Project Risk Management
Compiled by
Muhammad Aleem Habib
June 25, 2013
Information derived from PMBOK & Rita Mulcahy
What is Project Risk Management?
• Project risk management is actively
managing the risks on your project
• The goal of ri...
Why Risk Management
• A project manager‟s work should not focus
on dealing with problems; it should focus
on preventing th...
What is a Risk?
• A risk is an uncertain event that could have a positive or
negative effect on your project
• * This mean...
What is a Risk?
• If there is a 100% chance of an event occurring, this
would be an issue, not a risk
• Risks with negativ...
Risk Event Graph
Types of Risk
Risks can be broken out into two primary types
1. Pure Risk (hazard)– risk with potential loss only
– ex. Fi...
Risk Management Process
Threats
Opportunities
Project Risk Management
Knowledge
Area
Process
Initiating Planning Executing Monitoring & Contol Closing
Risk
Plan Risk Ma...
5 Overall Project Management
Processes with Risk Management
• Risk Planning – this is how you plan on conducting risk
management. You wouldn‟t start managing your project
without a p...
Risk Management Processes
• Quantitative Analysis – a numerical analysis of the
probability and impact of the risk on your...
• Uncertainty: a lack of knowledge about an event that reduces
confidence
• Risk averse: someone who does not want to take...
Risk Factors
1. The probability the risk will occur
2. The range of possible outcomes (impact)
3. When in the project life...
11.1 Plan Risk Management
• The process of defining how to
conduct risk management activities
for a project
• Important to...
Plan Risk Management DFD. Figure 11-3
Plan Risk Management
•How much time should we spend?
•Who will be involved?
•How should we perform risk
management?
Plan Risk Management:
Tools & Techniques
• Planning Meetings and Analysis
– Project teams meet with stakeholders
– High le...
Plan Risk Management: Outputs
• Methodology Defines the tools, approaches,
and data sources that may be used to perform
ri...
Plan Risk Management: Outputs
• Timing Defines how often the risk management
activities will be performed throughout the
p...
Risk Breakdown Structure
• A risk breakdown structure (RBS)
organizes potential sources of risk to the
project.
• Function...
Risk Breakdown Structure for a
Software Development Project
Software Dev
Project
Business
Competitors
Suppliers
Cash Flow
...
RBS Example
Risk Profile
• A risk profile is a list of questions that
address traditional areas of uncertainty on
a project.
• These q...
Risk Profile Questions
Create a RBS for preparing for
PMP exam
• Classify the risks on following categories:
– Internal (personal)
– External
– T...
Risk Assessment Form
Risk Event Likelihood Impact
Detection
Difficulty
When
Interface Problems 4 4 4 Conversion
System fre...
No Category Description of Risk IMPACT
PROBA
BILITY
RISK
LEVEL
1 Resource Testing environment not available 4 B ORANGE
2 S...
Risk Management Plan(Contd.)
• Stakeholder tolerances – Stakeholders have a low risk
tolerance than impact is high. That i...
Q: “ An uncommon state of nature,
characterized by the absence of any
information related to a desired outcome” , is
a com...
11.2 Identify Risks
• This is the phase where you work with
your team to identify as many risks as
possible.
Identify Risks: Things to remember
• Identify Risks can‟t be completed without the project
scope statement and Work Breakd...
Question ?
• Who should be involved in Risk
Identification?
Identify Risk: Tools & Tech
• Documentation Reviews – including charter,
contracts, and planning documentation, can help
i...
Identify Risk: tools & tech
• Brainstorming: One idea generates another
• Delphi technique: Expert participate
anonymously...
Identify Risk: Tools & Tech
• Checklist analysis: checklist developed based
on accumulated historical information from
pre...
Identify Risk: tools & tech
• Influence diagrams
– show the casual influences among project variables,
the timing or time ...
Output: Risk Register
• Output is initial entries into the risk
register. It includes:
– List of risk
– List of POTENTIAL ...
Risk Register Example
• Q: Risk tolerances are determined in order
to help:
A. The team rank the project risks
B. The project manager estimate t...
11.2 Perform Qualitative Risk Analysis
• This is the phase where you rank the risks
you‟ve identified from Identify Risks ...
