Dynamics of Project Risk Management Lec-1 Overview of Project Risk Management Dynamics of Project Risk Management Lec-02 Project Risk Management Context By: Engr.Dr.Attaullah Shah PhD ( Civil) Engg, Mphil (Eco),MSc Engg ( Strs), BSc Engg ( Gold Medalist), MBA, MA ( Eco), MSc Envir Design, PGD Computer Sc. Tel:

Project Risk Management Process and questions for project managers

Risk Management Context Defining the risk management context includes establishing key information related to the subject (activity, project, organization etc) to which the risk assessment process is being applied. This includes defining the: – Goals and objectives of the risk assessment activity. – Scope and parameters of the risk assessment, including specific inclusions and exclusions. – Identification of data sources to be utilized. – Risk assessment approach to be utilized. – Reporting and recording requirements. – Relationship of the risk assessment with other business activities and plans. – Criteria against which risks are to be evaluated, such as how likelihood will be defined, the kinds of consequences that will be considered and what level of risk will require further risk reduction treatment.

Establish the Risk Context Purpose: – Establishing the context is concerned with developing a structure for the risk identification and assessment tasks to follow. Rationale: This step is needed: – To establish the organizational and project environment in which the risk assessment is taking place; – To specify the main objectives and outcomes required; – To identify a set of success criteria against which the consequences of identified risks can be measured; and – To define a set of key elements for structuring the risk identification and assessment process.

Establish the Risk Context-Cont’d Inputs: – Context inputs include : key project documents, such as the project execution strategy, project charter, cost and schedule assumptions, scope definitions, engineering designs and studies, economic analyses, and any other relevant documentation about the project and its purpose. Method – Review organizational and project documentation. – Perform stakeholder analysis. – Develop criteria for success. – Develop a set of key elements.

Outputs – The output from this stage is a concise statement of the organizational and project objectives and specific criteria for success, – the objectives and scope for the risk assessment, and a set of key elements for structuring the risk identification workshop in the next stage. Documentation – Stakeholder analysis – Project context review summary – Key elements

8 Establish the context provides a five-step process to assist with establishing the context within which risk will be identified. 1-Establish the internal context 2-Establish the external context 3-Establish the risk management context 4- Develop risk criteria 5- Define the structure for risk analysis

9 1- Establish the internal context -As previously discussed, risk is the chance of something happening that will impact on objectives. As such, the objectives and goals of a business, project or activity must first be identified to ensure that all significant risks are understood. This ensures that risk decisions always support the broader goals and objectives of the business and project. This approach encourages long-term and strategic thinking.

10 In establishing the internal context, the business or project owner may also ask themselves the following questions: -Is there an internal culture that needs to be considered? -For example, are staff Resistant to change? -Is there a professional culture that might create unnecessary risks for the business? - What staff groups are present? - What capabilities does the business have in terms of people, systems, processes, equipment and other resources?

11 2. Establish the external context This step defines the overall environment in which a project operates and includes an understanding of the clients’ or customers’ perceptions. An analysis of these factors will identify the strengths, weaknesses, opportunities and threats to the project in the external environment.

12 A Project manager may ask the following questions when determining the external context: What regulations and legislation must the project and products comply with? Are there any other requirements the project or products needs to comply with? What is the market within which the project and its deliverables operate? Who are the competitors? Are there any social, cultural or political issues that need to be considered?

13 Tips for establishing internal and external contexts -Determine the significance of the activity in achieving the organization's goals and objectives -Define the operating environment - Identify internal and external stakeholders and determine their involvement in the risk management process.

14 3- Establish the risk management context - Before beginning a risk identification exercise, it is important to define the limits, objectives and scope of the activity or issue under examination. - For example, in conducting a risk analysis for a new project, such as the introduction of a new piece of equipment or a new product line, it is important to clearly identify the parameters for this activity to ensure that all significant risks are identified.

15 Tips for establishing the risk management context Define the objectives of the activity, task or function Identify any legislation, regulations, policies, standards and operating procedures that need to be complied with Decide on the depth of analysis required and allocate resources accordingly Decide what the output of the process will be, e.g. a risk assessment, job safety analysis or a board presentation. The output will determine the most appropriate structure and type of documentation.

