CHAPTER 11

PROJECT RISK MANAGEMENT

 Chapter 11

PROJECT RISK MANAGEMENT

 Chapter 11

PROJECT RISK MANAGEMENT

 Learning Objectives
 Understand risk and the importance of good project risk management
 Discuss the elements of planning risk management and the contents of a risk
management plan
 Describe the process of identifying risks and create a risk register
 Explain quantitative risk analysis and how to apply decision trees, simulation, and
sensitivity analysis to quantify risks
 Provide examples of using different risk response planning strategies to address
both negative and positive risks
 Discuss how to control risks
 Project Risk Management
 Project Risk Management includes the processes of conducting risk management
planning, identification, analysis, response planning, and controlling risk on a project.
 The objectives of project risk management are to increase the likelihood and impact of
positive events, and decrease the likelihood and impact of negative events in the
project.
 Risk Exists in Two Levels:
– Individual project risk is an uncertain event or condition that, if it occurs, has a
positive or negative effect on one or more project objectives.
– Overall project risk is the effect of uncertainty on the project as a whole, arising
from all sources of uncertainty including individual risks, representing the exposure
of stakeholders to the implications of variations in project outcome, both positive
and negative.
– Both Can be Positive or Negative Risks
 Definitions
 A threat : is a risk identified in advance that may or may not happen and
can negatively impact project.
 An Opportunity : is a positive impact risk
–e.g. if we can buy more than 20 item at once, the cost will be 20%
less.
–e.g. if we can provide training, we can finish 2 days faster
PM often just focus on threats
 Uncertainty : is a lack of knowledge about an event that reduces
confidence in conclusions drawn from the data.
 Risk Attitudes
 The risk attitudes of both the organization and the stakeholders may be
influenced by a number of factors:
– Risk appetite,
– Risk tolerance,
– Risk threshold
 Risk Factors
 The risk factors are:
– The probability that a risk will occur (how likely)
– The range of possible outcomes (Impact)
– Expected timing to occur through project life cycle
– The anticipated frequency of risk ( how often)
 An organization may have more tolerance for cost-related risks than for risks that
affect customer satisfaction
 Risk responses : reflect an organization’s perceived balance between risk taking
and risk avoidance.
 Risk averse : some one who does not want to take risks
 Processes
 Plan Risk
 Identify Risks
 Perform Qualitative Risk Analysis
 Perform Quantitative Risk Analysis
 Plan Risk Responses
 Implement Risk Response
 Monitor Risks
 Plan Risk Management
 Plan Risk Management is the process of defining how to
conduct risk management activities for a project
 The key benefit of this process is that it ensures that the
degree, type, and visibility of risk management are
proportionate to both risks and the importance of the project
to the organization and other stakeholders.
 This process is performed once or at predefined points in the
project
Inputs, Tools & Techniques, and Outputs
 Plan Risk Management: Inputs
Project Management Plan
Project Charter
Stakeholder Register
Enterprise Environmental Factors
Organizational Process Assets
 Plan Risk Management: Tools and Techniques