Perform Qualitative Risk Analysis
• Things to remember
– Perform Qualitative Risk Analysis is subjective
– What is the pro...
Tools and Techniques of
Qualitative Analysis
• Probability & Impact Matrix – a matrix that creates a
consistent evaluation...
Tools and Techniques of
Qualitative Analysis
• Risk Categorization – Which of your categories has
more risk than others? W...
Output: Risk Register Updates
• Risk ranking for the project compared to other
projects
• List of prioritized risks and th...
Perform Quantitative Risk Analysis
• A numerical analysis of the probability and
impact of the risks with the highest risk...
Perform Quantitative Risk Analysis
Purpose of this process
• Determine which risk events warrant a response.
• Determine o...
Tools and Techniques of
Quantitative Analysis
• EMV – Expected Monetary Value – What is the
probability of the risk occurr...
Q: If a project has a 60% chance of a US $
100,000 profit and a 40% chance of a US $
100,000 loss, the expected monetary v...
Tools and Techniques of
Quantitative Analysis
• Decision Tree – used for planning on individual
risks instead of planning ...
Airline A has a 90% chance to reach at time and Airline B has
a 60% chance to reach at time. If you don‟t reach at time, i...
Decision tree /EMV example
Airline A EMV: 10,000 + (10% * 100,000) = 20,000
Airline B EMV: 8000 + (40%*100,000) = 48,000
Tools and Techniques of
Quantitative Analysis
• Monte Carlo Analysis – A technique that uses
simulation to show the probab...
Sensitivity Analysis
• To determine which risks have the most potential impact
to the project
• Changing one or more eleme...
Sample Sensitivity Analysis
Outcome of Quantitative RA
Risk Register Updates
• Prioritized list of quantified risks
• Amount needed for contingency re...
Outcome of Quantitative RA: Examples
• What are the risks that are most likely to cause
trouble? To affect the critical pa...
“What are we going to do now
about each top risk?”
Risk Response Planning
• Eliminate the threats before they happen
• Make sure opportunities happen
• Decrease the probabil...
Risk Response Strategies
Risk
Opportunities Threats
Risk Response Strategies
Risk
Opportunities
Exploit
Enhance
Share
Threats
Risk Response Strategies
Risk
Opportunities
Exploit
Enhance
Share
Threats
Avoid
Transfer
Mitigate
Risk Response Strategies
Risk
Opportunities
Exploit
Enhance
Share
Accept
Active Passive
Threats
Avoid
Transfer
Mitigate
Risk Response Strategies
Risk
Opportunities
Exploit
Enhance
Share
Accept
Active
Contingency
Plan
Fallback Plan
Passive
Wor...
STRATEGIES FOR NEGATIVE
RISKS OR THREATS
Avoidance
• Risk prevention
• Changing the plan to eliminate a risk by avoiding
the cause/source of risk
• Protect project...
Mitigation
• Seeks to reduce the impact or probability of the
risk event to an acceptable threshold
• Be proactive: Take e...
Transfer
• Shift responsibility of risk consequence to
another party
• Does NOT eliminate risk
• Most effective in dealing...
STRATEGIES FOR POSTIVE
RISKS OR OPPORTUNITIES
Strategies for Opportunities
Exploit: Ensure opportunity is realized
• Ex: Assigning organization most talented
resources ...
Strategies for Opportunities
Share: Allocating some or all of the
ownership to third part best able to capture
the opportu...
Acceptance
(Both for Threats & opportunities)
• Active Acceptance
– Develop a contingency plan to execute if the risk
occu...
Risk Response Matrix
Risk Event Response Contingency
Plan
Trigger Who is
responsible
Interface
Problems
Mitigate: Test
Pro...
Outputs of Risk Response Planning
Updates to Risk Register
• Residual Risks – risks that are left over after Plan Risk
Res...
Outputs of Risk Response Planning
Updates to Risk Register
• Risk Triggers – early warning signs that there is a high
prob...
Outputs of Risk Response Planning
Project Management Plan Updates
• Changes made due to risk management
will be changes ma...
