The document outlines the importance of technical risk management in projects, emphasizing the need for a systematic process that involves identifying, analyzing, and responding to risks to enhance project performance. It discusses various learning objectives related to risk management, including the development of risk management plans, identification of risks, and quantitative and qualitative analyses. Additionally, it provides insights into tools and methodologies for effective risk identification and mitigation planning.

1. CPM-200F: Technical Risk Management
Dr. William G. Chadick, D.M., PMP, EVP, CSSMBB
MCR, LLC
wchadick@mcri.com 719-330-0188
Date: October 2012
IPMC 2012
1

2. TLO #1: The student will recognize the importance of
technical risk issues and their impact on project
performance.
TLO #2: The student will summarize how risk
management involves all program team members.
TLO #3: The student will recognize the importance of
identifying, documenting, tracking, and managing risks and
opportunities.
TLO #4: The student will recognize the importance of
establishing a risk management plan
TLO #5: The student will recognize the importance of
establishing a plan to integrate risk management with EVM.
Learning Objectives
2

3. • Process and Definitions
• Risk Management
• Risk Identification
• Quantitative and Qualitative Analysis
• Risk Response
Lesson Outline
3

4. Prior Modules
By now you should have had modules on:
• Risk and Procurement Management
• Development of the WBS
• Critical Path Method
• Schedule Risk Analysis
4

5. PMBOK® Guide Risk Definition
Project risk is an uncertain event or condition that,
if it occurs, has a positive or a negative effect on
at least one project objective, such as time, cost,
scope, or quality
• Uncertainty, i.e., probabilistic in character
• Not an ISSUE
• Affect on dimensions of time, cost, scope, quality
TLO 1
5

6. PMBOK® Guide Risk Management
• Management Planning – how to approach, plan, execute
• Identification – determine risks that might affect project
• Qualitative Risk Analysis – prioritizing for further analysis
• Quantitative Risk Analysis – numerically analyzing effect
• Risk Response Planning – develop options and actions
• Risk Monitoring and Control – track, monitor, execute
TLO 1
6

7. What is Risk Management?
• “…the systematic process of identifying, analyzing
and responding to project risk.1”
• Includes, “developing risk-handling options,
monitoring risks to determine how risks have
changed, and documenting the overall risk
management program.2”
• Comprises both risk and opportunity management
1
A Guide to the Project Management Body of Knowledge (PMBOK® Guide), 4th Edition, Project Management Institute.
2
Risk Management Guide for DoD Acquisition Second Edition, Defense Systems Management College, Fort Belvoir ,VA,
May 1999.
TLO 1
7

8. Risk
Identification
Risk
Mitigation
Plan Implementation
Risk
Mitigation
Planning
Risk
Analysis
Risk
Tracking
The DoD Risk Management Process Model
AT&L Defense Systems Risk Guide
The Risk Management process includes:
• Identification
• Analysis
• Mitigation Planning
• Mitigation Plan Implementation
• Tracking
Focus is on Mitigation.
Opportunities not addressed.
TLO 2
8

9. Another Risk Management Process
(Chapman & Ward)
Consolidate information, identify
information needs
Scope the effort based on operational level
assessment
Identify potential risk and responses
Test assumptions about risk against the
overall project plan
Assign responsibilities
Identify areas of uncertainty
Synthesize, evaluate, and diagnose results
Finalize the plan for implementation
Ongoing control, monitoring and reporting
Define
Focus
Identify
Structure
Ownership
Estimate
Evaluate
Plan
Manage
TLO 2
9

10. TitleUse a Risk Management Process
TLO 2
10

11. Risk Plan
SECTION PURPOSE
Methodology Define the approaches, tools, and
data sources.
Roles and Responsibilities Define the lead, support, and
membership of the risk
management team.
Budget Establish a budget for risk
management.
Timing Establish how often and when risk
is assessed during the project life
cycle
Scoring and
Interpretation
Employ tool(s) to identify the risk
Scoring and
Interpretation
Employ Quantitative or Qualitative
tool (s) to assess the risk
Threshold Establish the criteria for acting on
risk: by whom and in what manner.
Tracking and Reporting Establish how risk will be
documented, analyzed, and
communicated to the project team,
stakeholders, and sponsors
PMBOK® Guide,
chapter 11
TLO 4
11

