Session 02: 10-12-2018

Introduction – Definitions – classifications –

project risk – scope, Project management –
definitions – overview – project plan.
Management principles applied to project
management, project management life
cycles and uncertainty
 What is RISK

 Any possible event or condition that, if it occurs,

has a positive or negative effect on a project’s
objectives.
 Events that planning can not overcome or control.
 Project Risk Management
Risk Management Overview

Project Lifecycle
Risk vs. Amount at Stake

I
CONCEPT DEVELOPMENT IMPLEMENT CLOSE
N
PHASE PHASE PHASE PHASE
C
R $
OPPORTUNITY AND RISK
E
A V
S A
PERIOD WHEN
I HIGHEST RISKS L
N ARE INCURRED U
G E

PERIOD OF
R HIGHEST
I RISK IMPACT
AMOUNT AT STAKE
S
K
 Risk Management
 Project risk management is the art and science of

identifying, analyzing, and responding to risk

throughout the life of a project and in the best
interests of meeting project objectives
 Risk management is often overlooked in projects,

but it can help improve project success by helping

select good projects, determining project scope,
and developing realistic estimates
 Recapitulation - Risk Management
 A proactive attempt to recognize and manage
internal events and external threats that affect the
likelihood of a project’s success.
 What can go wrong (risk event).

 How to minimize the risk event’s impact (consequences).

 What can be done before an event occurs (anticipation).

 What to do when an event occurs (contingency plans).

 What is risk management?
 Identifying, analyzing, prioritizing, and responding to
risk events
 Integration of risk management activities into your
other project management functions
 Developing responses to risk to meet your project
objectives
 Project risk management is PROACTIVE
 Risk Management’s Benefits
 A proactive rather than reactive approach.

 Reduces surprises and negative consequences.

 Prepares the project manager to take advantage

of appropriate risks.
 Provides better control over the future.

 Improves chances of reaching project performance

objectives within budget and on time.
Project Management Maturity by Industry Group and Knowledge Area*
Engineering/ Telecommunicat Information Hi-Tech
Knowledge Area Construction ions Systems Manufacturing

Scope 3.52 3.45 3.25 3.37

Time 3.55 3.41 3.03 3.50
Cost 3.74 3.22 3.20 3.97
Quality 2.91 3.22 2.88 3.26
Human Resources 3.18 3.20 2.93 3.18
Communications 3.53 3.53 3.21 3.48
Risk 2.93 2.87 2.75 2.76
Procurement 3.33 3.01 2.91 3.33
KEY: 1 = LOWEST MATURITY RATING 5 = HIGHEST MATURITY RATING

*Ibbs, C. William and Young Hoon Kwak. “Assessing Project Management Maturity,” Project Management Journal (March 2000).
 Managing Risk

Step 1: Risk Identification

 Generate a list of possible risks through brainstorming,
problem identification and risk profiling.
 Macro risks first, then specific events
 Brain storming for Risk Identification
 Chose a facilitator (best if other than the project
manager)
 Chose a scribe to capture the risks
 Use a category or categories to start the creativity
flowing
 Do not judge or analyze during this effort
 Focus on getting the universe of risks for your project
 Nominal Group for Risk Identification
 Gather the core team for a risk workshop

