Project Risk Management


Published on

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Project Risk Management

  1. 1. Project Risk Management09/15/12 1
  2. 2. Project Risk Management Process GroupProcess Group Risk Management ProcessInitiatingPlanning Plan Risk Management, Identify Risks, Perform Qualitative Risk Analysis, Perform Quantitative Risk Analysis, Plan Risk ResponsesExecutingMonitoring & Control Monitor & Control RisksClosingKPS Property09/15/12 Not For Reproduction or 2 2 Distribution
  3. 3. 10.1 Plan Risk Management The process of defining how to conduct risk management activities for a projectInputs • Project scope statement • Enterprise environmental factors • Cost management plan • Organizational process assets • Schedule management plan • Communication management planTools & • Planning meetings andTechniques analysisOutputs • Risk management plan09/15/12 3
  4. 4. Inputs 1. Project Scope Statement 2. Cost Management Plan 3. Schedule Management Plan 4. Communication Management Plan 5. Enterprise Environment Factors - Industry Quality standards or guidelines - Industry or government regulation - Organizational or company culture and structure - Infrastructure - Market conditions - Existing human resources 1. Organizational Process Assets – Risk categories – Lessons learned documentation09/15/12 4
  5. 5. Tools & Techniques 1. Planning Meetings and Analysis – Used to develop the risk management plan: • Run according to an agenda • Have objectives to create specific deliverables • Use date gathering techniques to ensure that all meaningful input is obtained • Use objective evaluation and decision-making techniques09/15/12 5
  6. 6. Outputs1. Risk Management Plan components: – Methodology: describes the tools, methods, and source of information which will be used to perform risk management. – Roles and Responsibilities: who performs which tasks during all risk management activities. – Budgeting: the anticipated cost for the risk management activities and the associated risk response plans, including contingency reserves. – Timing: how often risk management activities will be performed and when within the project schedule they will take place. – Reporting format – Tracking – Risk Categories (Sources of risks ): ~300 potential categories of risk, many ways to categorize/classify risks => Risk Breakdown Structure – External, Internal, Technical, Unforeseeable (small portion of risks ~ 10%). – Customer, project management, customer’s customers, suppliers, resistance to change, lack of knowledge of project management, cultural differences – Schedule, cost, quality, scope, resources, customer satisfaction (stakeholder satisfaction). – Definitions of Risk Probability and Impact – Probability and Impact Matrix 09/15/12 6
  7. 7. OutputsRisk Breakdown Structure Sample 09/15/12 7
  8. 8. OutputsDefinition of Risk Impact Sample09/15/12 8
  9. 9. OutputsProbability & Impact Matrix Sample09/15/12 9
  10. 10. 10.2 Identify Risks The process of determining which risks may affect the project and documenting their characteristicsInputs • Risk management plan • Schedule management plan • Activity cost estimates • Quality management plan • Activity duration estimates • Project documents • Scope baseline • Enterprise environmental factors • Stakeholder register • Organizational process assets • Cost management planTools & • Document reviews • Assumptions analysisTechniques • Information gathering • Diagramming techniques • Checklist analysis • SWOT analysis • Expert judgmentOutputs • Risk register09/15/12 10
  11. 11. Inputs1. Risk Management Plan2. Activity Cost Estimates3. Activity Duration Estimates4. Scope Baseline5. Stakeholder Register6. Cost Management Plan7. Quality Management Plan8. Project Documents – Assumption log, work performance reports, earned value reports, network diagrams, baselines, etc9. Enterprise Environmental Factors – Commercial databases, academic studies, published checklists, benchmarking, industry studies, and risk attitudes10. Organizational Process Assets – Risk statement templates, and lessons learned09/15/12 11
  12. 12. Tools & Techniques 1. Document reviews – Look at plans, requirements, documents from organizational process assets, and any other relevant documents that project team can find to squeeze every possible risk out of them 1. Information Gathering Techniques – Brainstorming – Delphi technique – Interviewing – Root cause analysis:E.g. Apply 5-why technique when key piece of equipment has failed:  Why did the equipment fail? Because the circuit board burned out.  Why did the circuit board burn out? Because it overheated.  Why did it overheat? Because it wasn’t getting enough air.  Why was it not getting enough air? Because the filter wasn’t changed.  Why was the filter not changed? Because there was no preventive maintenance schedule to do so 09/15/12 12
  13. 13. Tools & Techniques 1. Checklist Analysis – Creating lists of risks that previously occurred in similar projects provides a useful template for understanding risks in a current project 1. Assumption Analysis – Analyze assumption to ensure they are valid. Identify risks to the project caused by incompleteness or inaccuracy of assumptions09/15/12 13
