This document discusses project risk management. It defines risk as an uncertain event that can positively or negatively impact project objectives. Risk management is the systematic process of identifying, analyzing, and responding to project risks. The six processes of risk management are: 1) plan risk management, 2) identify risks, 3) perform qualitative risk analysis, 4) perform quantitative risk analysis, 5) plan risk responses, and 6) monitor and control risks. Tools used include risk breakdown structures, probability and impact matrices to assess risks, and decision trees to evaluate responses. The goal is to prioritize and respond to risks to help ensure project success.
2. Definition
Risk
• An uncertain event or condition that, if it occurs, has
a positive or negative effect on the project objectives.
Risk Management
• The systematic process of identifying, analyzing, and
responding to project risk. It includes maximizing the
probability and consequences of positive events and
minimizing the probability and consequences of
adverse events.
3. Why to Manage Risk?
Risk Planning
• Requires a firm commitment to risk management from all
project stakeholders
• Ensures adequate resources to plan for and manage risk
• Focuses on preparation
Project problems can be reduced as much as 90% by using risk
analysis
Positives:
• More info available during planning
• Improved probability of success/optimum project
Negatives:
• Belief that all risks are accounted for
• Project cut due to risk level
4. Key Terms
Risk Tolerance – The amount of acceptable risk
Risk Adverse – Someone that does not want to take risks
Risk Factors
– Probability of occurrence
– Range of possible outcomes (impact or amount at stake
– Expected Timing of event
– Anticipated frequency of risk events from that source
5. How to Manage Risk?
Use the six risk management processes
1. Plan Risk Management
2. Identify Risks
3. Perform Qualitative Risk Analysis
4. Perform Quantitative Risk Analysis
5. Plan Risk Responses
6. Monitor and Control Risks
Plan Risk
Management
Identify
Risks
Perform
Qualitative
Risk Analysis
Perform
Quantitative
Risk Analysis
Plan Risk
Responses
Monitor and
Control Risk s
6. Plan Risk Management
Project Scope
Statement
Cost Management
Plan
Schedule
Management Plan
Enterprise
Environmental Factors
Organizational
Process Assets
Risk
Management
Plan
Planning Meetings
Project AnalysisInputs
Outputs
Tools & Techniques
Plan Risk
Management
Identify Risks Perform
Qualitative
Risk Analysis
Perform
Quantitative
Risk Analysis
Plan Risk
Responses
Monitor and
Control Risk s
7. What is a Risk Management Plan?
Methodology – Approach, tools, & data
Roles & Responsibilities
Budgeting – Resources to be put into risk management
Timing – When and how often
Risk Categories – Risk Breakdown Structure (RBS)
Definitions – Risk probabilities and impact
Probability and Impact Matrix
Stakeholder tolerances
Reporting formats
Tracking
8. Risk Breakdown Structure
Project
Technical
Limited Design
Time
Specifications
Adherence
Organizational
Funding
Prioritization
Resource
Availability
Project
Management
Estimates
Scheduling
Communication
Lists categories and subcategories where risks may arise
9. Identify Risks
Risk Management Plan
Activity Cost Estimates
Activity Duration
Estimates
Scope Baseline
Stakeholder Register
Cost Management Plan
Schedule Management
Plan
Quality Management Plan
Project Documents
Enterprise Environmental
Factors
Organizational Process
Assets
Risk Register
Documentation Reviews
Information Gathering
Techniques
Checklist Analysis
Assumption Analysis
Diagramming Techniques
SWOT Analysis
Expert Judgment
Inputs Outputs
Tools & Techniques
Plan Risk
Management
Identify Risks Perform
Qualitative
Risk Analysis
Perform
Quantitative
Risk Analysis
Plan Risk
Responses
Monitor and
Control Risk s
10. Information Gathering Techniques
Brainstorming
Delphi technique
• Successive anonymous questionnaires on project risks with responses
summarized for further analysis
Interviewing
Root cause identification
Strengths, weaknesses, opportunities, and threats (SWOT) analysis
12. Diagramming Techniques-Cause and Effect
Diagrams
Professor Kaoru Ishikawa created Cause & Effect Analysis in the
1960s. The technique uses a diagram-based approach for thinking
through all of the possible causes of a problem. This helps you to
carry out a thorough analysis of the situation. There are four steps to
using Cause and Effect Analysis:
Identify the problem in terms of threat and opportunity
Work out the major factors involved.
