A project manager’s work should not focus on dealing with problems; it should focus on preventing them. How would it feel to say, “No problem; we anticipated this, and we have a plan in place that will resolve it”. Performing risk management helps prevent many problems and helps make other problems less likely. I’m by no means an expert and would like to make this as interactive as possible. So if you have a point please make it.
There are 9 knowledge areas and we are talking about Risk Management the 8 th . Through risk management, the project changes from being in control of the project manager to the project manager being in control of the project. We can not stress the value of risk management enough. Risk management can greatly impact the efficiency and effectiveness of your projects and reduce stress for you and your team.
The following should help you understand how each part of risk management fits into the overall project management process . Risks are identified and managed starting in initiating and are continually kept up-to-date or added to while the project is underway. The project manager and the team look at what has happened on the project, the current status of the project and what is yet to come and reassess the potential threats and opportunities. Be careful! Risk are identified and managed starting in initiating and are continually kept up-to-date or added to while the project is underway. The project manager and the team look at what has happened on the project, the current status of the project, and what is yet to come and reassess the potential threats and opportunities This Diagram is misleading because risk management can happen in any of these processes
Talk about Plan Risk Management and why it’s not on this chart. This is a simpler way of thinking about risk. Where are the formal steps of ID risk, qualitative analysis, quantitative analysis, plan risk response, monitor & control risk? PM, sponsor, team, customer and other stakeholders are involved Risk management answers the following question. How will risk management be structured and how much time should we spend on it? Risk management efforts should be appropriate to the size and complexity of the project. How much time should be spent on risk management based on the needs of the project? How will the team go about performing risk management? Risk management includes risk management planning, risk identification, the qualitative and quantitative analysis of risks, risk response planning, and monitoring and controlling the risk responses. Through risk management, you work to increase the probability and impact of opportunities on the project (positive events), while decreasing the probability and impact of threats to the project (negative events) The six sequential risk management processes are listed. The risk management process is iterative. A risk event is something identified in advance that may or may not happen. If it does happen, it can have positive or negative impacts on the project. Threats are what can go wrong and negatively impact the project and opportunities are what could go right and positively affect the project.
Could somebody read the terms? Examples? Risk Prone – Someone who is willing to take big risk A Risk Averse person may think of 50% probability as quiet a high probability where as Risk prone person may not think of 50% as high probability.
Risk management is a very step-by-step, process-oriented part of project management, so expect to see risk management input and output questions on the exam. Keep in mind that many of the inputs to each individual risk management process are the outputs of the processes that came before it.
Methodology – How you will perform risk management for the particular project. Roles & Responsibilities – “Who will do what” Budgeting – Cost of the risk management process. Timing – Should start when you have the appropriate inputs and should be repeated throughout the life of the project, the degree of risk will change over the course of the project potentially. Risk Categories – External, Internal, Technical, Unforeseeable Definitions of probability & Impact – Risk adverse vs. Risk Prone – probability and impact matrix help standardize these interpretations and also help compare risks between projects. Stakeholder tolerances – Stakeholders have a low risk tolerance than impact is high. That information should be taken into account to rank cost impacts higher than if the low tolerance was in another area. Tolerances should not be implied, but uncovered in project initiating and clarified or refined continually. Reporting – Describes reports related to RM and how they will be used and what they will include. Tracking – Auditing, documentation regarding RM
Risk are identified through: Stakeholders, literature, reviews, research, nonstakeholders, etc. should be used. This is an iterative process. Everyone should be involved in risk identification! Everyone has a different perspective of the project and can provide thoughts on opportunities and threats. Smart project managers begin looking for risks as soon as a project is first discussed. High level risks is an output of the creation of the project charter.
Ways to identify risk. Documentation Reviews – including charter, contracts, and planning documentation, can help identify risks. Those involved in risk identification might look at this documentation, as well as lessons learned, articles, and other documents, to help uncover risks. This used to be a trick but is now standard practice.