  14. 14. Tools & Techniques 1. Diagramming Techniques – Various types of diagrams are typically used, including: • Cause and effect diagram help project team find the root cause of a risk • System or process flowcharts used to see how parts of your system interact—any place where they get complex or uncertain is a good source of risks09/15/12 14
  15. 15. Tools & Techniques 1. SWOT Analysis – Helps examine the project’s strengths, weaknesses, opportunities and threats 1. Expert Judgment – Bring people who have specialized knowledge or training to the Identify Risk process09/15/12 15
  16. 16. Outputs 1. Risk Register – List of identified risks: • Detailed and structured • Include their root causes – List of potential risk responses: • As potential responses arise, capture them and, if applicable, use as inputs to the Plan Risk Response – Additional information such as: • A list of root causes • A list of triggers- objective and early warning signs that a risk event will soon occur • Updated risk categories09/15/12 16
  17. 17. 10.3 Perform Qualitative Risk Analysis The process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impactInputs • Risk register • Project scope statement • Risk management plan • Organizational process assetsTools & • Risk probability and impact • Risk categorizationTechniques assessment • Risk urgency assessment • Probability and impact matrix • Expert judgment • Risk data quality assessmentOutputs • Risk register updates09/15/12 17
  18. 18. Inputs1. Risk Register2. Risk Management Plan3. Project Scope Statement – Projects of a common or recurrent type tend to have more well- understood risks. Project using state-of-the-art or first-of-its-kind technology, and high complex projects, tend to have more uncertainty.4. Organizational Process Assets – Provides data on past projects and risks encountered or lessons learned09/15/12 18
  19. 19. Tools & Techniques 1. Risk Probability and Impact Assessment – Risk Score (RS) = Probability (P) * Impact (I). The entire list of risks can be prioritized, or sorted, based on the risk score. – Select a set of terms for probability and assign values to terms indicating relative position • “very unlikely” 0.1 • “somewhat unlikely” 0.3 • “50-50 possibility” 0.5 • “somewhat likely” 0.7 • “very likely” 0.9 – Select a set of terms for impact and assign values to terms indicating relative position • “very low” 0.1 • “somewhat low” 0.3 • “moderate” 0.5 • “somewhat high” 0.7 • “very high” 0.909/15/12 19
  20. 20. Tools & Techniques 1. Probability and Impact Matrix – Shows all possible risk scores resolved into high, moderate, and low risk zones  Watch-list (non-critical or non-top risks): these risks are documented for later review during risk monitoring & controlling09/15/12 20
  21. 21. Tools & Techniques 1. Risk Data Quality Assessment – High precision • Information about the risk’s behavior, including the probability and impact, is well established and reliable – Medium precision • Information about the risk parameters is good enough to proceed in most cases – Low precision • Information available concerning the risk is essentially founded on guesswork and should not be trusted 1. Risk Categorization – Grouping risks by common causes helps create effective risk response plans. – Risks can be grouped by: • Source of risk – use RBS • Area of project affected – use WBS • Phase affected - WBS09/15/12 21
  22. 22. Tools & Techniques 1. Risk Urgency Assessment – Risks requiring near term responses may be considered more urgent: • Indicators of urgency include: – Time to effect a risk response plan – Symptoms – Warning signs – Risk rating – Use an urgency factor to determine more accurate risk scores:Risk Score (RS) = Probability (P) * Impact (I) * Urgency (U) 1. Expert judgment09/15/12 22
  23. 23. Outputs1. Risk Register Updates – Prioritized list of project risks – Risks grouped by category – List of risks requiring a quick response – List of risks for additional analysis and response – Watch list of low-priority risks – Trends in qualitative risk analysis results 09/15/12 23
  24. 24. 10.4 Perform Quantitative Risk Analysis The process of numerically analyzing the effect of identified risks on overall project objectivesInputs • Risk register • Schedule management plan • Risk management plan • Schedule management plan • Cost management plan • Organizational process assetsTools & • Data gathering and • Quantitative risk analysis andTechniques representation techniques modeling techniques • Expert judgmentOutputs • Risk register updates09/15/12 24
  25. 25. Inputs 1. Risk Register 2. Risk Management Plan 3. Cost Management Plan 4. Schedule Management Plan 5. Organizational Process Assets – Information on prior, similar completed projects, – Studies of similar projects by risk specialists, and – Risk DB that may be available from industry or proprietary sources09/15/12 25
