1. Project Risk Management
KEC
Dhapakhel, Lalitpur
By Pushpa Thapa

2. What is a Risk?
A risk is an uncertain event that could have a positive or negative effect on your project
This means there is a probability between 1-99% that the event could occur
If there is a 0% chance of an event occurring, there is no risk
(example; there is a 0% chance your project will be adequately funded, this is not a risk, it is a reality).
By Pushpa Thapa

3. What is a Risk?
If there is a 100% chance of an event occurring, this would be an issue, not a risk
Risks with negative consequences are called threats
Risks with positive consequences are called opportunities (Yes, risk can be good! Stop thinking of risk as bad, and start thinking of it in terms of probabilities!)
By Pushpa Thapa

4. Types of Risk Risks can be broken out into two primary types
1. Pure Risk (hazard)– risk with potential loss only – ex. Fire, theft, personal injury
2. Business Risk (speculative risk) – risk with potential loss or gain
– ex. A highly skilled employee becomes available to work on your project, reducing your schedule time, the tax rate changes, a new server costs less (or more) than you budgeted for!
By Pushpa Thapa

5. What is Project Risk Management?
Project risk management is actively managing the risks on your project.
Project risk management is the systematic process of identifying, analyzing, and responding to risk throughout the life of a project and in the best interests of meeting project objectives.
It includes maximizing the results of positive risks and minimizing the consequences of negative events.
By Pushpa Thapa

6. Why Risk Management
A project manager’s work should not focus on dealing with problems; it should focus on preventing them.
How would it feel to say, “No problem; we anticipated this, and we have a plan in place that will resolve it”.
Performing risk management helps prevent many problems and helps make other problems less likely.
By Pushpa Thapa

7. By Pushpa Thapa

8. How do we Manage Risk? Use the six risk management processes
Plan Risk Management
Identify Risks
Perform Qualitative Risk Analysis
Perform Quantitative Risk Analysis
Plan Risk Responses
Monitor and Control Risks
Plan Risk Management
Identify Risks
Perform Qualitative Risk Analysis
Perform Quantitative Risk Analysis
Plan Risk Responses
Monitor and Control Risk s
By Pushpa Thapa

9. Plan Risk Management
Deciding how to approach and plan the risk management activities for the project.
The main output of risk management planning is a risk management plan—a plan that documents the procedures for managing risk throughout a project.
The project team should review project documents and understand the organization’s and the sponsor’s approaches to risk.
The level of detail will vary with the needs of the project.
By Pushpa Thapa

10. Topics Addressed in a Risk Management Plan
Methodology
Roles and responsibilities
Budget and schedule
Risk categories
Risk probability and impact
Risk documentation
By Pushpa Thapa

11. Risk Identification
Risk identification is the process of understanding what potential events might hurt or enhance a particular project.
Risk identification: Determining which risks are likely to affect a project and documenting the characteristics of each.
Risk identification tools and techniques include:
Brainstorming
The Delphi Technique
Interviewing
SWOT analysis
By Pushpa Thapa

12. Brainstorming
Brainstorming is a technique by which a group attempts to generate ideas or find a solution for a specific problem by amassing ideas spontaneously and without judgment.
An experienced facilitator should run the brainstorming session.
Be careful not to overuse or misuse brainstorming.
Psychology literature shows that individuals produce a greater number of ideas working alone than they do through brainstorming in small, face-to-face groups.
Group effects often inhibit idea generation.
By Pushpa Thapa

13. Delphi Technique
The Delphi Technique is used to derive a consensus among a panel of experts who make predictions about future developments.
Provides independent and anonymous input regarding future events.
Uses repeated rounds of questioning and written responses and avoids the biasing effects possible in oral methods, such as brainstorming.
The Delphi Technique is a method used to estimate the likelihood and outcome of future events. A group of experts exchange views, and each individually gives estimates and assumptions to a facilitator who reviews the data and issues a summary report.
The group members discuss and review the summary report individually, and give updated forecasts to the facilitator, who again reviews the material and issues a second report. This process continues until all participants reach a consensus.
The experts at each round have a full record of what forecasts other experts have made, but they do not know who made which forecast. Anonymity allows the experts to express their opinions freely, encourages openness and avoids admitting errors by revising earlier forecasts.
This article looks at how to run a Delphi session. On completion of this guide you will be able to run a session enabling you to predict future events and their impact on your project.
The technique is an iterative process, and first aims to get a wide range of opinions from the group of experts. The results of the first round of questions, when summarised, provide the basis for the second round of questions. Results from the second round of questions feed into the third and final round.
By Pushpa Thapa

14. Interviewing
Interviewing is a fact-finding technique for collecting information in face-to-face, phone, , or instant-messaging discussions.
Interviewing people with similar project experience is an important tool for identifying potential risks.
By Pushpa Thapa

15. SWOT Analysis
SWOT analysis is the process of examining the project from each of the characteristic’s point of view.
SWOT helps to identify the broad negative and positive risks that apply to a project.
SWOT analysis can also be used during risk identification.
By Pushpa Thapa