These are other ways to identify risk/Collect requirements for projects
The risk register is where most of the risk information is kept. Think of it as one document for the whole risk management process that will be constantly updated with information as Identify Risks and the later risk management processes are completed. The risk register becomes part of the project documents and is included in historical records that will be used for future projects.
You need to analyze the risks, including their probability and potential impact on the project, to determine which ones warrant a response. The Perform Qualitative Risk Analysis process involves doing this analysis and creating a short list of the previously identified risk. Which risk warrant a response? Subjective Analysis Probability of each risk occurring The impact of each risk occurring
This matrix may be used to sort or rate risks to determine which ones warrant an immediate response and which ones will be put onto the watch list
Risk Register Updates Risk ranking comparison for the project List of prioritized risks with probability & impact ratings Risk grouped by categories List of risks for additional analysis and response List of risks requiring additional analysis Watchlist & Trends
As project manager, you should always do qualitative risk analysis, but quantitative risk analysis is not required for all projects and may be skipped in favor of moving on to risk response planning. You should proceed with quantitative risk analysis only if it is worth the time and money on your project. Risk assessment refers to the technique of identifying risks through quantitative risk analysis.
You need to know the following actions are part of quantitative risk analysis but not how to do them beyond what is explained in this chapter.
Monte Carlo analysis uses the network diagram and estimates to “perform” the project many times and to simulate the cost or schedule the results of the project. Monte Carlo Analysis cost, schedule or time simulation To evaluate a risk, you can look at the probability or the impact, but calculating the expected monetary value is a better measure to determine an overall ranking of risks.
If you have to choose between many alternatives, you should analyze how each choice benefits or hurts the project before making the decision. Decision trees can help you in this type of analysis. They are models of real situations and are used to make informed decisions about things like, “Which option should I choose?” or “How will I solve this problem?” by taking into account the associated risks, probabilities, and impacts. EMV determines overall ranking of risks. EMV = P * I (impact or outcome)
What are the risks that are most likely to cause trouble? To affect the critical path? That need the most contingency reserve? “The project requires another 50,000 and two months of time to accommodate the risks on the project?” “We are 95 percent confident that we can complete this project on May 25 th for $989,000 budget?” “We only have a 75 percent chance of completing the project within the $800,000 budget.” As you repeat quantitative risk analysis during project planning and when changes are proposed, you can track changes to the overall risk of the project and see any trends.
“What are we going to do now about each top risk?” In risk response planning, you find ways to reduce or eliminate threats, and you find ways to make opportunities more likely or increase their impact. “What should we do about residual risk?” Assign work involved in the responses to risk response owners When you have done risk management, your project will go smoother and faster; with significantly fewer complications, because avoidable problems were solved BEFORE they happened. You now have time to spend implementing reward systems, updating organizational process assets, creating lessons learned, preventing problems, assisting, coaching, and all the other items you might have thought you did not have time for. Can you eliminate all risk?
Risk Register Updates Residual Risk –risk that remain after risk response training Contingency Plans – plans describing the specific plans that will be taken if the opportunity or risk occurs Risk Response Owners – Each risk must be assigned to somebody Secondary Risk – Any new risks created by the implementation of selected risk strategies Risk Triggers – Events that trigger the contingency response Contracts – A project manager must be involved before a contract is signed Fallback plans o- These plans are specific actions thatt will be taken if the contingency plan is not effective Reserves (contingency) Having reserves for time and cost is a required part of project management
Make sure you realize that reserves are not an additional cost to a project. The risk management process should result in a decrease to the project’s projected time and cost. As risks are eliminated or their probability or impact reduced, there should be a reduction to the project’s schedule and budget. Contingency reserves are for the prespecified opportunities and threats that remain after the risk management process is completed. No matter what you do, risks will remain in the project, and there should be a time or cost allotment for them, just as cost or time is allotted to work activities on the project.