12. Managing Risk
• Have an overall process
• Have a plan, directive, etc., unique to the
program or project
• Identify and empower key people: PM, CAMs,
Engineer/Technical SMEs, Risk Manager
• Hold Risk Review boards with specified
frequency
• Use pertinent tools rigorously
TLO 4
12

13. PMBOK® Guide Risk Management
• Management Planning – how to approach, plan, execute
• Identification – determine risks that might affect project
• Qualitative Risk Analysis – prioritizing for further analysis
• Quantitative Risk Analysis – numerically analyzing effect
• Risk Response Planning – develop options and actions
• Risk Monitoring and Control – track, monitor, execute
TLO 3
13

14. Risk and Opportunity Identification
• What are the Risk Events in the Program?
– Known / Unknowns (can assess probability/consequence)
– Unknown / Unknowns (true uncertainty)
• Where are Risk Events Located in the Program?
– Technology, Design, T&E, M&S, Cost, Funding, Schedule
– Program Environment/Structure – Functional or Product or both
– Oversight and Politics…changing Department guidance/priorities
– US or World Markets – Election, Labor markets (hot/cold cycles)
• Analyze Root Cause/Source of Risk
– Tactical and Strategic (inside/outside PM Office)
– Product or Process (predicts the product problems)
Don’t narrow the vision of your Program
TLO 3
14

15. Risk Identification Tools
• Risk Breakdown Structure (RBS)
– Lists the categories and sub-categories of risk
– Associate risks with a Control Account on the WBS
• Risk Critical Path
– Along with tasks that are on the Critical Path…also
identify tasks that have technical or performance
challenges
• Flowchart Analysis
– Look for logic flow and task linkage
– Causal Flow Analysis/Influence Diagram is a flavor
• Checklisting
– Tasks not completed to standard are a risk
TLO 3
15

16. More Risk Identification Tools
• Cause and Effect Analysis
– Force Field Analysis
– Causal Flow Diagramming
– Isolate and analyze how variables interact
• SWOT Analysis
– Lists threats and opportunities
• Pareto Analysis
– Empirical 80/20 rule
• Fishbone/Ishikawa/Root Cause Tree
– Root cause analysis
• Earned Value Metrics
– Indicate risk with respect to Cost, schedule,
performance
TLO 3
16

17. Risk Identification
R e g u la to ry
N a tu ra l H a z a rd s
P o s tu la te d E v e n ts
S id e E ffe c ts
C o m p le tio n
E x te rn a l
U n p re d ic ta b le
M a rk e t R is k s
O p e ra tio n a l
E n v iro n m e n ta l
Im p a c ts
S o c ia l Im p a c ts
C u rre n c y C h a n g e s
In fla tio n
T a x a tio n
E x te rn a l
P re d ic ta b le
M a n a g e m e n t
S c h e d u le
C o s t
C a s h F lo w
L o s s o f P o te n tia l
In te rn a l
N o n -te c h n ic a l
C h a n g e s in
te c h n o lo g y
P e rfo rm a n c e
R is k S p e c ific to
te c h n o lo g y
D e s ig n
S h e e r S iz e o r
C o m p le x ity o f P ro je c t
T e c h n ic a l
L ic e n c e s
P a te n t R ig h ts
C o n tra c tu ra l
O u ts id e r S u it
In s id e r S u it
F o rc e M a je u re
L e g a l
R is k Id e n tific a tio n
Source: Max Wideman, “Project and Program Risk Management,” 1984.
TLO 3
17

