PROJECT
RISK MANAGEMENT
Ammar Bukhari
WHAT IS A RISK
RISK:
Threat / Uncertainty of Outcome
probability that an action or event, will adversely or beneficially affect an
organization's ability to achieve its
objectives
RISK VS ISSUE
Risk
Future event
May impact triple constraint
(Budget, scope and schedule).
Issue
Present problem
Influencing triple constraints.
Risk can become an issue
Issue is not risk
it already happened.
RISK VS ISSUE
TODAY FUTURE
ISSUE RISK
WHAT IS PROJECT RISK MANAGEMENT?
Project Risk Management
:
- An uncertain event or condition that, if it occurs, has a positive or negative effect on the Project
Objectives
(Scope, Schedule, Cost, Quality)- one of knowledge areas including the processes
required to ensure timely completion of the project
PROCESS GROUPS & RISK MGMT ACTIVITIES
Initiating Planning Executing Controlling Closing
1. Plan Risk Management 2. Identify Risks
3. Perform Qualitative Risk Analysis
4. Perform Quantities Risk Analysis
5. Plan Risk Responses
6. Monitor &
Control Risks
1. Plan Risk Management
Inputs
1. Project Scope Statement 2. Cost Management Plan 3. Schedule Management Plan 4. Communications Mgmt Plan 5. Enterprise Environ. Factors 6. Organizational Process Assets
Outputs
1. Risk Management Plan
Tools & Techniques
1. Planning Meetings and Analysis
- Defining how to conduct risk management activities.
RISK MANAGEMENT PLAN
Documents the procedures for managing
risk throughout the project
RISK MANAGEMENT PLAN
Includes:
Methodology
R&R
Budget
Schedule
Risk Categories
Using risk breakdown structure (RBS)
Probability and Impact Matrix
Stake Holders Tolerance
Reporting Formats
Risk Documentation
RISK MANAGEMENT PLAN
Methodology:
Define the tools, approaches, and data sources used within the project performing risk
management.
Roles and Responsibility
Who lead, support, and be a member and What activities are they responsible for within Risk Management Plan
Budget:
Risk management cost in terms of resources, buffers for baseline and contingency reserve
RISK MANAGEMENT PLAN
Schedule
Risk schedule within the project defining when risk management process will be followed
throughout the project life cycle
Risk Categories
Using RBS to identify and categorize risks
Probability and Impact Matrix
ranking between low, moderate, high related to the risk effect on project’s objectives
RBS
IMPACT MATRIX
RISK MANAGEMENT PLAN
Stake Holders Tolerance
Expectation of stakeholders tolerance level, in terms of cost, resources, budget, and schedule
Reporting Formats
Risk reports formats / documents
Risk Documentation
how risk activities tracked/documented
for future audits, and lesson learned
CONTINGENCY, FALLBACK PLANS, CONTINGENCY RESERVES
Contingency plans
predefined identifying risk event occurs
Fallback plans
for high impact risks on project objectives
Contingency reserves
provisions held to reduce the risk cost or schedule overruns to an acceptable level
SAUDI AIR LINES CASE
Flight Operation
Information System (FOIS)
AirCrew System
2. IDENTIFY RISKS
Inputs
1. Risk Management Plan 2. Activity Cost Estimates 3. Activity Duration Estimates 4. Scope Baseline
5. Stakeholder Register 6. Cost Management Plan 7. Schedule Management Plan 8. Quality Management Plan 9. Project Documents
10.Enterprise Environ. Factors 11.Organizational Process
Assets
Outputs
1. Risk Registers
Tools & Techniques
1. Documentation Reviews
2. Information Gathering Techniques:
(Brainstorming / Delphi / Interviewing
/ Root cause analysis) 3. Checklist Analysis 4. Assumption Analysis 5. Diagramming Techniques:
(Cause & Effect / Process flow chart / Influence Diagrams)
6. SWOT Analysis 7. Expert Judgment
- Determining which risks may affect the project and documenting their characteristics.
