Project Management Risk Management.
-
Upload
earl-wright -
Category
Documents
-
view
232 -
download
3
description
Transcript of Project Management Risk Management.
Project ManagementRisk Management
Project Management© 2009 Olaf Passenheim & Ventus Publishing ApSISBN 978-87-7681-487-8
Risk Identification Process.
The risk identification process has four entries:
1. Identified risks assumptions are listed2. Potential responses identified here will serve as
inputs to the risk response planning process3. Root causes of risk are fundamental conditions
which cause the identified risk4. The process of identifying risks can lead to new
risk categories being added
Risk Identification Process.
The process requires detailed knowledge of the organisation or project: The market, legal issues, social, political and
cultural environment in which it operates, the development and strategic and operational objectives the organisation has.
Factors critical to its success and the threats and opportunities related to the achievement of these objectives.
Risk Identification Process.
The risk identification is done in a methodical way.
This has to be done to ensure that all important activities and possible consequences related to
these activities are identified.
Risk Analysis
The basis of risk analysis is made on the basis of the risk identification process.
Risk analysis covers a complete and continuous evaluation for all identified risks.
The goal is to detect possible interrelationships to identify an order of importance.
Furthermore, the consequences for the project itself and the organizational goals can be
identified.
Risk Analysis
The evaluation of the risks contains:
Objectivity: The reference to the special market should be
taken into consideration to make the objectivity feasible.
For internal risks a subject evaluation is often necessary.
Risk Analysis
The evaluation of the risks contains:
Comparability: The evaluation of risks should lead to
comparable results. Therefore the organisation should use consistent and standardized methods and data.
Risk Analysis
The evaluation of the risks contains:
Quantification: By means of quantification the organisation is
able to detect deviation from the targeted goal.
Risk Analysis
The evaluation of the risks contains:
Consideration of interdependencies: Not realizing connections between risks and their
meaning for the project and possibly for the whole organisation can be a big risk.
The project team should carefully consider the risks and the reaction to it can mean for the project and the organisation
A good solution for one department can mean a problem for another department.
Risk Analysis
The most commonly used technique for risk analyzing is the so-called scenario analysis.
This simply consists of the probability of the event and the impact this would have on the project.
Risk Analysis
Risk Analysis - Evaluation
Define the levels for evaluating the risks. A range between 1 and 5 gives the impact or the
likelihood a certain “size”. For a more detailed evaluation there could also
be a range between 1 and 20. There could also be a more exact classification of
what a ‘very low impact’ means. This could be described by letters and for probability or
affected costs, percentages could be stated for the different evaluation levels.
Risk Analysis - Evaluation
Risk Analysis - Risk Matrix
Use a matrix to show the importance of several risks. The matrix shows two aspects of the considered risk: the impact it would cause the probability of its occurrence.
An often used matrix has 5 times 5 fields, each with another value of probability and impact.
Risk Analysis - Risk Matrix
Risk Analysis - Risk Matrix
Red zone, representing the major risks, means nothing good.
The yellow stands for moderate Green fields for minor risks.
Risk Analysis - Risk Matrix
The red zone goes very deep into the probability menu because the impact is still so high although the probability is low.
In general one can say that the impact is more important, as this comparison shows:
10% probability of losing 1 Mio. € is considered to be a more serious risk than a 90% probability of losing 1.000 €.
Risk Analysis - Risk Matrix
It helps prioritize the risks.
Prioritization helps to assign the resources reasonably as all resources such as material,
financial means, human resources and time are limited.
Task
Do a full list of risks in your project
Put down everything that could happen in relation to your project.
Risk Analysis - FMEA
The FMEA (Failure mode and effects analysis) model is similar to the matrix but extends the impact and probability by the detection possibility, meaning how hard it is to actually realise the occurring risk.
The equation enlarged with detection is:
Impact x Probability x Detection = Risk Value
Risk Analysis - FMEA
Each of the dimensions is evaluated by a five-point scale.
Impact: 1 – 5 points Probability: 1 – 5 points Detection: 1 – 5 points
Impact x Probability x Detection = Risk Value
Risk Analysis - FMEA
Detection describes the ability of the project team to detect that the risk is threatening.
”1” would mean easy to detect and “5” that the detection would probably only take place when it is considered too late.
The range is between 1 and 125.
‘1’ shows the risk has a low probability, an impact of level 1 and would be easy to detect.