18. Risk Identification
F u n d in g
P o lit ic a l S u p p o r t
S h a r e d T e c h n o lo g y
A s s o c ia t e
P e r fo r m a n c e
E x t e r n a l R is k s
P la n n in g
R e s o u r c e s
T o o ls
S k ills
S u b c o n t r a c t o r
P e r fo r m a n c e
I n t e r n a l R is k s
I m p le m e n t a t io n R is k s
S in g le p o in t o f
F a ilu r e
L im it e d life it e m s
E x p e n d a b le s
U n t e s t a b le s
P r o c e s s S e n s it iv e
R is k s o f F a ilu r e
R a d ia t io n
E x p lo s iv e s
P o t e n t ia l
E n e r g y
H ig h V o lt a g e
T o x in s
R is k s o f H a z a r d s
P r o d u c t R is k s
P r o je c t R is k
These can lead to project cancellation. These can lead to personal injury
or project failure
Source: Stephen Grey, “Practical Risk Assessment for Project Managers,” 1995.
TLO 3
18

19. Project Opportunities
N e w M a r k e t
N e w P r o d u c t
N e w A p p r o a c h
R e p o s it io n in g
S t r a t e g ic O p p o r t u n it ie s
S h o r t e n S c h e d u le
R e d u c e C o s t
I m p r o v e P r o c e s s e s
E lim in a t e u n n e c c e s s a r y
a c t iv it ie s
L e v e r a g e R & D
T a c t ic a l O p p o r t u n it ie s
P r o je c t O p p o r t u n it ie s
Source: Stephen Grey, “Practical Risk Assessment for Project Managers,” 1995.
TLO 3
19

20. Risk Identification
NATURAL
ENVIRONMENTAL
PROCESSES
BIOHAZARDS INDUCED
SABOTAGE/
TERRORISM
FLOOD ECO-TOXIC
ELEMENTS
MINING POISONOUS
CONTAMINATION
LAND SLIDE ALGAL BLOOMS HUMAN
DEVELOPMENT
DESTRUCTION OF
PIPELINES
FIRE INVASIVE SPECIES POLLUTION DESTRUCTION OF
PUMP STATIONS
EARTHQUAKE ACID DEPOSITION LAND USE CHANGE DESTRUCTION OF
FACILITIES
DROUGHT NATURAL ELEMENTS OVERFISHING SECURITY
GEOLOGIC RADON OVERGRAZING
LAND SUBSIDENCE EUTROPHICATION WATER TREATMENT
WASTE WATER
DISPOSAL
PESTICIDE
HERBICIDE
MERCURY
ARSENIC
CONTAMINANT
TRANSPORTATION
Risk Taxonomy for Water Projects-USGS definitions
TLO 3
20

21. Risk Identification
Sample WBS for Wastewater Treatment Plant (PMBOK® Guide)
Wastewater
Treatment Plant
Earlier
Phases
Design Construction
Later
Phases
Civil Drawings
Architectural Drawings
Structural Drawings
Mechanical Drawings
HVAC Drawings
Plumbing Drawing
Instrumental Drawing
Electrical Drawing
Headworks
Aeration Basin
Effluent Pumping Station
Air-Handling Building
Sludge Station
TLO 3
21

22. Risk Identification
Compare your WBS to your risk taxonomy…
Wastewater
Treatment Plant
Earlier
Phases
Design Construction
Later
Phases
Civil Drawings
Architectural
Drawings
Structural Drawings
Mechanical
Drawings
HVAC Drawings
Plumbing Drawing
Instrumental
Drawing
Electrical Drawing
Headworks
Aeration Basin
Effluent Pumping
Station
Air-Handling
Building
Sludge Station
NATURAL
ENVIRONMENTAL
PROCESSES
BIOHAZARDS INDUCED
SABOTAGE/
TERRORISM
FLOOD ECO-TOXIC
ELEMENTS
MINING POISONOUS
CONTAMINATION
LAND SLIDE ALGAL BLOOMS HUMAN
DEVELOPMENT
DESTRUCTION OF
PIPELINES
FIRE INVASIVE SPECIES POLLUTION DESTRUCTION OF
PUMP STATIONS
EARTHQUAKE ACID DEPOSITION LAND USE CHANGE DESTRUCTION OF
FACILITIES
DROUGHT NATURAL ELEMENTS OVERFISHING SECURITY
GEOLOGIC RADON OVERGRAZING
LAND SUBSIDENCE EUTROPHICATION WATER TREATMENT
WASTE WATER
DISPOSAL
PESTICIDE
HERBICIDE
MERCURY
ARSENIC
CONTAMINANT
TRANSPORTATION
Where they intersect lies risk!
TLO 3
22