Q: Replacing a doubtful supplier with an
expensive but reliable one is an example of:
A. Mitigation
B. Transference
C. Acc...
Q: A Reserve is generally intended to be
used for:
A. Rework activities.
B. Compensate for inaccurate project cost
estimat...
Some important points:
• What do you do with non-critical risks?
• Would you choose only one risk response
strategy?
• Wha...
Some important points:
• What do you do with non-critical risks?
– Put them in a watch-list and revisit them periodically....
Some important points:
• What is the most important item to be discussed
in project team meetings?
– Off course, Risk!
• H...
Monitor and Control Risk
• The process of
– implementing risk response plans
– tracking identified risks
– monitoring resi...
Inputs to Monitor & Control Risk
• Risk Management Plan
• Risk Register
• Approved Change Requests
• Work performance info...
Monitor & Control Risk:
Tools
• Workaround – a response to a risk that has
occurred when no contingency plan exists.
• Ris...
Monitor & Control Risk:
Tools
• Risk Reassessment – Risk management is
iterative, you should review the risks on your
proj...
Monitor & Control Risk:
Tools
• Reserve analysis – has the reserve kept up
with changes to the risk list? Does the reserve...
Outputs of Monitor & Control Risks
• Updates to Risk Register
– Outcomes of the risk reassessments and risk
audits
– Closi...
Outputs of Monitor & Control Risks
• Requested Changes
• Recommended Corrective & Preventive
Actions
• Updates to the Proj...
Practice Exam
Answers
Practice Exam
Answers
Practice Exam
Answers
Practice Exam
Answers
Practice Exam
Answers
Practice Exam
Answers
Project Risk Management PMBOK 5
Project Risk Management PMBOK 5
Project Risk Management PMBOK 5
Project Risk Management PMBOK 5
Project Risk Management PMBOK 5
Project Risk Management PMBOK 5
Project Risk Management PMBOK 5
Project Risk Management PMBOK 5
Project Risk Management PMBOK 5
Project Risk Management PMBOK 5
Project Risk Management PMBOK 5
Project Risk Management PMBOK 5
Project Risk Management PMBOK 5
Project Risk Management PMBOK 5
Project Risk Management PMBOK 5
Upcoming SlideShare
Loading in …5
×

Project Risk Management PMBOK 5

94,755
-1

Published on

My class slides for PMP Exam prep class on Risk Management knowledge area.

16 Comments
141 Likes
Statistics
Notes
No Downloads
Views
Total Views
94,755
On Slideshare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
6,530
Comments
16
Likes
141
Embeds 0
No embeds

No notes for slide
  • Different matrices can be used for cost, time, scopeIt helps guide risk responses (priority action & response strategies)
  • Answer: C
  • Everyone
  • Answer A
  • Answer C
  • Sensitivity Analysis – Which risks will have the most impact on the project?
  • Airline A: 10,000 + (10% * 100,000) = 20,000Airline B: 8000 + (40%*100,000) = 48,000Answer : Airline A
  • Answer B
  • Project Risk Management PMBOK 5

    1. 1. Project Risk Management Compiled by Muhammad Aleem Habib June 25, 2013 Information derived from PMBOK & Rita Mulcahy
    2. 2. What is Project Risk Management? • Project risk management is actively managing the risks on your project • The goal of risk management is to be more proactive and less reactive
    3. 3. Why Risk Management • A project manager‟s work should not focus on dealing with problems; it should focus on preventing them. • How would it feel to say, “No problem; we anticipated this, and we have a plan in place that will resolve it”. • Performing risk management helps prevent many problems and helps make other problems less likely
    4. 4. What is a Risk? • A risk is an uncertain event that could have a positive or negative effect on your project • * This means there is a probability between 1-99% that the event could occur • If there is a 0% chance of an event occurring, there is no risk • (example; there is a 0% chance your project will be adequately funded, this is not a risk, it is a reality).
    5. 5. What is a Risk? • If there is a 100% chance of an event occurring, this would be an issue, not a risk • Risks with negative consequences are called threats • Risks with positive consequences are called opportunities (Yes, risk can be good! Stop thinking of risk as bad, and start thinking of it in terms of probabilities!)
