Try to identify as many risks as possible that may affect project objectives. Documentation Reviews Peer level reviews of project documentation, studies, reports, preliminary plans, estimates and schedules are a common and early method to help identify risks that may affect project objectives. Information Gathering • Brainstorming Formal and informal brainstorming sessions with project team members and extended project team members such as specialty groups, stakeholders and regulatory agency representatives is a technique for risk identification. • Lessons Learned Database Searching for lessons learned database that are relevant to your project can provide an abundance of information on projects that may have faced similar risks. • Other methods There are many techniques, some common techniques include: questionnaires and surveys, interviewing, checklists, and examination of the Work Breakdown Structure for the project with appropriate specialty groups, asking “what-if’ questions, for example “what-if we miss the fish window?” or “what-if our environmental documentation is challenged and we have to prepare … ?” etc.
There are four things you can do about a risk. The strategies are: Avoid the risk. Do something to remove it. Use another supplier for example. Transfer the risk. Make someone else responsible. Perhaps a Vendor can be made responsible for a particularly risky part of the project. Mitigate the risk. Take actions to lessen the impact or chance of the risk occurring. If the risk relates to availability of resources, draw up an agreement and get sign-off for the resource to be available. Accept the risk. The risk might be so small the effort to do anything is not worth while. A risk response plan should include the strategy and action items to address the strategy. The actions should include what needs to be done, who is doing it, and when it should be completed.
The final step is to continually monitor risks to identify any change in the status, or if they turn into an issue. It is best to hold regular risk reviews to identify actions outstanding, risk probability and impact, remove risks that have passed, and identify new risks.
Risk Management in Project Management
Risk ManagementFor Project Management
What is Risk?• Risk (noun): possibility of loss or injury • (Merriam-Webster Dictionary)
Risk in Project Management •A risk is something that may happenand if it does, will have an impact on the project objectives.May → possibilityImpact → lossObjectives → time, cost, performance, quality, scope, client satisfaction.
Words in Risk Management• Possibility → probability, likelihood• Loss → impact• Weakness → vulnerability• Threat• Control → countermeasure• Residual Risk → the amount of risk that is left over when appropriate controls are properly applied to lessen or remove weakness
Risk Management Plan• Risk Identification• Risk Quantification• Risk Response• Risk Monitoring and Control
Risk Identification Or Risk Assessment• Threats to the project• Weaknesses of the project environment• The possibility that threat will make use of weakness• The impact of the exposure (threat to weakness)• Available controls
Risk Identification and SWOT Factors affecting an organization (in this case, project) can usually be classified as:• Internal factors – Strengths (S) – Weaknesses (W)• External factors – Opportunities (O) – Threats (T)
Risk Identification Tools and Techniques• Document Reviews• Information Gathering – Brainstorming – Lessons Learned Database – Other methods, some common techniques include: questionnaires and surveys, interviewing, checklists, and examination of the Work Breakdown Structure for the project with appropriate specialty groups, asking “what-if’ questions
Risk Identification Output• Identification # for each risk identified• Date and phase of project development when risk was identified• Name of risk (does the risk pose a threat or present an opportunity?)• Detailed description of risk event• Risk trigger• Risk type• Potential responses to identified risk• Comments about risk identification
Risk Quantification• Set Impact Level of the Project – Impact Level to Cost – Impact Level to Schedule• Set Probability Level of the Project (could be organization standard)• Set Risk Matrix (should be organizational standard)
Impact Level Example• Project Value 10M• Project Schedule 3 Months Level Value Time Very High > 5M > 1Mo High 2M-5M 2W-1Mo Medium 0.5M-2M 3d-2W Low 0.1M-0.5M 1d-3d Very Low <0.1M < 1d
Probability Level Example Level Probability Very High >90% High 70%-90% Medium 30%-70% Low 5%-10% Very Low <5%
Probability Risk Matrix Example •VH •H •M •L •VL •VL •L •M •H •VH Impact
Risk Response Avoid: Do Something to Remove Transfer: Make Someone Else Responsible Reduce: Take Action to Lessen the Impact or Possibility Accept
Risk Response: Rule Cost of Risk Response (Avoid, Transfer orReduce) must be less than the cost of impact. Probability Reduce Avoid Accept Transfer Severity
Risk Monitoring and Control• Risk Audit• Risk Reviews• Risk Status Meetings and Reports