7. Flash
instead of being excited about how quickly his
team was able to recover from the hurricanes,
the project manager - and his boss - should
have questioned the wisdom of his decision to
go ahead with the implementation at the
scheduled time when everyone knew there
was a hurricanes coming.
7/28/2017 ENG.AHMED SAID REFAEI 7
8. Definitions:
Risk or Risk event
A discrete occurrence that may affect the project for good or bad.
Note : good risk sometimes called opportunities
The meaning of the term “risk” must be understood clearly for effective
project risk management. In the context of a project, we are concerned about
potential impacts on project objectives such as cost and time.
A general definition of “risk” in this context is:
Risk is an uncertainty that matters; it can affect project objectives negatively or positively.
The uncertainty may be about a future event that may or may not happen and the unknown
magnitude of the impact on project objectives if it does happen.
Thus, a “risk” is characterized by its probability of occurrence and its
uncertain impact on project objectives.
7/28/2017 ENG.AHMED SAID REFAEI 8
9. Definitions:
Uncertainty
An uncommon state of nature, characterized by the absence of any
information related to a desired.
Risk Factors
1. The probability that it will occur ( what ).
2. The rang of possible out comes ( impact or amount at stake ).
3. Expected timing ( when ) in the project life cycle.
4. Anticipated frequency of risk events from that source ( how often ).
7/28/2017 ENG.AHMED SAID REFAEI 9
10. Definitions:
Risk Tolerance :
The amount of risk that is acceptable ( tolerance level ).
Example:
A risk that affects our reputation will not be tolerated
Or
A risk of a two week delay is okay, but nothing more.
7/28/2017 ENG.AHMED SAID REFAEI 10
11. Discussing Risks as a Team has Value
Conducting risk management meetings as a team has value. The
team listens to its members discuss risks, and the team can provide
input from different perspectives. This cannot occur in one‐on‐one
discussions of risk.
In discussing risks, the work of individual team members can have an
impact on the work of the rest of the team.
Listening to team members, and discussing their challenges, provides
a greater likelihood that the impact of a risk will be assessed
properly.
7/28/2017 ENG.AHMED SAID REFAEI 11
12. Risk and opportunity management:(ICB)
I. is an ongoing process taking place during all phases of the project life cycle, from initial idea to
project close-out.
II. At project close-out the lessons learnt in risk and opportunity management throughout the project
are an important contribution to the success of future projects.
I. A widely used technique to reduce the uncertainty surrounding any particular risk is based on the
successive principle, the reduction of the uncertainty of an estimate when the item subject to the
estimate is broken down into its component parts.
II. The sum of the variances of the estimates of the sub-items is less than the variance of the total item.
III. To reduce the variance of the project cost estimation, those cost items with the higher variances are
broken down to reduce the uncertainty of the estimates.
IV. The breakdown process is successively repeated until the variances of all the cost components are
below an acceptable limit.
V. The same technique is applied to the estimates of the duration of the activities that determine the
project schedule in order to reduce the uncertainty in the estimate of the project duration.
7/28/2017 ENG.AHMED SAID REFAEI 12
14. Examples:
Throughout the project life cycle, a future event that may occur at any time in a
project’s lifecycle is a risk. It has a probability of occurrence and an uncertain
impact if it does occur.
During Planning and Design, uncertainty in the total cost estimate, due to
uncertain quantities and unit prices is a risk. In this case the probability is
100% (the estimate and its uncertainties exist), and the uncertainties impact
the project cost.
During construction, a Notice of Potential Claim (NOPC) has a probability of
becoming a Contract Change Order (CCO) and an uncertain cost/time impact
if this happens. This risk is retired from the register if the claim is dismissed
or if it is replaced by a CCO.
7/28/2017 ENG.AHMED SAID REFAEI 14
15. Examples:
During construction, a CCO which has occurred (100% probability) is a risk,
but its cost/time impact may be uncertain. If there is an estimate in the CCO
Log of the project, the uncertainty is expressed as a range around the
estimate. This risk is retired from the register when the CCO is executed with
the contractor.
These and Next examples are collectively referred to as “risks” in many projects, and would all
be included, when applicable, in the project’s risk register because they contain uncertainty that
affects project objectives.
7/28/2017 ENG.AHMED SAID REFAEI 15
16. Schedule risk: XMR will arrive later than planned causing a delay in tasks X,
Y & Z of many days. (also Ceramic – Vinyl – AHU - …….).
Annual Hurricanes/Dust storms and which will last for two months a year,
which cause a fall in labour productivity due to lower working hours during
that period as well as material losses.
Cost risk: because the Cladding may arrive later than planned, we may need
to extend our lease of scaffolding on the staging area at a cost of $ 200K.
7/28/2017 ENG.AHMED SAID REFAEI 16
Source of RISK (In Examples):
17. Quality risk: the concrete may not dry on a short time During winter
weather causing us to not meet our quality standard of concrete strength.
Performance or scope of the work risk: we might not have correctly
defined the scope of work for the BMS supply & installation. If that proves
true we will have to add tasks at a cost of $ 2M.
