1 This document was originally created on 26th May 2009 and was last updated on 22 nd September 2015. The author of this material is Peter McSweeney and copyright is held by The University of Melbourne Week 9 Project risk management “Selecting the right project is business risk. Managing uncertainty to meet the stakeholders’ objectives is project risk.” (Verzuh, p.82) The focus of the final week is to consider some of the underlying risk management processes that can be applied toward the management of the project itself; and which the above quote suggests are not germane to the choice of project. The focus of risk management in the PM context is to ensure that the envisaged cost, schedule and quality are achieved. Again, a focus on the triangle! Risk management in the PM sense would seek to: - identify any risks - assess their significance - manage or respond to them. Most of the significant risks (constraints) would be picked up in the initial project definition phase. Given that most projects are defined under conditions of imperfect information and subject to changing circumstances, it would be expected that the identification, assessment and response cycle would be repeated throughout the life of the project. The model (Fig. 1) in Verzuh (1999) suggests that the first pass or iteration picks up the big risks, and the subsequent iterations identify those that emerge later. Dobie (2007) similarly outlines the risk management process. Figure 1 The risk management process (Source Verzuh E (1999) The fast forward MBA in Project Management, John Wiley, Brisbane, p.81) Risk Identification Analyse the project to identify sources of risk Response Development Define the risk, including the potential negative impact Assign a probability to the risk Develop a strategy to reduce the possible damage New risks Control Implement the risk strategy Continue to monitor the project for new risks New risks Known risks Risk management plan 2 This document was originally created on 26th May 2009 and was last updated on 22 nd September 2015. The author of this material is Peter McSweeney and copyright is held by The University of Melbourne Applying organisational risk management models and defining risk Most of you will have had experience of using a framework for risk management i.e. risk identification, assessment, response and management. Risk management systems tend to incorporate comprehensive risk registers for organisational activities which then drill down into the management plan associated with each risk. Project risks can be assessed as part of the broader organisational approach that already exists. The PMBOK (p.238) defines project risk “as an uncertain event or condition that, if it occurs, has a positive or negative effect on at least one project objective, such as time, cost, scope, o.

1. 1
This document was originally created on 26th May 2009 and
was last updated on 22
nd
September 2015. The author of this material is Peter
McSweeney and copyright is held by The University of
Melbourne
Week 9 Project risk management
“Selecting the right project is business risk. Managing
uncertainty to meet the stakeholders’
objectives is project risk.” (Verzuh, p.82)
The focus of the final week is to consider some of the
underlying risk management processes
that can be applied toward the management of the project itself;
and which the above quote
suggests are not germane to the choice of project. The focus of
risk management in the PM
context is to ensure that the envisaged cost, schedule and
quality are achieved. Again, a focus

2. on the triangle! Risk management in the PM sense would seek
to:
- identify any risks
- assess their significance
- manage or respond to them.
Most of the significant risks (constraints) would be picked up in
the initial project definition
phase. Given that most projects are defined under conditions of
imperfect information and
subject to changing circumstances, it would be expected that the
identification, assessment
and response cycle would be repeated throughout the life of the
project. The model (Fig. 1) in
Verzuh (1999) suggests that the first pass or iteration picks up
the big risks, and the
subsequent iterations identify those that emerge later. Dobie
(2007) similarly outlines the risk
management process.

3. Figure 1 The risk management process (Source Verzuh E (1999)
The fast forward MBA in
Project Management, John Wiley, Brisbane, p.81)
Risk Identification
Analyse the project to
identify sources of risk
Response Development

4. Define the risk,
including the potential
negative impact
Assign a probability to
the risk
Develop a strategy to
reduce the possible
damage
New risks
Control
Implement the risk
strategy
Continue to monitor the
project for new risks
New risks
Known risks
Risk management plan

5. 2
This document was originally created on 26th May 2009 and
was last updated on 22
nd
September 2015. The author of this material is Peter
McSweeney and copyright is held by The University of
Melbourne
Applying organisational risk management models and defining
risk
Most of you will have had experience of using a framework for
risk management i.e. risk
identification, assessment, response and management. Risk
management systems tend to
incorporate comprehensive risk registers for organisational
activities which then drill down
into the management plan associated with each risk.
Project risks can be assessed as part of the broader
organisational approach that already exists.
The PMBOK (p.238) defines project risk “as an uncertain event
or condition that, if it occurs,

6. has a positive or negative effect on at least one project
objective, such as time, cost, scope, or
quality. ……… A risk may have one or more causes, and if it
occurs, one of more impacts.”
Smith and Merritt (2002) use useful terms such as the term risk
event drivers as “facts in the
project environment that cause you to believe that the risk event
will occur”. And impact
drivers, as “facts if the project environment that cause you to
believe that the impact will
occur.” In one sense, their model takes the understanding of
risk a little further.
In terms of the PM planning, Dobie (Fig 8.1) suggests where
risk maybe managed and by
whom within the PM phases i.e. initiation, planning, delivery
and finalisation.
Discussion Topic 1 Provide examples of project risks as
defined above. With the
example/s, analyse their causes and effects.
Risk behaviour