 Use flip charts or a whiteboard to collect info

 Begin by having each person identify potential areas of risk

 Then within each area have each person write at least 3-5

risk events

 Repeat until everyone has listed their risks

 Delphi Technique for Risk Identification
 Identify a facilitator
 The facilitator then identifies qualified experts to participate
 The facilitator poses questions to the experts individually
 The facilitator then analyzes the results to identify common
themes
 The results are then shared with the experts for validation
 The list is then refined and again shared with the panel
 The facilitator the creates a single results document
 Mind Mapping for Risk Identification
 Begin with a category of risk in the center represented by
a circle
 Major risks for that category are represented by lines
connecting with the circle
 For each major risk identify smaller risks that are part of
that risk
 Do not judge or evaluate at this time
 Continue until no more risks can be identified
 Managing Risk
Step 2: Risk Assessment
 Scenario analysis for event probability and impact
 Risk assessment matrix
 Failure Mode and Effects Analysis (FMEA)
 Probability analysis
 Decision trees, NPV, and PERT
 Semi-quantitative scenario analysis
 Managing Risk (cont’d)
Step 3: Risk Response Development
 Mitigating Risk
 Reducing the likelihood that an adverse event will occur.
 Reducing impact of adverse event.
 Avoiding Risk
 Changing the project plan to eliminate the risk or condition.
 Transferring Risk
 Paying a premium to pass the risk to another party.
 Requiring Build-Own-Operate-Transfer (BOOT) provisions.
 Retaining Risk
 Making a conscious decision to accept the risk.
 Managing Risk (cont’d)
Step 4: Risk Response Control
 Risk control
 Execution of the risk response strategy
 Monitoring of triggering events
 Initiating contingency plans
 Watching for new risks
 Establishing a Change Management System
 Monitoring, tracking, and reporting risk
 Fostering an open organization environment
 Repeating risk identification/assessment exercises
 Assigning and documenting responsibility for managing risk
 Contingency Planning (DR/BCP)
Contingency Plan
 An alternative plan that will be used if a possible
foreseen risk event actually occurs.
 A plan of actions that will reduce or mitigate the negative
impact (consequences) of a risk event.
Risks of Not Having a Contingency Plan
 Having no plan may slow managerial response.
 Decisions made under pressure can be potentially
dangerous and costly.
 Planning Risk Management
 The main output of this process is a risk management
plan—a plan that documents the procedures for
managing risk throughout a project
 The project team should review project documents and
understand the organization’s and the sponsor’s
approaches to risk
 The level of detail will vary with the needs of the project
Issues Addressed in a Risk Management Plan
 Methodology
 Roles and responsibilities
 Budget and schedule
 Risk categories
 Risk probability and impact
 Revised stakeholders’ tolerances
 Tracking
 Risk documentation
Contingency and Fallback Plans, Contingency Reserves
 Contingency plans are predefined actions that the
project team will take if an identified risk event occurs
 Fallback plans are developed for risks that have a high
impact on meeting project objectives, and are put into
effect if attempts to reduce the risk are not effective
 Contingency reserves or allowances are provisions held
by the project sponsor or organization to reduce the risk of
cost or schedule overruns to an acceptable level;
management reserves are funds held for unknown risks
that are NOT part of the cost baseline but ARE part of the
budget and funding requirements
 Risk and Contingency Planning
Technical Risks
 Backup strategies if chosen technology fails.
 Assessing whether technical uncertainties
can be resolved.
Schedule Risks
 Use of slack increases the risk of a late project finish.
 Imposed duration dates (absolute project finish date)
 Compression of project schedules due to a shortened
project duration date.
 Risk and Contingency Planning (cont’d)
Costs Risks
 Time/cost dependency links: costs increase when
problems take longer to solve than expected.
 Price protection risks (a rise in input costs) increase
if the duration of a project is increased.
Funding Risks
 Changes in the supply of funds for the project can
dramatically affect the likelihood of implementation
or successful completion of a project.
 Contingency Funding and Time Buffers
Contingency Funds
 Funds to cover project risks—identified and unknown.
 Size of funds reflects overall risk of a project
 Budget reserves - linked to the identified risks of specific
work packages.
 Management reserves -large funds to be used to cover
major unforeseen risks (e.g., change in project scope) of the
total project.
Time Buffers
 Amounts of time used to compensate for unplanned delays
in the project schedule.
 Change Control System Process
1. Identify proposed changes.
2. List expected effects of proposed changes
on schedule and budget.
3. Review, evaluate, and approve or disapprove
of changes formally.
4. Negotiate and resolve conflicts of change, condition, and
cost.
5. Communicate changes to parties affected.
6. Assign responsibility for implementing change.
7. Adjust master schedule and budget.
8. Track all changes that are to be implemented
 Benefits of a Change Control System
1. Inconsequential changes are discouraged
by the formal process.
2. Costs of changes are maintained in a log.
3. Integrity of the WBS and performance measures
is maintained.
4. Allocation and use of budget and management reserve funds
are tracked.
5. Responsibility for implementation is clarified.
6. Effect of changes is visible to all parties involved.
7. Implementation of change is monitored.
8. Scope changes will be quickly reflected in baseline and
performance measures.
INTEGRATING RISK WITH OTHER PROJECT MANAGEMENT
FUNCTIONS

PROJECT
MANAGEMENT
INTEGRATION
INFORMATION /
SCOPE
COMMUNICATIONS
Life Cycle and
Expectations Environment Variables
Ideas, Directives, Data
Feasibility
Exchange Accuracy

QUALITY
Requirements PROJECT Availability HUMAN
Standards RISK Productivity
RESOURCE

Services, Plant, Materials:

Time Objectives, Performance
Cost Objectives,
Constraints Restraints

CONTRACT /
TIME
COST PROCUREMENT
 Risk Identification
 Risk in corporate business is typically divided into 2 basic
types
Business Risk:
 Chances of profit or loss associated with a business endeavor
 Business employs a staff of qualified workers to increase profit
and reduce chances of loss
Pure or Insurable Risk: Divided into 4 categories
 Direct property: Destruction of property by fire, etc.
 Indirect property: Extra expenses associated with rental
property or loss due to a business interruption
 Liability: Chance of a lawsuit of bodily injury, damages, etc.
 Personnel: Injuries to workers (Worker’s Comp)
 Risk Identification – contd.
 Risk in project management is inadequate -Not enough
attention is paid to risk on projects
 All risks are not independent and frequently the greatest
risk on a project comes from a series of related/integrated
events
 Ultimate responsibility of risk management resides with the
project sponsor
 As the project manager representing the sponsor, risk
management becomes a large responsibility for you
 Risk Breakdown Structure

The Risk Breakdown Structure (RBS) lists categories and sub-categories for project risk.
The actual categories will vary across different types of projects.
 Project Risk Quantification
By developing a simple estimate of the probability that an event
will be late in delivery
 Ideally done using weighted averages
 Moonsamy says 35% chance of being late
 Ayyasamy says 40% chance of being late
 Appasamy says 50% chance of being late
 Moonsamy gets twice as much credit because he knows more
about the situation
 The probability is: ((2 x 35) + (40) + (50)) / 4 = 40%
 Quantifying risk probability can become quite complex, there
are many resources to assist you with more detailed
approaches