Project Management Risk Management.

Project ManagementRisk Management

Risk Identification Process.

The risk identification process has four entries:

1. Identified risks assumptions are listed2. Potential responses identified here will serve as

inputs to the risk response planning process3. Root causes of risk are fundamental conditions

which cause the identified risk4. The process of identifying risks can lead to new

risk categories being added


The process requires detailed knowledge of the organisation or project: The market, legal issues, social, political and

cultural environment in which it operates, the development and strategic and operational objectives the organisation has.

Factors critical to its success and the threats and opportunities related to the achievement of these objectives.


The risk identification is done in a methodical way.

This has to be done to ensure that all important activities and possible consequences related to

these activities are identified.

Risk Analysis

The basis of risk analysis is made on the basis of the risk identification process.

Risk analysis covers a complete and continuous evaluation for all identified risks.

The goal is to detect possible interrelationships to identify an order of importance.

Furthermore, the consequences for the project itself and the organizational goals can be

identified.

Risk Analysis

The evaluation of the risks contains:

Objectivity: The reference to the special market should be

taken into consideration to make the objectivity feasible.

For internal risks a subject evaluation is often necessary.

Risk Analysis


Comparability: The evaluation of risks should lead to

comparable results. Therefore the organisation should use consistent and standardized methods and data.

Risk Analysis


Quantification: By means of quantification the organisation is

able to detect deviation from the targeted goal.

Risk Analysis


Consideration of interdependencies: Not realizing connections between risks and their

meaning for the project and possibly for the whole organisation can be a big risk.

The project team should carefully consider the risks and the reaction to it can mean for the project and the organisation

A good solution for one department can mean a problem for another department.

Risk Analysis

The most commonly used technique for risk analyzing is the so-called scenario analysis.

This simply consists of the probability of the event and the impact this would have on the project.

Risk Analysis

Risk Analysis - Evaluation

Define the levels for evaluating the risks. A range between 1 and 5 gives the impact or the

likelihood a certain “size”. For a more detailed evaluation there could also

be a range between 1 and 20. There could also be a more exact classification of

what a ‘very low impact’ means. This could be described by letters and for probability or

affected costs, percentages could be stated for the different evaluation levels.

Risk Analysis - Evaluation

Risk Analysis - Risk Matrix

Use a matrix to show the importance of several risks. The matrix shows two aspects of the considered risk: the impact it would cause the probability of its occurrence.

An often used matrix has 5 times 5 fields, each with another value of probability and impact.


Red zone, representing the major risks, means nothing good.

The yellow stands for moderate Green fields for minor risks.


The red zone goes very deep into the probability menu because the impact is still so high although the probability is low.

In general one can say that the impact is more important, as this comparison shows:

10% probability of losing 1 Mio. € is considered to be a more serious risk than a 90% probability of losing 1.000 €.


It helps prioritize the risks.

Prioritization helps to assign the resources reasonably as all resources such as material,

financial means, human resources and time are limited.

Task

Do a full list of risks in your project

Put down everything that could happen in relation to your project.

Risk Analysis - FMEA

The FMEA (Failure mode and effects analysis) model is similar to the matrix but extends the impact and probability by the detection possibility, meaning how hard it is to actually realise the occurring risk.

The equation enlarged with detection is:

Impact x Probability x Detection = Risk Value


Each of the dimensions is evaluated by a five-point scale.

Impact: 1 – 5 points Probability: 1 – 5 points Detection: 1 – 5 points

Impact x Probability x Detection = Risk Value


Detection describes the ability of the project team to detect that the risk is threatening.

”1” would mean easy to detect and “5” that the detection would probably only take place when it is considered too late.

The range is between 1 and 125.

‘1’ shows the risk has a low probability, an impact of level 1 and would be easy to detect.


At the other extreme the result ‘125’ would show that the team had to handle a high-impact risk whose probability is high and nearly impossible to detect.