External risk: Building permits???!!!!
7/28/2017 ENG.AHMED SAID REFAEI 17
Source of RISK (In Examples):
18. Resource risk: Isam Sobhi is such an excellent Structural designer that he
may be called a way to work on the new project everyone is so excited about.
If that occurs we will have to use someone else and our schedule will slip
between100 to 275 hours.”
Formwork/steel Fixing Sub-Contractor will leave due to Late of steel supply
which caused long time of tasks This Sub-Con more qualified/safe time more
than others.
Customer satisfaction ( stakeholder satisfaction ) risk: there is
a chance that the customer will not be happy with XYZ delay also Quality.
7/28/2017 ENG.AHMED SAID REFAEI 18
Source of RISK (In Examples):
19. Risk and issue:
Risk and issue are two words that are often confused when it comes to their usage.
Actually there is some difference between them.
A risk is an uncertain event that has a probability associated with it.
An issue does not have this attribute.
Issues are problems right now that the project team has to do something about.
Think of risk management as a proactive activity, while issue
management is reactive.
(Scalable Risk M.)
7/28/2017 ENG.AHMED SAID REFAEI 19
20. 3 - Roles and Responsibilities
7/28/2017 ENG.AHMED SAID REFAEI 20
21. The project manager Roles
The project manager is responsible for:
1. Keeping himself and all the project team members working proactively.
2. Alert to risks and opportunities.
3. Committed to the risk management process,
For
involving interested parties in that process
and when needed
for
getting appropriate experts as consultants to support project risk management.
7/28/2017 ENG.AHMED SAID REFAEI 21
22. Roles and Responsibilities
Role Responsibilities
Projects
Managers
• With input from the Project Development Team (PDT), determine the project’s
risk register requirements based on project estimate and complexity, and the
need for a written project Risk Management Plan.
• Promote and direct risk management for the project.
• Request project‐specific changes to minimum risk management requirements.
• Populate and maintain the project risk register with risks developed by functional
units and the PRMT.
• Ensure proactive response to all risks and opportunities that will impact the
successful delivery of the project.
• Produce risk management reports for sponsors.
• Inform Department management about risk management results, major issues,
and concerns.
• Schedule and conduct project risk meetings.
• Monitor and update risks.
• Ensure quality of the risk data in the risk register.
• Track and monitor the effectiveness of risk response actions.
• Elevate issues to district management for resolution as necessary.
• Take lead role in obtaining signoffs at accountability check points.
7/28/2017 ENG.AHMED SAID REFAEI 22
23. Roles and Responsibilities
Role Responsibilities
PMO/District Risk
Management
Coordinator
• Assist project managers with the implementation of PRM requirements.
• Provide expertise, direction, and assistance.
• Obtain expert services as needed.
• Liaise with Headquarters risk management.
Project Delivery
Team Member
• Identify and assess risks.
• Develop responses to risks.
• Document risk response actions and report to project manager for inclusion in
risk management updates.
• Communicate with project manager about newly‐identified risks, risk
assessments, and retirement of risks.
7/28/2017 ENG.AHMED SAID REFAEI 23
24. Roles and Responsibilities
Role Responsibilities
PMO/Board/Projec
t Risk Manager
(Generally the
project manager
for Level 1 and 2
projects)
• Promote and direct risk management for the project.
• Schedule and conduct project risk meetings.
• Perform risk monitoring and updating.
• Ensure quality of the risk data in the Risk Register.
• Document risk response actions.
• Track and monitor the effectiveness of risk response actions.
• Report to the project manager on all matters related to risk management.
• Compile the lessons learned in the area of risk management.
• Produce risk management reports for the project manager.
• Populate the project risk register with risks developed by functional areas.
Project Delivery
Team Members
and Task Managers
• Identify and assess risks and determine the risk owners.
• Develop responses to risks.
• Document risk response actions and report to project managers for inclusion in
risk management updates.
• Communicate new risks to project managers.
• Retire risks.
7/28/2017 ENG.AHMED SAID REFAEI 24
25. Risk Roles Identification
7/28/2017 ENG.AHMED SAID REFAEI 25
1.1 Risk
Identify
2.2 Risk
Applicabl
e To
Project?
1.2 Risk Form
Submitted
2.2 Risk Register
Update
2.1 Risk Reviewed
3.1 Risk Register
Reviewed
Yes
No
Ye
s
No
Ye
s
No
3.2 Has
Risk been
Resolved
?
3.3 Close Risk &
Update Register
3.6 Risk Mitigating
Action Assigned
3.4 is
change
needed to
mitigate
Risk
3.5 Issue Change
Request
4.1 Risk Mitigating
Action Completed
Risk Team Project Manager PMO/Board Project Team
1.0 Raise Risk 2.0 Register Risk
4.0 Implement
Risk Actions
3.0 Assign Risk
Actions
27. Possible process steps:
Stages (Actually) Project Risk Management processes (PMI)
1 – Identified 11.1 Plan Risk Management—The process of defining how to conduct risk
management activities for a project.