23. Risk Identification
E n g in e e r in g S p e c ia lt ie s
I n t e g r a t io n a n d T e s t
C o d e a n d U n it T e s t
D e s ig n
R e q u ir e m e n t s
P r o d u c t E n g i n e e r i n g
W o r k E n v ir o n m e n t
M a n a g e m e n t M e t h o d s
M a n a g e m e n t P r o c e s s
D e v e lo p m e n t S y s t e m
D e v e lo p m e n t P r o c e s s
D e v e l o p m e n t E n v i r o n m e n t
P r o g r a m I n t e r fa c e s
C o n t r a c t
R e s o u r c e s
P r o g r a m C o n s t r a i n t s
S o ft w a r e D e v e lo p m e n t R is k
TLO 3
23
SEI Taxonomy for Software
Development Risk
ENVIRONMENTAL
RISK
OPERATIONAL
RISK
FINANCIAL RISK EXTERNAL RISK LAND RISK
Aesthetics Availability
Targets
Capital Cost Buy/Build capacity Easements
Conservation Communications
Compatibility
Disposal Costs Construction
Market
Gravel Supplies
Environmental
Compliance
Control
Room/SCADA
Economy Equipment
Supplies
Land Available
Distribution
Generation
Financing Growth Right-of-way
Exit Strategy Lease Options Local Forecast
Expansion
Flexibility
Net Present Value Location of Power
Needs
Facilities Needs Off Market Sales Military Plans
Fuels Profit Margin Outsourcing
Generation Ramp
Rates
Rate Impacts Political
Leveraging
Opportunities
Return of
Investment
Public
Input/Acceptance
Load Shape/Type Partnerships Regulatory
Major
Maintenance
Schedule
Budgeting Security
Quality Criteria O&M Labor Weather
Reliability Targets Run, repair, retrofit,
retire
Load Growth
Reserve Margins Regulatory
requirements
Equipment
Availability
Taxonomy for Risk to Utilities Projects
Taxonomy Customized for a
Particular Company

24. WBS to Schedule relationship
dependency
relationships between
tasks
distributed over time
according to
durations
Dream
House
1.0
Concrete
2.1
Roofing
2.2
Electrical
2.3
Interior
2.4
Framing
2.5
Plumbing
2.6
Sidewalks
2.1.1
Foundation
2.1.2
Patio
2.1.3
Driveway
2.1.4
Felt
2.2.1
Shingles
2.2.2
Roof Caps
& Soffits
2.2.3
Interior
Wiring
2.3.1
Outlets
& Switches
2.3.2
Service
Cable
2.3.3
Fixtures
2.3.4
Cable &
Telephone
2.3.5
Walls
2.4.1
Cabinets
2.4.2
Trim
2.4.3
Carpet
2.4.4
Paint
2.4.5
Fixtures &
Appliances
2.4.6
Exterior
Walls
2.5.1
Interior
Walls
2.5.2
Trusses
2.5.3
Sheathing
2.5.4
Roof
2.5.5
Waste
Lines
2.6.1
Water
Lines
2.6.2
Gas Lines
2.6.3
Fixtures
2.6.4
Project
Management
2.7
Architectural
Drawing
2.7.1
Permits &
Licenses
2.7.2
Loan
Processing
2.7.3
Grub the
Site
2.7.4
Inspection
Signoffs
2.7.5
WBS Tasks
Arranged in Network Flow Diagram
TLO 3
24