That would mean consideration has to be given whether to start the project or not if the risk could not be mitigated or transferred. All in all, the range between 1 and 125 can be used to define the hazardous nature of a risk.

Risk Analysis – Risk Responce

Riks response is how to react to a risk.

The five main alternatives

Mitigate Avoid Transfer Share Retain


Mitigate Is to reduce of the impact and the possibility of

risk occurrence.

First an attempt is made to reduce the probability and then the impact.

By testing and prototyping one can test the project in a smaller format with less risk and thereby detect possible failures and problems.


Mitigate Two things that cannot be mitigated easily are

cost and time, because money and days are used up.

But risk management has a solution for this:

Budget reserves and time buffers. This ratio is often directly related to the experience gained from recent projects.


Avoid Avoiding risk is a drastic approach as the whole

project plan might change to avoid the risk.

One should consider carefully whether particular risk warrants changing the plan.

An example of avoiding a risk could be using well known technology instead of new, experimental, technology.


Transfer With the risk transfer, the risk is just moved but

not eliminated or dampened.

Outsourcing makes the contractor take the risk.

Risk transfer will cost money, as the contractor also has to include the risk possibility in pricing

Entails the risk that the subcontractor fails


Transfer Contracting insurance can work as transfering

risk.

This may work well for some specific cases but for project management in general it is not really the right approach.

Contracting insurance for a project can be used for low-probability and high-impact events.


Sharing Sharing risk means that different parties share

the risks of the same project.

One well known example is Airbus - from the aircraft industry. Airbus allocated risk to the R&D departments over different countries like France, Britain and Germany.


Sharing Another kind of sharing of risk is signing a BOOT

contract. “Build-Own-Operate-Transfer”

The project organisation buildings the plant and runs it until the operations are running smoothly and the ownership is then transferred to the client.


Retaining Accepting the risk can be the easiest way to

handle it. The possibility of the risk occurring is often so low that the risk could be accepted.

The impact of the risk is very low and it is easier to buffer financially and just keep on working.

With the help of buffers and reserves some risks could be taken as they appear.

Risk Analysis – Contingency Plan

A contingency plan provides a plan if one of the known risks becomes reality.

With the help of that plan the action that is to be followed is already clear before the risk appears.

The contingency plan has the necessary steps described for dealing with the risk and has been

well thought out during the project planning phase.


The availability of a contingency plan can significantly increase the chances for project

success.

Cost estimations and the probable source should be named and the plan and the allocation of tasks

should be clear.


Having a contingency plan is absolutely necessary.

Otherwise a risk might slow the managerial response and any decisions made under pressure will likely be poor and potentially dangerous and

costly.

Risk Control

Risk Control

The very last step in the whole risk management process is risk control.

Executing the risk response strategy, monitoring and triggering events, initiating contingency plans,

and continuously watching for new risks.

During the project are changes in scope, budget, and schedule which has to be controlled.

Risk Control

If the actual organisation culture is one where mistakes are punished, team members do not want

to find new risks and thus problems.

The tendency to suppress such important information is higher when the responsibilities are unclear and the team is under great time pressure from the top management to finish the project in

within a short timeframe.

Risk Control

So the project must have an environment in which all members can raise concerns or admit mistakes.

Hiding risks or denying problems is not good for the future success of the company.

Assignment of responsibility for every risk. Who must respond and how.

Risk Control

Most control sysmtems will contain following:

Identify proposed changes List expected effects of changes on schedule and budget Review, evaluate, and approve or refuse changes formally Negotiate and resolve conflicts of change, conditions and cost Communicate changes to parties affected Assign responsibility for implementing change Adjust master schedule and budget Track all changes that are to be implemented

Risk Control

Change control is an important part of the project.

As the project matures there must be a person or group, who is responsible for approving the changes, keeping the documents updated, and communicating

all changes to the relevant stakeholders.

Success depends heavily on keeping the change control process updated.

Project Management Risk Management.

Documents

Transcript of Project Management Risk Management.