11.2 Identify Risks—The process of determining which risks may affect the
project and documenting their characteristics.
11.3 Perform Qualitative Risk Analysis—The process of prioritizing risks for
further analysis or action by assessing and combining their probability of
occurrence and impact.
2 – Quantified 11.4 Perform Quantitative Risk Analysis—The process of numerically
analyzing the effect of identified risks on overall project objectives.
3 – Monitored
4 – Avoided, Transferred, Mitigated
or Accepted
11.5 Plan Risk Responses—The process of developing options and actions to
enhance opportunities and to reduce threats to project objectives.
11.6 Control Risks—The process of implementing risk response plans,
tracking identified risks, monitoring residual risks, identifying new risks, and
evaluating risk process effectiveness throughout the project.
7/28/2017 ENG.AHMED SAID REFAEI 27
28. 11.1 Plan Risk
Management
• Plan Risk Management is the process of
defining how to conduct risk
management activities for a project.
• The key benefit of this process is it
ensures that the degree, type, and
visibility of risk management are
commensurate with both the risks and
the importance of the project to the
organization.
• A Risk Plan should be documented early
in the project, during the Planning phase.
• The plan is undertaken prior to the
Execution phase to ensure that any risks
identified are addressed during the
Execution phase itself.
7/28/2017 ENG.AHMED SAID REFAEI 28
29. What is a Risk Plan Outlines?
A Risk Plan outlines the foreseeable project risks
and provides a set of actions to be taken to both
prevent the risk from occurring and reduce the
impact of the risk should it eventuate.
More specifically, the plan includes:
1. A full list of all of the foreseeable risks
during the project
2. A rating of the likelihood of each risk's
occurring
3. A rating of the impact on the project should
each risk actually occur
4. A priority rating of the overall importance
of each risk
5. A set of preventative actions to reduce the
likelihood of the risk's occurring
6. A set of contingent actions to reduce the
impact should the risk eventuate
7. A process for managing risks through the
project.
7/28/2017 ENG.AHMED SAID REFAEI 29
30. When to use a Risk Plan?
A Risk Plan should be documented early in the project, during the Planning phase.
The plan is undertaken prior to the Execution phase to ensure that any risks identified are
addressed during the Execution phase itself.
Immediately after the plan has been documented, the Risk Management Process will be
engaged to monitor and control the likelihood and impact of risks on the project.
The Risk Management Process is terminated only when the Execution phase of the project is
completed (i.e. just prior to Project Closure).
7/28/2017 ENG.AHMED SAID REFAEI 30
33. Risk Categories (Or RBS)
Construction
Analytics
Complexity and
Interface
Process
Quality
Performance &
reliability
Design
Business
Benefits
Requirement
Technology
Acceptance &
Deliverable
External
Subcontractors
& Suppliers
Regularity
Customer
Government
Law
Market
Organizational
Project
Dependencies
Resources
Budgeting &
Funding
Prioritization
Staffing Quality
& Sufficiency
Environment
Weather
Topography
Issues
Project
Management
Scope
Culture
Estimating
Planning &
Controlling
Communication
7/28/2017 ENG.AHMED SAID REFAEI 33
34. Risk Categories (More clarification)
7/28/2017 ENG.AHMED SAID REFAEI 34
Category Description
Requirements The requirements have not been clearly specified
The requirements specified do not match the customer's needs
The requirements specified are not measurable
Benefits The business benefits have not been identified
The business benefits are not quantifiable
The final solution delivered does not achieve the required benefits
Schedule The schedule doesn’t provide enough time to complete the project
The schedule doesn’t list all of the activities and tasks required
The schedule doesn’t provide accurate dependencies
35. Risk Categories (More clarification)
7/28/2017 ENG.AHMED SAID REFAEI 35
Category Description
Budget The project exceeds the budget allocated
There is unaccounted expenditure on the project
There is no single resource accountable for recording budgeted spending
Deliverables The deliverables required by the project are not clearly defined
Clear quality criteria for each deliverable have not been defined
The deliverable produced doesn’t meet the quality criteria defined
Scope The scope of the project is not clearly outlined
The project is not undertaken within the agreed scope
Project changes negatively impact on the project
Issues Project issues are not resolved within an appropriate timescale
Similar issues continually reappear throughout the project
Unresolved issues become new risks to the project
36. Risk Categories (More clarification)
7/28/2017 ENG.AHMED SAID REFAEI 36
Category Description
Suppliers The expectations for supplier delivery are not defined
Suppliers do not meet the expectations defined
Supplier issues negatively impact on the project
Acceptance The criteria for accepting project deliverables aren’t clearly defined
Customers do not accept the final deliverables of the project
The acceptance process leaves the customer dissatisfied
Communication Lack of controlled communication causes project issues
Key project stakeholders are ‘left in the dark’ about progress
Resource Staff allocated to the project are not suitably skilled
Insufficient equipment is available to undertake the project
There is a shortage of materials available when required
37. Developing RMP
See File ………… Risk Management Project Template.docx
7/28/2017 ENG.AHMED SAID REFAEI 37
38. Tips
in Developing the Risk Management Plan:
1. Determine the scalability level for the project.
2. Determine the frequency of risk meetings for the project and the applicable communication and
accountability checkpoints.
