Managing Project Risk

Reducing risk greatly increases

the likelihood that your project will
be successful.
 Risk in the Context of a
Project Review
Conducting a risk review during a project is an
opportunity to revisit the issues and risks the
project faces throughout its life cycle.
Interviews with project staff and key users
should yield an assessment of overall risk that
needs to be managed.
Bringing issues forward also helps the project
team take action while there is time for proactive
adjustments.
 Identifying Potential Risks
Begin with a risk assessment to determine the following:
What risks exist
The potential sources of risk
The probability of those risks occurring
The impact such risks would have on the project.
Risk assessment is used to develop:
The risk avoidance plan that determines the actions that will be
taken to avoid risk
The risk contingency plan that determines the alternative actions
that will be taken if the risk impacts occur.
Risk assessment also defines an owner for each risk.
 Risk Analysis-1
Risk analysis is:
Evaluating possible risks for the probability of
occurrence
Describing the potential impact
Estimating the severity of that impact.
For each risk, the project manager assigns a
probability ranking (avoidable, manageable,
unavoidable, unknown) along with identification
of the first possible impact date.
 Risk Analysis-2
Risk analysis should describe:
The risk impact
What will happen if the risk occurs.
Both tangible (i.e., financial) and intangible
(i.e., client satisfaction, morale) results
should be considered when describing the
impact of a risk.
 Risk Analysis-3
Define impact severity:
Low means you can work around the problem.
Medium indicates that you cannot work
around the problem. However, the risk item
does not impact milestones or project targets.
High means that risk do not have
workarounds and will definitely impact the
projects milestones, targets, or even its
success.
 Risk Analysis-4
Risks should be prioritized for further
analysis and development, based on:
Probability
Impact date
Severity
 Risk Avoidance Techniques
Create the worst case scenario by holding a
project review meeting with your project team.
Interview people and hold individual meetings to
discuss the findings.
Prepare a risk questionnaire, distribute it, and
study the findings.
Perform a decision tree analysis, using software
to help you.
Prepare a risk log in which you list and itemize
all known risks.
 Risk Identification-1
Technical risks:
These risks are technical in nature
Are the result of complexity, integration issues
or technology
Project managers need to be certain they
have the skills needed to deal with or mitigate
any problems that can arise here.
 Risk Identification-2
Financial risks:
Include threats to the project budget.
Unforeseen things that cause cost overruns.
Schedule risks:
Factors that delay the project, potentially
delaying the planned finish date.
Often related to financial and schedule risks in
that delays often incur financial penalties and
risks of delay can usually be removed, but at a
financial cost.
 Risk Identification-3
Internal risks (sometimes called project
risks):
These risks come from the project itself.
They include factors such as delays in
carrying out scheduled work, errors by project
team members, technical failures, etc.
These are risks that a project manager can
control and is in the position to manage.
 Risk Identification-4
External risks (sometimes referred to as
business risks):
These are threats to the project that come
from the external environment (i.e., act of
God, war, terrorism, changes in the law,
recession, etc.)
These risks are totally outside the control of
the project manager.
 Risk Reporting
Risks should be reported throughout the project.
A process should be established to report risks
to the necessary persons within the company
(also to the clients company).
Periodic risk meetings should be set up as early
in the project as possible and should be held on
a regular basis.
Top priority risks should be reported in weekly
status reports along with current status of project
completion.
 Risk Mitigation-1
Risk mitigation is the process of creating
strategies to minimize the impact of risks
on a project.
Mitigation strategies should determine the
highest risk and its associated priorities
first.
For lower types of risk, the strategy might be
to take no action or prepare a contingency
plan just in case.
 Risk Mitigation-2
Develop mitigation strategies:
Define the approach or steps to take.
Identify contingency plans for a worst-case
scenario.
Assign responsible parties to each risk.
Define the closure date and necessary
criteria.