As per PMBOK - "The whole point of undertaking a project is to achieve or establish something new, to venture, to take chances, to risk. Risk may have positive effects or negative effects on the project “Schedule” and/or “Cost”. Positive risks are Opportunities and negative risks are losses or threats; remember both risks are uncertain “percentage of occurrence less than 80%”. Risk Management purpose is to manage (Plan and implement) these uncertainties.
Digital Transformation in the PLM domain - distrib.pdf
8. project risk management
1. 8. Project Risk Management
As per PMBOK - "The whole point of undertaking a project is to achieve or establish something
new, to venture, to take chances, to risk. Risk may have positive effects or negative effects on
the project “Schedule” and/or “Cost”. Positive risks are Opportunities and negative risks are
losses or threats; remember both risks are uncertain “percentage of occurrence less than 80%”.
Risk Management purpose is to manage (Plan and implement) these uncertainties.
Following are processes defined in Risk Management Knowledge Area:
5 Process
Groups
Processes
-
Initiation
Planning
8.1. Plan Risk
Management.
8.2. Identify Risks.
8.3. Perform Qualitative
Risk Analysis
8.4. Perform Quantitative
Risk Analysis
8.5. Plan Risk Response
Execution
M&C
Closing
8.6. Monitor
and Control
Risk
We can decide which risks are acceptable and take actions to “Mitigate” or “Avoid”
those risks. If our project risk assessment determines that some risks are excessive,
we may want to consider restructuring the project to within acceptable levels of risk.
-
Deliverables which have uncertainty to be completed successfully can be considered
as risk. For example: after finishing the Project planning you still feel that the scope
might change then it is a Risk. Or even if scope is not well defined then it is a Risk.
Known technical difficulty or complexity will increase project risk. Ambitious goals
always result in risk. Unfamiliarity with the process, or inexperienced personnel,
constitutes project risks. Exterior interfaces cause risks because they can change
and, even if they don’t change, their descriptions or specifications may be
inaccurate. Exterior organizational dependencies create project risks. Incomplete
planning or optimistic cost or schedule goals create risk. If the customer is involved
in schedule dependencies for document review and approval or for delivering
process information, this creates project risks.
By: Mohamed Salah ElDien Mohamed Aly, MSc, PMP®, DIT, MCAD
2. -
Any area over which the project manager does not have control can be project risks.
Anything that is not well understood, anything that is not well documented, and
anything that can change, these all create project risks. Things that haven’t been
tested are always at risk.
-
Three steps approach is very important for all your Projects;
Identify all Project Risks through “Risk Identification Sessions”
Analyze that Risk
a. qualitatively – Probability of occurrence
b. quantitatively – Impact if it occurs
Prepare your responses to those identified and analyzed Risks.
-
Remember you need not evaluate all identified risks or you need not to take actions
on all responded risks either. For example, you identified airplane hitting in to your
building as a project Risk because your office is next to Airport. Probability of
occurrence is .0001. For such kind of risk you need not to find a Response strategy or
need not implement a solution.
8.1 Plan Risk Management
- It is the process of defining how to conduct risk management activities on your
project.
Inputs
-
Enterprise Environmental
Factors
Organizational Process
Assets
Project Scope Statement
Project Management Plan
Tools
-
Planning Meetings and
Analysis
Outputs
-
Risk Management
Plan
Important Contents of “Risk Management Plan”
Methodology: Describes the approaches, tools, and data sources to be used
when doing risk management.
Roles and responsibilities: Defines the team of people responsible for managing
the identified risks and responses and outlines their roles. People outside of the
project team may be named, to keep the risk analysis unbiased.
Budgeting: Defines the budget for risk management for the project. This is
included in the cost baseline.
By: Mohamed Salah ElDien Mohamed Aly, MSc, PMP®, DIT, MCAD
3.
Timing: Defines when and how often the risk management process will be
performed. This process should begin early in the project life cycle and be
revisited throughout project execution.
Risk categories: A good way of providing the structure necessary to identify risks
consistently is to outline the categories of risks in a RBS (Risk Breakdown
Structure.
Definitions of risk probability and impact: Outlines the scales that will be used
during qualitative risk analysis to assess the probability and impact of the risks
that have been identified for a particular project. Scales could be qualitative,
from "very low" to "very high," or quantitative, like a scale from 1 to 5.
