8. project risk management
1 like3,063 views
The document outlines the importance of project risk management as per PMBOK, emphasizing the need to identify, analyze, and respond to both positive and negative risks throughout the project lifecycle. It details the processes involved, such as risk identification, qualitative and quantitative risk analysis, and planning risk responses, while also discussing the iterative nature of risk management and key concepts like risk attitudes and the differences between risks and issues. Effective risk management is essential for project success, requiring regular monitoring and adjustment to address new uncertainties that may arise.
![7. Prioritizing risks is done through two steps
-
“Qualitative Prioritization”
1. Prioritize risks according to their potential effect, i.e. probability and
impact, on the project.
2. Assign each risk a quality like high (H), Medium (M), or low (L).
3. Focus on risks with high priorities to shorten the risks list
-
“Quantitative Prioritization”
1. Numerically defines probability of each risk, from the short risk list that
comes from qualitative prioritization and its consequences on the project
objective.
2. Calculate risk rating = probability * Impact [ex; 70% * 2000$]
3. Narrow down the risks list to the most important ones.
Important notes regarding the “Project Risk Management”;
-
Young dynamic startup companies are usually risk seekers, while established
companies are usually risk averse.
-
“Risk Management Plan” components are very important for the PMP Exam.
-
“Identifying Risks” is an “Iterative Process”
-
The “Check List” tool in “Identify Risk” process is not a chick list with expected
risks, but a check list that helps to identify risks based on the RBS.
-
Risks types are “Business Risks” & “Pure Risks”
-
Tools like Sensitivity Analysis – ex. Tornado Diagram & What-If scenarios -,
Expected Monetary Value (EMV) and Decision Tree are important tools regarding
“Quantitative Risk Analysis”.
-
Probability of events occurring in sequence must be multiplied to calculate the
accumulative probability of occurring of all the events together.
-
Transfer Risk = Deflection of Risk.
-
Mitigation Strategy results in Contingent Response Strategy.
-
The main goal of “Reserve Analysis” as a tool in “Monitor & Control Risks” is to
determine any “Potential Risk”
-
“Project Risk management” is considered to be an item in every “Status
Meeting”.
-
In case of occurrence of surprising unexpected risk, “Workaround” is only
suitable response which always taken directly even before issuing the change
request needed.
By: Mohamed Salah ElDien Mohamed Aly, MSc, PMP®, DIT, MCAD](https://image.slidesharecdn.com/8-140203230004-phpapp02/85/8-project-risk-management-8-320.jpg)
8. project risk management
- 1. 8. Project Risk Management As per PMBOK - "The whole point of undertaking a project is to achieve or establish something new, to venture, to take chances, to risk. Risk may have positive effects or negative effects on the project “Schedule” and/or “Cost”. Positive risks are Opportunities and negative risks are losses or threats; remember both risks are uncertain “percentage of occurrence less than 80%”. Risk Management purpose is to manage (Plan and implement) these uncertainties. Following are processes defined in Risk Management Knowledge Area: 5 Process Groups Processes - Initiation Planning 8.1. Plan Risk Management. 8.2. Identify Risks. 8.3. Perform Qualitative Risk Analysis 8.4. Perform Quantitative Risk Analysis 8.5. Plan Risk Response Execution M&C Closing 8.6. Monitor and Control Risk We can decide which risks are acceptable and take actions to “Mitigate” or “Avoid” those risks. If our project risk assessment determines that some risks are excessive, we may want to consider restructuring the project to within acceptable levels of risk. - Deliverables which have uncertainty to be completed successfully can be considered as risk. For example: after finishing the Project planning you still feel that the scope might change then it is a Risk. Or even if scope is not well defined then it is a Risk. Known technical difficulty or complexity will increase project risk. Ambitious goals always result in risk. Unfamiliarity with the process, or inexperienced personnel, constitutes project risks. Exterior interfaces cause risks because they can change and, even if they don’t change, their descriptions or specifications may be inaccurate. Exterior organizational dependencies create project risks. Incomplete planning or optimistic cost or schedule goals create risk. If the customer is involved in schedule dependencies for document review and approval or for delivering process information, this creates project risks. By: Mohamed Salah ElDien Mohamed Aly, MSc, PMP®, DIT, MCAD
