PMI Project Risk Management

People. Processes. Technology. Results. By: Yasser M. El-Sheikh RTA - Public Transport Projects

Agenda

Risk Management Knowledge Sharing session Introductions and Overview Risk Management Planning Risk Identification Qualitative Risk Analysis Quantitative Risk Analysis Risk Response Planning Risk Monitoring & Control 05 mins 10 mins 10 mins 10 mins 10 mins 10 mins 10 mins 20 mins 10 mins

Sample Questions Open Discussions

Project Risk Management - Overview

The objectives of Project Risk Management are to increase the probability and impact of positive events, and decrease the probability and impact of events adverse to the project.
Key Process Areas Risk Management Planning deciding how to approach, plan, and execute the risk management activities for a project Risk Identification determining which risks might affect the project and documenting their characteristics Qualitative Risk Analysis prioritizing risks for subsequent further analysis or action by assessing and combining their probability of occurrence and impact Quantitative Risk Analysis numerically analyzing the effect on overall project objectives of identified risks Risk Response Planning developing options and actions to enhance opportunities, and to reduce threats to project objectives Risk Monitoring & Control tracking identified risks, monitoring residual risks, identifying new risks, executing risk response plan, and evaluating their effectiveness throughout the project life cycle

Risk Management Planning

People. Processes. Technology. Results.

Risk Management Planning

Risk Management Planning : Inputs, Tools & Techniques, and Outputs

Risk Management Planning Objectives

How to approach and conduct Risk Management activities Prepare Risk Management Plan

Risk Management Planning : Inputs

1. Enterprise Environmental Factors Risk Attitudes Risk Tolerance Risk Categories Common Definition of Concepts and terms Standard templates Roles and Responsibilities

2. Organizational Process Assets

3. Project Scope Statement 4. Project Management Plan

Risk Management Planning : Tools & Techniques

1. Planning Meetings and Analysis Basic plan for conducting Risk Management activities Risk Cost Elements Risk Scheduled Activities Risk responsibilities Tailoring of Organization templates

Risk Management Planning : Outputs

1. Risk Management Plan Methodology Roles and Responsibilities Budgeting Timing Risk Categories Definition of risk probability and impact Probability and impact matrix Revised stakeholders tolerance Reporting Format Tracking

Risk Identification

People. Processes. Technology. Results.

Risk Identification Process

Risk Identification Objectives

Determining Risks that could impact the project Documenting project risk characteristics

Risk Identification: Inputs

1. Enterprise Environmental Factors Published Information Commercial databases Academic studies Benchmarking and other Industry studies Historical experiences Uncertainty in project assumptions Assignment of roles and responsibilities Provision for Risk Management activities in Schedule and Budget Categorizing Risks

2. Organizational Process Assets 3. Project Scope Statement 4. Risk Management Plan

5. Project Management Plan

Risk Identification: Tools & Techniques

1. Documentation Reviews Performing structured reviews of Project artifacts Brainstorming Delphi Technique Interviewing Root Cause Identification SWOT Analysis Developing Risk identification checklist based on historical precedence's 2. Information Gathering Techniques

3. Checklist Analysis

4. Assumptions Analysis 5. Diagramming Techniques Cause-and-effect diagram System or process flow charts Influence diagrams

Risk Identification: Outputs

1. Risk Register List of identified risks List of potential responses to a risk Root causes of risk Updated risk categories

Qualitative Risk Analysis

People. Processes. Technology. Results.

Qualitative Risk Analysis

Qualitative Risk Analysis Objectives

Determining the priority of the identified risks Ranking the risk by priority Determining the impact on the project objectives

Qualitative Risk Analysis : Inputs

1. Organizational Process Assets Data about risks on past projects Lessons learned knowledge base Projects of common or recurring type Projects using first-of-its-type technology Roles and responsibilities Budget, and schedule activities for risk management Risk Categories Definition of probability and impact Probability and impact matrix Revised stakeholders tolerance

2. Project Scope Statement

3. Risk Management Plan

4. Risk Register

Qualitative Risk Analysis : Tools & Techniques

1. Risk Probability and Impact Assessment Risk assessment by interviews Meetings with participants Risk ratings Classification of risks as high, moderate and low Risk Score Card Accuracy Quality Integrity of data about risk By sources of risk By area of project affected

2. Probability and Impact Matrix

3. Risk data Quality Assessment

4. Risk categorization

5. Risk Urgency Assessment

Qualitative Risk Analysis : Outputs

1. Risk Register Updates Relative ranking or priority list of project risks Risks grouped by categories List of risks requiring responses in the near term List of risks for additional analysis and response Watchlists of low priority risk Trends in qualitative risk analysis results

Quantitative Risk Analysis

People. Processes. Technology. Results.

Quantitative Risk Analysis

Overview

Performed on the Risks already prioritized by QRA Assigns the numerical value to the risk. Various techniques for assigning the numerical values Monte Carlo Simulation and Decision tree Analysis.

Objectives

Quantify the possible outcome of risk and its probability Identify the realistic and achievable cost, schedule and scope of the project Determine the management decision GO or NO-GO

Quantitative Risk Analysis

Quantitative Risk Analysis : Input

1. Organizational Process Asset 2. Information on similar risk in other projects, Risk database and study of similar risk by specialist

Project Scope Statement Initial Risk identification

3.

Risk Management Plan Roles and Responsibilities, risk categories, revised stakeholders

4.

Risk Register List of identified risks, Risk ranking and Risk Categorization

5.

Project Management Plan Project Schedule Mgt Plan

Controls Project schedule

Project Cost Mgt Plan

Controls Project budget

Quantitative Risk Analysis : Tools & Technique

1. Data Gathering
Interviewing Info collected for Cost Optimistic (low), Pessimistic (High) and most likely (Medium)

Expert Judgment SMEs validate the risk and data

Quantitative Risk Analysis : Tools & Technique

2. Modeling Techniques Sensitivity Analysis helps to determine which risks have most impact on project

EMV Analysis Expected monetary value is a statistical concept and calculates the average outcome of future scenario EMV = Each possible outcome of risk x probability of occurrence

Decision Tree Analysis It is a method to determine which of two decisions is the best to make e.g. Buy-verses-Build scenario, Lease-or-purchase equations, and use in-house resources rather than outsourcing.

Quantitative Risk Analysis : Output

1. Risk Register Updates Probabilistic analysis of the project Probability of achieving cost and time objectives Prioritized list of Risks that pose greatest threat or greatest opportunity. that influence the critical path That require greatest cost contingency.

Risk Response Planning

People. Processes. Technology. Results.

Risk Response Planning

Risk Response Planning is the process of developing options, and determining actions to enhance opportunities and reduce threats to the project objectives.

Risk Response Planning Objectives

How to approach and conduct Risk Response Planning Prepare Risk response Plan

Risk Response Planning : Inputs

1. Risk Management Plan Some components of the Risk Management Plan that are important inputs to Risk Response Planning may include risk thresholds for low, moderate, and high risks to help understand those risks for which responses are needed, assignment of personnel and scheduling and budgeting for risk response planning. Important inputs to Risk response planning include the relative rating or priority list of project risks, a list of risks requiring response in the near term, a list of risks for additional analysis and response, trends in qualitative risk analysis results, root causes, risks grouped by categories, and a watchlist of low priority risks.

2. Risk Register

Risk Response Planning : Tools & Techniques

1. Strategies for Negative Risks or Threats Avoid Transfer Mitigate Exploit Share Enhance Acceptance Contingent Response Strategy

2. Strategies for Positive Risks or Opportunities

3. Strategy for both Threats and Opportunities 4. Strategies for Negative Risks or Threats

Risk Response Planning : Outputs

1. Risk Register (Updates) Identified Risks, their descriptions, area of project affected, their causes, and how they may affect project objectives. Risk owners and assigned responsibilities Prioritized lists of project risks and probabilistic analysis of the project Agreed upon response strategies Specific actions to implement the chosen response strategy Symptoms and warning signs of risks occurrence Budget and Schedule activities required to implement the chosen responses Contingencies reserves of time and cost designed to provide for stakeholders risk tolerances Contingency plans and triggers that call for their execution Fallback plans for use as a reaction to a risk that has occurred, and the primary response proves to be inadequate Residual risks that are expected to remain after planned responses have been taken, as well as those that have been deliberately accepted. Secondary risks that arise as a direct outcome of implementing a risk response.

Risk Response Planning : Outputs

Contingency reserves that are calculated based on the quantitative analysis of the project and the organisations risks thresholds. Risk response strategies, once agreed to, must be fed back in to the appropriate processes in other knowledge areas, including the projects budget and schedule. Contractual agreements, such as agreements for insurance, services, and other items as appropriate, can be prepared to specify each partys responsibility for specific risks, should they occur.

2. Project Management Plan (Updates)

3. Risk-Related contractual Agreements

Risk Monitoring & Control

People. Processes. Technology. Results.

Risk Monitoring & Control Process

Risk Monitoring & Control Objectives

Identify, analyze and plan for newly arising Risks Keeping track of the identified risks Reanalyzing existing risk Monitoring trigger conditions Reviewing the execution of risk responses Determine the project assumptions if they are still valid Determine if Risk, as assessed, has changed from its prior state, with analysis of trends Determine risk management policies and procedures are being followed Determine whether Contingency reserves of cost or schedule are modified in line with the risk of the project

Risk Monitoring & Control : Inputs

1. Risk Management Plan Risk Owners Agreed upon risk Responses Specific implementation actions Residual and secondary risk Low priority risk Time and cost contingency reserves

2. Risk Register 3. Approved Change Requests Impact on risk register Impact on risk response plan Impact on risk management plan

Risk Monitoring & Control : Inputs

4. Work Performance Information Project deliverables status Corrective actions Performance reports Project work performance

5. Performance Report

Risk Monitoring & Control : Tools & Techniques

1. Risk Reassessment Identification of new Risk Reassessment of the risk Document the effectiveness of risk response Document the effectiveness of risk management process Performance reports Earned Value Analysis Trend analysis

2. Risk audits

3. Variance and Trend Analysis

3. Reserve Analysis 4. Technical Performance Measurement 5. Status Meetings

Risk Monitoring & Control : Outputs

1. Risk Register Updates Outcomes of Risk reassessment, Risk Audits and Risk Reviews Outcome of Projects risk, and of risk responses

2. Requested Changes 3. Recommended Corrective Actions Contingency Plan Workaround Plans

4. Recommended Preventive Actions 5. Organizational Process Assets Updates 6. Project Management Plan Updates

The risk management process

1.Likelihood
2.Describe the scoring system for measuring the likelihood of the risk eventuating. Example:

Title
Very Low Low Medium High Very High

Score
20

Description
Highly unlikely to occur; however, still needs to be monitored as certain circumstances could result in this risk becoming more likely to occur during the project Unlikely to occur, based on current information, as the circumstances likely to trigger the risk are also unlikely to occur Likely to occur as it is clear that the risk will probably eventuate Very likely to occur, based on the circumstances of the project Highly likely to occur as the circumstances which will cause this risk to eventuate are also very likely to be created

40 60 80 100

1.Impact
2.Describe the scoring system for measuring the impact of the risk. Example:

Title
Very Low Low Medium High Very High

Score
20 40 60 80 100

Description

Insignificant impact on the project. It is not possible to measure the impact on the project as it is minimal Minor impact on the project, e.g. < 5% deviation in scope, scheduled end-date or project budget Measurable impact on the project, e.g. 5-10% deviation in scope, scheduled end-date or project budget Significant impact on the project, e.g. 10-25% deviation in scope, scheduled end-date or project budget Major impact on the project, e.g. >25%% deviation in scope, scheduled end-date or project budget

1.Priority
2.Establish the priority of each risk by identifying the likelihood of the risk's eventuating and its impact on the project. Once the likelihood and impact scores have been allocated, the priority score should be calculated as follows: Priority equals the average Likelihood and Impact score This is calculated as Priority = (Likelihood + Impact) / 2

ID
1.1 1.2 1.3 2.1 2.2 2.3

Likelihood
20 80 100 40 80 20

Impact

Priority Score
50 70 70 30 80 50

Rating
Medium High High Low Very High Medium

80 60 40 20 100 80

THE WORLD OF RISK

Transfer
TRANSFER Transfer the risk or the consequences Of the risk to a Third party, self Finance mechanism or to the insurance market TERMINATE Terminate the potential risk in the business the probability of occurrence is to high / when it occurs. The severity / financial impact will be too great for your business.

Terminate

HOW TO MANAGE Risk

TOLERATE Accept the risks probability and severity impacts will not adversely affect the business or you are able to manage those risks internally. TREAT Accept the risks - probability of occurrence is high, Severity impacts will not adversely affect the business or you are able to manage those risks internally by providing protection systems & procedures.

Tolerate

Treat

THE WORLD OF RISK

Severity

Transfer

Terminate

Tolerate 0

Treat

Probability

THE WORLD OF RISK

Severity 10 Risk

10 Probability

THE WORLD OF RISK

Severity 10 Risk

10 Probability

Thank you

People. Processes. Technology. Results.