Identify possible causes for each factors.
Continue refining the diagram until satisfied that the diagram is
complete. And analyze the diagram
Also known as Ishikawa or fishbone
13. Cause and Effect Diagrams-Example 1
Product
Delivered
Late
Bad SpecsInsufficient
Resources
Inadequate
Time
Project
Prioritization
Testing
Materials
Potential Causes Effect
Personnel
16. Risk Register
List of
Identified risks: in as much detail as is possible.
Event (may occur) IMPACT
Event (if there is a CAUSE)EFFECT
Potential responses : should be used as inputs to the Plan Risk
Root causes of f these risks
Updated risk categories (if required)
Potential risk responses should be recorded and
used to support future risk identification for this and other projects.
.
17. Perform Qualitative Risk Analysis
Risk Register
Risk Management
Plan
Project Scope
Statement
Organizational
Process Assets
Risk Register
Updates
Risk probability and
impact statement
Probability and impact
matrix
Risk data quality
assessment
Risk categorization
Risk urgency
assessment
Expert Judgment
Inputs
Outputs
Tools & Techniques
Plan Risk
Management
Identify Risks Perform
Qualitative
Risk Analysis
Perform
Quantitative
Risk Analysis
Plan Risk
Responses
Monitor and
Control Risk s
18. IT Project Risk Management Planning Process
Risk Analysis
• Risk = f(Probability * Impact)
– What is the probability of a particular risk occurring?
– What is the impact on the project if it does occur?
Risk Assessment
• Focuses on prioritizing risks so that an effective strategy can
be formulated for those risks that require a response.
– Depends on Stakeholder risk tolerances
– You can’t respond to all risks!
19. Risk Analysis and Assessment Tools
Qualitative Approaches
• Expected Value
• Payoff Table
• Decision Trees
• Risk Impact Table
Quantitative Approaches
• Probability Distributions
– Discrete
• Binomial
– Continuous
• Normal
• PERT
• Triangular
• Simulations
20. Expected Value of a Payoff Table
Schedule Risk A
Probability
B
Payoff (in 000s)
A + B
Prob. * Payoff
Project completed
20 days early
5% $300 $15
Project completed
10 days early
20% $100 $20
Project completed
on schedule
50% $100 $50
Project completed
10 days late
20% $ -- $ --
Project completed
20 days late
5% $ (50) $ (3)
100% $83
Expected Value
23. Normal Distribution
Shape is determined by its mean (µ) and standard
deviation ()
Probability is associated with area under the curve.
Since the distribution is symmetrical, the following
probability rules of thumb apply
About 68 percent of all the values will fall between +1 of
the mean
About 95 percent of all the values will fall between +2 of
the mean
About 99 percent of all the values will fall between +3 of
the mean
25. PERT distribution uses a three-point estimate where:
• a denotes an optimistic estimate
• b denotes a most likely estimate
• c denotes a pessimistic estimate
PERT Mean = (a + 4m + b) / 6
PERT Standard Deviation = (b - a) / 6
PERT Distribution
27. Triangular Distribution
uses a three-point estimate similar to the PERT
distribution where:
• a denotes an optimistic estimate
• b denotes a most likely estimate
• c denotes a pessimistic estimate
weighting for the mean and standard deviation are
different from PERT
• TRIANG Mean = (a + m + b) / 3
• TRIANG Standard Deviation =
[((b-a)2 + (m-a)(m-b)) /18]1/2
29. Simulations
Monte Carlo
• a technique that randomly generates specific values for a
variable with a specific probability distribution.
• goes through a specific number of iterations or trials and
records the outcome.
• @risk
Sensitivity Analysis
• Tornado Graph
34. Risk Strategies
Depends On:
• The nature of the situation itself
– Really a threat or an opportunity?