    6. 6. Risk Event Graph
    7. 7. Types of Risk Risks can be broken out into two primary types 1. Pure Risk (hazard)– risk with potential loss only – ex. Fire, theft, personal injury 2. Business Risk (speculative risk) – risk with potential loss or gain – ex. A highly skilled employee becomes available to work on your project, reducing your schedule time, the tax rate changes, a new server costs less (or more) than you budgeted for!
    8. 8. Risk Management Process Threats Opportunities
    9. 9. Project Risk Management Knowledge Area Process Initiating Planning Executing Monitoring & Contol Closing Risk Plan Risk Management Identify Risk Perform Qualitative Risk Analysis Perform Quantitative Risk Analysis Plan Risk Response Monitor and Control Risks Enter phase/ Start project Exit phase/ End project Initiating Processes Closing Processes Planning Processes Executing Processes Monitoring & Controlling Processes
    10. 10. 5 Overall Project Management Processes with Risk Management
    11. 11. • Risk Planning – this is how you plan on conducting risk management. You wouldn‟t start managing your project without a plan, so why would you approach risk management that way? • Identify Risks – this is the phase where you attempt to identify most of your risks • Qualitative analysis – this is a subjective analysis of your risks that produces a risk ranking, usually in the order of high, medium, low, or on an ordinal scale. Rankings are by agreement of your project team, sponsors and key stakeholders Risk Management Processes
    12. 12. Risk Management Processes • Quantitative Analysis – a numerical analysis of the probability and impact of the risk on your project • Plan Risk Response– a course of action you will take to deal with your risks should they go from risk to issue • Monitor & Control Risks – monitoring your lists (there are two lists which I will discuss later) of risks to enact a risk response plan, to move a risk from one list to the other, or to remove a risk because it is no longer a risk.
    13. 13. • Uncertainty: a lack of knowledge about an event that reduces confidence • Risk averse: someone who does not want to take risks. • Risk Prone – Someone who is willing to take big risk • Risk tolerances: area of risk that are acceptable / unacceptable. • Risk thresholds: the point at which a risk become unacceptable • Risk Areas: Project Constraints (scope, time, cost, etc) Terms & concepts
    14. 14. Risk Factors 1. The probability the risk will occur 2. The range of possible outcomes (impact) 3. When in the project lifecycle the risk is likely to occur (the timing); * once the expected timeframe of the risk has passed and it is no longer a risk, it can be removed from the risk list 4. How often the risk is expected to occur on the project (frequency)
    15. 15. 11.1 Plan Risk Management • The process of defining how to conduct risk management activities for a project • Important to provide sufficient resources and time for risk management activities, and to establish an agreed upon basis for evaluating risk.
    16. 16. Plan Risk Management DFD. Figure 11-3
    17. 17. Plan Risk Management •How much time should we spend? •Who will be involved? •How should we perform risk management?
    18. 18. Plan Risk Management: Tools & Techniques • Planning Meetings and Analysis – Project teams meet with stakeholders – High level plans for risk management are define in these meetings
    19. 19. Plan Risk Management: Outputs • Methodology Defines the tools, approaches, and data sources that may be used to perform risk management on the project. • Budgeting A budget for project risk management should be established and included in the risk management plan. • Role & Responsibility Defines the lead, support, and risk management team membership for each type of action in the risk management plan.
    20. 20. Plan Risk Management: Outputs • Timing Defines how often the risk management activities will be performed throughout the project life cycle. • Risk categories Documentation such as risk breakdown structures (RBSes) or categories from previous projects will help identify and organize risks. • Definitions of risk Risks and their probabilities are probability & impact defined for use in Qualitative Risk Analysis using a scale of ―very Unlikely to ―almost certain.
    21. 21. Risk Breakdown Structure • A risk breakdown structure (RBS) organizes potential sources of risk to the project. • Functioning much like a work breakdown structure, an RBS arranges categories into a hierarchy. • This approach allows the project team to define risk at very detailed levels.