3. Decide who will be on the Project Risk Management Team.
4. If significant effort or outside consultants will be involved, include estimates for project risk
management activities in work plans.
5. If applicable, obtain the necessary approvals for the written RMP.
6. Plan for change.
7. Always investigate.
8. Use spreadsheet to keep track of the risk plan on a ongoing basis.
9. Develop risk triggers (early warning signals).
7/28/2017 ENG.AHMED SAID REFAEI 38
39. 7/28/2017 ENG.AHMED SAID REFAEI 39
Warnings
when Developing the Risk Management Plan….
Risk management must not overshadow the work that must be done (no
risk = no return).
Do not ignore low risk items completely, but also do not spend to much
time on them.
Do not assume that you have all the risks identified.
Do not let politics interfere with your assessment.
Consider what might happen if more than one thing goes wrong at the
same time.
40. 11.2 Identify Risks
• Identify Risks is the process of
determining which risks may affect the
project and documenting their
characteristics.
• The key benefit of this process is the
documentation of existing risks and the
knowledge and ability it provides to the
project team to anticipate events.
• Risk identification determines what might
happen that could affect the objectives of
the project and how those things might
happen.
• It produces a deliverable — the project
risk register – that documents the risks
and their characteristics. The risk register
is subsequently amended by the
qualitative or quantitative risk analysis,
risk response, and risk monitoring
processes.
• Risk identification is an iterative process
because new risks may become known as
the project progresses through its life
cycle, previously‐identified risks may drop
out, and other risks may be updated.
7/28/2017 ENG.AHMED SAID REFAEI 40
42. Challenges of Identifying Project Risks
A common challenge in risk identification is avoiding confusion between causes of risk, genuine risks, and the
effects of risks. A risk may have one or more causes and, if it occurs, one or more effects.
Causes are definite events or sets of circumstances which exist in the project or its environment, and which give rise to
uncertainty.
Examples include the need to use an unproven new technology, the lack of skilled personnel, or the fact that the organization has never done a similar
project before. Causes themselves are not uncertain since they are facts or requirements, so they are not the main focus of the risk management
process.
Risks are uncertainties which, if they occur, would affect the project objectives either negatively (threats) or positively
(opportunities).
Examples include the possibility that planned completion targets might not be met, escalation rates might fluctuate, or the chance that requirements
may be misunderstood.
These uncertainties should be managed proactively through the risk management process.
Effects are unplanned variations from project objectives, either positive or negative, which would arise as a result of
risks occurring.
Examples include early milestone completion, exceeding the authorized budget, or failing to meet agreed quality targets. Effects are contingent
events, unplanned potential future variations which will not occur unless risks happen.
As effects do not yet exist, and they may never exist, they cannot be managed directly through the risk management process.
7/28/2017 ENG.AHMED SAID REFAEI 42
43. In identifying risks,
the team considers and documents:
What may happen or not go according to plan,
What the impacts to the project objectives would be should the risk arise,
What the assumptions and current status are that support the assessment of the risk,
What action, if any, has been taken to respond to the risk, and
What further options might be available for responding to the risk?
7/28/2017 ENG.AHMED SAID REFAEI 43
44. Risk Register
The information is entered into the risk register.
Each risk is assigned to a member of the PRMT who becomes its Risk Owner.
The risk register is reviewed and updated throughout the project.
The project manager, at his option, may elicit initial risk registers from the
functional units and consolidate the contributions into a single project risk
register.
Alternatively, the project risk register may be developed during a PRMT
meeting.
7/28/2017 ENG.AHMED SAID REFAEI 44
46. 11.3 Perform
Qualitative Risk
Analysis
• Perform Qualitative Risk Analysis is the
process of prioritizing risks for further
analysis or action by assessing and
combining their probability of occurrence
and impact.
• The key benefit of this process is that it
enables project managers to reduce the
level of uncertainty and to focus on high-
priority risks.
7/28/2017 ENG.AHMED SAID REFAEI 46
Qualitative
Analysis
Quantitative
Analysis
Response
Planning
Monitorin
g &
Control
Risk
Identificati
on
Communication
47. Qualitative Risk Analysis – Level 1
Qualitative risk analysis includes methods for prioritizing the
identified risks for further action, such as risk response.
The PRMT can improve the project’s performance effectively
by focusing on high‐priority risks.
Team members revisit qualitative risk analysis during the
project’s lifecycle.
When the team repeats qualitative analysis for individual
risks, trends may emerge in the results. These trends can
indicate the need for more or less risk management action
on particular risks or even show whether a risk mitigation
plan is working.
7/28/2017 ENG.AHMED SAID REFAEI 47
48. Probability and Impact Ratings for
Projects - Level 2
Next Table lists the Caltrans standard definition of risk probability and
impact ratings. The cost impact ratings may be easier to apply if
expressed in terms of dollars.