INFORMATION GATHERING TECHNIQUE
Brainstorming
Expectation of stakeholders tolerance level, in terms of cost, resources, budget, and schedule
Delphi Technique
Risk reports formats / documents
Interviewing
how risk activities tracked/documented
for future audits, and lesson learned
Root Cause Analysis
Checklist / Assumption / Diagramming / SOWT
ROOT CAUSE ANALYSIS
Checklist Analysis
Using historical records / learned lessons from previous projects and other sources
RBS Leafs in can be considered as items in the list
At project end, list can be reviewed and updated to be used in future projects
Assumption
Upon assumptions, some risks were identified and listed
ROOT CAUSE ANALYSIS
Diagramming Technique
diagrams can help to identify additional risks:
Cause and Effect
Process flow charts
Influence diagrams
CAUSE & EFFECT
ROOT CAUSE ANALYSIS
SOWT Analysis
Helps identify the broad negative and positive risks that apply to a project
RISK REGISTER
Document contains results of various risk management processes
Often displayed in a table or spreadsheet
Tool for documenting potential risk events and related information
No. Rank Risk Description Category Root
Cause Triggers Potential
Responses Risk
Owner Probability Impact Status
R44 1
R21 2
R7 3
3. PERFORM QUALITATIVE RISK ANALYSIS
Inputs
1. Risk register
2. Risk management plan 3. Project scope statement 4. Organizational process assets
Outputs
1. Risk register updates
Tools & Techniques
1. Risk probability and impact assessment
2. Probability and impact matrix 3. Risk data quality assessment 4. Risk categorization
5. Risk urgency assessment 6. Expert judgment
- Prioritizing risks for further analysis / action by assessing their probability of occurrence and impact.
TOOLS
Risk probability and Impact Assessment
This tool will look after:
Likelihood of each risk to happen
Its affect on project objectives
(Schedule, Cost, Quality, or Performance)
Probability and Impact Matrix
lookup table can be used identifying each risk importance and thus its priority
TOOLS
Risk data quality assessment
It evaluates data quality degree, so it will be useful for risk management
data to be more accurate, understood, and reliable
for more credibility results
Risk categorization
classify risks by:
RBS
Area will be affected
Any other reasonable type
TOOLS
Risk urgency assessment
Risks that
May happen soon
Response planning will take much time
Will be dealt as urgent to be processed quickly through this process
4. PERFORM QUANTITATIVE RISK ANALYSIS
Inputs
1. Risk register
2. Risk management plan 3. Cost Management Plan 4. Schedule Management Plan 5. Organizational process assets
Outputs
1. Risk register updates
Tools & Techniques
1. Data Gathering &
Representation Techniques
2. Quantities risk analysis and modeling techniques 3. Expert judgment
- Numerically estimating the effects of risks on project objectives.
TOOLS
RiskLikelihood Impact
Data Gathering & Representation Techniques
Interviewing
Probability distribution
Quantitative risk analysis and modeling techniques
Sensitivity analysis
Expected monetary value analysis
Modeling and simulation
DATA GATHERING &
REPRESENTATION TECHNIQUES
Interviewing
With concerned project team members, stakeholders, and Subject Matter Experts
Probability distribution
graphically displayed representing both time/cost element and probability
modeling and simulation techniques
Beta, triangular distributions, Discrete distribution
EXPECTED MONETARY VALUE (EMV)
the highest value of each competing option
Risk probability * risk monetary value
EXPECTED MONETARY VALUE (EMV)
SENSITIVITY ANALYSIS
technique used to show the effects of
changing one or more variables on an
outcome
MODELING & SIMULATION
Simulation uses a representation or model of a system to analyze the expected behavior or performance of the system.
Monte Carlo analysis
three estimates (most likely, pessimistic,
and optimistic)
5. PLAN RISK RESPONSES
Inputs
1. Risk register
2. Risk management plan
Outputs
1. Risk register updates 2. Risk-related contract
decisions
3. Project management plan updates
4. Project document updates
Tools & Techniques
1. Strategic for negative risks or threats
(Avoid / Transfer / Mitigate / Accept)
2. Strategies for positive risks or opportunities
(Exploit/ Share / Enhance / Accept)
3. Contingent response strategies
4. Expert judgment
- Developing options and actions to enhance opportunities and to reduce threats to project objectives.
TOOLS
Strategic for negative risks or threats
Risk avoidance
Change the plan to eliminate the risk or condition or to protect the project objectives from its impact.
Risk transfer
Shift the consequence of a risk to a third party,
through purchasing insurance, warranties, guarantees, or outsourcing the work.
Mitigation
Reduce the probability to an acceptable threshold, thus removing it from top risks.
Acceptance technique
Not to change the project plan to deal
Unable to identify any other suitable response
TOOLS
Strategic for positive risks or opportunities
Risk exploitation:
make sure the positive risk happens
Risk sharing:
allocating ownership of the risk to a party
Risk enhancement
changing the size of the opportunity by
identifying and maximizing key drivers of the positive risk
Risk acceptance
the project team cannot choose
not to take any action toward a risk
TOOLS
Contingent response strategies
Contingency plans
Specific actions that are to be taken when a potential problem occurs
Should be developed in advance
Helps ensure coordinated, effective, and timely response
Some plans may require backup resources that need to be arranged in advance
Contingency planning should be done only for the high-threat problems that remain after you’ve taken preventive measures
6. MONITOR AND CONTROL RISKS
PMP Workshop Tuesday, June 04, 2024
Inputs
1. Risk register
2. Risk management plan 3. Work performance
information 4. Performance Reports
Outputs
1. Risk register updates 2. Organizational process
assets updates 3. Change requests
4. Project management plan updates
5. Project document updates
Tools & Techniques
1. Risk reassessment 2. Risk audits
3. Variance and trend analysis 4. Technical performance
measurement 5. Reserve analysis 6. Status meetings
- Implementing risk response plans, tracking identified / new risks, monitor residual risks, and evaluating risk process effectiveness.