• The impact of the risk on the project and objectives
– What is the probability and impact of a risk
• The project’s constraints in terms of scope, schedule, budget,
and quality
– Can a response be made with existing resources and/or
constraints?
• Risk Tolerances or preferences of the project stakeholders
– How much risk is tolerable?
36. Probability and Impact Matrix
Define Probability Scale & Impact Scale
Likelihood Class
Likelihood of Occurrence
(events/year)
Not Likely (NL)
<0.01% chance of
occurrence
Low (L)
0.01 - 0.1% chance of
occurrence
Moderate (M)
0.1 - 1% chance of
occurrence
High (H)
1 - 10% chance of
occurrence
Expected (E) >10% chance of occurrence
Consequence Health and Safety
Extreme
Fatality or multiple fatalities
expected
High
Severe injury or disability likely; or
some potential for fatality
Moderate
Lost time or injury likely; or some
potential for serious injuries; or
small risk of fatality
Low
First aid required; or small risk of
serious injury
Limited No concern
Probability ScaleImpact Scale
37. Probability and Impact Plots
Rate each risk on scales then plot on matrix
Construct a mitigation technique for risks above
tolerance
http://www.lancsresilience.org.uk
38. Risk Register Update
Add
• Probability and Impact Matrix results
• Perform quality check on results
• Categorize the risks to make them easier to handle
• Perform urgency assessment to determine which risk need
immediate attention
40. Perform Quantitative Risk Analysis
Risk Register
Risk Management
Plan
Cost Management
Plan
Schedule
Management Plan
Organizational
Process Assets
Risk Register
Updates
Data gathering and
representation techniques
Quantitative risk analysis
and modeling
Expert Judgment
Inputs
Outputs
Tools & Techniques
Plan Risk
Management
Identify Risks Perform
Qualitative
Risk Analysis
Perform
Quantitative
Risk Analysis
Plan Risk
Responses
Monitor and
Control Risk s
41. Quantitative Risk Analysis
Analyze numerically the probability and consequence of each risk
Monte Carlo analysis popular
Decision Tree analysis on test
• Diagram that describes a decision and probabilities associated with
the choices
Expected Monetary Value Analysis (EMV): with all other things equal,
a project with higher EMV is more favorable than a project with
lower EMV. EVM helps PMs to analyze potential outcomes based on
uncertain conditions
Gives the average value of the decision if it were made
repeatedly
Uses all the information concerning events and their
likelihood
42. Expected Monetary Value (EMV)
Building
Cost Probability
Optimistic Outcome $150K 0.2 $30K
Likely Outcome $230K 0.5 $115K
Pessimistic
Outcome
$300K 0.3 $100K
Expected Value $245K
43. Decision Tree Analysis-Example Question
Build or
Upgrade
new APP
New APP
-$100
Upgrade
existing
APP
-$60
Strong
Demand
Weak
Demand
Strong
Demand
Weak
Demand
70%
$200
30%
$90
70%
$120
30%
$60
?
?
?
?
Decision
Definition
Decision
Node
Chance
Node
Net Path
Value
EMV of New
APP= ?
EMV of Upgrade
existing APP?
44. Solution
NPV: New App Strong Demand:-$100+ $200= $ 100
NPV: New App Weak Demand:-$100+ $90=- $ 10
NPV: Update App Strong Demand:-$60+ $120= $ 60
NPV: Update App Weak Demand:-$60+ $65= $ 5
Multiply NVP by proability of each scenario:
$ 100*70% + (- $ 10)*30= $67 for EMV New APP
$ 60*70% + ($ 5)*30= $43,5 for EMV Updating APP
45. Plan Risk Responses
Risk Management
Plan
Risk Register
Risk Register
Updates
Strategies for negative risks
or threats
Strategies for positive risks
or opportunities
Contingent response
strategy
Expert Judgment
Inputs
Outputs
Tools & Techniques
Project Management
Plan Updates
Risk-related
Contract
Decisions
Plan Risk
Management
Identify Risks Perform
Qualitative
Risk Analysis
Perform
Quantitative
Risk Analysis
Plan Risk
Responses
Monitor and
Control Risk s