1457086Contract and Project ManagementDavid Sowden, The University of Hull
1457086Contract and Project ManagementManagement of RiskDavid Sowden, The University of Hull
Overview• Management of Risk – What is Risk Management? – Risk Principles – The risk management cycle – Risk responsibilit...
What is Risk Management?                    4
What is Risk Management?Risk management involves having:                       4
What is Risk Management?Risk management involves having:                       4
What is Risk Management?Risk management involves having: – Access to reliable, up-to-date information about risks         ...
What is Risk Management?Risk management involves having: – Access to reliable, up-to-date information about risks – Decisi...
What is Risk Management?Risk management involves having: – Access to reliable, up-to-date information about risks – Decisi...
What is Risk Management?Risk management involves having: – Access to reliable, up-to-date information about risks – Decisi...
Risk Principles                  5
Risk Principles – The Project Board (Supervisors) support and promotes risk management, and   understand and accept the ti...
Risk Principles – The Project Board (Supervisors) support and promotes risk management, and   understand and accept the ti...
Risk Principles – The Project Board (Supervisors) support and promotes risk management, and   understand and accept the ti...
Risk Principles – The Project Board (Supervisors) support and promotes risk management, and   understand and accept the ti...
Risk Principles – The Project Board (Supervisors) support and promotes risk management, and   understand and accept the ti...
Risk Principles – The Project Board (Supervisors) support and promotes risk management, and   understand and accept the ti...
Risk Principles – The Project Board (Supervisors) support and promotes risk management, and   understand and accept the ti...
Risk Management Cycle        Risk analysis       Risk management                        6
Risk Management Cycle         Risk analysis         Risk management      Identify the risks                           6
Risk Management Cycle         Risk analysis         Risk management      Identify the risks     Evaluate the risks        ...
Risk Management Cycle         Risk analysis         Risk management      Identify the risks     Evaluate the risks      Id...
Risk Management Cycle         Risk analysis         Risk management      Identify the risks     Evaluate the risks      Id...
Risk Management Cycle         Risk analysis           Risk management      Identify the risks     Evaluate the risks      ...
Risk Management Cycle         Risk analysis           Risk management      Identify the risks     Evaluate the risks      ...
Risk Management Cycle         Risk analysis           Risk management      Identify the risks     Evaluate the risks      ...
Risk Management Cycle                            Identify the risks                        7
Risk Management Cycle                            Identify the risks  –Strategic/commercial                        7
Risk Management Cycle                            Identify the risks  –Strategic/commercial  –Economic/financial/market    ...
Risk Management Cycle                            Identify the risks  –Strategic/commercial  –Economic/financial/market  –L...
Risk Management Cycle                            Identify the risks  –Strategic/commercial  –Economic/financial/market  –L...
Risk Management Cycle                            Identify the risks  –Strategic/commercial  –Economic/financial/market  –L...
Risk Management Cycle                            Identify the risks  –Strategic/commercial  –Economic/financial/market  –L...
Risk Management Cycle                            Identify the risks  –Strategic/commercial  –Economic/financial/market  –L...
Risk Management Cycle                            Evaluate the risks                        8
Risk Management Cycle                             Evaluate the risks  –Probability/Likelihood (of the risk happening)     ...
Risk Management Cycle                             Evaluate the risks  –Probability/Likelihood (of the risk happening)  –Im...
Risk Management Cycle                             Evaluate the risks  –Probability/Likelihood (of the risk happening)  –Im...
Risk Management Cycle                             Evaluate the risks  –Probability/Likelihood (of the risk happening)  –Im...
Risk Management Cycle                             Evaluate the risks  –Probability/Likelihood (of the risk happening)  –Im...
Risk Management Cycle                             Evaluate the risks  –Probability/Likelihood (of the risk happening)  –Im...
Risk Management Cycle                             Evaluate the risks  –Probability/Likelihood (of the risk happening)  –Im...
Risk Management Cycle                             Evaluate the risks  –Probability/Likelihood (of the risk happening)  –Im...
Identify suitable       EXAMPLEresponses to risk                    9
Identify suitable                                                EXAMPLE  responses to risk               Terminate the ri...
Identify suitable                                                EXAMPLE  responses to risk               Terminate the ri...
Identify suitable                                                EXAMPLE  responses to risk               Terminate the ri...