25. Risk Identification
Requirements
Analysis
Design Code Test
System
Implementation
User
Acceptance
TLO 3
25

26. Requirements
Analysis Design Code Test
System
Implementation
User
Acceptance
User Briefing
Data Prep
and Load
Prepare
Test
Environment
Write Test
Plan
User
Acceptance
Test
Component
test
Integration
Test
String
Test
Regression
Test
Risk Identification
TLO 3
26

27. Requirements
Analysis Design Code Test
System
Implementation
User
Acceptance
User Briefing
Data Prep
and Load
Prepare
Test
Environment
Write Test
Plan
User
Acceptance
Test
Component
test
Integration
Test
String
Test
Regression
Test
Thresh holds and
Trigger Points
Divergence Convergence
Risk Identification
TLO 3
27

28. Critical Path
1
27
32
21
22
231915
14
13
1812
201711
7
6
5
24
29
2826
25
30
8
9
4
1610
Identify your critical path using CPM
TLO 3
28

29. Risk Critical Path
1
27
32
21
22
231915
13
1812
201711
29
2826
25
30
8
9
4
24
5
7
6
14
10 16
Identify additional tasks that have technical or resource risks
TLO 3
29

30. Schedule Metric Explanation
1. Baseline Execution Index (BEI) (# Baseline Tasks Actually Completed) / (# Baseline Tasks Scheduled for Completion)
Note that this is DOD Tripwire metric.
2. Critical Path Length Index (CPLI) (Critical Path Duration + Float Duration (to baseline finish)) / (Critical Path Duration)
Note that this is DOD Tripwire metric.
3. Leads Are tasks missing Predecessor tasks?
4. Lags Are tasks missing Successor tasks?
5. Logic Does the network diagram have Conditional Loops, Hangers, or many tasks running in parallel?
6. Relationships Are most tasks defined as simple Finish-to-Start dependency relationships? Are there an excessive number of
tasks that have other dependencies (i.e., Start-to-Finish, Start-to-Start, Finish-to-Finish)?
7. Constraints Do tasks have constraining dates? An excessive amount of Date Constraints will affect the Logic and
Relationships between tasks.
8. Long Durations Do lower level Work Packages have long durations? Work Package durations of more than 30 days make it
difficult to assess earned value.
9. High Float Tasks with a high amount of Total Float/Slack. More than a month of float for any task on the Critical Path
should generate attention and require an explanation.
10. Negative Float Any task with negative Total Float/Slack should generate attention and require an explanation.
11. Resources Are resources (i.e., Labor, Material, Travel, ODCs, subcontractors) assigned to at least the level of the Control
Account (and ideally at Work Package level)?
12. Out of Sequence tasks Are all tasks on the schedule done in the correct technical sequence? Example: does testing logically follow after
preliminary design and development?
13. Critical Path Test Can a single critical path be identified? Does the critical path include LOE tasks?
14. Bad dates Do any milestone dates fall outside of the Period of Performance? Are milestone dates tied to a specific
deliverable?
DCMA 14 Point Schedule AnalysisDCMA 14 Point Schedule Assessment
TLO 3
30

31. Risk Identification
• Do an Assumptions Analysis
• Test the logic with an “If….Then” condition
statement
• Use a Fishbone/Ishikawa root cause analysis
TLO 3
31

32. Cause and Effect (Ishikawa) Diagram
CAUSES EFFECT
Time
EnvironmentPersonnelMeasurementEnergy
MaterialMethodMachine
Risk
Risk Identification
TLO 3
32

33. Risk Identification
Fishbone Right Angle
Tree1. Be sure that everyone agrees on the problem and its effect
2. Be succinct
3. For each node, identify causes and add them to the tree
4. Pursue each line of causality back to its root cause
5. Consider grafting relatively empty branches onto others
6. Consider splitting up overcrowded branches
7. Consider which root causes are most likely to merit further investigation.
TLO 3
33