Flowchart of Identify Risk to Plan Risk Response
Other work that will be part of the Monitor and Control Risks process includes:
Common risk management errors Risk id is completed without knowing enough about the project Project risk is evaluated using only a questionnaire, interview, or Monte Carlo analysis and thus does not provide specific risks. Risk ID ends too soon, resulting in a brief list rather than an extensive list. See page 401
Risk Management – Fireman – Monitor and Control Risk - Questions
Risk Management Prepared by Stephen Penn October 6, 2012Information derived or quoted from Rita Mulcahy
Concepts and TermsUncertainty Lack of knowledgeRisk Factors 1. How likely a risk event will occur 2. Impact or amount at stake 3. When it will occur 4. How often it will occurRisk Averse Some one that does not want to take on riskRisk Tolerance Degree of risk acceptableRisk Thresholds Point at which risk becomes unacceptableRisk areas Project Constraints (scope, time, cost, etc)
Plan Risk Management •How much time should we spend? •Who will be involved? •How should we perform risk management?
“What will I have when I’m done with …?”• Risk Management Plan 1. Methodology 2. Roles & Responsibilities 3. Budgeting 4. Timing 5. Risk Categories 6. Definitions of probability & Impact 7. Stakeholder tolerances 8. Reporting & Tracking
Identify Risk (tools & techniques)Documentation Reviews Documents can help identify riskBrainstorming One idea generates anotherDelphi Technique Experts participate anonymouslyInterviewing Interview participants, stakeholders, expertsRoot Cause Analysis Reorganized by root causes to find more risk
Identify RiskSWOT Analysis Identifies strengths and weaknesses and thus riskChecklist Analysis Checklist of risk categories to identify riskAssumptions Analysis Validate assumptions which may lead to riskDiagramming Cause and effectTechniques diagrams and flowcharts
Outputs to Identify Risk• Risk Register Example
Perform Qualitative (Subjective) Risk Analysis(Probability and Impact Matrix)
•Watchlist•Risk Grouped by category•Risk Register Updates
• Numerically analyzing the probability and impact of risks• how risk could affect the objectives of the project 1. Determine risk that warrant a response 2. Determine overall project risk 3. Determine quantified probability to meet project objectives (e.g. 75% chance) 4. Determine cost and schedule reserves 5. Identify risks requiring more attention 6. Create realistic and achievable cost, schedule, or scope targets.
Quantitative Risk Analysis1. Investigate highest risks on the project2. Determine type of probability distribution3. Which risks have the most impact4. Determine quantified risk through EMV or Monte Carlo
Determine Quantitative Probability Impact• Interviewing •Expert Judgment•Cost & Time Estimating •EMV•Delphi Technique •Monte Carlo•Use of historical records •Decision Trees
Decision Tree – choose between many alternatives (Impact)
Quantitative 1. Prioritized list of quantified risk 2. Amount of contingency time and cost reserves needed 3. Realistic and achievable completion dates and project costs 4. The qualified probability of meeting objectives 5. Trends in quantitative risk analysis
“What are we going to do now about each top risk?”1. Eliminate the threats before they happen2. Make sure opportunities happen3. Decrease the probability and/or impact of threats4. Increase the probability and/or impact of opportunities• For Residual Threats 1. Contingency Plans 2. Fallback Plans
Monitor and Control RiskWorkarounds Unplanned responses to deal with problemsRisk Reassessments Review risk plan, risk register and update documentationRisk Audits Prepared by PM. Prove you have identified risk, have plans for major risk, risk response owners are prepared. How much reserve remains and howReserve Analysis much is needed (checkbook)Status Meetings Team meetings where risked is discussedClosing of Risks Close finished risk to focus on remaining risk
Outputs of Monitor & Control Risk1. Risk Register 1. Outcomes of risk assessment and risk audits 2. Updates to risk management and ID of new risk Updates 3. Closing of risk 4. Details of what happened 5. Lessons learned2. Change Requests Monitor & Control process will uncover changes3. PM Plan Updates Updates to schedule, cost, quality, hr, etc4. Project Doc Updates Roles & Responsibilities, stakeholder management, quality metrics5. Organization Process Risk templates like risk register, checklists, and other data which becomes historical records Assets Updates