TOOLS
Risk reassessment
to measure where the project stands today on a risk issue.
After risk mitigation, the team can reassess the current risks by identifying new risks, or closing outdated risks.
Risk audits
Indication of the project team ability to identify, measure, and manage risks
Provide independent assessment of the risk management practices of the company
verifies that the company has appropriate risk
management control in compliance with approved risk policies and procedures
TOOLS
Variance and trend analysis
Helping to identify the factors that affect each element
its goal is to determine the causes of a variance
difference between expected result and an actual result
effective way to discover the sum causes of a result
Technical performance measurement
actual performance is tracked compared by project
management to the Technical Performance Measurement
TOOLS
Reserve analysis
Manage the reserve and use them only for risks keeping the project risk on track.
Additional reserve could be requested, or could be reduced if there is opportunity or threats
were not happened
SAMPLE PMP
CERTIFICATION
QUESTIONS
QUESTIONS
All of the following are factors in the assessment of project risk EXCEPT?
A. Risk event
B. Risk probability C. Amount at stake
D. Insurance premiums Answer D
Explanation Insurance premiums come into play when you determine which risk response
strategy you will use.
QUESTIONS
Which of the following risk events is MOST likely to interfere with attaining a project's schedule objective?
A. Delays in obtaining required approvals
B. Substantial increases in the cost of purchased materials C. Contract disputes that generate claims for increased
payments
D. Slippage of the planned post-implementation review meeting
Answer A
Explanation Cost increases (choice B) and contract disputes (choice C) will not necessarily interfere with schedule.
Notice the words "post-implementation" in choice D. It will not definitely interfere with the project schedule. Choice A is the only one that deals with a time delay
QUESTIONS
Risks will be identified during which risk management process(es)?
A. Quantitative risk analysis and risk identification B. Risk identification and risk monitoring and control
C. Qualitative risk analysis and risk monitoring and control D. Risk identification
Answer B
Explanation This is a tricky question. Risks are identified during risk identification, naturally, but newly emerging risks are identified in risk monitoring and control
QUESTIONS
Risk tolerances are determined in order to help:
A. the team rank the project risks.
B. the project manager estimate the project.
C. the team schedule the project.
D. management know how other managers will act on the project.
Answer A
Explanation If you know the tolerances of the stakeholders, you can determine how they might react to different
situations and risk events. You use this information to help assign levels of risk on each work package or activity
QUESTIONS
You are finding it difficult to evaluate the exact cost impact of risks. You should
evaluate on a(n):
A. quantitative basis.
B. numerical basis.
C. qualitative basis.
D. econometric basis.
Answer C
Explanation If you cannot determine an exact cost impact to the event, use qualitative estimates such as Low, Medium, High, etc
QUESTIONS
Purchasing insurance is BEST considered an example of risk:
A. mitigation.
B. transfer.
C. acceptance.
D. avoidance.
Answer B
Explanation To mitigate risk (choice A) we either reduce the probability of the event happening or reduce its impact. Many people think of using insurance as a way of decreasing impact.
However, mitigating risk is taking action before a risk event
occurs. Buying insurance is not such an action. Acceptance of risk (choice C) does not involve such action as purchasing insurance.
Avoidance of risk (choice D) means we change the way we will execute the project so the risk is no longer a factor. Transference is passing the risk off to another party
QUESTIONS
An output of risk response planning is:
A. residual risks.
B. risks identified.
C. prioritized list of risks.
D. impacts identified.
Answer A
Explanation Risks are identified (choice B) during risk
identification and risk monitoring and control. Prioritized risks (choice C) are documented during qualitative and
quantitative risk analysis. Impacts (choice D) are generally determined during quantitative risk analysis. The best
answer is A
QUESTIONS
The customer requests a change to the project that would increase the project risk.
Which of the following should you do before all the others?
A. Include the expected monetary value of the risk in the new cost estimate.
B. Talk to the customer about the impact of the change.
C. Analyze the impacts of the change with the team.
D. Change the risk management plan
Answer C
Explanation This is a recurring theme. First, you should evaluate the impact of the change. Next, determine options. Then go to management and the customer