    22. 22. Risk Breakdown Structure for a Software Development Project Software Dev Project Business Competitors Suppliers Cash Flow Technical Hardware Software Network Organizational Executive Support User Support Team Support Project Management Estimates Communication Resources
    23. 23. RBS Example
    24. 24. Risk Profile • A risk profile is a list of questions that address traditional areas of uncertainty on a project. • These questions has been designed and developed from the experience of past projects.
    25. 25. Risk Profile Questions
    26. 26. Create a RBS for preparing for PMP exam • Classify the risks on following categories: – Internal (personal) – External – Technical
    27. 27. Risk Assessment Form Risk Event Likelihood Impact Detection Difficulty When Interface Problems 4 4 4 Conversion System freezing 2 5 5 Startup User backlash 4 3 3 Post installation Hardware malfunctioning 1 5 5 Installation
    28. 28. No Category Description of Risk IMPACT PROBA BILITY RISK LEVEL 1 Resource Testing environment not available 4 B ORANGE 2 Schedule Documentation approval took longer time 4 A RED Probability Impact Matrix
    29. 29. Risk Management Plan(Contd.) • Stakeholder tolerances – Stakeholders have a low risk tolerance than impact is high. That information should be taken into account to rank cost impacts higher than if the low tolerance was in another area. Tolerances should not be implied, but uncovered in project initiating and clarified or refined continually. • Reporting – Describes reports related to RM and how they will be used and what they will include. • Tracking – Auditing, documentation regarding RM
    30. 30. Q: “ An uncommon state of nature, characterized by the absence of any information related to a desired outcome” , is a common definition for: A. An act of God B. An amount at stake C. Uncertainty D. Risk aversion
    31. 31. 11.2 Identify Risks • This is the phase where you work with your team to identify as many risks as possible.
    32. 32. Identify Risks: Things to remember • Identify Risks can‟t be completed without the project scope statement and Work Breakdown Structure (WBS) • Identify Risks happens at the onset of the project and throughout the project • Risks can be identified at any time and during any phase of the project • Risk management is an iterative process, you should work to identify risk during any changes to the project, working with resources, and when dealing with issues
    33. 33. Question ? • Who should be involved in Risk Identification?
    34. 34. Identify Risk: Tools & Tech • Documentation Reviews – including charter, contracts, and planning documentation, can help identify risks. • Those involved in risk identification might look at this documentation, as well as lessons learned, articles, and other documents, to help uncover risks.
    35. 35. Identify Risk: tools & tech • Brainstorming: One idea generates another • Delphi technique: Expert participate anonymously; facilitator use questionnaire; consensus may be reached in a few rounds; Help reduce bias in the data and prevent influence each others. • Interviewing: interviewing experts, stakeholders, experienced PM • Root cause analysis: Reorganizing the identified risk by their root cause may help identify more risks
    36. 36. Identify Risk: Tools & Tech • Checklist analysis: checklist developed based on accumulated historical information from previous similar project • Assumption analysis: identify risk from inaccuracy, instability, inconsistency, incompleteness. • SWOT analysis – Strengths, Weaknesses, Opportunities, Threats
    37. 37. Identify Risk: tools & tech • Influence diagrams – show the casual influences among project variables, the timing or time ordering of events, and the relationships among other project variables and their outcomes. • Cause and Effect Diagrams • Flowcharts
    38. 38. Output: Risk Register • Output is initial entries into the risk register. It includes: – List of risk – List of POTENTIAL responses – Root causes of risks – Updated risk categories
    39. 39. Risk Register Example
    40. 40. • Q: Risk tolerances are determined in order to help: A. The team rank the project risks B. The project manager estimate the project C. The team schedule the project D. Management know how other managers will act to the project
    41. 41. 11.2 Perform Qualitative Risk Analysis • This is the phase where you rank the risks you‟ve identified from Identify Risks to come up with a list of risks you will create plans for dealing with
    42. 42. Perform Qualitative Risk Analysis • Things to remember – Perform Qualitative Risk Analysis is subjective – What is the probability of the risk occurring? High, medium, low? 1-10? – What is the impact if the risk does occur? High, medium, low? 1-10?