34. Risk Identification
Is the assumption (????????) valid for (program dimension) with
respect to (Who, What, Where, etc.)?
TIME COST PERFORMANCE OTHER?
WHO
WHAT
YES
WHEN
or
WHERE
NO
WHY
HOW
Performing an Assumptions Analysis
TLO 3
34

35. Meta-language heuristics
Cause Event Effect
verb preposition
(will, do, are, etc.) (due to, as a result of)
Risk Identification
Floods will delay due to the
at our the start non-
availability
Mid-west of my of key
plant project personnel
TLO 3
35

36. • The most important discipline of risk management
• Use multiple tools to triangulate
• Use tools appropriate to your industry and project
• Validate/confirm/verify
• Identify trigger points or tripwire conditions
• Don’t overlook opportunities
Risk Identification
TLO 3
36

37. PMBOK® Guide Risk Management
• Management Planning – how to approach, plan, execute
• Identification – determine risks that might affect project
• Qualitative Risk Analysis – prioritizing for further analysis
• Quantitative Risk Analysis – numerically analyzing effect
• Risk Response Planning – develop options and actions
• Risk Monitoring and Control – track, monitor, execute
TLO 5
37

38. Risk Analysis Tools
• Qualitative
– P-I Matrix: rank order relative importance of risks
– Weighted Ranking: subjective ranking of risk factors
– Mini-Max: subjective ranking of risks
– Risk Rating Matrix: subjective ranking of risk factors
– Failure Mode and Effects Analysis (FMEA): subjective relationship of variables
• Quantitative
– Monte Carlo simulation: analysis of risk alternatives based on statistical
relationship of variables, e.g., Crystal Ball, ARM, or @Risk.
– Program Evaluation and Review Technique (PERT): analysis of schedule risk
based on normalized distribution.
– Decision Tree Analysis: probabilistic analysis of alternatives
– Sensitivity Analysis: probabilistic relationships between program variables
TLO 5
38

39. Risk Analysis Tools
TLO 5
39

40. Risk Analysis Tools
Risk: CAD Contract award delayed
Mitigation Plans:
– Source selection process
– Well defined selection criteria
– Four versions of draft RFP
– MS A scheduled for Aug 02
x
Schedule Risk #1
Risk: IOC of July 2008
Mitigation Plans:
– EVMS
– Contract Incentives
– Design off-ramps
– Need funding stability
x
Schedule Risk #2
Risk: Cost estimates inaccurate
Mitigation Plans:
– Better system definition
– Fund to CAIG estimate at MS B
– Cross-check PO model
– CAD Ktr bottoms-up estimate
x
Cost Risk #1
Risk: Cost Control
Mitigation Plans:
– CAIV
– EVMS
– Multi-year procurement
– Incentives in SD&D
x
Cost Risk #2
x
Technical Risk #1
Risk: System Integration
Mitigation Plans:
– JTRS MOA
– Modeling/simulation
– CAD demonstrations
– Interface Control IPTs
x
Technical Risk #2
Risk: Software development
Mitigation Plans:
– Software development plan
– SEI Level III certification
– OPTEVFOR EOA
– Independent assessment
TLO 5
40

41. Level Technical Schedule Cost
1 Minimal Impact Minimal Impact Minimal Impact
2
Minor performance shortfall,
same approach retained
Additional tasks required, able
to meet key dates
Development or acquisition
cost increase to < 1%
3
Moderate performance
shortfall, workarounds
Minor Schedule slip, will miss
need date without workaround
Development or acquisition
cost increase to > 1% & < 5%
4
Unacceptable performance but
workarounds available
Program critical path impact
but workarounds available
Development or acquisition
cost increase to > 5% & < 10%
5
Unacceptable performance
and no workarounds available
No known way to achieve
program milestones
Development or acquisition
cost increase to > 10%
Consequence
Level Existing Approach and Process
A Not Likely
…will effectively avoid or mitigate this risk based
on standard practices
B Low Likelihood
… have usually mitigated this type of risk with
minimal oversight in similar cases.
C Likely
… may mitigate this risk, but workarounds will be
required.
D Highly Likely
… cannot mitigate this risk, but a different
approach might.
E Near Certainty
… cannot mitigate this type of risk; no known
processes or workarounds are available
Likelihood
1 2 3 4 5
A
B
C
D
E
Likelihood
Consequence
Low
Medium
High
FAA Risk Analysis:
5x5 Matrix
What is the likelihood the risk will happen?
Given the risk is realized, what would be the magnitude of the impact?
Risk Analysis Tools
TLO 5
41