Data Analysis
Expert Judgment
Meetings
 Plan Risk Management: Outputs
Risk Management Plan
– Risk Strategy
– Methodology
– Roles and responsibilities
– Budgeting & Funding
– Timing
– Risk categories & RBS
– Definition of probability and impact
– Probability and impact matrix
– Revised stakeholders tolerance & risk appetite
– Reporting format
– Tracking documents
 Plan Risk Management: Outputs
 Risk categories
– Provide a means for grouping potential causes of risk. Several approaches
can be used, for example, a structure based on project objectives by
category (Internal, external, technical, unforeseeable)
– A risk breakdown structure (RBS) helps the project team to look at many
sources from which project risk may arise in a risk identification exercise.
 Definitions of risk probability and impact.
– The quality and credibility of the risk analysis requires that different levels
of risk probability and impact be defined that are specific to the project
context.
 Plan Risk Management: Outputs
Probability and impact matrix.
– A probability and impact matrix is a grid for mapping the probability of
each risk occurrence and its impact on project objectives if that risk
occurs
Revised stakeholders’ tolerances
Reporting formats
Tracking
Definition of Impact Scales for Four Project Objectives
Definition of Impact Scales for Four Project Objectives
 Plan Risk Management: Outputs
– Risk categories
• Provide a means for grouping potential causes of risk. Several approaches
can be used, for example, a structure based on project objectives by
category (Internal, external, technical, unforeseeable)
• A risk breakdown structure (RBS) helps the project team to look at many
sources from which project risk may arise in a risk identification exercise.
– Definitions of risk probability and impact.
• The quality and credibility of the risk analysis requires that different levels
of risk probability and impact be defined that are specific to the project
context.
 Identify Risks
 Identify Risks is the process of determining which risks may affect the
project and documenting their characteristics
 The key benefit of this process is the documentation of existing individual
project risks and the sources of overall project risk. It also brings together
information so the project team can respond appropriately to identified
risks. This process is performed throughout the project.
Inputs, Tools & Techniques, and Outputs
 Identify Risk
 Identify risks is an iterative process, why?
 Because new risks may evolve or become known as the
project progress through its life cycle
 Identify Risks: Inputs
 Project management plan – Cost estimates

– Requirements management plan – Duration estimates

– Schedule management plan – Issue log

– Cost management plan – Lessons learned register

– Quality management plan – Requirements documentation

– Resource management plan – Resource requirements

– Risk management plan – Stakeholder register

– Scope baseline  Agreements

– Schedule baseline  Procurement documentation

– Cost baseline  Enterprise environmental factors

 Project documents  Organizational process assets

– Assumption log
 Identify Risks: Tools and Techniques
Data Gathering Techniques
– Brainstorming
– Interviewing
– Checklists Analysis
Data Analysis Techniques
– Root-Cause Analysis
– Assumptions and Constraints Analysis
– SWOT Analysis
– Documentation Analysis
 Identify Risks: Tools and Techniques
Interpersonal & Team Skills
Prompt List
A predetermined list of risk categories that might give rise to individual
project risks and that could also act as sources of overall project risk.
Meetings
 Identify Risks: Outputs
Risk Register
 The primary output from Identify Risks is the initial entry into the risk register.
– List of identified risks
• Risk statement should be consistent to ensure that each risk is understood
clearly and unambiguously in order to support effective analysis and
response development.
• It Should support the ability to compare the relative effect of one risk
against others
– List of potential responses
• Potential responses should be identified at the same time as a risk. it should
be analyzed later on as part of the “risk response planning”.
– List of Potential Risk Owners
– Root causes of risks : used later to reassess risks and for historical records
– Updated risk categories
 Identify Risks: Outputs
Risk Report
 The risk report presents information on sources of overall project risk, together
with summary information on identified individual project risks.
Project Documents Updates (Assumptions Log, Issue Log, Lesson Learned Register)
 Perform Qualitative Risk Analysis
 Perform Qualitative Risk Analysis is the process of prioritizing risks for
further analysis or action by assessing and combining their probability of
occurrence and impact.
 The key benefit of this process is that it enables project managers to
reduce the level of uncertainty and to focus on high-priority risks.
Inputs, Tools & Techniques, and Outputs
 Perform Qualitative Risk Analysis: Inputs
 Project management plan
– Risk management plan
 Project documents
– Assumption log
– Risk register
– Stakeholder register
 Enterprise environmental factors
 Organizational process assets
 Perform Qualitative Risk Analysis: Tools
and Techniques
Risk Data Quality Assessment
– It is a technique to evaluate the degree to which the risk is understood and the

accuracy, quality, reliability, and integrity of the data about the risk.

Risk Probability and Impact Assessment

– Risk probability assessment investigates the likelihood that each specific risk

will occur.
– Risk impact assessment investigates the potential effect on a project objective

such as schedule, cost, quality, or performance, including both negative effects

for threats and positive effects for opportunities.