    43. 43. Tools and Techniques of Qualitative Analysis • Probability & Impact Matrix – a matrix that creates a consistent evaluation of high, medium, or low for your projects. This helps to make the risk rating process more repeatable between projects. • Risk Data Quality Assessment – What is the quality of the data used to determine or assess the risk? Think about the following – Extent of the understanding of the risk – Data available about the risk – Quality of the data – Reliability & Integrity of the data
    44. 44. Tools and Techniques of Qualitative Analysis • Risk Categorization – Which of your categories has more risk than others? Which of your work packages could be most affected by risk? • Risk Urgency Assessment – Which of your risks could occur soon, or require a longer planning time? Risk urgency assessment helps move these risks more quickly through the rest of the project management process
    45. 45. Output: Risk Register Updates • Risk ranking for the project compared to other projects • List of prioritized risks and their probability and impact ratings • Risks grouped by categories • List of risks for additional analysis and response • Watchlist (non-critical risks) • Trends
    46. 46. Perform Quantitative Risk Analysis • A numerical analysis of the probability and impact of the risks with the highest risk rating score determined from qualitative analysis • Is a numerical evaluation (more objective) • This process may be skipped.
    47. 47. Perform Quantitative Risk Analysis Purpose of this process • Determine which risk events warrant a response. • Determine overall project risk (risk exposure). • Determine the quantified probability of meeting project objectives. • Determine cost and schedule reserves. • Identify risks requiring the most attention. • Create realistic and achievable cost, schedule, or scope targets.
    48. 48. Tools and Techniques of Quantitative Analysis • EMV – Expected Monetary Value – What is the probability of the risk occurring multiplied by the impact if the risk does occur? If the risk occurs, what could the financial or time loss be to your project? • In the example below, this project has an EMV of ($58,250), this means that you need to put aside $58,250 in your risk reserve account for potential risks Risk Probability Impact EMV A 20% $ (100,000.00) $(20,000.00) B 90% $ 10,000.00 $ 9,000.00 C 5% $ 30,000.00 $ 1,500.00 D 65% $ (75,000.00) $(48,750.00) Total $(58,250.00)
    49. 49. Q: If a project has a 60% chance of a US $ 100,000 profit and a 40% chance of a US $ 100,000 loss, the expected monetary value for the project is : A. $ 100,000 profit B. $ 60,000 loss C. $ 20,000 profit D. $ 40,000 loss
    50. 50. Tools and Techniques of Quantitative Analysis • Decision Tree – used for planning on individual risks instead of planning for the whole project – Takes into account future events to make a decision today – Can calculate the EMV in more complex situations – Involves mutual exclusivity
    51. 51. Airline A has a 90% chance to reach at time and Airline B has a 60% chance to reach at time. If you don‟t reach at time, it will cost you 100,000. Use EMV to find which airline you should choose?
    52. 52. Decision tree /EMV example Airline A EMV: 10,000 + (10% * 100,000) = 20,000 Airline B EMV: 8000 + (40%*100,000) = 48,000
    53. 53. Tools and Techniques of Quantitative Analysis • Monte Carlo Analysis – A technique that uses simulation to show the probability of completing your project on time and within budget. – Determines the overall risk of the project, not the task – Determines the probability of completing the project on a specific day and for a specific cost – Takes into account path convergence (places in the network diagram where many paths converge into one activity) – Used to evaluate the impact to your schedule and budget – Due to the complicated mathematical computations used, Monte Carlo analysis is usually done with a computer program – Creates a probability distribution – triangular, normal, beta, uniform or lognormal (learn these)
    54. 54. Sensitivity Analysis • To determine which risks have the most potential impact to the project • Changing one or more elements/variables and set other elements to its baseline then see the impact. • One typical display of sensitivity analysis is the tornado diagram • Tornado diagram is useful in analyzing risk taking scenarios. • They provide the positive and negative impact of each risk on the project and let you decide to choose which risk to take.
