1. PROJECT RISK MANAGEMENT
Ammar Bukhari

2. What is a Risk
RISK:
Threat / Uncertainty of Outcome
probability that an action or event, will adversely or beneficially affect an organization's ability to achieve its objectives

3. Risk vs Issue Risk Issue Risk can become an issue Issue is not risk
Future event
May impact triple constraint
(Budget, scope and schedule).
Issue
Present problem
Influencing triple constraints.
Risk can become an issue
Issue is not risk
it already happened.

4. Risk vs Issue
RISK
ISSUE
TODAY
FUTURE

5. What is Project Risk Management?
Project Risk Management: - An uncertain event or condition that, if it occurs, has a positive or negative effect on the Project Objectives (Scope, Schedule, Cost, Quality) - one of knowledge areas including the processes required to ensure timely completion of the project

6. Process Groups & Risk Mgmt Activities
Initiating
Planning
Executing
Controlling
Closing
Plan Risk Management
Identify Risks
Perform Qualitative Risk Analysis
Perform Quantities Risk Analysis
Plan Risk Responses
6. Monitor & Control Risks

7. 1. Plan Risk Management Inputs Tools & Techniques Outputs
Defining how to conduct risk management activities.
Inputs
1. Project Scope Statement
2. Cost Management Plan
3. Schedule Management Plan
4. Communications Mgmt Plan
5. Enterprise Environ. Factors
6. Organizational Process Assets
Tools & Techniques
1. Planning Meetings and Analysis
Outputs
1. Risk Management Plan

8. Risk Management plan
Documents the procedures for managing risk throughout the project

9. Risk Management plan Includes: Methodology R&R Budget Schedule
Risk Categories
Using risk breakdown structure (RBS)
Probability and Impact Matrix
Stake Holders Tolerance
Reporting Formats
Risk Documentation

10. Risk Management plan Methodology: Roles and Responsibility Budget:
Define the tools, approaches, and data sources used within the project performing risk management.
Roles and Responsibility
Who lead, support, and be a member and What activities are they responsible for within Risk Management Plan
Budget:
Risk management cost in terms of resources, buffers for baseline and contingency reserve

11. Risk Management plan Schedule Risk Categories
Risk schedule within the project defining when risk management process will be followed throughout the project life cycle
Risk Categories
Using RBS to identify and categorize risks
Probability and Impact Matrix
ranking between low, moderate, high related to the risk effect on project’s objectives

12. RBS IT Project Business Competitors Suppliers Cash flow Technical
Hardware
Software
Network
Organizational
Executive
support
User support
Team support
Project
Management
Estimates
Communication
Resources

13. Impact matrix

14. Risk Management plan Stake Holders Tolerance Reporting Formats
Expectation of stakeholders tolerance level, in terms of cost, resources, budget, and schedule
Reporting Formats
Risk reports formats / documents
Risk Documentation
how risk activities tracked/documented
for future audits, and lesson learned

15. Contingency, Fallback Plans, Contingency Reserves
Contingency plans
predefined identifying risk event occurs
Fallback plans
for high impact risks on project objectives
Contingency reserves
provisions held to reduce the risk cost or schedule overruns to an acceptable level

16. Saudi air lines case Flight Operation Information System (FOIS)
AirCrew System

17. 2. Identify Risks Inputs Tools & Techniques Outputs
- Determining which risks may affect the project and documenting their characteristics.
Inputs
1. Risk Management Plan
2. Activity Cost Estimates
3. Activity Duration Estimates
4. Scope Baseline
5. Stakeholder Register
6. Cost Management Plan
7. Schedule Management Plan
8. Quality Management Plan
9. Project Documents
10.Enterprise Environ. Factors
11.Organizational Process Assets
Tools & Techniques
1. Documentation Reviews
2. Information Gathering Techniques:
(Brainstorming / Delphi / Interviewing
/ Root cause analysis)
3. Checklist Analysis
4. Assumption Analysis
5. Diagramming Techniques:
(Cause & Effect / Process flow chart
/ Influence Diagrams)
6. SWOT Analysis
7. Expert Judgment
Outputs
1. Risk Registers

18. Information Gathering Technique
Brainstorming
Expectation of stakeholders tolerance level, in terms of cost, resources, budget, and schedule
Delphi Technique
Risk reports formats / documents
Interviewing
how risk activities tracked/documented
for future audits, and lesson learned
Root Cause Analysis
Checklist / Assumption / Diagramming / SOWT

19. Root cause analysis Checklist Analysis Assumption
Using historical records / learned lessons from previous projects and other sources
RBS Leafs in can be considered as items in the list
At project end, list can be reviewed and updated to be used in future projects
Assumption
Upon assumptions, some risks were identified and listed