The ratings for the project serve as a consistent frame of reference for
the PRMT in assessing the risks during the life of the project.
The table is intended as a guide – the PRMT may define dollar and time
ranges as appropriate for the project. The impacts are to the overall
project.
Schedule delay applies to risks that are on the critical path (the longest
path). During the Planning and Design phase, delay impacts to RTL may
be of primary interest. During construction, delays impact project
completion.
Cost impacts are based on the sum of Capital Outlay (CO) and Capital
Outlay Support (COS) costs.
7/28/2017 ENG.AHMED SAID REFAEI 48
49. DEFINITIONS OF IMPACT AND
PROBABILITY RATINGS (as agreed)
Rating --> Very Low Low Medium/
Moderate
High Very High
Cost Impact of Threat
(CO + COS)
Insignificant
cost increase
<5% cost
increase
5‐10% cost
increase
10‐20% cost
increase
>20% cost
increase
Cost Impact of
Opportunity (CO + COS)
Insignificant
cost reduction
<1% cost
decrease
1‐3% cost
decrease
3‐5% cost
decrease
>5% cost
decrease
Schedule Impact of
Threat
Insignificant
slippage
<1 month
slippage
1‐3 months
slippage
3‐6 months
slippage
>6 months
slippage
Schedule Impact of
Opportunity
Insignificant
improvement
<1 month
improvement
1‐2 months
improvement
2‐3 months
improvement
>3 months
improvement
Probability 1–9% 10–39% 40–59% 60–89% 90–99%
7/28/2017 ENG.AHMED SAID REFAEI 49
50. Probability and Impact Matrix
(Heat Map)
7/28/2017 ENG.AHMED SAID REFAEI 50
The PRMT assesses each identified risk in turn and assesses:
The rating for the probability of the risk occurring, and
The rating of cost and time impact of each risk, should it occur.
The risk matrix in Figure is used to determine the importance of each risk impact
based on the probability and impact ratings.
Each word descriptor of the rating has an associated number; the product of the
probability number and impact number defines the risk score.
For a particular impact, the combination of the probability rating of the risk occurring
and the impact rating positions the risk into one of the three colored zones in the risk
matrix.
The color of the zone indicates the priority of the risk for risk response: red zone
signifies high importance, yellow is medium importance, and green is low importance.
For example, a risk having a “Moderate” probability and a “High” impact falls into the
red zone. Its Risk score is 3 x 4 =12.
The risks in a colored zone may be further prioritized for risk response according to
their Risk Scores.
The higher the score, the higher the priority for risk response and monitoring.
51. Assessment Tips (ICB).
Qualitative risk and opportunity assessment ranks the risks and opportunities according to
their importance, as a function of their impact and probability of occurrence.
That ranking is used to decide what strategy should be used to cope with each risk and
opportunity. For instance, you could eliminate a risk, mitigate it, share it, transfer or insure
against it, develop a contingency plan, or passively accept the risk. Similar strategies
would be adopted for opportunities.
Those risks that are not acceptable and those opportunities that are to be pursued require
an appropriate response plan. The response plan can affect many project processes
requiring the exertion of competences in the three competence element ranges.
The execution of the risk and opportunity response plan has to be controlled and
continuously updated when new risks and opportunities emerge or when the importance
of those already identified varies.
7/28/2017 ENG.AHMED SAID REFAEI 51
54. 11.4 Perform
Quantitative Risk
Analysis
• Perform Quantitative Risk Analysis is the
process of numerically analyzing the effect of
identified risks on overall project objectives.
• The key benefit of this process is that it
produces quantitative risk information to
support decision making in order to reduce
project uncertainty.
• Perform Quantitative Risk Analysis is
performed on risks that have been
prioritized by the Perform Qualitative Risk
Analysis process as potentially and
substantially impacting the project’s
competing demands.
• The Perform Quantitative Risk Analysis
process analyzes the effect of those risks on
project objectives.
• It is used mostly to evaluate the aggregate
effect of all risks affecting the project.
• When the risks drive the quantitative
analysis, the process may be used to assign a
numerical priority rating to those risks
individually.
7/28/2017 ENG.AHMED SAID REFAEI 54
55. Quantitative Risk
Quantitative risk analysis is a way of numerically estimating the probability
that a project will meet its cost and time objectives. (Caltrons)
The result is a probability distribution of the project’s cost and completion
date based on the identified risks in the project. (Caltrons)
Quantitative risk and opportunity assessment provides a numerical value
measuring the effect expected from risks and opportunities. (ICB)
Monte Carlo analysis and decision trees and scenario planning are examples
of powerful quantitative risk and opportunity assessment techniques. (ICB)
7/28/2017 ENG.AHMED SAID REFAEI 55
56. Quantitative risk analysis
• Quantitative risk analysis simulation starts with the model of the project and either its project schedule or its cost estimate,
depending on the objective. The degree of uncertainty in each schedule activity and each line‐item cost element is represented
by a probability distribution. The probability distribution is usually specified by determining the optimistic, the most likely, and
the pessimistic values for the activity or cost element. This is typically called the “3‐point estimate.” The three points are
estimated by the project team or other subject matter experts who focus on the schedule or cost elements one at a time.