 Perform Qualitative Risk Analysis: Tools and
Techniques
Assessment of Other Risk Patterns
 The project team may consider other characteristics of risk (in addition to
probability and impact) when prioritizing individual project risks for further
analysis and action. These characteristics may include but are not limited to:
– Urgency.
– Proximity
– Dormancy
– Manageability.
– Controllability.
– Detectability.
– Connectivity.
– Strategic impact.
– Propinquity
 Perform Qualitative Risk Analysis: Tools
and Techniques
Risk Urgency Assessment
– Risks requiring near-term responses may be considered more urgent to
address.
 Some risks may be considered more urgent to address and they should be moved
more quickly than others into risk response planning. these risks include:
– Near- term risks ( may occur soon)
– Risks that require long time to plan a response.
– The assessment of risk urgency + The risk ranking determined from the
probability and impact matrix = final risk severity rating.
 Perform Qualitative Risk Analysis: Tools
and Techniques
 Interpersonal & Team Skills
– Facilitations
 Risk Categorization
– Risks to the project can be categorized by sources of risk (e.g., using the RBS),
the area of the project affected (e.g., using the WBS), or other useful
categories (e.g., project phase) to determine the areas of the project most
exposed to the effects of uncertainty.
– Risks can also be categorized by common root causes.
Risk Presentation - Probability and Impact Matrix
– Risks can be prioritized for further quantitative analysis and planning risk
responses based on their risk rating.
– Ratings are assigned to risks based on their assessed probability and impact.
Probability and Impact Matrix
 Perform Qualitative Risk Analysis: Tools
and Techniques
Risk Presentation
 Hierarchical Charts
– Where risks have been categorized using more than two parameters, the
probability and impact matrix cannot be used and other graphical
representations are required.
– A bubble chart displays three dimensions of data, where each risk is plotted as
a disk (bubble), and the three parameters are represented by the x-axis value,
the y-axis value, and the bubble size
 Perform Qualitative Risk Analysis: Outputs

Project Documents Updates

– Risk register updates
– Risk Report Updates
– Assumptions log updates
– Issue Log Updates
 Perform Quantitative Risk Analysis
 Perform Quantitative Risk Analysis is the process of numerically analyzing
the effect of identified risks on overall project objectives.
 The key benefit of this process is that it produces quantitative risk
information to support decision making in order to reduce project
uncertainty.
Inputs, Tools & Techniques, and Outputs
 Perform Quantitative Risk Analysis: Inputs
 Project management plan – Milestone list
– Risk management plan – Resource requirements
– Scope baseline – Risk register
– Schedule baseline – Risk report
– Cost baseline – Schedule forecasts
 Project documents  Enterprise environmental factors
– Assumption log  Organizational process assets
– Basis of estimates
– Cost estimates
– Cost forecasts
– Duration estimates
 Perform Quantitative Risk Analysis: Tools and
Techniques
Data Gathering and Representation Techniques
– Interviewing
Presentation of Uncertainty
– Probability distributions ( Beta Distribution/triangular distribution)
Data Analysis and Modeling Techniques
– A project simulation uses a model that translates the specified detailed
uncertainties of the project into their potential impact on project objectives.
– Simulations are typically performed using the Monte Carlo technique. In a
simulation, the project model is computed many times (iterated), with the
input values (e.g., cost estimates or activity durations) chosen at random for
each iteration from the probability distributions of these variables.
 Perform Quantitative Risk Analysis: Tools and
Techniques
Data Analysis and Modeling Techniques
– A project simulation uses a model that translates the specified detailed
uncertainties of the project into their potential impact on project objectives.
– Simulations are typically performed using the Monte Carlo technique. In a
simulation, the project model is computed many times (iterated), with the
input values (e.g., cost estimates or activity durations) chosen at random for
each iteration from the probability distributions of these variables.
 Perform Quantitative Risk Analysis: Tools and
Techniques
Data Analysis and Modeling Techniques
– Sensitivity analysis
• Sensitivity analysis helps to determine which risks have the most potential
impact on the project.
• It helps to understand how the variations in project’s objectives correlate
with variations in different uncertainties.
• The Tornado diagram is also helpful in analyzing risk-taking
 Influence Diagram
Graphical representation of situations showing causal influences, time ordering of
events , and other relationship among variables and outcomes
 Expert Judgment
Example of Tornado Diagram
 Perform Quantitative Risk Analysis: Outputs
Project Documents Updates
– Assessment of Overall Project Risk Exposure
• Chances for Success
• Degree of Project Variability
– Probabilistic analysis of the project.
• Estimates are made of potential project schedule and cost outcomes
listing the possible completion dates and costs with their associated
confidence levels.
– Probability of achieving cost and time objectives.
• With the risks facing the project, the probability of achieving project
objectives under the current plan can be estimated using quantitative risk
analysis results.
 Plan Risk Responses
 Plan Risk Responses is the process of developing options and actions to
enhance opportunities and to reduce threats to project objectives.
 The key benefit of this process is that it addresses the risks by their
priority, inserting resources and activities into the budget, schedule and
project management plan as needed.
Plan Risk Responses: Inputs, Tools &
Techniques, and Outputs
 Plan Risk Responses: Inputs
 Project management plan – Risk report
– Resource management plan – Stakeholder register
– Risk management plan  Enterprise environmental factors
– Cost baseline  Organizational process assets
 Project documents
– Lessons learned register
– Project schedule
– Project team assignments
– Resource calendars
– Risk register
Plan Risk Responses: Tools and Techniques