Identify suitable                                                EXAMPLE  responses to risk               Terminate the ri...
Identify suitable                                                EXAMPLE  responses to risk               Terminate the ri...
Balance the risk                           SelectCost of actions                        Probability and                   ...
Risk action selection          Possible                               action 2                                            ...
Risk action selection                 Possible                                      action 2                              ...
Risk Management Cycle                             Plan and resource                        12
Risk Management Cycle                                               Plan and resourcePlanning, which for countermeasure ac...
Risk Management Cycle                                                  Plan and resourcePlanning, which for countermeasure...
Risk Management Cycle                                                  Plan and resourcePlanning, which for countermeasure...
Risk Management Cycle                                                  Plan and resourcePlanning, which for countermeasure...
Risk Management Cycle                                                  Plan and resourcePlanning, which for countermeasure...
Risk Management Cycle                                                  Plan and resourcePlanning, which for countermeasure...
Risk Management Cycle                                                  Plan and resourcePlanning, which for countermeasure...
Risk Management Cycle                                                  Plan and resourcePlanning, which for countermeasure...
Risk Management Cycle                                                  Plan and resourcePlanning, which for countermeasure...
Risk Management Cycle                             Monitor and report                        13
Risk Management Cycle                               Monitor and reportMonitoring, may consist of:                         ...
Risk Management Cycle                                        Monitor and reportMonitoring, may consist of:–Checking that e...
Risk Management Cycle                                          Monitor and reportMonitoring, may consist of:–Checking that...
Risk Management Cycle                                          Monitor and reportMonitoring, may consist of:–Checking that...
Risk Management Cycle                                          Monitor and reportMonitoring, may consist of:–Checking that...
Risk Responsibilities                        14
Risk ResponsibilitiesThe Project Manager is responsible for ensuring that risks areidentified, recorded and regularly revi...
Risk ResponsibilitiesThe Project Manager is responsible for ensuring that risks areidentified, recorded and regularly revi...
Risk ResponsibilitiesThe Project Manager is responsible for ensuring that risks areidentified, recorded and regularly revi...
Risk ResponsibilitiesThe Project Manager is responsible for ensuring that risks areidentified, recorded and regularly revi...
Risk ResponsibilitiesThe Project Manager is responsible for ensuring that risks areidentified, recorded and regularly revi...
Risk Ownership                 15
Risk OwnershipAllocating ownership of the risk process as a whole and the variouscomponents is fundamental from the outset...
Risk OwnershipAllocating ownership of the risk process as a whole and the variouscomponents is fundamental from the outset...
Risk OwnershipAllocating ownership of the risk process as a whole and the variouscomponents is fundamental from the outset...
Risk OwnershipAllocating ownership of the risk process as a whole and the variouscomponents is fundamental from the outset...
Risk OwnershipAllocating ownership of the risk process as a whole and the variouscomponents is fundamental from the outset...
Risk OwnershipAllocating ownership of the risk process as a whole and the variouscomponents is fundamental from the outset...
Risk Tolerance                      EXAMPLE                 16
Risk Analysis      Asset              Threat            Vulnerability              Mitigation What are you trying What are...
Risk Log                                                            EXAMPLE              Risk Log                         ...
EXAMPLERisk Analysis                19
EXAMPLERisk Profile  Use of a easy-to-read diagram  may assist in the visibility of risks  and assist management decisions...
EXAMPLERisk Profile                                          Risk tolerance line Probability/Likelihood                   ...
Analysing Risk                                                                   EXAMPLEFactor                       Likel...
Budgeting for risk management• A project needs to allocate and have embedded in the  project environment:   –Budget   –Tim...
Further considerations – Project Interdependencies – The relationship between benefit and   delivery risks – Internal vers...