16 4. Develop risk criteria Risk criteria allow a business to clearly define unacceptable levels of risk. Conversely, risk criteria may include the acceptable level of risk for a specific activity or event. In this step the risk criteria may be broadly defined and then further refined later in the risk management process.

17 Tips for developing risk criteria Decide or define the acceptable level of risk for each activity Determine what is unacceptable Clearly identify who is responsible for accepting risk and at what level.

18 5. Define the structure for risk analysis Isolate the categories of risk that you want to manage. This will provide greater depth and accuracy in identifying significant risks. The chosen structure for risk analysis will depend upon the type of activity or issue, its complexity and the context of the risks.

Establishing the Risk context for procurement of large projects Objective and criteria: – To ensure that all significant risks are captured, it is necessary to know the objectives of the organization and the project. – The first step identifies the scope of the project, the main questions and issues of concern to the organization, and the relationship between the project and the organization’s strategy and business objectives. – General requirements for the organization that is buying or procuring the project are often specified in the form of policy objectives. – often elaborated in procurement specifications and contracting procedures

Private Sector procurement policy-example

For a government procurement, there are likely to be additional requirements that must be addressed and demonstrated explicitly, and may be subject to external audit and oversight. They include: – value for money; – open and effective competition; – ethical behavior and fair dealing; – maximizing opportunities for local industry to compete; – environmental aspects; – quality assurance; – government sanctions against specified countries; – social justice policies.

Stakeholder identification analysis ( Internal and External context) All projects and procurements involve at least two stakeholders: the procuring entity (the buyer) and the supplier of goods or services (the seller). In most projects, though, there is a wider set of stakeholders as well such as: in a corporate business, the board and controlling shareholders, senior executives and the managers of other business units who may be affected by the project; in a government procurement, the portfolio minister, other ministers and local members whose electorates may be affected by procurement activities or associated employment or other opportunities; the customer business unit or agency, where the procuring entity is acting on behalf of an end-user;

the user community, including the management, staff and clients of the customer business unit; regulators who must approve the project and the project delivery process; people who may be affected by the project or the project delivery process, such as those living near a new plant or building; the environment, as a general proxy stakeholder; special interest groups, such as environmental lobby groups; sub-contractors to the main supplier; financial institutions and above all the media.

Stakeholders in private sector project

Stakeholder and issues summary

Stakeholders in Govt. Projects

Criteria These will be used to determine the specific scales against which the consequences of risks will be assessed in the following stages of the risk analysis. The criteria for medium scale project is shown:

Criteria for critical project success factor/ measurement

Criteria summary

Context review summary The review of project documents are summarized Some organizations adopt generic criteria for project evaluation and risk assessment.

Key elements Large projects are often divided into small section for risk identification Key elements are a set of topics to be considered one by one during risk identification. Well-designed set of key elements will stimulate creative thought, and ensure that all important issues are put before those responsible for identifying risks. The set of key elements must be complete, in that it covers all significant issues. However, as the number of key elements tends to drive the duration of the risk identification activity, it must also be contained to an appropriate scale. The key elements may be based on different aspects of the project, depending on the objectives and key issues of concern to the organization and the other stakeholders. Often WBS for the project is the best starting point, with WBS Dictionary that describes in words the content of each work element.

Generic key elements for technical project

Key elements based on system components for an electricity sub-station

Key element summary table

Key element description

Case study: Fund raising events for cancer patients An NGO has organized a fund raising event gala for the people of Islamabad and Rawalpindi, which includes the horse ridings, art competition and food mela. The factor which will affect the event include: – Physical e.g. pony ride injuries – Legal e.g. potential litigation from injuries at the site or food poisoning – Environmental: e.g. weather conditions could make you postpone or cancel the event Stakeholders who need to be involved in managing the risk of the event – Volunteers - Local council -Local community groups -Local media Some of the risk criteria identified as to whether a risk is acceptable or not are – Likelihood of death or serious injury - Likelihood of litigation – Likelihood of inclement weather -Likelihood of negative publicity

Activity: