Project Risk

Management
Adapted from
•A Guide to the Project Management Body of Knowledge 5th Edition, Project
Management Institute Inc., © 2013
•http://leeds-faculty.colorado.edu/marlattj/OPIM4850-MGMT4085/Risk%20Man
agement%20Slides.ppt
.
•https://people.eecs.ku.edu/~hossein/811/Lectures/chapter-11.pptx
 Risk Management
• Project Risk Management includes the
processes of conducting risk management
planning, identification, analysis, response
planning, and controlling risk on a project.

• The objectives of project risk management are

to increase the likelihood and impact of
positive events, and decrease the likelihood
and impact of negative events in the project.
 Why Do We Manage Risk?
• Project problems can be reduced as much as
90% by using risk analysis
• Positives:
– More info available during planning
– Improved probability of success/optimum project
• Negatives:
– Belief that all risks are accounted for
– Project cut due to risk level
 Key Terms
• Risk Tolerance – The amount of acceptable risk
• Risk Adverse – Someone that does not want to
take risks
• Risk Factors
– Probability of occurrence
– Impact of event
– Range of outcomes
– Timing of event
 How Do We Manage Risk?
• Use the six risk management processes
1. Risk Management Planning
2. Risk Identification
3. Qualitative Risk Analysis
4. Quantitative Risk Analysis
5. Risk Response Planning
6. Risk Monitoring and Control

Risk Risk Qualitative Quantitative Risk Risk

Management Identification Risk Analysis Risk Response Monitoring
Planning Analysis Planning and Control
1. PLAN RISK MANAGEMENT
 What is a Risk Management Plan?
• Methodology – Approach, tools, & data
• Roles & Responsibilities
• Budgeting – Resources to be put into risk
management
• Timing – When and how often
• Risk Categories – Risk Breakdown Structure
(RBS)
• Definitions – Risk probabilities and impact
 What is a Risk Mgmt Plan (Cont’d)?
• Probability and Impact Matrix
• Stakeholder tolerances
• Reporting formats
• Tracking
 Risk Breakdown Structure
• Lists categories and subcategories where risks
may arise

Project

Technical Organizational Project Management

Limited Design Time Funding Estimates

Specifications Adherence Prioritization Scheduling

Resource Availability Communication

2. IDENTIFY RISKS
 Information Gathering Techniques
• Brainstorming
• Delphi technique
– Successive anonymous questionnaires on project
risks with responses summarized for further
analysis
• Interviewing
• Root cause identification
Identify Risks – Information Gathering
Techniques

• Brainstorming
• Group attempts to generate ideas or find a solution for a
specific problem by amassing ideas spontaneously and without
judgment
• An experienced facilitator should run the brainstorming session
• Be careful not to overuse or misuse brainstorming
• Psychology literature shows that individuals produce a greater number of
ideas working alone than they do through brainstorming in small, face-
to-face groups
• Group effects often inhibit idea generation
Identify Risks – Information Gathering
Techniques

• Delphi Technique
• Used to derive a consensus among a panel of experts who
make predictions about future developments
• Provides independent and anonymous input regarding future
events
• Uses repeated rounds of questioning and written responses and
avoids the biasing effects possible in oral methods
Identify Risks – Information Gathering
Techniques

• Interviewing
• Fact-finding technique for collecting information in face-to-face,
phone, e-mail, or virtual discussions
• Interviewing people with similar project experience is an
important tool for identifying potential risks
 Diagramming Techniques
• Cause and Effect Diagrams
– Also known as Ishikawa or fishbone

Testing Inadequate Project

Time Prioritization

Product
Delivered
Late

Personnel Materials Insufficient Bad Specs

Resources

Potential Causes Effect

 The Risk Register
• Important output of the risk identification process
– List of identified risks and other information needed to
begin creating a risk register
• Contains the results of various risk management processes
and that is often displayed in a table or spreadsheet format
• Tool for documenting potential risk events and related
information
– Risk events refer to specific, uncertain events that may
occur to the detriment or enhancement of the project
 The Risk Register - Content
– Identification number for each risk event
– Rank for each risk event
– Name of each risk event
– Description of each risk event
– Category under which each risk event falls
– Root cause of each risk
– Triggers for each risk; indicators or symptoms of actual risk events
– Potential responses to each risk
– Risk owner or person who will own or take responsibility for each risk
– Probability and impact of each risk occurring
– Status of each risk
 Risk Register - Focus
• List of
– Identified risks
– Potential responses
– Root causes
• Updated risk categories (if required)
 The Risk Register -sample

No. Rank Risk Description Category Root Triggers Potential Risk Probability Impact Status
Cause Responses Owner
R44 1

R21 2

R7 3

Table 11-4 Sample risk register

 The Risk Register
• Risk report contents
– Sources of overall project risk
– Important drivers of overall project risk exposure
– Summary information on risk events
 QUALITATIVE RISK ANALYSIS
• The process of prioritizing risks for further analysis or action by assessing

and combining their probability of occurrence and impact.

• Key benefit: it enables project managers to reduce the level of uncertainty

and to focus on high-priority risks.

 Methodologies
• Probability and Impact Matrix
– Based on Failure Modes and Effects Analysis
(FMEA)
– From 1950’s analysis of military systems
 Probability and Impact Matrix
• Define Probability Scale & Impact Scale

Impact Scale Probability Scale

Consequence Health and Safety Likelihood of Occurrence
Likelihood Class (events/year)
Fatality or multiple fatalities
Extreme expected <0.01% chance of
Not Likely (NL) occurrence
Severe injury or disability likely; or
High some potential for fatality 0.01 - 0.1% chance of
Low (L) occurrence
Lost time or injury likely; or some
potential for serious injuries; or 0.1 - 1% chance of
Moderate small risk of fatality Moderate (M) occurrence
First aid required; or small risk of 1 - 10% chance of
Low serious injury High (H) occurrence
Negligible No concern Expected (E) >10% chance of occurrence
 Probability and Impact Plots
Rate each
risk on
scales then
plot on matrix
Develop
mitigation
technique for
risks above
tolerance
 Using Probability/Impact Matrixes
to Calculate Risk Factors (1 of 3)
• Lists relative probability of a risk occurring on
one side of a matrix or axis on a chart and the
relative impact of the risk occurring
– List the risks and then label each one as high,
medium, or low in terms of its probability of
occurrence and its impact if it did occur
• Calculates risk factors
– Numbers that represent the overall risk of specific
events based on their probability of occurring and
the consequences to the project if they do occur
room use.
Using Probability/Impact Matrixes
to Calculate Risk Factors (2 of 3)
Using Probability/Impact Matrixes
to Calculate Risk Factors
 Top Ten Risk Item Tracking
• Qualitative risk analysis tool that helps to identify risks and
maintain an awareness of risks throughout the life of a project
– Involves establishing a periodic review of the top ten project risk items
– Includes the current ranking, previous ranking, number of times the risk
appears on the list over a period of time, and a summary of progress
made in resolving the risk item
• A watch list is a list of risks that are low priority, but are still
identified as potential risks

use.
 Risk Register Update
• Add
– Probability and Impact Matrix results
– Perform quality check on results
– Categorize the risks to make them easier to handle
– Perform urgency assessment to determine which
risk need immediate attention
Risk Register
 4. QUANTITATIVE RISK ANALYSIS
• The process of numerically analyzing the effect of
identified risks on overall project objectives.
• Key benefit: it produces quantitative risk information to
support decision making in order to reduce project uncertainty.
 Quantitative Risk Analysis
• Analyze numerically the probability and
consequence of each risk
• Decision Tree analysis on test
– Diagram that describes a decision and
probabilities associated with the choices
• Expected Monetary Value Analysis (EMV)
• Monte Carlo analysis
 Decision Trees and Expected
Monetary Value (EMV) (1 of 2)
• A decision tree is a diagramming analysis
technique used to help select the best course
of action in situations in which future
outcomes are uncertain
– Estimated monetary value (EMV) is the product of
a risk event probability and the risk event’s
monetary value
• You can draw a decision tree to help find the EMV
Decision Trees and Expected
Monetary Value (EMV) (2 of 2)
 Expected Monetary Value (EMV)

Building
Cost Probability
Optimistic Outcome $150K 0.2 $30K
Likely Outcome $225K 0.5 $113K
Pessimistic $300K 0.3 $100K
Outcome

Expected Value $243K

 Decision Tree Analysis
Decision Decision Chance Net Path
Definition Node Node Value

Strong
65%
Demand $80
$200
EMV of New Bldg
New Node = $41.5!
Plant 35%
Weak -$30
-$120 Demand
$90
Build or
Upgrade
Plant 65%
Upgrade Strong $70
Demand
Plant $120
-$50 EMV of Upgrade
Node = $49!