TASKReview your Project risks
Upcoming SlideShare
Loading in …5
×

57086 14 management_ofrisk

676 views

Published on

Published in: Economy & Finance, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
676
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
139
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

57086 14 management_ofrisk

  1. 1. 1457086Contract and Project ManagementDavid Sowden, The University of Hull
  2. 2. 1457086Contract and Project ManagementManagement of RiskDavid Sowden, The University of Hull
  3. 3. Overview• Management of Risk – What is Risk Management? – Risk Principles – The risk management cycle – Risk responsibilities – Risk ownership – Risk tolerance – Risk analysis – Risk profile – Budgeting for risk management – Further considerations 3
  4. 4. What is Risk Management? 4
  5. 5. What is Risk Management?Risk management involves having: 4
  6. 6. What is Risk Management?Risk management involves having: 4
  7. 7. What is Risk Management?Risk management involves having: – Access to reliable, up-to-date information about risks 4
  8. 8. What is Risk Management?Risk management involves having: – Access to reliable, up-to-date information about risks – Decision-making processes supported by a framework of risk analysis and evaluation 4
  9. 9. What is Risk Management?Risk management involves having: – Access to reliable, up-to-date information about risks – Decision-making processes supported by a framework of risk analysis and evaluation – Processes in place to monitor risk 4
  10. 10. What is Risk Management?Risk management involves having: – Access to reliable, up-to-date information about risks – Decision-making processes supported by a framework of risk analysis and evaluation – Processes in place to monitor risk – The right balance of control in place to deal with those risks (Risk tolerance) 4
  11. 11. Risk Principles 5
  12. 12. Risk Principles – The Project Board (Supervisors) support and promotes risk management, and understand and accept the time and resource implementation. 5
  13. 13. Risk Principles – The Project Board (Supervisors) support and promotes risk management, and understand and accept the time and resource implementation. – Risk management policies and the benefits of effective risk management are clearly communicated to all staff 5
  14. 14. Risk Principles – The Project Board (Supervisors) support and promotes risk management, and understand and accept the time and resource implementation. – Risk management policies and the benefits of effective risk management are clearly communicated to all staff – A consistent approach to risk management is fully embedded in the project management processes 5
  15. 15. Risk Principles – The Project Board (Supervisors) support and promotes risk management, and understand and accept the time and resource implementation. – Risk management policies and the benefits of effective risk management are clearly communicated to all staff – A consistent approach to risk management is fully embedded in the project management processes – Management of risk is an essential contribution to the achievement of business objectives 5
  16. 16. Risk Principles – The Project Board (Supervisors) support and promotes risk management, and understand and accept the time and resource implementation. – Risk management policies and the benefits of effective risk management are clearly communicated to all staff – A consistent approach to risk management is fully embedded in the project management processes – Management of risk is an essential contribution to the achievement of business objectives – Risks through working with programmes and tother projects are assessed and managed 5
  17. 17. Risk Principles – The Project Board (Supervisors) support and promotes risk management, and understand and accept the time and resource implementation. – Risk management policies and the benefits of effective risk management are clearly communicated to all staff – A consistent approach to risk management is fully embedded in the project management processes – Management of risk is an essential contribution to the achievement of business objectives – Risks through working with programmes and tother projects are assessed and managed – There is a clear structure to the risk process so that each element of level of risk identification fits into an overall structure 5
  18. 18. Risk Principles – The Project Board (Supervisors) support and promotes risk management, and understand and accept the time and resource implementation. – Risk management policies and the benefits of effective risk management are clearly communicated to all staff – A consistent approach to risk management is fully embedded in the project management processes – Management of risk is an essential contribution to the achievement of business objectives – Risks through working with programmes and tother projects are assessed and managed – There is a clear structure to the risk process so that each element of level of risk identification fits into an overall structure – Where the project is part of a programme, change in the state of any project risks that also identified as programme risks must be flagged to programme management or designated risk management function in the programme. 5