20. Root cause analysis Diagramming Technique
diagrams can help to identify additional risks:
Cause and Effect
Process flow charts
Influence diagrams

21. Cause & effect

22. Root cause analysis SOWT Analysis
Helps identify the broad negative and positive risks that apply to a project

23. Risk register
Document contains results of various risk management processes
Often displayed in a table or spreadsheet
Tool for documenting potential risk events and related information
No.
Rank
Risk
Description
Category
Root
Cause
Triggers
Potential
Responses
Owner
Probability
Impact
Status
R44 1
R21 2 R7 3

24. 3. Perform Qualitative Risk Analysis
- Prioritizing risks for further analysis / action by assessing their probability of occurrence and impact.
Inputs
1. Risk register
2. Risk management plan
3. Project scope statement
4. Organizational process assets
Tools & Techniques
1. Risk probability and impact assessment
2. Probability and impact matrix
3. Risk data quality assessment
4. Risk categorization
5. Risk urgency assessment
6. Expert judgment
Outputs
Risk register updates

25. tools Risk probability and Impact Assessment
This tool will look after:
Likelihood of each risk to happen
Its affect on project objectives
(Schedule, Cost, Quality, or Performance)
Probability and Impact Matrix
lookup table can be used identifying each risk importance and thus its priority

26. tools Risk data quality assessment Risk categorization
It evaluates data quality degree, so it will be useful for risk management
data to be more accurate, understood, and reliable
for more credibility results
Risk categorization
classify risks by:
RBS
Area will be affected
Any other reasonable type

27. tools Risk urgency assessment Risks that May happen soon
Response planning will take much time
Will be dealt as urgent to be processed quickly through this process

28. 4. Perform Quantitative Risk Analysis
- Numerically estimating the effects of risks on project objectives.
Inputs
1. Risk register
2. Risk management plan
3. Cost Management Plan
4. Schedule Management Plan
5. Organizational process assets
Tools & Techniques
1. Data Gathering & Representation Techniques
2. Quantities risk analysis and modeling techniques
3. Expert judgment
Outputs
1. Risk register updates

29. tools Data Gathering & Representation Techniques
Risk
Likelihood
Impact
Data Gathering & Representation Techniques
Interviewing
Probability distribution
Quantitative risk analysis and modeling techniques
Sensitivity analysis
Expected monetary value analysis
Modeling and simulation

30. Data Gathering & Representation Techniques
Interviewing
With concerned project team members, stakeholders, and Subject Matter Experts
Probability distribution
graphically displayed representing both time/cost element and probability
modeling and simulation techniques
Beta, triangular distributions, Discrete distribution

31. Expected Monetary Value (EMV)
the highest value of each competing option
Risk probability * risk monetary value

32. Expected Monetary Value (EMV)

33. Sensitivity analysis
technique used to show the effects of changing one or more variables on an outcome

34. Modeling & simulation
Simulation uses a representation or model of a system to analyze the expected behavior or performance of the system.
Monte Carlo analysis
three estimates (most likely, pessimistic, and optimistic)

35. 5. Plan Risk Responses Inputs Tools & Techniques Outputs
- Developing options and actions to enhance opportunities and to reduce threats to project objectives.
Inputs
1. Risk register
2. Risk management plan
Tools & Techniques
Strategic for negative risks or threats
(Avoid / Transfer / Mitigate / Accept)
Strategies for positive risks or opportunities
(Exploit/ Share / Enhance / Accept)
Contingent response strategies
Expert judgment
Outputs
Risk register updates
Risk-related contract decisions
Project management plan updates
Project document updates

36. tools Strategic for negative risks or threats Risk avoidance
Change the plan to eliminate the risk or condition or to protect the project objectives from its impact.
Risk transfer
Shift the consequence of a risk to a third party, through purchasing insurance, warranties, guarantees, or outsourcing the work.
Mitigation
Reduce the probability to an acceptable threshold, thus removing it from top risks.
Acceptance technique
Not to change the project plan to deal
Unable to identify any other suitable response

37. tools Strategic for positive risks or opportunities Risk exploitation:
make sure the positive risk happens
Risk sharing:
allocating ownership of the risk to a party
Risk enhancement
changing the size of the opportunity by identifying and maximizing key drivers of the positive risk
Risk acceptance
the project team cannot choose
not to take any action toward a risk

38. tools Contingent response strategies Contingency plans
Specific actions that are to be taken when a potential problem occurs
Should be developed in advance
Helps ensure coordinated, effective, and timely response
Some plans may require backup resources that need to be arranged in advance
Contingency planning should be done only for the high-threat problems that remain after you’ve taken preventive measures