42. Probability-Impact Matrix
Risk Score for Specific Risk
Probability Risk Score = P X I
0.9 0.05 0.09 0.18 0.36 0.72
0.7 0.04 0.07 0.14 0.28 0.56
0.5 0.03 0.05 0.10 0.20 0.40
0.3 0.02 0.03 0.06 0.12 0.24
0.1 0.01 0.01 0.02 0.04 0.08
0.05 0.10 0.20 0.40 0.80
Impact on an Objective (e.g., cost, time, schedule, or scope)
Ratio Scale
TLO 5
42

43. Qualitative Risk Analysis
Source: A Guide to the Project Body of Knowledge, PMBOK® Guide , 4th
ed
Risk
Objective
Very Low
0.05
Low
0.10
Moderate
0.20
High
0.40
Very High
0.80
Cost Insignificant
increase
<10%
increase
10%-20%
increase
20%-40%
increase
>40%
increase
Schedule Insignificant
increase
<5% increase 5%-10%
increase
10%-20%
increase
>20%
increase
Scope Change
barely
noticeable
Minor change
affected
Major change
affected
Change
unacceptable
to sponsor
Change
defines new
project
Quality Change
barely
noticeable
Minor change
affected
Major change
affected
Change
unacceptable
to sponsor
Change
defines new
project
Risk Rating Matrix
TLO 5
43

44. Probability-Impact Matrix
Risk Opportunit
ProbabilityorLikelihoodofOccurrence
Small Moderate High Moderate Sm all
.1 .3 .5 .7 .9 .9 .7 .5 .3 .1
Impact or Consequence
HighMediumLow
.9.7.5.3.1
Risk Opportunity
ProbabilityorLikelihoodofOccurrence
Small Moderate High Moderate Small
.1 .3 .5 .7 .9 .9 .7 .5 .3 .1
Impact or Consequence
HighMediumLow
.9.7.5.3.1
TLO 5
44

45. Analysis of Risk
• Monte Carlo simulation
– Analysis of risk alternatives based on statistical
relationship of variables
– Use a tool, e.g., Crystal Ball, ARM, or @Risk
• Sensitivity analysis
– Probabilistic in nature
– Depends on ability to establish mathematical
relationships between program variables
• Decision Tree Analysis
– Probabilistic in nature
– Analysis of alternatives
• Program Evaluation and Review Technique (PERT):
‒ Analysis of schedule risk based on normalized distribution.
TLO 5
45

46. PMBOK® Guide Risk Management
• Management Planning – how to approach, plan, execute
• Identification – determine risks that might affect project
• Qualitative Risk Analysis – prioritizing for further analysis
• Quantitative Risk Analysis – numerically analyzing effect
• Risk Response Planning – develop options and
actions
• Risk Monitoring and Control – track, monitor, execute
TLO 5
46

47. Risk Responses
• Avoid
– Take action that side-steps or ends the threat
– Reorganize the project deliverables, schedule, etc.
• Mitigate
– Take action that reduces the impact
– Establish Management Reserve
– Contingency plan or workaround
• Transfer
– Somebody else pays
– Insurance and warranties
• Accept
– Low probability or small impact
– EOCAWKI
TLO 5
47

