PROJECT RISK MANAGEMENT Ammar Bukhari
What is a Risk RISK: Threat / Uncertainty of Outcome probability that an action or event, will adversely or beneficially affect an organization's ability to achieve its objectives
Risk vs Issue Risk Issue Risk can become an issue Issue is not risk Future event May impact triple constraint (Budget, scope and schedule). Issue Present problem Influencing triple constraints. Risk can become an issue Issue is not risk it already happened.
Risk vs Issue RISK ISSUE TODAY FUTURE
What is Project Risk Management? Project Risk Management: - An uncertain event or condition that, if it occurs, has a positive or negative effect on the Project Objectives (Scope, Schedule, Cost, Quality) - one of knowledge areas including the processes required to ensure timely completion of the project
Process Groups & Risk Mgmt Activities Initiating Planning Executing Controlling Closing Plan Risk Management Identify Risks Perform Qualitative Risk Analysis Perform Quantities Risk Analysis Plan Risk Responses 6. Monitor & Control Risks
1. Plan Risk Management Inputs Tools & Techniques Outputs Defining how to conduct risk management activities. Inputs 1. Project Scope Statement 2. Cost Management Plan 3. Schedule Management Plan 4. Communications Mgmt Plan 5. Enterprise Environ. Factors 6. Organizational Process Assets Tools & Techniques 1. Planning Meetings and Analysis Outputs 1. Risk Management Plan
Risk Management plan Documents the procedures for managing risk throughout the project
Risk Management plan Includes: Methodology R&R Budget Schedule Risk Categories Using risk breakdown structure (RBS) Probability and Impact Matrix Stake Holders Tolerance Reporting Formats Risk Documentation
Risk Management plan Methodology: Roles and Responsibility Budget: Define the tools, approaches, and data sources used within the project performing risk management. Roles and Responsibility Who lead, support, and be a member and What activities are they responsible for within Risk Management Plan Budget: Risk management cost in terms of resources, buffers for baseline and contingency reserve
Risk Management plan Schedule Risk Categories Risk schedule within the project defining when risk management process will be followed throughout the project life cycle Risk Categories Using RBS to identify and categorize risks Probability and Impact Matrix ranking between low, moderate, high related to the risk effect on project’s objectives
RBS IT Project Business Competitors Suppliers Cash flow Technical Hardware Software Network Organizational Executive support User support Team support Project Management Estimates Communication Resources
Impact matrix
Risk Management plan Stake Holders Tolerance Reporting Formats Expectation of stakeholders tolerance level, in terms of cost, resources, budget, and schedule Reporting Formats Risk reports formats / documents Risk Documentation how risk activities tracked/documented for future audits, and lesson learned
Contingency, Fallback Plans, Contingency Reserves Contingency plans predefined identifying risk event occurs Fallback plans for high impact risks on project objectives Contingency reserves provisions held to reduce the risk cost or schedule overruns to an acceptable level
Saudi air lines case Flight Operation Information System (FOIS) AirCrew System
2. Identify Risks Inputs Tools & Techniques Outputs - Determining which risks may affect the project and documenting their characteristics. Inputs 1. Risk Management Plan 2. Activity Cost Estimates 3. Activity Duration Estimates 4. Scope Baseline 5. Stakeholder Register 6. Cost Management Plan 7. Schedule Management Plan 8. Quality Management Plan 9. Project Documents 10.Enterprise Environ. Factors 11.Organizational Process Assets Tools & Techniques 1. Documentation Reviews 2. Information Gathering Techniques: (Brainstorming / Delphi / Interviewing / Root cause analysis) 3. Checklist Analysis 4. Assumption Analysis 5. Diagramming Techniques: (Cause & Effect / Process flow chart / Influence Diagrams) 6. SWOT Analysis 7. Expert Judgment Outputs 1. Risk Registers
Information Gathering Technique Brainstorming Expectation of stakeholders tolerance level, in terms of cost, resources, budget, and schedule Delphi Technique Risk reports formats / documents Interviewing how risk activities tracked/documented for future audits, and lesson learned Root Cause Analysis Checklist / Assumption / Diagramming / SOWT
Root cause analysis Checklist Analysis Assumption Using historical records / learned lessons from previous projects and other sources RBS Leafs in can be considered as items in the list At project end, list can be reviewed and updated to be used in future projects Assumption Upon assumptions, some risks were identified and listed
Root cause analysis Diagramming Technique diagrams can help to identify additional risks: Cause and Effect Process flow charts Influence diagrams
Cause & effect
Root cause analysis SOWT Analysis Helps identify the broad negative and positive risks that apply to a project