  26. 26. Tools & Techniques 1. Data Gathering and Representation Techniques: – Interviewing: focus on getting three-point estimate for each activity cost or duration – Probability distribution ( Three Points ): refer to modeling & simulation in next slide09/15/12 26
  27. 27. Tools & Techniques 1. Quantitative Risk Analysis and Modeling Technique: – Expected Monetary Value Analysis • EMV = Probability x Outcome • EMV is a technique for assigning a specific dollar value to a set of alternative, uncertain outcomes. The EMV of all outcomes is the sum of their individual EMVs. • A common use of this type of analysis is in decision tree analysis - Modeling and Simulation techniques: • Use model that translates the specified detailed uncertainties of the project into their potential impact on project objective. E.g. Monte Carlo technique. 1. Expert Judgment09/15/12 27
  28. 28. Decision Tree Analyzing For Making Decision By Calculating Total of Expected Monetary Value Build the new software: $ 2,000,000 * 0.4 + $ 500,000 = $ 1,300,000 Buy the new software: $ 2,000,000 * 0.05 + $ 750,000 = $ 850,000 Staying with the legacy software: $ 2,000,000 * 1 + $ 100,000 = $ 2,100,00009/15/12 28
  29. 29. Outputs1. Risk register updates– Prioritized list of quantified risks (what are the risks that are most likely to cause trouble)– Amount of contingency time & cost reserves needed– Possible realistic and achievable completion date & project costs (95% confidence that project will be completed on Jun 25th for $1M)– The quantified probability of meeting project objectives (80% chance of completing the project within the six months required by customer)– Trends: as quantitative risk analysis is repeated during project planning & when changes are proposed, changes to the overall risk of the project can be tracked & trends can be seen.09/15/12 29
  30. 30. Qualitative vs. Quantitative Risk Analysis• Qualitative • Quantitative- Subjective evaluation - Objective or numerical evaluation- Always do - Not required for all projects, may be skipped,- move on to risk response planning Low complexity, low dollar value - High complexity, high dollar value09/15/12 30
  31. 31. 10.5 Plan Risk Responses The process of developing options and actions to enhance opportunities and to reduce threats to project objectivesInputs • Risk register • Risk management planTools & • Strategies for negative risks • Contingent response strategiesTechniques or threats • Expert judgment • Strategies for positive risks or opportunitiesOutputs • Risk register updates • Project management plan • Risk‐related contract updates decisions • Project document updates09/15/12 31
  32. 32. Inputs 1. Risk Register 2. Risk Management Plan – Roles and responsibilities – Risk analysis definition – Timing for reviews, and for eliminating risks from review – Risk thresholds for low, moderate, and high risks09/15/12 32
  33. 33. Tools & Techniques 1. Strategies for Negative Risk or Threats – Avoid – Transfer – Mitigate – Accept 1. Strategies for Positive Risks or Opportunities – Exploit – Share – Enhance >< Mitigate – Accept  See more detail….09/15/12 33
  34. 34. Tools & Techniques 1. Strategies for Negative Risk or Threats: ( Cont.) – Avoid: • Eliminate an adverse risk by changing the project management plan • Way to avoid risk: – Change the project management plan to eliminate the risk or condition to project objectives from its impact – Alter the project scope – Change the technical activity or underlying design – Use familiar methods and resources – Transfer: • Shift the consequences and responsibility of risk to a third party; this does not eliminate risk and involves paying a fee • Way to transfer risk include: – Insurance – Performance bonds – Warranties – Guarantees09/15/12 34
  35. 35. Tools & Techniques 1. Strategies for Negative Risk or Threats: (Cont.) – Mitigate: • Reduce the probability and/or impact to acceptable levels; this may include a contingency plan • Ways to mitigate risk: – Develop prototype – Consider an alternative path – Simplify processes – Conduct more engineering tests – Select a more reliable seller – Accept: • Make a conscious decision to allow the impact of the risk to occur if the risk is realized • Ways to accept a negative Risk/ Threat: – Passive Acceptance - dealing with risk as it occurs – Active Acceptance - establish contingency reserves (amounts of time, money, or resources to deal with known or even unknown threats and opportunities)09/15/12 35
  36. 36. Tools & Techniques 1. Strategies for Positive Risks or Opportunities – Exploit: • Taking measures to ensure the opportunity will occur • Ways of exploit risk: – Using more skilled resources on an activity for which the opportunity is expected to materialize – Partnering with another organization known to provide the opportunity – Share: • Choosing a partner who can capitalize on the opportunity for the partnership’s joint benefit • Involves giving away some of the benefit • Ways to share risk: – Franchising – Charitable donations – Joint Ventures/ Co-operatives09/15/12 36