- 2. - Any area over which the project manager does not have control can be project risks. Anything that is not well understood, anything that is not well documented, and anything that can change, these all create project risks. Things that haven’t been tested are always at risk. - Three steps approach is very important for all your Projects; Identify all Project Risks through “Risk Identification Sessions” Analyze that Risk a. qualitatively – Probability of occurrence b. quantitatively – Impact if it occurs Prepare your responses to those identified and analyzed Risks. - Remember you need not evaluate all identified risks or you need not to take actions on all responded risks either. For example, you identified airplane hitting in to your building as a project Risk because your office is next to Airport. Probability of occurrence is .0001. For such kind of risk you need not to find a Response strategy or need not implement a solution. 8.1 Plan Risk Management - It is the process of defining how to conduct risk management activities on your project. Inputs - Enterprise Environmental Factors Organizational Process Assets Project Scope Statement Project Management Plan Tools - Planning Meetings and Analysis Outputs - Risk Management Plan Important Contents of “Risk Management Plan” Methodology: Describes the approaches, tools, and data sources to be used when doing risk management. Roles and responsibilities: Defines the team of people responsible for managing the identified risks and responses and outlines their roles. People outside of the project team may be named, to keep the risk analysis unbiased. Budgeting: Defines the budget for risk management for the project. This is included in the cost baseline. By: Mohamed Salah ElDien Mohamed Aly, MSc, PMP®, DIT, MCAD
- 3. Timing: Defines when and how often the risk management process will be performed. This process should begin early in the project life cycle and be revisited throughout project execution. Risk categories: A good way of providing the structure necessary to identify risks consistently is to outline the categories of risks in a RBS (Risk Breakdown Structure. Definitions of risk probability and impact: Outlines the scales that will be used during qualitative risk analysis to assess the probability and impact of the risks that have been identified for a particular project. Scales could be qualitative, from "very low" to "very high," or quantitative, like a scale from 1 to 5. Probability and impact matrix: The combination of each risk's probability and impact will lead to an overall risk rating, which allows the risks to be prioritized. Revised stakeholder tolerances: Stakeholder tolerances will be defined and revised as necessary as they pertain to the specific project. Reporting formats: This component defines the risk register and other risk reports. Outlines how they will be created and distributed. Tracking: This component defines how risk will be recorded for the benefit of this project and future projects, as well as if and how the risk processes will be audited. 8.2 Identify Risks - It is the process of determining each risk that may affect the project and then analyze and document those risks. Inputs - Activity Cost Estimates Activity Duration Estimates Risk Management Plan Scope Baseline Stakeholder Register Enterprise Environmental Factors Organizational Process Assets Project Management Plan Tools - Expert Judgment Documentation Reviews Information Gathering Techniques Checklist Analysis Assumptions Analysis Diagramming Techniques SWOT analysis Outputs - Risk Register By: Mohamed Salah ElDien Mohamed Aly, MSc, PMP®, DIT, MCAD
- 4. 8.3 Perform Qualitative Risk Analysis - This is the process of prioritizing risks by working out their probability as well as impact. The result here will be qualitative like “this risk is high, medium, or low impact risk.” Inputs - Tools Organizational Process Assets Project Scope Statement Risk Management Plan Risk Register - Outputs Risk Probability and Impact Assessment Probability and Impact Matrix Risk Data Quality Assessment Risk Categorization Risk Urgency Assessment - Risk Register (updates) 8.4 Perform Quantitative Risk Analysis - That is the process of numerically analyzing the effect of these identified risks on the overall project objectives. Inputs - Tools Risk Register Risk Management Plan Cost Management Plan Schedule Management Plan Organizational Process Assets - - Outputs Expert Judgment Data Gathering and Representation Techniques Quantitative Risk Analysis and Modeling Techniques - Risk Register (updates) 8.5 Plan Risk Response - It is the process of developing actions or defines how to respond to enhance positive risks and/or to reduce negative risks. Inputs - Risk Management Plan Risk Register Tools - Expert Judgment Strategies for Negative Risks Strategies for Positive Risks Contingent Response Strategy Outputs - Risk Related Contract Decisions Risk Register (updates) Project Management Plan (updates) Project Document updates By: Mohamed Salah ElDien Mohamed Aly, MSc, PMP®, DIT, MCAD
- 5. 8.6 Risk Monitoring and Control - It is the process of implementing all those risks plans, tracking the identified risks, insuring risk management effectiveness through the project life, and monitoring and identifying new / residual risks. Inputs Project Management Plan (Risk Management Plan) Risk Register Work Performance Information Performance Reports - Tools - Risk Reassessment Risk Audits Variance and Trend Analysis Technical Performance Information Reserve Analysis Status Meetings Outputs - Risk Register (updates) Change Requests Organizational Process Assets (updates) Project Management Plan (updates) Project Document (Updates) Very Important Concepts: 1. Difference between “Issue” and “Risk”; - Issue; a point or matter in question or in dispute, or a matter that is not settled and under discussion or over which there are opposing views or disagreements. Risk; an uncertain event or condition that if it occurs, has a positive or negative effect on a project’s objectives. Simply, we can say that a “Risk is something that could happen in the future”, while an “Issue is that risk has became a reality”. 