Chapter 10 Contemporary Project Management Kloppenborg Project Risk Planning Chapter 10 Contemporary Project Management Kloppenborg © 2009 South-Western, a part of Cengage Learning
At the end of this chapter… Describe risk management planning, risk identification, risk analysis, and risk response planning and tell why each is important. Describe the relationship between risk and project success measures, stakeholder priorities, tradeoffs, and management participation. Create a risk management plan for a project. Identify and classify risks for a project. Create a risk register for a project.
At the end of this chapter… Describe and use various risk review methods. Describe various risk assessment techniques and tell when each is appropriate to use. Prioritize each risk on a project using an appropriate assessment technique. Compare and contrast the various strategies for dealing with risks. Develop and defend at least one strategy for each of the high priority risks on a project.
The purpose of risk management is to reduce the overall project risk to a level that is acceptable to the project sponsor and other stakeholders.
Risk Management Planning and Project Success Planning requires an understanding of project success Project success measures include:
Risk Management Planning and Project Success Did the project help the performing organization? Performing organization – “the enterprise whose personnel are most directly involved in doing the work of the project.” PMBOK® Guide
Risk Management Planning and Stakeholder Priorities
Risk Management Planning and Stakeholder Priorities Understand what the project plan calls for Understand in what area would the most important stakeholders like to improve Understand where stakeholders are willing to sacrifice to enable improvements
Understanding the Project Risk A risk is anything that may impact the project team’s ability to achieve the general project success measures and the specific project stakeholder priorities. A negative impact poses a threat threat – “a condition or situation unfavorable to the project…a risk that will have a negative impact on a project objective if it occurs.” PMBOK® Guide
Understanding the Project Risk A positive impact poses an opportunity A project manager proactively seeks to eliminate/reduce the impact of threats and capitalize on opportunities opportunity – “a condition or situation favorable to the project … a risk that will have a positive impact on a project objective if it occurs.” PMBOK® Guide
Risk Management Planning The risk management plan is useful for communicating with project stakeholders and for follow up analysis Risk management planning – “the process of deciding how to approach, plan, and execute risk management activities for a project.” PMBOK® Guide Risk management plan– “the document describing how project risk management will be structured and performed on a project.” PMBOK® Guide
Risk Management Plan Guidance for an IT Consulting Company Risk management includes guidance on how to perform three risk management activities: 1. Decide what level of risk premium to charge for the project. The team must rate factors such as project size, complexity, technology, and type. The combined ratings will dictate that a risk premium of 0, 10, or 20 percent be added to the estimated project cost or, for very risky projects, executive approval is mandated. 2. Mitigate risk external to the firm through contract clauses and risk internal to the firm through agreements. 3. Manage the risk very carefully through specifically designed weekly conference call meetings and reports.
