This document outlines the process of risk management for a graduation project on the topic. It defines risk and uncertainty, describes different types of risks like business and operational risks, and explains the principles and benefits of risk management. The key steps in implementing risk management are established as establishing context, risk identification, analysis, evaluation, treatment, and monitoring. Various risk analysis techniques are also presented, along with the application of the risk management process to a case study on developing a synthetic aperture radar system.

1. RISK MANAGEMENT
Graduation project 2017
Under Supervision of:
Dr. Mohamed Anwar El-Dardiry.

2. WHAT IS RISK?
Uncertain event which affects the
achievement of the objectives.

4. RISK & UNCERTINITY
All risks are uncertain but not all
uncertainties are risks.

5. POSITIVE & NEGATIVE RISKS

6. Risk types
Business Risk
Operational
Risk
Strategic Risk Legal Risk

7. RISK MANAGEMENT
It is the process of identifying, analyzing and
treating risks which affect the objectives.

8. PRINCIPLES OF RISK
MANAGEMENT
1. Risk management adds value.
2. Risk management is part of decision making.
3. Risk management is integral part of the
organization.
4. Risk management is a continuous process.

9. BENEFITS OF RISK MANAGEMENT
1. Increase the likelihood of achieving objectives.
2. Encourage proactive management.
3. Improve voluntary reporting.
4. Minimize losses.

10. IMPELEMENTATION OF RISK
MANAGEMENT
1. Establishing the context
To ensure that all significant risks are captured it is
necessary to know the objectives of the organization.

11. ESTABLISHING THE EXTERNAL CONTEXT
It is the external environment in which the
organization seeks to achieve its objectives.
ESTABLISHING THE INTERNAL CONTEXT
It is the internal environment in which the
organization seeks to achieve its objectives.

12. RISK IDENTIFICATION
This step includes identifying risks that may occur and
affect the achievement of the organization’s
objectives.
Also identifies causes and consequences of risks and
the area of impact.

13. RISK IDENTIFICATION
CHALLENGES
1. Identifying all risks
2. When a risk is not a risk

14. TECHNIQUES OF RISK
IDENTIFICATION
1. Brainstorming
 It is an interactive technique.
 Suitable for the initial identification of risks particularly for
large and unique projects.
 No judgements.

16. 2. Checklist
 A Technique to simplify the identification of risks.
 Checklist of standard risks from previous projects that are
known to arise.
 Suitable for projects that are standard or routine in nature.

17. 3. Interviews

18. WHAT IS RISK ANALYSIS?
 Determining the consequences and their probabilities
for identified risk events.
 Consequence determines the nature and type of
impact which could occur assuming that a particular
event situation or circumstance has occurred.
 The probability is that those consequences can occur.

19. METHODS USED IN ANALYZING
RISK
 Qualitative Analysis: the description of each risk and its
impacts or a subjective labelling of each risk (e.g. high/low) in
terms of both its impact and its probability of occurrence.
 Quantitative Analysis: Practical values for consequences and
their probabilities.

20. RISK ANALYSIS TECHNIQUES
 Failure modes and effects analysis (FMEA)
FMEA is a technique used to identify failure modes of the various
parts of a system and mechanisms, and their effects on
outcomes.

21. Event tree analysis (ETA)
 representing the sequences of events (out comes) due
to initiating event of the system that was designed to
reduce the initiating event consequences

22. Fault tree analysis (FTA)
 starts with the undesired event (top event) and
determines all the ways in which it could occur.

23. Risk evaluation
 Compares the identified and analyzed risk against given risk
criteria.
 Risk criteria represent the level of risk that the organization
sets out as acceptable or non-acceptable.
 Decisions:
1. whether a risk needs treatment.
2. priorities for treatment.

24. RISK TREATMENT
Determining what will be done in response to the
risks that have been identified.

25. SELECTING OF RISK TREATMENT
OPTIONS
 Selecting the most appropriate risk treatment option involves
balancing the costs and efforts of implementation against the
benefits derived.

26. RISK AVOIDANCE
 Strategies are directed to eliminating sources of risk or
reducing the likelihood of their occurrence.

27. RISK MITIGATION
 Minimizing the consequences of risks.
 Risk will take place and can not be avoided.
 The likelihoods of other risks may be reduced by risk
prevention strategies.

28. RISK SHARING
 Share the consequences of risks with the contract agreed
parties.
 Contracts are negotiated between an organization and its
suppliers or sub-contractors.

29. RISK ACCEPTANCE
 Accept a certain risk and live with it as its consequences to the
organization are simple.
 When the cost of treating such risks are much more than the
cost of not treating them.

30. INSURANCE
 Is a well-known risk sharing strategy.
 Used for physical assets and a limited range of commercial
risks.
 Purchasing organizations frequently require their suppliers to
have insurance policies These policies cover specific physical
risks, such as damage to goods in transit.

31. MONITORING & REVIEW
Continuous monitoring and review of risks is an
important part of implementation. It ensures that
new risks are detected and managed.

32. REGULAR MONITORING PROCESS
Regular meetings should be held to ensure that all
the important risks are examined.

33. UPDATING THE RISK REGISTER
 The risk register database is the main risk management
tool for monitoring the risk management process within
the project. It lists the ranked risks and references the
associated risk action plans.
Keeping the risk register up to date is very important.
New risks will be identified and will be entered into the
risk register. Risks that have been managed, avoided or
are no longer relevant can be removed from the risk
register.

34. COMMUNICATION & REPORTING
Reasons for communication:
Communication within the project team
Communication with an owner or client

35. REPORTS
 Formal reporting may be required for large or particularly
risky projects.
 What is large or risky depends very much on the organization
and its own policies and procedures. For example, some
companies undertake and report on formal risk analyses only
on very large projects, while others perform them routinely on
relatively small activities.

36. CASE STUDY: SYNTHETIC
APERATURE RADAR (SAR)
 (SAR) is a form of radar that is used to create two- or three-
dimensional images of objects, such as landscapes.

37. BACKGROUND
 The project of this case study is the development of an
experimental Synthetic Aperture Radar (SAR).
 Due to the high costs of test flights, the synthetic aperture is
obtained by operating the radar on a rail on a building roof.
 The project has been running at Defencetek over a number of
years. The objective for 2001 was to obtain the first images.
 At the point that the risk management process was started,
the outstanding work for the year, that was considered risky,
was as follows:

38. Work Breakdown Structure (WBS) of the
RoofSAR work included in the risk process.

39. RISK MANAGEMENT PROCESS

40. DEFINE PHASE
This phase involved the definition of project
stakeholders, documenting project objectives,
documenting of the design as well as the updating of
the WBS and schedule.

41. FOCUS PHASE
 This phase involved the identification of the risk management
stakeholders and also documented the risk management
process to be followed. The corporate level risks were also
identified as well as the resources and schedule for the risk
management process.

42. IDENTIFY PHASE
 The risk identification was carried out with the help of the
project system engineer and the project engineer. Risks were
identified per WBS item.

43.  For each identified risk a risk response was decided upon,
written on another Post-it and attached to the risk identified.

44. STRUCTURE PHASE
 During the structure phase, a risk distribution matrix was drawn on a
whiteboard. Each risk was then allocated a place on the matrix. A risk
prioritization table was compiled using this matrix. A more detailed risk
response was then developed for risks with a priority of it.

45. OWNERSHIP PHASE
 During this phase, the name of the person responsible for the
risk was written on the Post-it detailing each risk. This was
used to complete the risk responsibility allocation table.

46. ESTIMATE PHASE
EATIMATION OF LIKELIHOOD TABLE

47. Impact of risk determination table (Estimation of impact)
Task level risk impact determination

48. Risk likelihood and impact determination

49. EVALUATE PHASE
 During the evaluate phase the likelihood and impact
determined during the estimate phase were used to
determine a risk value both for the high-level tasks and then
at the level of each risk as follows:
Risk = Likelihood*Impact

50. but a qualitative risk rating will then be given to each task
using this Table , also taking into account that risks with
high impact are important.
Qualitative rating of risks.

51. High-level tasks risk ratings.

52. Note that where the impact of a risk is above 0.8, the risk obtained a qualitative
rating of high, whether the risk value was above 0.8 or not. This is due to the
fact that risks with high impact need to be carefully managed.
Ratings per identified risk.

53. PLAN PHASE (TREATMENT)
 During the plan phase the detailed risk responses developed
during the structure phase were updated. Thereafter the
project WBS, detailed activity level statements of work and
schedule were also updated.

54. MANAGE PHASE (MONITORING)
 All the risks identified during the risk management plan
compilation were monitored in a weekly progress meeting.
Each risk was assigned a status of: In process, Completed or
Pending. Where a risk was in process an indication was given
of what the required action was in order to overcome the risk.
Where a risk was completed a completion, date was indicated.
Pending only applied to risks that were not expected to affect
the project in the next two weeks.

56. CONCLUSION
 The risk management process added a lot of value to the
RoofSAR project. The main benefit was that the project team
was aware of the risks which could then be managed.
 Several of the risks originally identified materialized and due
to the risk analysis did not negatively affect the success of the
project.