7. Dobie examines the need for attitudes to risk to be as explicit as
possible (p.139). There
should also be some alignment between organisational attitudes
or responses and those of the
individuals or managers assessing project risks, whether they
are threats or opportunities. The
need for this type of alignment can be seen in the example of an
organisation that has the
potential to adopt a fast-track schedule for any given project.
The significance of the risk management attitudes at the
personal and organisational level is
also highlighted by Dobie (p.137). There are some fundamental
questions in this area:
- Is risk encouraged?
- To what extent is the organisational attitude to risk
articulated?
- What mechanisms exist to ensure that decision-making by
management is consistent
within acceptable boundaries?
Discussion Topic 2 What might an organisational response be
in the situation of ‘fast-track’
project opportunities? Accept the risk, given the opportunity at

8. hand? Or is the tendency
within the organisation to avoid the risk or transfer the risk in
some way?
3
This document was originally created on 26th May 2009 and
was last updated on 22
nd
September 2015. The author of this material is Peter
McSweeney and copyright is held by The University of
Melbourne
Risk impact
Dobie provides an approach to measuring impact and
probability (Fig 8.5). Most risk
assessment models work around these dimensions. Some of the
literature in your readings

9. aligns closely to the PMBOK approach (example Carbone and
Tippett, 2004).
There is much literature on this area. I like the quick
assessment of overall project risk taken
by Tiwana and Keil (2004) by way of their ‘one-minute risk
assessment tool’.
Risk management
The framework provided in Dobie (Ch.8) provides a
comprehensive approach to risk
identification and management. The approach in most
organisations would be to extend their
own management systems to the context of project risk. Dobie
(p.142) places some emphasis
on the issue of high risk projects and suggests that these need to
be treated in a proactive
manner.
Risk and the Project Manager
One of the strong messages to come through literature on risk is
that organisations need to

10. heed the ‘lessons learned’ from their own experiences. Some of
the literature captures these
in a generic sense e.g. ‘the seeds of project failure’ (Tiwana and
Keil, 2004, p.74). Others
focus on specific dimensions to PM. For example, Globerson
and Zwikael (2002) examine
the impact of the project manager.
Perhaps this is the appropriate note to conclude the review of
risk.
“As the person who is fully accountable for the success of the
project as a whole, the project
manager is responsible for overcoming the difficulties
encountered in guaranteeing that all
planning processes are properly executed. To resolve the
problems, the project manager
should identify the events that have a negative impact on the
successful completion of the
project and develop explicit mitigating plans to accommodate
them.” (p. 63)
Objectives

11. Following the readings and discussion, you should be able to:
processes
e the difference between risk management
associated with the ‘above the
line’ and ‘below the line’ activities.
to risk.
4
This document was originally created on 26th May 2009 and
was last updated on 22
nd
September 2015. The author of this material is Peter
McSweeney and copyright is held by The University of
Melbourne

12. References
Carbone, T.A. and Tippett, D.D., (2004), Project risk
management using the project risk
FMEA, Engineering management journal, Rolla, Dec., Vol.16:4.
Dobie, C. (2007), A Handbook of Project Management, Allen
and Unwin, Sydney. Ch 8.
Globerson, S. and Zwikael., O., (2002), The impact of the
project manager on project
management planning processes, Project Management Journal,
Sylva, Vol.33:3.
PMBOK, Ch. 9, 10.
Smith, P.G. and Merritt, G.M., (2002), Managing consulting
project risk, Consulting to
Management, Sep., Vol.13: 3.
Tiwana, A. and Keil, M., (2004), The one-minute risk
assessment tool, Association for
Computing Machinery: Communications of the ACM, New
York, Nov., Vol.47:11.

13. Verzuh, E., (1999), The fast forward MBA in project
management, John Wiley, Brisbane,
Ch.5.
PART 1 – PROJECT EVALUATION
Activity- 1 NPV
The projects cash flow over the next 10 years for a strategic
projects is forecast in the table.
Evaluate both the sub-projects if the real discount rate is:
1. 3.5% 2. 7.5% 3. 19%
Document your response and discuss the choice of discount rate
and its implication as an input for NPV evaluation
Activity- 2 NPV
For an operational project, please consider if the investment is
worth proceeding by completing the table.
Activity- 3 Multi criteria analysis
Table 3, shows financial and non-financial outcomes from two
strategic projects. Using the weighted criteria of 50:50 between
financial and socio-economic impacts, please rank the two
strategic-projects in Table 4 shown in the next slide
PART 2 – RISK ASSESSMENT
Activity 1 Quantitative risk assessment
For a strategic project, 8 summary activities are planned and the
effect of 3 major risks on each activity is identified. (e.g. %
means no effect, 10% risk impact means 10% add on to overrun
is required).
Activity 1 Quantitative risk assessment