2. Difference between “Threats” and “Opportunities”; - Risks are not necessarily “Negative” and they can be simply “Positive”. - Threats; are simply the “Negative” risks, while Opportunities are the “Positive” risks. 3. Difference between “Contingency” and “Workaround”; - Contingency; a provision in the project management plan to mitigate cost risk and/or schedule risk. It is simply “an allowance to deal with a problem”, you decide today “what your contingency will be if a risk occurs”, this can be budget or schedule oriented. - Workaround; it is a response to a negative risk that has occurred and that response was not planned in advance of the occurrence of the risk event. - Generally, when contingency is taken into consideration, this refers to a proactive PM who is following risk management processes to enhance project success. By: Mohamed Salah ElDien Mohamed Aly, MSc, PMP®, DIT, MCAD
- 6. 4. Risk Attitudes (Human Factors) - There are four types of risk attitudes which are; I. Risk Averse Person; such person always uncomfortable with uncertainty. Such person prefers a more certain outcome and demands a premium to accept projects of high risk. II. Risk Neutral Person; such person always embraces risks for future payoffs; he looks to risks as opportunity or way to gain additional payoffs. III. Risk Seeker Person; always looks at risks as challenge. IV. Risk Tolerant Person; such person doesn’t worry too much about risks. If a risk actually occurs, he acts all surprised. 5. Utility Theory Basics - An appropriate method for describing risk tolerance based on the various stakeholders' tolerances for risk. This method is depicted using three structures where the x-axis denotes the money at stake and the y-axis denotes utility, or the amount of satisfaction the person obtains from the payoff. - For “Risk Averse” stakeholder; such person usually requires a premium utility to accept a high risk. U Risk payoffs - $ For “Risk Neutral” stakeholder; such person is more concerned about the expected return on his investment, not on thr risk he maybe taking on. U $ By: Mohamed Salah ElDien Mohamed Aly, MSc, PMP®, DIT, MCAD
- 7. - For “Risk Seeker” stakeholder; he prefers uncertain outcomes and is willing to take the risk; the more the money is that stake, the greater the utility he gets out of it. U $ Example: - If there is a chance of 50% to gain 100$ and another chance of 100% to gain 50$, risk averse person will accept the 2nd choice, while the risk seeker person will prefer the 1st choice and finally, the risk neutral person has no preferences between them Notes: - A person can be both risk averse and risk seeking at different times. - Risk attitudes of individuals in a company shape the risk attitude of the company. - On an individual level, it is important to know the risk attitudes of the stakeholders to be able to deal with them properly when talking about “Risk list”. 6. Project risk management is an iterative process - PM has to monitor the risks constantly, watches out for triggers and then, responds to any risk that already happens and turns to an issue. - During the life of the project, factors that define and affect risks will change; you may have scope changes, environment changes, or even changes in the project team...etc. - Changes open up possible new risks and required new round of planning and that is why “Risk Management Process is an Iterative process”. By: Mohamed Salah ElDien Mohamed Aly, MSc, PMP®, DIT, MCAD
- 8. 7. Prioritizing risks is done through two steps - “Qualitative Prioritization” 1. Prioritize risks according to their potential effect, i.e. probability and impact, on the project. 2. Assign each risk a quality like high (H), Medium (M), or low (L). 3. Focus on risks with high priorities to shorten the risks list - “Quantitative Prioritization” 1. Numerically defines probability of each risk, from the short risk list that comes from qualitative prioritization and its consequences on the project objective. 2. Calculate risk rating = probability * Impact [ex; 70% * 2000$] 3. Narrow down the risks list to the most important ones. Important notes regarding the “Project Risk Management”; - Young dynamic startup companies are usually risk seekers, while established companies are usually risk averse. - “Risk Management Plan” components are very important for the PMP Exam. - “Identifying Risks” is an “Iterative Process” - The “Check List” tool in “Identify Risk” process is not a chick list with expected risks, but a check list that helps to identify risks based on the RBS. - Risks types are “Business Risks” & “Pure Risks” - Tools like Sensitivity Analysis – ex. Tornado Diagram & What-If scenarios -, Expected Monetary Value (EMV) and Decision Tree are important tools regarding “Quantitative Risk Analysis”. - Probability of events occurring in sequence must be multiplied to calculate the accumulative probability of occurring of all the events together. - Transfer Risk = Deflection of Risk. - Mitigation Strategy results in Contingent Response Strategy. - The main goal of “Reserve Analysis” as a tool in “Monitor & Control Risks” is to determine any “Potential Risk” - “Project Risk management” is considered to be an item in every “Status Meeting”. - In case of occurrence of surprising unexpected risk, “Workaround” is only suitable response which always taken directly even before issuing the change request needed. By: Mohamed Salah ElDien Mohamed Aly, MSc, PMP®, DIT, MCAD