    55. 55. Sample Sensitivity Analysis
    56. 56. Outcome of Quantitative RA Risk Register Updates • Prioritized list of quantified risks • Amount needed for contingency reserves for time and cost • Confidence levels of completing the project on a certain date for a certain amount of money • The probability of delivering the project objectives • Trends - risk management is an iterative process; as you repeat the process you can track your overall project risk and determine the trend (if you are decreasing or increasing the level of risk on your project)
    57. 57. Outcome of Quantitative RA: Examples • What are the risks that are most likely to cause trouble? To affect the critical path? That need the most contingency reserve? • “The project requires another 50,000 and two months of time to accommodate the risks on the project?” • “We are 95 percent confident that we can complete this project on May 25th for $989,000 budget?” • “We only have a 75 percent chance of completing the project within the $800,000 budget.”
    58. 58. “What are we going to do now about each top risk?”
    59. 59. Risk Response Planning • Eliminate the threats before they happen • Make sure opportunities happen • Decrease the probability and/or impact of threats • Increase the probability and/or impact of opportunities • For Residual Threats – Contingency Plans – Fallback Plans
    60. 60. Risk Response Strategies Risk Opportunities Threats
    61. 61. Risk Response Strategies Risk Opportunities Exploit Enhance Share Threats
    62. 62. Risk Response Strategies Risk Opportunities Exploit Enhance Share Threats Avoid Transfer Mitigate
    63. 63. Risk Response Strategies Risk Opportunities Exploit Enhance Share Accept Active Passive Threats Avoid Transfer Mitigate
    64. 64. Risk Response Strategies Risk Opportunities Exploit Enhance Share Accept Active Contingency Plan Fallback Plan Passive Workaround Threats Avoid Transfer Mitigate
    65. 65. STRATEGIES FOR NEGATIVE RISKS OR THREATS
    66. 66. Avoidance • Risk prevention • Changing the plan to eliminate a risk by avoiding the cause/source of risk • Protect project from impact of risk • Examples: – Change the supplier / engineer – Do it ourselves (do not subcontract) – Reduce scope to avoid high risk deliverables – Adopt a familiar technology or product
    67. 67. Mitigation • Seeks to reduce the impact or probability of the risk event to an acceptable threshold • Be proactive: Take early actions to reduce impact/probability and don‟t wait until the risk hits your project • Examples: – Staging - More testing - Prototype – Redundancy planning – Use more qualified resources
    68. 68. Transfer • Shift responsibility of risk consequence to another party • Does NOT eliminate risk • Most effective in dealing with financial exposure • Examples: – Buy/subcontract: move liabilities – Selecting type of Procurement contracts: Fixed Price – Insurance: liabilities + bonds + Warranties
    69. 69. STRATEGIES FOR POSTIVE RISKS OR OPPORTUNITIES
    70. 70. Strategies for Opportunities Exploit: Ensure opportunity is realized • Ex: Assigning organization most talented resources to the project to reduce cost lower than originally planned. Enhance: Increase the probability and/or the positive impact of the opportunity • Ex: Adding more resources to finish early
    71. 71. Strategies for Opportunities Share: Allocating some or all of the ownership to third part best able to capture the opportunity • Ex: Joint ventures, special-purpose companies
    72. 72. Acceptance (Both for Threats & opportunities) • Active Acceptance – Develop a contingency plan to execute if the risk occur – Contingency plan = be ready with Plan B – Fall back plan = plan C if B fails • Passive Acceptance – Deal with the risks as they occur = Workarounds – Usually for low ranked risks
    73. 73. Risk Response Matrix Risk Event Response Contingency Plan Trigger Who is responsible Interface Problems Mitigate: Test Prototype Workaround until help comes Not solved within 24 hours Asif System freezing Mitigate: Test Prototype Reinstall OS Still frozen after 1 hour Khalid User backlash Mitigate: Prototype demonstration Increase staff support Cell from top management Javed Equipment malfunction Mitigate: Select reliable vendor Transfer: Warranty Order replacement Equipment fails Aleem
    74. 74. Outputs of Risk Response Planning Updates to Risk Register • Residual Risks – risks that are left over after Plan Risk Response • Contingency Plans – plans of action in case the risk does occur • Risk Response Owners – the person on the team responsible for monitoring the risk, risk triggers, developing a response strategy, and implementing the strategy should the risk occur • Secondary Risks – new risks that result from the implementation of the contingency plans for the primary risks
    75. 75. Outputs of Risk Response Planning Updates to Risk Register • Risk Triggers – early warning signs that there is a high probability the risk will occur • Fallback Plans – a secondary contingency plan, in case the contingency plan does not work or is not effective • Reserves – Contingency reserves - covers the cost for „known unknowns‟ discovered during risk management; covers the residual risks. The contingency reserve is calculated and made part of the baseline. – Management reserves – these are estimated and made part of the project budget, not the baseline. Management approval is needed to use the management reserve.