Risk Analysis - FMEA
At the other extreme the result ‘125’ would show that the team had to handle a high-impact risk whose probability is high and nearly impossible to detect.
That would mean consideration has to be given whether to start the project or not if the risk could not be mitigated or transferred. All in all, the range between 1 and 125 can be used to define the hazardous nature of a risk.
Risk Analysis – Risk Responce
Riks response is how to react to a risk.
The five main alternatives
Mitigate Avoid Transfer Share Retain
Risk Analysis – Risk Responce
Mitigate Is to reduce of the impact and the possibility of
risk occurrence.
First an attempt is made to reduce the probability and then the impact.
By testing and prototyping one can test the project in a smaller format with less risk and thereby detect possible failures and problems.
Risk Analysis – Risk Responce
Mitigate Two things that cannot be mitigated easily are
cost and time, because money and days are used up.
But risk management has a solution for this:
Budget reserves and time buffers. This ratio is often directly related to the experience gained from recent projects.
Risk Analysis – Risk Responce
Avoid Avoiding risk is a drastic approach as the whole
project plan might change to avoid the risk.
One should consider carefully whether particular risk warrants changing the plan.
An example of avoiding a risk could be using well known technology instead of new, experimental, technology.
Risk Analysis – Risk Responce
Transfer With the risk transfer, the risk is just moved but
not eliminated or dampened.
Outsourcing makes the contractor take the risk.
Risk transfer will cost money, as the contractor also has to include the risk possibility in pricing
Entails the risk that the subcontractor fails
Risk Analysis – Risk Responce
Transfer Contracting insurance can work as transfering
risk.
This may work well for some specific cases but for project management in general it is not really the right approach.
Contracting insurance for a project can be used for low-probability and high-impact events.
Risk Analysis – Risk Responce
Sharing Sharing risk means that different parties share
the risks of the same project.
One well known example is Airbus - from the aircraft industry. Airbus allocated risk to the R&D departments over different countries like France, Britain and Germany.
Risk Analysis – Risk Responce
Sharing Another kind of sharing of risk is signing a BOOT
contract. “Build-Own-Operate-Transfer”
The project organisation buildings the plant and runs it until the operations are running smoothly and the ownership is then transferred to the client.
Risk Analysis – Risk Responce
Retaining Accepting the risk can be the easiest way to
handle it. The possibility of the risk occurring is often so low that the risk could be accepted.
The impact of the risk is very low and it is easier to buffer financially and just keep on working.
With the help of buffers and reserves some risks could be taken as they appear.
Risk Analysis – Contingency Plan
A contingency plan provides a plan if one of the known risks becomes reality.
With the help of that plan the action that is to be followed is already clear before the risk appears.
The contingency plan has the necessary steps described for dealing with the risk and has been
well thought out during the project planning phase.
Risk Analysis – Contingency Plan
The availability of a contingency plan can significantly increase the chances for project
success.
Cost estimations and the probable source should be named and the plan and the allocation of tasks
should be clear.
Risk Analysis – Contingency Plan
Having a contingency plan is absolutely necessary.
Otherwise a risk might slow the managerial response and any decisions made under pressure will likely be poor and potentially dangerous and
costly.
Risk Control
Risk Control
The very last step in the whole risk management process is risk control.
Executing the risk response strategy, monitoring and triggering events, initiating contingency plans,
and continuously watching for new risks.
During the project are changes in scope, budget, and schedule which has to be controlled.
Risk Control
If the actual organisation culture is one where mistakes are punished, team members do not want
to find new risks and thus problems.
The tendency to suppress such important information is higher when the responsibilities are unclear and the team is under great time pressure from the top management to finish the project in
within a short timeframe.
Risk Control
So the project must have an environment in which all members can raise concerns or admit mistakes.
Hiding risks or denying problems is not good for the future success of the company.
Assignment of responsibility for every risk. Who must respond and how.
Risk Control
Most control sysmtems will contain following:
Identify proposed changes List expected effects of changes on schedule and budget Review, evaluate, and approve or refuse changes formally Negotiate and resolve conflicts of change, conditions and cost Communicate changes to parties affected Assign responsibility for implementing change Adjust master schedule and budget Track all changes that are to be implemented
Risk Control
Change control is an important part of the project.
As the project matures there must be a person or group, who is responsible for approving the changes, keeping the documents updated, and communicating
all changes to the relevant stakeholders.
Success depends heavily on keeping the change control process updated.