48. Risk Mitigation Options
A strategy to avert the potential of occurrence and/or consequence by selecting a different
approach or by not anticipating in the program.
A strategy to shift the risk to another area, such as another requirement, an organization, a
supplier, or a stakeholder. The transfer of the risk is accomplished primarily to optimize, in a
sense, the overall program risk and to assign ownership to the party most capable of
reducing the risk. It is possible that the risk level will change as a result of the risk transfer.
A strategy of developing options and alternatives and taking actions that lower or eliminate
the risk.
A strategy of simply accepting the likelihood/probability and the consequences/impacts
associated with a risk's occurrence. Assumption is usually limited to low risks. This is a
program/senior management option, not a program option. FAA practice is to develop
mitigation plans for all medium and high risks.
A mitigation strategy through expanding research and experience. Since risk arises from
uncertainty and inexperience, it may be possible to effectively mitigate risk simply by
enlarging the knowledge pool, leading to reassessment that reduces the likelihood of failure
or provides insight into how to lessen the consequences.
Avoidance
Transfer
Control
Assumption
Research and
Knowledge
FAA Risk Mitigation Strategies
*National Airspace System (NAS) Systems Engineering Manual - November 2002 – (http://www1.faa.gov/asd/SystemEngineering/index.htm).
TLO 5
48

49. Management Reserve
Budget At
Completion
Total
Project/Contract
Budget
Time
B
u
d
g
e
t
Program Risk-Adjusted Budget = Original Baseline
C B A
Project/Contract(s) Cost and Schedule Management Reserve
Program Cost and Schedule Management Reserve
Performance
Measurement
Baseline
Program
Risk-adjusted
Budget
A – Program Schedule
B - Risk adjusted schedule
C – Project/Contractor schedule
• Award Fee
• Authorized Unpriced
Work
• Negotiated Contract
Changes
TLO 5
49

50. Rules of Thumb for Estimating Management
Reserve
• Low risk = 0-5% of PMB
• Moderate risk = 5-15% of PMB
• High risk = 15-30% of PMB
Estimating Management Reserve
TLO 5
50

51. Estimating Management Reserve
Expected Monetary Value or Expected Value
EV = ($ at stake) x (Probability of an event happening)
= ($100,000) x ( .3 )
= $30,000
EMV = ($ at stake)x(Probability of an event happening)x(Impact)
= ($100,000) x ( .3 ) x (.9)
= $27,000
Σ EV or Σ EMV = Amount of dollars for MR
TLO 5
51

52. PMBOK® Guide Risk Management
• Management Planning – how to approach, plan, execute
• Identification – determine risks that might affect project
• Qualitative Risk Analysis – prioritizing for further analysis
• Quantitative Risk Analysis – numerically analyzing effect
• Risk Response Planning – develop options and actions
• Risk Monitoring and Control – track, monitor,
execute
TLO 5
52

53. Risk Monitoring and Control
Risk Register
TLO 5
53

54. Risk Tracking Form
Organization:
Project:
RISK DESCRIPTION
Risk ID: Date Risk Updated:
Risk Name: Risk Category:
Risk Status: Date Risk Identified:
Risk Impact Statement:
Warning Flags/Risk Milestones:
Related Projects:
Related Risks:
Background:
Comments:
RISK ANALYSIS
Probable Impact Date: Risk Timeframe:
Risk Probability: Overall Risk Impact:
Cost Impact Rating: Risk Consequence:
Schedule Impact Rating: Risk Priority:
Technical Impact Rating: Rank in Program:
Compliance and Oversight Rating: Rank in Organization:
Mitigation Plan: Rank in Project:
Risk Monitoring and Control
TLO 5
54

55. Intersection of Risk Management to
Earned Value Management
• Earned Value Metrics
–Identify variance with respect to project dimensions of Cost,
Schedule, and Performance
–Quantify the variance with CPI, SPI
•Manage risk at the WBS level of the element of work
TLO 5
55

56. • Have a sensible, over-arching process that fits
your industry and project
• Know the tools and use them correctly
• Triangulate…when you identify and quantify
• Verify and validate
• Track it and act on it
• Iterate for each major phase of your project
Conclusion
TLO 2
56

57. Contact Information
Dr. William G. Chadick, D.M., PMP, EVP, CSSMBB
MCR, LLC
wchadick@mcri.com
www.mcri.com
719-330-0188
57