Probability and impact matrix: The combination of each risk's probability and
impact will lead to an overall risk rating, which allows the risks to be prioritized.
Revised stakeholder tolerances: Stakeholder tolerances will be defined and
revised as necessary as they pertain to the specific project.
Reporting formats: This component defines the risk register and other risk
reports. Outlines how they will be created and distributed.
Tracking: This component defines how risk will be recorded for the benefit of
this project and future projects, as well as if and how the risk processes will be
audited.
8.2 Identify Risks
- It is the process of determining each risk that may affect the project and then
analyze and document those risks.
Inputs
-
Activity Cost Estimates
Activity Duration Estimates
Risk Management Plan
Scope Baseline
Stakeholder Register
Enterprise Environmental
Factors
Organizational Process
Assets
Project Management Plan
Tools
-
Expert Judgment
Documentation Reviews
Information Gathering
Techniques
Checklist Analysis
Assumptions Analysis
Diagramming Techniques
SWOT analysis
Outputs
-
Risk Register
By: Mohamed Salah ElDien Mohamed Aly, MSc, PMP®, DIT, MCAD
4. 8.3 Perform Qualitative Risk Analysis
- This is the process of prioritizing risks by working out their probability as well as
impact. The result here will be qualitative like “this risk is high, medium, or low
impact risk.”
Inputs
-
Tools
Organizational Process Assets
Project Scope Statement
Risk Management Plan
Risk Register
-
Outputs
Risk Probability and
Impact Assessment
Probability and Impact
Matrix
Risk Data Quality
Assessment
Risk Categorization
Risk Urgency Assessment
-
Risk Register (updates)
8.4 Perform Quantitative Risk Analysis
- That is the process of numerically analyzing the effect of these identified risks on the
overall project objectives.
Inputs
-
Tools
Risk Register
Risk Management Plan
Cost Management Plan
Schedule Management Plan
Organizational Process
Assets
-
-
Outputs
Expert Judgment
Data Gathering and
Representation
Techniques
Quantitative Risk
Analysis and Modeling
Techniques
-
Risk Register (updates)
8.5 Plan Risk Response
- It is the process of developing actions or defines how to respond to enhance positive
risks and/or to reduce negative risks.
Inputs
-
Risk Management Plan
Risk Register
Tools
-
Expert Judgment
Strategies for Negative
Risks
Strategies for Positive
Risks
Contingent Response
Strategy
Outputs
-
Risk Related Contract
Decisions
Risk Register (updates)
Project Management Plan
(updates)
Project Document updates
By: Mohamed Salah ElDien Mohamed Aly, MSc, PMP®, DIT, MCAD
5. 8.6 Risk Monitoring and Control
- It is the process of implementing all those risks plans, tracking the identified risks,
insuring risk management effectiveness through the project life, and monitoring and
identifying new / residual risks.
Inputs
Project Management
Plan (Risk Management Plan)
Risk Register
Work Performance
Information
Performance Reports
-
Tools
-
Risk Reassessment
Risk Audits
Variance and Trend
Analysis
Technical Performance
Information
Reserve Analysis
Status Meetings
Outputs
-
Risk Register (updates)
Change Requests
Organizational Process
Assets (updates)
Project Management Plan
(updates)
Project Document (Updates)
Very Important Concepts:
1. Difference between “Issue” and “Risk”;
-
Issue; a point or matter in question or in dispute, or a matter that is not settled and
under discussion or over which there are opposing views or disagreements.
Risk; an uncertain event or condition that if it occurs, has a positive or negative
effect on a project’s objectives.
Simply, we can say that a “Risk is something that could happen in the future”, while
an “Issue is that risk has became a reality”.
2. Difference between “Threats” and “Opportunities”;
-
Risks are not necessarily “Negative” and they can be simply “Positive”.
-
Threats; are simply the “Negative” risks, while Opportunities are the “Positive” risks.
3. Difference between “Contingency” and “Workaround”;
-
Contingency; a provision in the project management plan to mitigate cost risk
and/or schedule risk. It is simply “an allowance to deal with a problem”, you decide
today “what your contingency will be if a risk occurs”, this can be budget or schedule
oriented.
-
Workaround; it is a response to a negative risk that has occurred and that response
was not planned in advance of the occurrence of the risk event.
-
Generally, when contingency is taken into consideration, this refers to a proactive
PM who is following risk management processes to enhance project success.