  19. 19. Risk Management Cycle Risk analysis Risk management 6
  20. 20. Risk Management Cycle Risk analysis Risk management Identify the risks 6
  21. 21. Risk Management Cycle Risk analysis Risk management Identify the risks Evaluate the risks 6
  22. 22. Risk Management Cycle Risk analysis Risk management Identify the risks Evaluate the risks Identify suitable responses to risk 6
  23. 23. Risk Management Cycle Risk analysis Risk management Identify the risks Evaluate the risks Identify suitable responses to risk Select 6
  24. 24. Risk Management Cycle Risk analysis Risk management Identify the risks Evaluate the risks Identify suitable Plan and resource responses to risk Select 6
  25. 25. Risk Management Cycle Risk analysis Risk management Identify the risks Evaluate the risks Monitor and report Identify suitable Plan and resource responses to risk Select 6
  26. 26. Risk Management Cycle Risk analysis Risk management Identify the risks Evaluate the risks Monitor and report Identify suitable Plan and resource responses to risk Select 6
  27. 27. Risk Management Cycle Identify the risks 7
  28. 28. Risk Management Cycle Identify the risks –Strategic/commercial 7
  29. 29. Risk Management Cycle Identify the risks –Strategic/commercial –Economic/financial/market 7
  30. 30. Risk Management Cycle Identify the risks –Strategic/commercial –Economic/financial/market –Legal and regulatory 7
  31. 31. Risk Management Cycle Identify the risks –Strategic/commercial –Economic/financial/market –Legal and regulatory –Organisational/management/human factors 7
  32. 32. Risk Management Cycle Identify the risks –Strategic/commercial –Economic/financial/market –Legal and regulatory –Organisational/management/human factors –Political 7
  33. 33. Risk Management Cycle Identify the risks –Strategic/commercial –Economic/financial/market –Legal and regulatory –Organisational/management/human factors –Political –Environmental 7
  34. 34. Risk Management Cycle Identify the risks –Strategic/commercial –Economic/financial/market –Legal and regulatory –Organisational/management/human factors –Political –Environmental –Technical/operational/infrastructure 7
  35. 35. Risk Management Cycle Evaluate the risks 8
  36. 36. Risk Management Cycle Evaluate the risks –Probability/Likelihood (of the risk happening) 8
  37. 37. Risk Management Cycle Evaluate the risks –Probability/Likelihood (of the risk happening) –Impact (should the risk happen) 8
  38. 38. Risk Management Cycle Evaluate the risks –Probability/Likelihood (of the risk happening) –Impact (should the risk happen) –time 8
  39. 39. Risk Management Cycle Evaluate the risks –Probability/Likelihood (of the risk happening) –Impact (should the risk happen) –time –cost 8
  40. 40. Risk Management Cycle Evaluate the risks –Probability/Likelihood (of the risk happening) –Impact (should the risk happen) –time –cost –quality 8
  41. 41. Risk Management Cycle Evaluate the risks –Probability/Likelihood (of the risk happening) –Impact (should the risk happen) –time –cost –quality –scope 8
  42. 42. Risk Management Cycle Evaluate the risks –Probability/Likelihood (of the risk happening) –Impact (should the risk happen) –time –cost –quality –scope –benefits 8
  43. 43. Risk Management Cycle Evaluate the risks –Probability/Likelihood (of the risk happening) –Impact (should the risk happen) –time –cost –quality –scope –benefits –people/resources 8
  44. 44. Identify suitable EXAMPLEresponses to risk 9
  45. 45. Identify suitable EXAMPLE responses to risk Terminate the risk - by doing things differently and thus removing the risk, where it is feasible to do so. Countermeasures are put in place thatPrevention either stop the the threat or problem from occurring or prevent it having any impact Treat the risk - take action to control it in some way where the actions Reduction either reduce the likelihood of the risk developing or limit the impact This is a specialist form of risk reduction where the management of the risk is passed to a third party via, for instance, an insurance policy orTransference penalty clause, such that the impact of the risk is no longer an issue for the health of the project. Not all risks can be transferred in this way Tolerate the risk - perhaps because nothing can be done at a reasonableAcceptance cost to mitigate it or the likelihood and impact of the risk occurring are at an acceptable level These are actions planned and organised to come into force as and whenContingency the risk occurs 9
  46. 46. Identify suitable EXAMPLE responses to risk Terminate the risk - by doing things differently and thus removing the risk, where it is feasible to do so. Countermeasures are put in place thatPrevention either stop the the threat or problem from occurring or prevent it having any impact Treat the risk - take action to control it in some way where the actions Reduction either reduce the likelihood of the risk developing or limit the impact This is a specialist form of risk reduction where the management of the risk is passed to a third party via, for instance, an insurance policy orTransference penalty clause, such that the impact of the risk is no longer an issue for the health of the project. Not all risks can be transferred in this way Tolerate the risk - perhaps because nothing can be done at a reasonableAcceptance cost to mitigate it or the likelihood and impact of the risk occurring are at an acceptable level These are actions planned and organised to come into force as and whenContingency the risk occurs 9
  47. 47. Identify suitable EXAMPLE responses to risk Terminate the risk - by doing things differently and thus removing the risk, where it is feasible to do so. Countermeasures are put in place thatPrevention either stop the the threat or problem from occurring or prevent it having any impact Treat the risk - take action to control it in some way where the actions Reduction either reduce the likelihood of the risk developing or limit the impact This is a specialist form of risk reduction where the management of the risk is passed to a third party via, for instance, an insurance policy orTransference penalty clause, such that the impact of the risk is no longer an issue for the health of the project. Not all risks can be transferred in this way Tolerate the risk - perhaps because nothing can be done at a reasonableAcceptance cost to mitigate it or the likelihood and impact of the risk occurring are at an acceptable level These are actions planned and organised to come into force as and whenContingency the risk occurs 9
  48. 48. Identify suitable EXAMPLE responses to risk Terminate the risk - by doing things differently and thus removing the risk, where it is feasible to do so. Countermeasures are put in place thatPrevention either stop the the threat or problem from occurring or prevent it having any impact Treat the risk - take action to control it in some way where the actions Reduction either reduce the likelihood of the risk developing or limit the impact This is a specialist form of risk reduction where the management of the risk is passed to a third party via, for instance, an insurance policy orTransference penalty clause, such that the impact of the risk is no longer an issue for the health of the project. Not all risks can be transferred in this way Tolerate the risk - perhaps because nothing can be done at a reasonableAcceptance cost to mitigate it or the likelihood and impact of the risk occurring are at an acceptable level These are actions planned and organised to come into force as and whenContingency the risk occurs 9
  49. 49. Identify suitable EXAMPLE responses to risk Terminate the risk - by doing things differently and thus removing the risk, where it is feasible to do so. Countermeasures are put in place thatPrevention either stop the the threat or problem from occurring or prevent it having any impact Treat the risk - take action to control it in some way where the actions Reduction either reduce the likelihood of the risk developing or limit the impact This is a specialist form of risk reduction where the management of the risk is passed to a third party via, for instance, an insurance policy orTransference penalty clause, such that the impact of the risk is no longer an issue for the health of the project. Not all risks can be transferred in this way Tolerate the risk - perhaps because nothing can be done at a reasonableAcceptance cost to mitigate it or the likelihood and impact of the risk occurring are at an acceptable level These are actions planned and organised to come into force as and whenContingency the risk occurs 9
  50. 50. Balance the risk SelectCost of actions Probability and impact of risk occurring 10
  51. 51. Risk action selection Possible action 2 Select Possible Possible Cost/time action 1 action 3 Cost/time Cost/time Risk tolerance Selection Risk tolerance 11
  52. 52. Risk action selection Possible action 2 Select Possible Possible Cost/time action 1 action 3 Cost/time Cost/time Risk tolerance Selection Impact on Impact on other parts plans Risk tolerance of the project Impact on Impact on Business Case business or programme 11
  53. 53. Risk Management Cycle Plan and resource 12
  54. 54. Risk Management Cycle Plan and resourcePlanning, which for countermeasure actions consist of: 12
  55. 55. Risk Management Cycle Plan and resourcePlanning, which for countermeasure actions consist of:– Identifying the quantity and type of resources required to carry out the actions 12
  56. 56. Risk Management Cycle Plan and resourcePlanning, which for countermeasure actions consist of:– Identifying the quantity and type of resources required to carry out the actions– Developing a detailed plan of action 12
  57. 57. Risk Management Cycle Plan and resourcePlanning, which for countermeasure actions consist of:– Identifying the quantity and type of resources required to carry out the actions– Developing a detailed plan of action– Confirming the desirability of carrying out the actions 12
  58. 58. Risk Management Cycle Plan and resourcePlanning, which for countermeasure actions consist of:– Identifying the quantity and type of resources required to carry out the actions– Developing a detailed plan of action– Confirming the desirability of carrying out the actions– Obtaining management approval 12