    76. 76. Outputs of Risk Response Planning Project Management Plan Updates • Changes made due to risk management will be changes made to the project and should be updated in the project management plan
    77. 77. Q: Replacing a doubtful supplier with an expensive but reliable one is an example of: A. Mitigation B. Transference C. Acceptance D. Avoidance
    78. 78. Q: A Reserve is generally intended to be used for: A. Rework activities. B. Compensate for inaccurate project cost estimates. C. Reducing the risk of missing the cost or schedule objectives. D. Compensate for inaccurate project schedule estimates.
    79. 79. Some important points: • What do you do with non-critical risks? • Would you choose only one risk response strategy? • What risk management activities are done during execution of the project? • What is the most important item to be discussed in project team meetings? • How would risk be addressed in project meetings?
    80. 80. Some important points: • What do you do with non-critical risks? – Put them in a watch-list and revisit them periodically. • Would you choose only one risk response strategy? – You may select a combination of strategies. – Response of one risk might address another risk as well! • What risk management activities are done during execution of the project? – Watch-out risks on watch-list and looking for new risks.
    81. 81. Some important points: • What is the most important item to be discussed in project team meetings? – Off course, Risk! • How would risk be addressed in project meetings? – Asking, what is the status of risks? Is their any new risk? Is the rank of any risk goes up and down?
    82. 82. Monitor and Control Risk • The process of – implementing risk response plans – tracking identified risks – monitoring residual risks – identifying new risks and – evaluating risk process effectiveness throughout the project – risk audit.
    83. 83. Inputs to Monitor & Control Risk • Risk Management Plan • Risk Register • Approved Change Requests • Work performance information – Deliverable status – Schedule progress – Costs incurred • Performance reports
    84. 84. Monitor & Control Risk: Tools • Workaround – a response to a risk that has occurred when no contingency plan exists. • Risk audit – a team of experienced project team members reviews the risk management process and response strategies to see if you‟ve effectively identified the major risks on the project and developed effective strategies for dealing with them.
    85. 85. Monitor & Control Risk: Tools • Risk Reassessment – Risk management is iterative, you should review the risks on your project throughout the project to update their qualitative and quantitative values. • Status meetings – status meetings should be used to identify new risks or changes to existing risks. This is a great opportunity to discuss with your team and stakeholders existing risks and new risks.
    86. 86. Monitor & Control Risk: Tools • Reserve analysis – has the reserve kept up with changes to the risk list? Does the reserve still cover the costs of these risks should they occur? • Closing of risks – Risks are expected to happen during a particular phase of the project. When that phase has passed and the risk is no longer probable, the risk should be removed from the risk list and any reserve associated should be freed up.
    87. 87. Outputs of Monitor & Control Risks • Updates to Risk Register – Outcomes of the risk reassessments and risk audits – Closing of risks that are no longer applicable – Details of what happened when risks occurred – Lessons learned
    88. 88. Outputs of Monitor & Control Risks • Requested Changes • Recommended Corrective & Preventive Actions • Updates to the Project Management Plan • Organizational Process Assets Updates
    89. 89. Practice Exam
    90. 90. Answers
    91. 91. Practice Exam
    92. 92. Answers
    93. 93. Practice Exam
    94. 94. Answers
    95. 95. Practice Exam
    96. 96. Answers
    97. 97. Practice Exam
    98. 98. Answers
    99. 99. Practice Exam
    100. 100. Answers
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×