• Specialized simulation software runs (iterates) the project schedule or cost estimate model many times, drawing duration or cost
values for each iteration at random from the probability distribution derived from the 3‐point estimates for each element. The
software produces a probability distribution of possible completion dates and project costs. From this distribution, it is possible
to answer such
• questions as:
• How likely is the current plan to come in on schedule or on budget?
• How much contingency reserve of time or money is needed to provide a sufficient degree of confidence?
• Which activities or line‐item cost elements contribute the most to the possibility of overrunning schedule or cost targets can be
determined by performing sensitivity analysis with the software.
7/28/2017 ENG.AHMED SAID REFAEI 56
57. Decision Tree
Changing System
7/28/2017 ENG.AHMED SAID REFAEI 57
Change Structural
System
Revenue = 11M
Cast In Place
Cost = 10.5 M
Precast
Cost = 9M
Delay 6Months
On Time
80%
20%
Delay 4 Months
On Time
60%
40%
Decision EMV = 1.76M
(The Larger Of 20K & 1.76M)
11 – 11.1 =
-0.1M
-80K
11 – 10.5 = 0.5M
11 – 9.4 = 1.6M
11 – 9 = 2M
100K
960K
800K
EMV = 20K
EMV = 1.76M
Outcome
Probability
• Over Head 100’000 /Month
• Penalty = 10%
58. Decision Tree
– Choosing Sub-Contractor
7/28/2017 ENG.AHMED SAID REFAEI 58
Hiring Sub-C. For
Insufficient Labor
(No Comparison
Result)
Low Bidder
Bad
Qualification
High Bidder
Reliable
Delay 12 Days +
Good Quality
On Time + Bad
Quality
60%
10%
Delay 4 Days
On Time
20%
80%
Decision EMV = -2440
(The Larger Of -3240 & -2440)
110 - 114.6= -4.6K -2760
110 – 110 = 0
110 – 115.2 = -4.2K
110 – 112 = -2K
0
-840
-1600
EMV =-3240
EMV = -2440
Outcome
Probability
• Over Head 800SR/Day
• Budget Cost = 110 SR/CM
• Selling Price = 125 SR/CM
• Qt’y = 1000 CM
Delay 7Days + Bad
Quality
30%
110 – 111.6 = -1.6K -480
105 SR/CM
112 SR/CM
59. Decision Tree
– Make Or Buy
7/28/2017 ENG.AHMED SAID REFAEI 59
Make Or Buy
Buy with 240’00
SR/Pcs
Make with
Initial 232’00
SR/Pcs
Delay 30 Days +
Good Quality
On Time + Bad
Quality
30%
50%
Delay 20 Days
On Time
80%
20%
Decision EMV = -14150
(The Larger Of -14600 & - 4150)
240 – 259.5 = -
19.5K
-5850
240 – 252 = -12K
240 – 252 = -12K
240 – 265 = -25K
-6000
-9600
-5000
EMV =-14150
EMV = -14600
Outcome
Probability
• Over Head 650SR/Day
• Budget Cost = 240K SR
• Selling Price = 255K SR
• Qt’y = 8 Pcs
Delay 10Days +
Low Quality
20%
240 – 251.5 = -
11.5K
-2300
60. Decision Tree
7/28/2017 ENG.AHMED SAID REFAEI 60
Purchase
Apartment
Building ($600K)
Office Building
($600K)
Warehouse
($600K)
Good Economic
Conditions
Bad Economic
Conditions
60%
40%
Good Economic
Conditions
Bad Economic
Conditions
60%
40%
Good Economic
Conditions
Bad Economic
Conditions
60%
40%
Decision EMV = 44
(The Larger Of 42,44 & 22)
650 – 600 = 50 30
630 – 600 = 30
700 – 600 = 100
560 – 600 = -40
630 – 600 = 30
610 – 600 = 10
12
60
-16
18
4
EMV = 42
EMV = 44
EMV = 22
Outcome
Probability
63. 11.5 Plan Risk
Responses
• Plan Risk Responses is the process of
developing options and actions to
enhance opportunities and to reduce
threats to project objectives.
• The key benefit of this process is that it
addresses the risks by their priority,
inserting resources and activities into the
budget, schedule and project
management plan as needed.
7/28/2017 ENG.AHMED SAID REFAEI 63
64. Risk Response
Risk response is the process of developing strategic options, and determining actions, to
enhance opportunities and reduce threats to the project’s objectives.
A project team member is assigned to take responsibility for each risk response. This process
ensures that each risk requiring a response has an owner monitoring the responses,
although the owner may delegate implementation of a response to someone else.
7/28/2017 ENG.AHMED SAID REFAEI 64
65. Risk Response Strategies
For Threats For Opportunities
Avoid.