39. 6. Monitor and Control Risks
- Implementing risk response plans, tracking identified / new risks, monitor residual risks, and evaluating risk process effectiveness.
Inputs
1. Risk register
2. Risk management plan
3. Work performance information
4. Performance Reports
Tools & Techniques
1. Risk reassessment
2. Risk audits
3. Variance and trend analysis
4. Technical performance measurement
5. Reserve analysis
6. Status meetings
Outputs
1. Risk register updates
2. Organizational process assets updates
3. Change requests
4. Project management plan updates
5. Project document updates
PMP Workshop
9 November 2018

40. tools Risk reassessment Risk audits
to measure where the project stands today on a risk issue.
After risk mitigation, the team can reassess the current risks by identifying new risks, or closing outdated risks.
Risk audits
Indication of the project team ability to identify, measure, and manage risks
Provide independent assessment of the risk management practices of the company
verifies that the company has appropriate risk management control in compliance with approved risk policies and procedures

41. tools Variance and trend analysis
Helping to identify the factors that affect each element
its goal is to determine the causes of a variance
difference between expected result and an actual result
effective way to discover the sum causes of a result
Technical performance measurement
actual performance is tracked compared by project management to the Technical Performance Measurement

42. tools Reserve analysis
Manage the reserve and use them only for risks keeping the project risk on track.
Additional reserve could be requested, or could be reduced if there is opportunity or threats were not happened

43. Sample PMP Certification Questions

44. Questions
All of the following are factors in the assessment of project risk EXCEPT?
A. Risk event
B. Risk probability
C. Amount at stake
D. Insurance premiums
Answer D
Explanation Insurance premiums come into play when you determine which risk response strategy you will use.

45. Questions
Which of the following risk events is MOST likely to interfere with attaining a project's schedule objective? A. Delays in obtaining required approvals B. Substantial increases in the cost of purchased materials C. Contract disputes that generate claims for increased payments D. Slippage of the planned post-implementation review meeting Answer A Explanation Cost increases (choice B) and contract disputes (choice C) will not necessarily interfere with schedule. Notice the words "post-implementation" in choice D. It will not definitely interfere with the project schedule. Choice A is the only one that deals with a time delay

46. Questions
Risks will be identified during which risk management process(es)? A. Quantitative risk analysis and risk identification B. Risk identification and risk monitoring and control C. Qualitative risk analysis and risk monitoring and control D. Risk identification Answer B Explanation This is a tricky question. Risks are identified during risk identification, naturally, but newly emerging risks are identified in risk monitoring and control

47. Questions
Risk tolerances are determined in order to help: A. the team rank the project risks. B. the project manager estimate the project. C. the team schedule the project. D. management know how other managers will act on the project. Answer A Explanation If you know the tolerances of the stakeholders, you can determine how they might react to different situations and risk events. You use this information to help assign levels of risk on each work package or activity

48. Questions
You are finding it difficult to evaluate the exact cost impact of risks. You should evaluate on a(n): A. quantitative basis. B. numerical basis. C. qualitative basis. D. econometric basis. Answer C Explanation If you cannot determine an exact cost impact to the event, use qualitative estimates such as Low, Medium, High, etc

49. Questions
Purchasing insurance is BEST considered an example of risk: A. mitigation. B. transfer. C. acceptance. D. avoidance. Answer B Explanation To mitigate risk (choice A) we either reduce the probability of the event happening or reduce its impact. Many people think of using insurance as a way of decreasing impact. However, mitigating risk is taking action before a risk event occurs. Buying insurance is not such an action. Acceptance of risk (choice C) does not involve such action as purchasing insurance. Avoidance of risk (choice D) means we change the way we will execute the project so the risk is no longer a factor. Transference is passing the risk off to another party

50. Questions
An output of risk response planning is: A. residual risks. B. risks identified. C. prioritized list of risks. D. impacts identified. Answer A Explanation Risks are identified (choice B) during risk identification and risk monitoring and control. Prioritized risks (choice C) are documented during qualitative and quantitative risk analysis. Impacts (choice D) are generally determined during quantitative risk analysis. The best answer is A

51. Questions
The customer requests a change to the project that would increase the project risk. Which of the following should you do before all the others? A. Include the expected monetary value of the risk in the new cost estimate. B. Talk to the customer about the impact of the change. C. Analyze the impacts of the change with the team. D. Change the risk management plan Answer C Explanation This is a recurring theme. First, you should evaluate the impact of the change. Next, determine options. Then go to management and the customer

52. Thanks