  59. 59. Risk Management Cycle Plan and resourcePlanning, which for countermeasure actions consist of:– Identifying the quantity and type of resources required to carry out the actions– Developing a detailed plan of action– Confirming the desirability of carrying out the actions– Obtaining management approvalResourcing, which to be used to conduct the work involved incarrying out the actions: 12
  60. 60. Risk Management Cycle Plan and resourcePlanning, which for countermeasure actions consist of:– Identifying the quantity and type of resources required to carry out the actions– Developing a detailed plan of action– Confirming the desirability of carrying out the actions– Obtaining management approvalResourcing, which to be used to conduct the work involved incarrying out the actions:– These assignments will be shown in Project and Stage Plans 12
  61. 61. Risk Management Cycle Plan and resourcePlanning, which for countermeasure actions consist of:– Identifying the quantity and type of resources required to carry out the actions– Developing a detailed plan of action– Confirming the desirability of carrying out the actions– Obtaining management approvalResourcing, which to be used to conduct the work involved incarrying out the actions:– These assignments will be shown in Project and Stage Plans– Resources requiring funding from the project budget 12
  62. 62. Risk Management Cycle Plan and resourcePlanning, which for countermeasure actions consist of:– Identifying the quantity and type of resources required to carry out the actions– Developing a detailed plan of action– Confirming the desirability of carrying out the actions– Obtaining management approvalResourcing, which to be used to conduct the work involved incarrying out the actions:– These assignments will be shown in Project and Stage Plans– Resources requiring funding from the project budget– Contingency actions will normally be funded from a contingency budget 12
  63. 63. Risk Management Cycle Monitor and report 13
  64. 64. Risk Management Cycle Monitor and reportMonitoring, may consist of: 13
  65. 65. Risk Management Cycle Monitor and reportMonitoring, may consist of:–Checking that execution of the planned actions is having the desired effect 13
  66. 66. Risk Management Cycle Monitor and reportMonitoring, may consist of:–Checking that execution of the planned actions is having the desired effect–Watching for the early warning signs that a risk is developing 13
  67. 67. Risk Management Cycle Monitor and reportMonitoring, may consist of:–Checking that execution of the planned actions is having the desired effect–Watching for the early warning signs that a risk is developing–Modelling trends, predicting potential risks or opportunities 13
  68. 68. Risk Management Cycle Monitor and reportMonitoring, may consist of:–Checking that execution of the planned actions is having the desired effect–Watching for the early warning signs that a risk is developing–Modelling trends, predicting potential risks or opportunities–Checking that the overall management of risk is being applied effectively. 13
  69. 69. Risk Responsibilities 14
  70. 70. Risk ResponsibilitiesThe Project Manager is responsible for ensuring that risks areidentified, recorded and regularly reviewed. The Project Board hasfour responsibilities: 14
  71. 71. Risk ResponsibilitiesThe Project Manager is responsible for ensuring that risks areidentified, recorded and regularly reviewed. The Project Board hasfour responsibilities: • Notifying the Project Manager of any external risk exposure to the project 14
  72. 72. Risk ResponsibilitiesThe Project Manager is responsible for ensuring that risks areidentified, recorded and regularly reviewed. The Project Board hasfour responsibilities: • Notifying the Project Manager of any external risk exposure to the project • Making decisions on the Project Manager’s recommended reactions to risk 14
  73. 73. Risk ResponsibilitiesThe Project Manager is responsible for ensuring that risks areidentified, recorded and regularly reviewed. The Project Board hasfour responsibilities: • Notifying the Project Manager of any external risk exposure to the project • Making decisions on the Project Manager’s recommended reactions to risk • Striking a balance between the level of risk and the potential benefits that the project may achieve 14
  74. 74. Risk ResponsibilitiesThe Project Manager is responsible for ensuring that risks areidentified, recorded and regularly reviewed. The Project Board hasfour responsibilities: • Notifying the Project Manager of any external risk exposure to the project • Making decisions on the Project Manager’s recommended reactions to risk • Striking a balance between the level of risk and the potential benefits that the project may achieve • Notifying corporate or programme management of any risks that affect the project’s ability to meet corporate or programme objectives. 14
  75. 75. Risk Ownership 15
  76. 76. Risk OwnershipAllocating ownership of the risk process as a whole and the variouscomponents is fundamental from the outset. When describing whoowns the various elements of risk, it is important to identify who ownsthe following: 15
  77. 77. Risk OwnershipAllocating ownership of the risk process as a whole and the variouscomponents is fundamental from the outset. When describing whoowns the various elements of risk, it is important to identify who ownsthe following: • The risk framework in totality 15