• Risk can be avoided by removing the cause of the
risk or executing the project in a different way
while still aiming to achieve project objectives.
• Not all risks can be avoided or eliminated, and for
others, this approach may be too expensive or
time‐consuming.
• However, this should be the first strategy
considered.
Exploit.
• The aim is to ensure that the opportunity is
realized.
• This strategy seeks to eliminate the uncertainty
associated with a particular upside risk by making
the opportunity definitely happen.
• Exploit is an aggressive response strategy, best
reserved for those “golden opportunities” having
high probability and impacts.
7/28/2017 ENG.AHMED SAID REFAEI 65
66. Risk Response Strategies
For Threats For Opportunities
Transfer.
• Transferring risk involves finding another party who is
willing to take responsibility for its management, and
who will bear the liability of the risk should it occur.
• The aim is to ensure that the risk is owned and managed
by the party best able to deal with it effectively.
• Risk transfer usually involves payment of a premium, and
the cost‐effectiveness of this must be considered when
deciding whether to adopt a transfer strategy.
Share.
• Allocate risk ownership of an opportunity to another
party who is best able to maximize its probability of
occurrence and increase the potential benefits if it does
occur.
• Transferring threats and sharing opportunities are
similar in that a third party is used.
• Those to whom threats are transferred take on the
liability and those to whom opportunities are allocated
should be allowed to share in the potential benefits.
7/28/2017 ENG.AHMED SAID REFAEI 66
67. Risk Response Strategies
For Threats For Opportunities
Mitigate.
• Risk mitigation reduces the probability and/or impact of an
adverse risk event to an acceptable threshold.
• Taking early action to reduce the probability and/or impact
of a risk is often more effective than trying to repair the
damage after the risk has occurred.
• Risk mitigation may require resources or time and thus
presents a Tradeoff between doing nothing versus the cost
of mitigating the risk.
Enhance.
• This response aims to modify the “size” of the positive
risk.
• The opportunity is enhanced by increasing its
probability and/or impact, thereby maximizing
benefits realized for the project.
• If the probability can be increased to 100 percent, this
is effectively an exploit response.
Acceptance.
• This strategy is adopted when it is not possible or practical to respond to the risk by the other strategies, or a response is
not warranted by the importance of the risk.
• When the project manager and the project team decide to accept a risk, they are agreeing to address the risk if and
when it occurs.
• A contingency plan, workaround plan and/or contingency reserve may be developed for that eventuality.
7/28/2017 ENG.AHMED SAID REFAEI 67
68. Responding to Risks
Following identification and analysis of project risks, the
PRMT takes action in response to the risks to improve the
odds in favor of project success.
Ultimately, it is not possible to eliminate all threats or take
advantage of all opportunities – but they will be
documented to provide awareness that they exist and
have been identified.
Successful risk response will change the risk profile
through the project life cycle, and risk exposure will
diminish(Reduce).
7/28/2017 ENG.AHMED SAID REFAEI 68
69. Responding to Risks
Risk response involves:
The PRMT determining which risks warrant a response and identifying which strategy is best for
each risk.
Assigning an action to the Risk Owner to identify options for reducing the probability or impacts
of each risk. The Risk Owner takes the lead and can involve experts available to the project.
Evaluating each option for potential reduction in the risk and cost of implementing the option.
Selecting the best option for the project.
Requesting additional contingency, if needed.
Assigning an action to the Risk Owner to execute the selected response action. The Risk Owner
is the lead and may assign specific tasks to other resources to have the response implemented
and documented.
If the PRMT judges that a risk should be accepted, it may assign an action to the Risk Owner to
prepare a contingency plan if deemed necessary.
7/28/2017 ENG.AHMED SAID REFAEI 69
70. Before developing the risk Register,
one has to analyse the risk:
• Event: What could happen?
• Probability: How likely is it to happen?
• Impact: How bad will it be if it happens?
• Mitigation: How can we reduce the probability?
• Contingency: How can we reduce the impact?
7/28/2017 ENG.AHMED SAID REFAEI 70
71. 7/28/2017 ENG.AHMED SAID REFAEI 71
Technical
Event
Business
Event
Programmatic
Event
What can go
wrong?
What Has or is
certain to go
wrong?
What can be
improved?
Threat OpportunityIssue
Consequences :
Both negative and positive impacts to cost, schedule and performance
72. QUALITATIVE RISK ANALYSIS VERSUS
QUANTITATIVE RISK ANALYSIS
QUALITATIVE QUANTITATIVE
risk-level project-level
subjective evaluation of probability
and impact
probabilistic estimates of time and cost
quick and easy to perform time consuming
no special software or tools required may require specialized tools
7/28/2017 ENG.AHMED SAID REFAEI 72
73. Topics addressed:
1. Contingency response plans.
2. Cost and duration contingency reserves.
3. Expected monetary value.
4. Qualitative risk assessment tools and
techniques.
5. Quantitative risk assessment tools and
techniques.
6. Residual risk and fallback plan.
7. Risk and opportunity owners.
8. Risk and opportunity response strategies
and plans.