16. Example for SWOT Analysis
For example, a technology project may identify SWOT as:
Strengths: The technology to be installed in the project has been installed by other large companies in our industry.
Weaknesses : We have never installed this technology before.
Opportunities : The new technology will allow us to reduce our cycle time for time-to-market on new products. Opportunities are things, conditions, or events that allow an organization to differentiate itself from competitors and improve its standing in the marketplace.
Threats: The time to complete the training and simulation may overlap with product updates, new versions, and external changes to our technology portfolio.
By Pushpa Thapa

17. Risk Identification Process
The main output of the risk identification process is a list of identified risks and other information needed to begin creating a risk register.
Risk register is:
A document that contains the results of various risk management processes and that is often displayed in a table or spreadsheet format.
A tool for documenting potential risk events and related information.
Risk events refer to specific, uncertain events that may occur to the detriment or enhancement of the project.
By Pushpa Thapa

18. Risk Register Contents
An identification number for each risk event.
A rank for each risk event.
The name of each risk event.
A description of each risk event.
The category under which each risk event falls.
The root cause of each risk.
By Pushpa Thapa

19. Risk Register Contents (cont’d)
Triggers for each risk; triggers are indicators or symptoms of actual risk events.
Potential responses to each risk.
The risk owner or person who will own or take responsibility for each risk.
The probability and impact of each risk occurring.
The status of each risk.
By Pushpa Thapa

20. Sample Risk Register No. Rank Risk Description Category Root Cause
Triggers
Potential
Responses
Owner
Probability
Impact
Status
R44 1
R21 2 R7 3
By Pushpa Thapa

21. Qualitative Risk Analysis Process
Prioritizing risks based on their probability and impact of occurrence.
Assess the likelihood and impact of identified risks to determine their magnitude and priority.
Tools and techniques for Qualitative Risk Analysis are:
Probability/impact matrixes
The Top Ten Risk Item Tracking
Expert judgment
By Pushpa Thapa

22. Quantitative Risk Analysis Process
Numerically estimating the effects of risks on project objectives.
Often follows qualitative risk analysis, but both can be done together.
Large, complex projects involving leading edge technologies often require extensive quantitative risk analysis.
Main techniques include:
Decision tree analysis
Simulation
Sensitivity analysis
By Pushpa Thapa

23. Decision Tree Analysis
Decision trees analyze the probability of events and calculate decision value.
By Pushpa Thapa

24. Risk Response Planning
Taking steps to enhance opportunities and reduce threats to meeting project objectives.
After identifying and quantifying risks, you must decide how to respond to them.
Four main response strategies for negative risks:
Risk avoidance
Risk acceptance
Risk transference
Risk mitigation
By Pushpa Thapa

25. Negative Risk Responses
Avoidance
The project plan is altered to avoid the identified risk.
Mitigation
Effort is made to reduce the probability, impact, or both of an identified risk in the project before the risk event occurs.
Transference
The risk is assigned to a third party, usually for a fee. The risk still exists, but the responsibility is deflected to the third party.
Acceptance
The risks are seen as nominal so they are accepted. Risks, regardless of size, that have no other recourse may also be accepted.
By Pushpa Thapa

26. General Risk Mitigation Strategies for Technical, Cost, and Schedule Risks
By Pushpa Thapa

27. Response Strategies for Positive Risks
Risk exploitation: Exploiting the risk is taking action to ensure that the opportunity will be realized.
Risk sharing: Sharing the opportunity occurs when your partner with another company or organization to enable achieving the benefits of the opportunity. Sharing usually involves some type of a contractual relationship.
Risk enhancement: Enhancing the opportunity implies changing the plan or approach to improve the probability of the opportunity occurring or increasing the benefit of the opportunity should it occur.
Example
There is an opportunity to be first-to-market with a new product resulting in significantly increased profits from the original business case.
To enhance the opportunity, you offer your team incentives to keep them motivated and focused on the work. To share the opportunity, you enter into a contractual agreement with another company that can provide a key component required to get to market faster.
To exploit the opportunity, you fast-track and crash your schedule to ensure you will launch prior to your competitor.
By Pushpa Thapa

28. Risk Monitoring and Control
Risk monitoring and control is an active process. The project manager must rely on to effectively monitor and control risks.
Monitoring identified and residual risks, identifying new risks, carrying out risk response plans, and evaluating the effectiveness of risk strategies throughout the life of the project.
Involves executing the risk management process to respond to risk events.
Workarounds are unplanned responses to risk events that must be done when there are no contingency plans.
Main outputs of risk monitoring and control are:
Requested changes.
Recommended corrective and preventive actions.
Updates to the risk register, project management plan, and organizational process assets.
Workarounds are documented in the project plan and the risk response plan. Workarounds are unplanned reactions to risks that were not identified or that were accepted.
By Pushpa Thapa

29. Thank you
By Pushpa Thapa