  78. 78. Risk OwnershipAllocating ownership of the risk process as a whole and the variouscomponents is fundamental from the outset. When describing whoowns the various elements of risk, it is important to identify who ownsthe following: • The risk framework in totality • Setting risk policy and the project team’s willingness to take risk 15
  79. 79. Risk OwnershipAllocating ownership of the risk process as a whole and the variouscomponents is fundamental from the outset. When describing whoowns the various elements of risk, it is important to identify who ownsthe following: • The risk framework in totality • Setting risk policy and the project team’s willingness to take risk • Different elements of the risk process, such as identifying threats, through to producing risk response and reporting 15
  80. 80. Risk OwnershipAllocating ownership of the risk process as a whole and the variouscomponents is fundamental from the outset. When describing whoowns the various elements of risk, it is important to identify who ownsthe following: • The risk framework in totality • Setting risk policy and the project team’s willingness to take risk • Different elements of the risk process, such as identifying threats, through to producing risk response and reporting • Implementation of the actual measures taken in response to the risks 15
  81. 81. Risk OwnershipAllocating ownership of the risk process as a whole and the variouscomponents is fundamental from the outset. When describing whoowns the various elements of risk, it is important to identify who ownsthe following: • The risk framework in totality • Setting risk policy and the project team’s willingness to take risk • Different elements of the risk process, such as identifying threats, through to producing risk response and reporting • Implementation of the actual measures taken in response to the risks • Interdependent risks that cross organisational boundaries, whether they be related to business processes, IT systems or other projects. 15
  82. 82. Risk Tolerance EXAMPLE 16
  83. 83. Risk Analysis Asset Threat Vulnerability Mitigation What are you trying What are you afraid How could the What is currently to protect? of happening? threat occur? reducing the risk? Impact/Severity Probability/Likelihood What is the impact to the business? How likely is the threat? 1. Negligible 1. Unforeseeable 2. Minor 2. Very unlikely 3. Moderate 3. Possible 4. Major 4. Likely 5. Critical 5. Very Likely 6. Catastrophic 6. Almost certain Risk Log 17
  84. 84. Risk Log EXAMPLE Risk Log Tolerability level 12 Impact Probability Risk rating Priority Hazard (I)(1-6) (P)(1-6) (I x P) 1 Data loss due to virus 5 4 20 2 Denial of service attack 5 3 15 3 Theft of proprietary information 4 3 12 4 Insider net abuse 4 3 12 5 Abuse or wireless networks 3 4 12 6 Financial fraud 5 2 10 7 Laptop theft 3 3 9 8 Unauthorised access 3 3 9 9 Telecom fraud 2 3 6 10 Website hacking/defacement 3 2 6 11 System penetration 3 2 6 12 Sabotage 4 1 4 18
  85. 85. EXAMPLERisk Analysis 19
  86. 86. EXAMPLERisk Profile Use of a easy-to-read diagram may assist in the visibility of risks and assist management decisions - these would be normally found in the Risk Logs 20
  87. 87. EXAMPLERisk Profile Risk tolerance line Probability/Likelihood High 1,2 5 Medium 4 3 Low 6,9 7,8 Low Medium High Impact 20
  88. 88. Analysing Risk EXAMPLEFactor Likelihood Impact Mitigation StrategyFailure to recruit staff Medium High Minimise number of staff to be recruited. Ensure recruitment cycle begins as rapidly after project approved as possible. Ensure remuneration adequate to level of responsibility and expertise. Use specialist recruitment agency if necessary. Other staff seconded from other duties and additionally trained as triage solution.Underestimate Low Medium Close integration with OSS community effort todifficulty of specific mobilise additional resource to bear on problemtechnical development space.Difficulty integrating Medium High Deploy Identity Management software based onwith data sources for open standards. Direct engagement with systemsidentity specialists.Difficulty integrating Medium High Work with the various Engineering institutions tothe numerous develop a concept concerning the creation andelectronic systems adoption of Standards (i.e. LEAP2A)within the EngineeringframeworkProject fails sufficiently Low High Staff within the University of Hull, particularly theto engage engineering Knowledge Exchange will ensure that the ‘learnercommunities voice’ is represented throughout the project, inclusive of the broad diversity (including geographic) of learners represented within the partnership.
  89. 89. Budgeting for risk management• A project needs to allocate and have embedded in the project environment: –Budget –Time –Resources (staff/skills/tools/techniques) to ensure Risk Management is carried out successfully• Experience shows that allocating the correct ‘budget’ to the risk management process early on will pay dividends later 22
  90. 90. Further considerations – Project Interdependencies – The relationship between benefit and delivery risks – Internal versus external risks 23
  91. 91. TASKReview your Project risks

×