By: Mohamed Salah ElDien Mohamed Aly, MSc, PMP®, DIT, MCAD
6. 4. Risk Attitudes (Human Factors)
-
There are four types of risk attitudes which are;
I.
Risk Averse Person; such person always uncomfortable with
uncertainty. Such person prefers a more certain outcome and
demands a premium to accept projects of high risk.
II.
Risk Neutral Person; such person always embraces risks for future
payoffs; he looks to risks as opportunity or way to gain additional
payoffs.
III.
Risk Seeker Person; always looks at risks as challenge.
IV.
Risk Tolerant Person; such person doesn’t worry too much about
risks. If a risk actually occurs, he acts all surprised.
5. Utility Theory Basics
-
An appropriate method for describing risk tolerance based on the various
stakeholders' tolerances for risk. This method is depicted using three structures
where the x-axis denotes the money at stake and the y-axis denotes utility, or
the amount of satisfaction the person obtains from the payoff.
-
For “Risk Averse” stakeholder; such person usually requires a premium utility to
accept a high risk.
U
Risk payoffs
-
$
For “Risk Neutral” stakeholder; such person is more concerned about the
expected return on his investment, not on thr risk he maybe taking on.
U
$
By: Mohamed Salah ElDien Mohamed Aly, MSc, PMP®, DIT, MCAD
7. -
For “Risk Seeker” stakeholder; he prefers uncertain outcomes and is willing to
take the risk; the more the money is that stake, the greater the utility he gets out
of it.
U
$
Example:
-
If there is a chance of 50% to gain 100$ and another chance of 100% to gain 50$, risk
averse person will accept the 2nd choice, while the risk seeker person will prefer the
1st choice and finally, the risk neutral person has no preferences between them
Notes:
-
A person can be both risk averse and risk seeking at different times.
-
Risk attitudes of individuals in a company shape the risk attitude of the company.
-
On an individual level, it is important to know the risk attitudes of the
stakeholders to be able to deal with them properly when talking about “Risk
list”.
6. Project risk management is an iterative process
-
PM has to monitor the risks constantly, watches out for triggers and then,
responds to any risk that already happens and turns to an issue.
-
During the life of the project, factors that define and affect risks will change; you
may have scope changes, environment changes, or even changes in the project
team...etc.
-
Changes open up possible new risks and required new round of planning and
that is why “Risk Management Process is an Iterative process”.
By: Mohamed Salah ElDien Mohamed Aly, MSc, PMP®, DIT, MCAD
8. 7. Prioritizing risks is done through two steps
-
“Qualitative Prioritization”
1. Prioritize risks according to their potential effect, i.e. probability and
impact, on the project.
2. Assign each risk a quality like high (H), Medium (M), or low (L).
3. Focus on risks with high priorities to shorten the risks list
-
“Quantitative Prioritization”
1. Numerically defines probability of each risk, from the short risk list that
comes from qualitative prioritization and its consequences on the project
objective.
2. Calculate risk rating = probability * Impact [ex; 70% * 2000$]
3. Narrow down the risks list to the most important ones.
Important notes regarding the “Project Risk Management”;
-
Young dynamic startup companies are usually risk seekers, while established
companies are usually risk averse.
-
“Risk Management Plan” components are very important for the PMP Exam.
-
“Identifying Risks” is an “Iterative Process”
-
The “Check List” tool in “Identify Risk” process is not a chick list with expected
risks, but a check list that helps to identify risks based on the RBS.
-
Risks types are “Business Risks” & “Pure Risks”
-
Tools like Sensitivity Analysis – ex. Tornado Diagram & What-If scenarios -,
Expected Monetary Value (EMV) and Decision Tree are important tools regarding
“Quantitative Risk Analysis”.
-
Probability of events occurring in sequence must be multiplied to calculate the
accumulative probability of occurring of all the events together.
-
Transfer Risk = Deflection of Risk.
-
Mitigation Strategy results in Contingent Response Strategy.
-
The main goal of “Reserve Analysis” as a tool in “Monitor & Control Risks” is to
determine any “Potential Risk”
-
“Project Risk management” is considered to be an item in every “Status
Meeting”.
-
In case of occurrence of surprising unexpected risk, “Workaround” is only
suitable response which always taken directly even before issuing the change
request needed.
By: Mohamed Salah ElDien Mohamed Aly, MSc, PMP®, DIT, MCAD