Risk register Document contains results of various risk management processes Often displayed in a table or spreadsheet Tool for documenting potential risk events and related information No. Rank Risk Description Category Root Cause Triggers Potential Responses Owner Probability Impact Status R44 1 R21 2 R7 3
3. Perform Qualitative Risk Analysis - Prioritizing risks for further analysis / action by assessing their probability of occurrence and impact. Inputs 1. Risk register 2. Risk management plan 3. Project scope statement 4. Organizational process assets Tools & Techniques 1. Risk probability and impact assessment 2. Probability and impact matrix 3. Risk data quality assessment 4. Risk categorization 5. Risk urgency assessment 6. Expert judgment Outputs Risk register updates
tools Risk probability and Impact Assessment This tool will look after: Likelihood of each risk to happen Its affect on project objectives (Schedule, Cost, Quality, or Performance) Probability and Impact Matrix lookup table can be used identifying each risk importance and thus its priority
tools Risk data quality assessment Risk categorization It evaluates data quality degree, so it will be useful for risk management data to be more accurate, understood, and reliable for more credibility results Risk categorization classify risks by: RBS Area will be affected Any other reasonable type
tools Risk urgency assessment Risks that May happen soon Response planning will take much time Will be dealt as urgent to be processed quickly through this process
4. Perform Quantitative Risk Analysis - Numerically estimating the effects of risks on project objectives. Inputs 1. Risk register 2. Risk management plan 3. Cost Management Plan 4. Schedule Management Plan 5. Organizational process assets Tools & Techniques 1. Data Gathering & Representation Techniques 2. Quantities risk analysis and modeling techniques 3. Expert judgment Outputs 1. Risk register updates
tools Data Gathering & Representation Techniques Risk Likelihood Impact Data Gathering & Representation Techniques Interviewing Probability distribution Quantitative risk analysis and modeling techniques Sensitivity analysis Expected monetary value analysis Modeling and simulation
Data Gathering & Representation Techniques Interviewing With concerned project team members, stakeholders, and Subject Matter Experts Probability distribution graphically displayed representing both time/cost element and probability modeling and simulation techniques Beta, triangular distributions, Discrete distribution
Expected Monetary Value (EMV) the highest value of each competing option Risk probability * risk monetary value
Expected Monetary Value (EMV)
Sensitivity analysis technique used to show the effects of changing one or more variables on an outcome
Modeling & simulation Simulation uses a representation or model of a system to analyze the expected behavior or performance of the system. Monte Carlo analysis three estimates (most likely, pessimistic, and optimistic)
5. Plan Risk Responses Inputs Tools & Techniques Outputs - Developing options and actions to enhance opportunities and to reduce threats to project objectives. Inputs 1. Risk register 2. Risk management plan Tools & Techniques Strategic for negative risks or threats (Avoid / Transfer / Mitigate / Accept) Strategies for positive risks or opportunities (Exploit/ Share / Enhance / Accept) Contingent response strategies Expert judgment Outputs Risk register updates Risk-related contract decisions Project management plan updates Project document updates
tools Strategic for negative risks or threats Risk avoidance Change the plan to eliminate the risk or condition or to protect the project objectives from its impact. Risk transfer Shift the consequence of a risk to a third party, through purchasing insurance, warranties, guarantees, or outsourcing the work. Mitigation Reduce the probability to an acceptable threshold, thus removing it from top risks. Acceptance technique Not to change the project plan to deal Unable to identify any other suitable response
tools Strategic for positive risks or opportunities Risk exploitation: make sure the positive risk happens Risk sharing: allocating ownership of the risk to a party Risk enhancement changing the size of the opportunity by identifying and maximizing key drivers of the positive risk Risk acceptance the project team cannot choose not to take any action toward a risk
tools Contingent response strategies Contingency plans Specific actions that are to be taken when a potential problem occurs Should be developed in advance Helps ensure coordinated, effective, and timely response Some plans may require backup resources that need to be arranged in advance Contingency planning should be done only for the high-threat problems that remain after you’ve taken preventive measures
6. Monitor and Control Risks - Implementing risk response plans, tracking identified / new risks, monitor residual risks, and evaluating risk process effectiveness. Inputs 1. Risk register 2. Risk management plan 3. Work performance information 4. Performance Reports Tools & Techniques 1. Risk reassessment 2. Risk audits 3. Variance and trend analysis 4. Technical performance measurement 5. Reserve analysis 6. Status meetings Outputs 1. Risk register updates 2. Organizational process assets updates 3. Change requests 4. Project management plan updates 5. Project document updates PMP Workshop 9 November 2018
