes all the processes

concerned with conducting risk management planning,

identification, analysis, responses, and monitoring and

control on a project. In this context, all the following

statements about risk are accurate EXCEPT:

A- Risk is an uncertain event or condition

B- Risks have to be identified and properly managed

C- Risk Management should be done throughout the

project

D- Risk has only negative impact on the project objective

4- you have just been assigned as the project manager

for a sizeable engineering project, and you want to

quickly review the projects Procedures for managing

risk . What would be the most helpful in finding this

information?

A- a risk register

B- a risk management plan

C- environment process assets

D- a risk impact matrix

Thank you