9. Risk and opportunity taking attitudes,
risk aversion.
10. Risk identification techniques and tools.
11. Scenario planning.
12. Sensitivity analysis.
13. Strengths, weaknesses, opportunities,
threats analysis ( SWOT).
14. Successive principle.
7/28/2017 ENG.AHMED SAID REFAEI 73
74. 11.6 Control Risks
• Control Risks is the process of
implementing risk response plans, tracking
identified risks, monitoring residual risks,
identifying new risks, and evaluating risk
process effectiveness throughout the
project.
• The key benefit of this process is that it
improves efficiency of the risk approach
throughout the project life cycle to
continuously optimize risk responses.
• Risk monitoring and control continues for
the life of the project.
• The list of project risks changes as the
project matures, new risks develop, or
anticipated risks disappear. Risk ratings
and prioritizations can also change during
the project lifecycle.
7/28/2017 ENG.AHMED SAID REFAEI 74
75. Control Risks
The Control Risks process applies techniques, such as variance and trend analysis, which require
the use of performance information generated during project execution. Other purposes of the
Control Risks process are to determine if:
Project assumptions are still valid,
Analysis shows an assessed risk has changed or can be retired,
Risk management policies and procedures are being followed, and
Contingency reserves for cost or schedule should be modified in alignment with the current
risk assessment.
Control Risks can involve choosing alternative strategies, executing a contingency or fallback
plan, taking corrective action, and modifying the project management plan.
7/28/2017 ENG.AHMED SAID REFAEI 75
76. Control Risks
The risk response owner reports periodically to the project manager on the effectiveness of the
plan, any unanticipated effects, and any correction needed to handle the risk appropriately.
Control Risks also includes updating the organizational process assets, including project lessons
learned databases and risk management templates, for the benefit of future projects.
Typically, during project execution, risk meetings should be held regularly to update the status of
risks in the risk register, and add new risks.
Periodic project risk reviews repeat the process of identification, analysis, and response planning.
If an unanticipated risk emerges, or a risk’s impact is greater than expected, the planned
response may not be adequate. The project manager and the PRMT should perform additional
responses to control the risk.
7/28/2017 ENG.AHMED SAID REFAEI 76
77. Risk Monitoring & Control:
Monitoring also determines whether:
The PRMT is performing periodic risk review and updating
Risk management policies and procedures are being followed
The remaining contingency reserves for cost and schedule are adequate
And it may involve recommending:
Alternative risk responses
Implementing a contingency plan
Taking corrective actions
Changing the project objectives
7/28/2017 ENG.AHMED SAID REFAEI 77
78. Risk Review and Updating
The review tasks of the PRMT include the following:
Identify, analyze, and plan response actions for newly arising risks, and add them to the
risk register.
Review the execution of risk response actions, and evaluate their effectiveness.
Re‐assess existing risks, verify that the assumptions are still valid, and modify the
previous.
assessments as necessary.
Assign additional risk response actions to the Risk Owner.
Retire risks whose opportunity to impact the project has elapsed, or whose residual
impact on the project is deemed to have reached an acceptable level.
7/28/2017 ENG.AHMED SAID REFAEI 78
79. Before updating the register and recording
changes, the project risk manager should
make a copy of the risk register for the
project files, noting its data date. The set of
risk registers will document how risks have
changed over the life of the project and
provide an audit trail should it be required.
7/28/2017 ENG.AHMED SAID REFAEI 79
80. Lessons Learned
7/28/2017 ENG.AHMED SAID REFAEI 80
When a risk is retired, the PRMT will review the
history of the risk to record any lessons learned
regarding the risk management processes used. The
team is essentially asking itself: “What, if anything,
would we have done differently and why?”
The project risk manager will conduct a periodic
review of all lessons learned with the PRMT.
81. Possible process steps:
1. Possible process steps (Practically as ICB):
1. Identify and assess risks and opportunities.
2. Develop a risk and opportunity response plan and have it approved and communicated.
3. Update the different project plans affected by the approved risks and opportunities response plan.
4. Assess the probability of attaining time and cost objectives, and keep doing it during the project.
5. Continuously identify new risks, reassess risks, plan responses and modify the project plan.
6. Control the risk and opportunity response plan.
7. Document lessons learnt and apply to future projects; update risk identification tools.
7/28/2017 ENG.AHMED SAID REFAEI 81
82. 3basic formulas for risk analysis…
Understand how Risk Management works Various
factors should be identified in order to analyse risk,
including:
• Event: What could happen?
• Probability: How likely is it to happen?
• Impact: How bad will it be if it happens?
• Mitigation: How can you reduce the Probability
(and by how much)?
• Contingency: How can you reduce the Impact (and
by how much)?
• Reduction = Mitigation X Contingency
• Exposure = Risk – Reduction
7/28/2017 ENG.AHMED SAID REFAEI 82
Risk = Probability x Impact
(scale of the threat)
Reduction = Mitigation x Contingency
(ability to manage the threat)
Exposure = Risk – Reduction
(the amount of risk that you simply cannot avoid)