Roles and Responsibilities Encourage wide participation in risk management activities The more perspectives considered, the more likely important risks will be uncovered Participation in project risk planning encourages buy-in to a risk management approach The risk management plan defines who has responsibility for each risk management activity
Categories and Definitions Risks may be considered by association with a specific project life cycle stage More project risks are uncovered early in the life of a project The cost per risk discovered early is less Risks discovered late in a project can be expensive
Risks Over the Project Life Cycle
Categories and Definitions Risks may be categorized by their impact on a project objective (cost, schedule, scope, quality) Risks may be classified as external/internal to the organization Risks may be classified by what is known about each
International Construction Project Risk Factors
Information Systems Project Risk Factors
Information Systems Project Risk Factors
Information Systems Project Risk Factors
Categories and Definitions A “known known” can be planned and managed with certainty “Known unknowns” can be identified and may or may not happen Identify the risk and establish contingency reserves “Unknown unknowns” are true uncertainties Negotiate a management reserve based on project manager and key stakeholders understanding of the project
Risk Identification Information gathering Reviews Understanding relationships Risk register Risk identification – “the process of determining which risks might affect the project and documenting their characteristics.” PMBOK® Guide
Information Gathering A brainstorming activity considering “what could go wrong” Use class rules for brainstorming Variations and extensions of possible risks can help to identify additional risks Interview stakeholders Use a SWOT analysis Use a structured review – review a variety of project and other documents to uncover possible risks
Project Risk Reviews
Understanding Relationships Learn the cause and effect relationships on risk events Use a flow chart that shows how people, money, data, or materials flow from one person/location to another Consider why a certain risk event may happen through root cause analysis “Why might this happen?” Root cause analysis – “an analytical technique used to determine the basic underlying reason that causes a variance or defect or risk. A root cause may underlie more than one variance or defect or risk.” PMBOK® Guide
Understanding Relationships Understand triggers A trigger may be specific to an individual risk Triggers can be general indications of problems for the project as a whole Triggers – “indications that a risk has occurred or is about to occur.” PMBOK® Guide
Trigger for a Project as a Whole Project manager displays lack of self-esteem. Team members do not show enthusiasm for project. Project was started with inadequate time for planning. Communications is overly general with little focus. Reports yield little information about true project status. Little effort has been given to risk management.
Risk Register The primary output of risk identification is the risk register The risk register includes risk categories, identified risks, potential causes, potential responses The risk register is a living document Risk register – “the document containing the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning. The risk register details all identified risks, including description, category, cause, probability of occurring, impact(s) on objectives, proposed responses, owners, and current status.” PMBOK® Guide
Partial Risk Register
Risk Analysis Qualitative Risk Analysis Quantitative Techniques in Risk Analysis Risk Register Updates
Qualitative Risk Analysis How likely is a risk to happen? How big will the impact be? When is the risk likely to occur? How easy will it be to notice and correctly interpret the trigger? Qualitative risk analysis – “the process of prioritizing risks for subsequent further analysis or action by assessing and combining their probability and impact.” PMBOK® Guide
Qualitative Risk Assessment
Qualitative Risk Analysis Determine cause and effect relationships Part of root cause analysis It may be easier to change the effect by changing the underlying cause Use a cause and effect diagram (fishbone diagram)
Cause and Effect Diagram
Cause and Effect Diagram List the risk as the effect in a box at the head of the fish Name the big “bones” Complete the smaller “bones” as responses to asking why the big “bones” may be a problem
Quantitative Techniques in Risk Analysis Bigger, more complex, riskier, more expensive projects may benefit from the rigor of quantitative structured techniques Use when it is critical to predict the probability of completing a project on-time, on-budget, at the agreed upon scope and/or agreed upon quality Quantitative risk analysis – “the process of numerically analyzing the effect on overall project objectives of identified risks.” PMBOK® Guide
Common Quantitative Risk Analysis Techniques
Risk Register Updates Add the probability of each risk occurring and its impact to the register Document results of quantitative risk analysis in the risk register
Risk Response Planning Strategies for Responding to Risks Risk Register Updates Risk response planning – “the process of developing options and actions to enhance opportunities and reduce threats to project objectives.” PMBOK® Guide
Strategies for Responding to Risks Project risk response strategy decisions must be made with a thorough understanding of the priorities key stakeholders have for cost, schedule, scope, and quality
Common Risk Strategies
Risk Register Updates The project manager sees that the risk register is updated with the results of the response planning For each risk the response strategy is noted Assign a single person as the “owner” of each risk Include any changes to the project schedule, budget, resource assignments and communications plan
Summary All projects have some risks Risk planning should use an appropriate level of detail to plan for major risks Risk planning begins with an understanding of project success Risk management planning is part of the overall project management plan Risk identification includes gathering information on potential risks
Summary Identified risks are documented in a risk register Identified risks are next analyzed Risk response planning involves determining how to respond to each of the major risks Risk response strategies that can be implied include avoid, transfer, mitigate, accept, research, and exploit