  37. 37. Tools & Techniques 1. Strategies for Positive Risks or Opportunities – Enhance: • Increasing the probability that the opportunity will materialize • Ways to enhance risk: – Adding incentives – Reducing competition – Removing obstacles – Leveraging the investment – Accept: • Make a decision to allow the impact of the risk to occur if the risk is realized • Accepting an opportunity involves: – The team knows the opportunity exist and is aware of the positive impact to the project, but is not actively pursuing it – May create a contingency plan (active acceptance) to implement after the opportunity occurs (active acceptance)09/15/12 37
  38. 38. Tools & Techniques 1. Contingency Response Strategies – Identifies actions to be taken to minimize impact when and only when a specific risk occurs – Define and track risk triggers. Trigger is a specific indicator that will give either advance warning that a risk is about to occur or warning that a risk has already occurred. – Develop a fallback plan if the risk has a high impact or if the selected strategy is not fully effective 1. Expert Judgment – Experienced staff from other projects or consultants can help to Plan Risk Responses process09/15/12 38
  39. 39. Outputs 1. Risk Register Updates  Residual Risks: risks remain after risk response planning.  Secondary Risks: included in risk response planning, should be an analysis of the new risks created by the implementation of selected risk response strategies.  Risk Triggers  Contingency Plans: actions will be taken if risk occurs  Contingency Reserve  Fallback Plans: actions will be taken if a risk occurs & the contingency plan is not effective 1. Risk Related Contract Decisions – Contract Decisions, such as agreements for insurance or services that can transfer the risk, may be used to identify teach party’s responsibility for specified risks 1. Project Management Plan Updates 2. Project Document Updates09/15/12 39
  40. 40. 10.6 Monitor & Control Risks The process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness throughout the projectInputs • Risk register • Work performance information • Project management plan • Performance reportsTools & • Risk reassessment • Technical performanceTechniques • Risk audits measurement • Variance and trend analysis • Reserve analysis • Status meetingsOutputs • Risk register updates • Project management plan • Organizational process updates assets updates • Project documents updates • Change requests09/15/12 40
  41. 41. Inputs 1. Risk Register 2. Project Management Plan 3. Work Performance Information – Status of project activities – If project deliverables are not being completed on time, at or below planned cost, and with no more than a tolerable level of defects, a risk trigger event may have already occurred or not4. Performance Reports – Organize, summarize, and analyze performance measurements – Provide specific data on project work performance: • Variance analysis (AC) • Earned value data (EVM) • Forecasting data (EAC, ETC)09/15/12 41
  42. 42. Tools & Techniques 1. Risk Reassessment – Risk reassessments need to be regularly scheduled throughout the project to: • Identify new risks • Reassess previously identified risks • Close outdated risks 1. Risk Audits – Throughout the project life cycle, risk audits should be performed to review the effectiveness of: • Risk response plans • Risk management plan process 1. Variance and Trend Analysis – Variance analysis is a technical for comparing the planned results to the actual results – Trends in metrics related to performance should be monitored regularly – Example: EVM analysis produces the project’s estimate at completion for cost and schedule09/15/12 42
  43. 43. Tools & Techniques 1. Technical Performance Measurements – Compares technical accomplishments during execution to project plan schedule of technical achievements: • Performance goals • Milestones • Schedules – Deviations from a planned milestone schedule may imply a risk exists 1. Reserve Analysis – Compares the remaining contingency reserves with the remaining risk impacts to determine if reserves are adequate 1. Status Meetings – The project manager, or risk owner, needs to report to the project team and stakeholders on the progress of each risk – New risks need to be identified and analyzed, and response plan need to be prepared09/15/12 43
  44. 44. Outputs 1. Risk Register Updates – Results of risk reassessments, risk audits, and periodic risk reviews – Actual outcomes of project risk and risk responses 1. Organizational Process Assets Updates – Risk categories and/or the risk breakdown structure and risk checklists – Lessons learned knowledge repository 1. Change Requests – Request for changes may be necessary to implement contingency plans or workarounds – Workarounds are unplanned responses to risk that were previously unidentified and to accepted risk that have potentially larger impacts than were considered acceptable 1. Project Management Plan Updates 2. Project Document Updates09/15/12 44
  45. 45. Exercises• SWOT• Risk register & response strategies09/15/12 45