Weak
35%
$10
Demand
$60
 Simulation (1 of 3)
• Uses a representation or model of a system to
analyze the expected behavior or performance of
the system
– Monte Carlo analysis simulates a model’s outcome
many times to provide a statistical distribution of the
calculated results
• Predict the probability of finishing by a certain date or the
probability that the cost will be equal to or less than a
certain value
• You can use several different types of distribution functions
when performing a Monte Carlo analysis
 Simulation (2 of 3)
• Steps of a Monte Carlo analysis
– Collect the most likely, optimistic, and pessimistic
estimates for the variables in the model
– Determine the probability distribution of each variable
– Select a random value based on the probability
distribution for each variable
– Run a deterministic analysis or one pass through the
model
– Repeat steps three and four many times to obtain the
probability distribution of the model’s results
Simulation (3 of 3)
 Sensitivity Analysis (1 of 2)
• Used to show the effects of changing one or
more variables on an outcome
– For example, many people use it to determine
what the monthly payments for a loan will be
given different interest rates or periods of the loan
• Spreadsheet software, such as Microsoft
Excel, is a common tool for performing
sensitivity analysis

.
Sensitivity Analysis (2 of 2)

Information Technology Project Management, Ninth

Edition. © 2019 Cengage
 Sensitivity Analysis (3)
• Sensitivity analysis helps to determine which risks have the most potential
impact on the project.
• The typical display of a sensitivity analysis is the tornado diagram, which
is useful for comparing relative importance and impact of variables that
have a high degree of uncertainty to those that are more stable.
 5. PLAN RISK RESPONSES
• The process of developing options and actions to enhance
opportunities and to reduce threats to project objectives.
• Key benefit: it addresses the risks by their priority, inserting
resources and activities into the budget, schedule and
project management plan as needed.
 Plan Risk Responses-Strategies
• Negative Risks (or Threats)
– Avoid
– Transfer
– Mitigate
– Acceptance
• Positive Risks (or Opportunities)
– Exploit
– Share
– Enhance
– Acceptance
 Plan Risk Responses - example
Technical Risks Cost Risks Schedule Risks
Emphasize team support Increase the frequency of Increase the frequency of
and avoid stand-alone project monitoring project monitoring
project structure
Increase project manager Use WBS and CPM Use WBS and CPM
authority
Improve problem handling Improve communication, Select the most experienced
and communication understanding of project project manager
goals, and team support
Increase the frequency of Increase project manager
project monitoring authority
Use WBS and CPM
Table 11-6 General risk mitigation strategies for technical, cost, and
schedule risks. *Source: J. Couillard

Information Technology Project Management, Ninth

Edition. © 2019 Cengage.
 Plan Risk Responses - Notes
• It’s also important to identify residual and
secondary risks
– Residual risks: risks that remain after all of the
response strategies have been implemented
– Secondary risks: direct result of implementing a
risk response

Information Technology Project Management, Ninth

Edition. © 2019 Cengage.
 6. CONTROL RISKS
• The process of implementing risk response plans, tracking identified
risks, monitoring residual risks, identifying new risks, and evaluating
risk process effectiveness throughout the project.
• Key benefit: it improves efficiency of the risk approach throughout
the project life cycle to continuously optimize risk responses.
 Implementing Risk Responses
• Main executing process performed as part of
project risk management is implementing risk
responses
– Key outputs
• Change requests
• Project documents updates

Information Technology Project Management, Ninth

Edition. © 2019 Cengage.
 Risk Management Summary
• Risk Management Planning – New
• Risk ID – Develop categories & types
• Risk Qualitative – Probability & Impact Analysis
• Risk Quantitative – Decision Tree, EMV, Monte Carlo
• Risk Response – Mitigation & contingency plans
• Risk Monitoring and Control – Recurring evaluations

Risk Risk Qualitative Quantitative Risk Risk

Management Identification Risk Analysis Risk Response Monitoring
Planning Analysis Planning and Control