tools Risk reassessment Risk audits to measure where the project stands today on a risk issue. After risk mitigation, the team can reassess the current risks by identifying new risks, or closing outdated risks. Risk audits Indication of the project team ability to identify, measure, and manage risks Provide independent assessment of the risk management practices of the company verifies that the company has appropriate risk management control in compliance with approved risk policies and procedures
tools Variance and trend analysis Helping to identify the factors that affect each element its goal is to determine the causes of a variance difference between expected result and an actual result effective way to discover the sum causes of a result Technical performance measurement actual performance is tracked compared by project management to the Technical Performance Measurement
tools Reserve analysis Manage the reserve and use them only for risks keeping the project risk on track. Additional reserve could be requested, or could be reduced if there is opportunity or threats were not happened
Sample PMP Certification Questions
Questions All of the following are factors in the assessment of project risk EXCEPT? A. Risk event B. Risk probability C. Amount at stake D. Insurance premiums Answer D Explanation Insurance premiums come into play when you determine which risk response strategy you will use.
Questions Which of the following risk events is MOST likely to interfere with attaining a project's schedule objective? A. Delays in obtaining required approvals B. Substantial increases in the cost of purchased materials C. Contract disputes that generate claims for increased payments D. Slippage of the planned post-implementation review meeting Answer A Explanation Cost increases (choice B) and contract disputes (choice C) will not necessarily interfere with schedule. Notice the words "post-implementation" in choice D. It will not definitely interfere with the project schedule. Choice A is the only one that deals with a time delay
Questions Risks will be identified during which risk management process(es)? A. Quantitative risk analysis and risk identification B. Risk identification and risk monitoring and control C. Qualitative risk analysis and risk monitoring and control D. Risk identification Answer B Explanation This is a tricky question. Risks are identified during risk identification, naturally, but newly emerging risks are identified in risk monitoring and control
Questions Risk tolerances are determined in order to help: A. the team rank the project risks. B. the project manager estimate the project. C. the team schedule the project. D. management know how other managers will act on the project. Answer A Explanation If you know the tolerances of the stakeholders, you can determine how they might react to different situations and risk events. You use this information to help assign levels of risk on each work package or activity
Questions You are finding it difficult to evaluate the exact cost impact of risks. You should evaluate on a(n): A. quantitative basis. B. numerical basis. C. qualitative basis. D. econometric basis. Answer C Explanation If you cannot determine an exact cost impact to the event, use qualitative estimates such as Low, Medium, High, etc
Questions Purchasing insurance is BEST considered an example of risk: A. mitigation. B. transfer. C. acceptance. D. avoidance. Answer B Explanation To mitigate risk (choice A) we either reduce the probability of the event happening or reduce its impact. Many people think of using insurance as a way of decreasing impact. However, mitigating risk is taking action before a risk event occurs. Buying insurance is not such an action. Acceptance of risk (choice C) does not involve such action as purchasing insurance. Avoidance of risk (choice D) means we change the way we will execute the project so the risk is no longer a factor. Transference is passing the risk off to another party
Questions An output of risk response planning is: A. residual risks. B. risks identified. C. prioritized list of risks. D. impacts identified. Answer A Explanation Risks are identified (choice B) during risk identification and risk monitoring and control. Prioritized risks (choice C) are documented during qualitative and quantitative risk analysis. Impacts (choice D) are generally determined during quantitative risk analysis. The best answer is A
Questions The customer requests a change to the project that would increase the project risk. Which of the following should you do before all the others? A. Include the expected monetary value of the risk in the new cost estimate. B. Talk to the customer about the impact of the change. C. Analyze the impacts of the change with the team. D. Change the risk management plan Answer C Explanation This is a recurring theme. First, you should evaluate the impact of the change. Next, determine options. Then go to management and the customer
Thanks