– Contingent Response Strategies

Risk responses identified using this technique are often called
contingency plans or fallback plans and include identified triggering
events that set the plans in effect.
– Strategies for Overall Project Risks
• Avoid
• Exploit
• Transfer/Share
• Mitigate/Enhance
• Accept
 Plan Risk Responses: Tools and Techniques

 Data Analysis
– Alternative Analysis
– Cost Benefit Analysis
 Decision Making
– Multi-criteria decision analysis
• Decision Matrix
 Plan Risk Responses: Outputs
Project Management Plan Updates
– Schedule management plan
– Cost management plan
– Quality management plan
– Procurement management plan
– Human resource management plan
– Scope baseline
– Schedule baseline
– Cost baseline
 Implement Risk Response
 Implement Risk Responses is the process of implementing agreed-upon
risk response plans.
 The key benefit of this process is that it ensures that agreed-upon risk
responses are executed as planned in order to address overall project risk
exposure, minimize individual project threats, and maximize individual
project opportunities
Implement Risk Response: Inputs, Tools &
Techniques, and Outputs
 Implement Risk Response - Inputs
 Risk management plan
 Lessons learned register
 Risk register
 Risk report
 Organizational process assets
Implement Risk Response - Tools and Techniques

 Expert judgment
 Interpersonal and team skills - Influencing
 Project management information system
 Implement Risk Response - Output
 Change requests
 Project documents updates
– Issue log
– Lessons learned register
– Project team assignments
– Risk register
– Risk report
 Monitor Risks
 Monitor Risks is the process of monitoring the implementation of risk
response plans, tracking identified risks, monitoring residual risks,
identifying new risks, and evaluating risk process effectiveness throughout
the project.
 The key benefit of this process is that it improves efficiency of the risk
approach throughout the project life cycle to continuously optimize risk
responses.
Monitor Risks: Inputs, Tools & Techniques, and
Outputs
 Control Risks: Inputs
 Project management plan
– Risk management plan
 Project documents
– Issue log
– Lessons learned register
– Risk register
– Risk report
 Work performance data
 Work performance reports
 Control Risks: Tools and Techniques
 Data analysis
– Technical performance analysis
– Reserve analysis
 Audits
 Meetings
 Control Risks: Outputs
Work Performance Information
Change Requests
– Implementing contingency plans or workarounds sometimes results in a
change request.
• Recommended corrective actions
• Recommended preventive actions
Project Management Plan Updates
Project Documents Updates
Organizational Process Assets Updates