CHAPTER 8: PROJECT RISK

MANAGEMENT

1
WHAT IS RISK?
 “ Anything worth doing has risks. The challenge is not
to avoid them but to manage them.”
 A dictionary definition of risk is “the possibility of loss
or injury”
 Risks are events or conditions that may occur, and
whose occurrence, if it does take place, has a harmful or
negative impact.
 Uncertain event or condition that, if it occurs, may
affect the project for good or bad.
 Note - there are positive (good outcome) and negative
(bad outcome) risks!

2
 PROJECT RISK MANAGEMENT
 Risk Management is an attempt to minimize the chances of
failure caused by unplanned events.
 Project risk management involves understanding potential
problems that might occur on the project and how they might
impede project success
 Risk management is like a form of insurance; it is an investment.
 Risk Management are processes involved in identifying,
analyzing and responding to risk.
 It includes maximizing the results of positive events
and 3
minimizing the consequences of adverse events.
 CONT..
The goal of project risk management is to minimize potential risks while
maximizing potential opportunities.
Major processes include:
⚫ Risk management planning : preparing a document that foresee
risks, estimate impacts, and define responses.
⚫ Risk identification: determining which risks are likely to affect a
project
and documenting their characteristics.
⚫ Qualitative risk analysis: characterizing and analyzing risks
and prioritizing their effects on project objectives.
⚫ Quantitative risk analysis: measuring the probability and
consequences of
risks.
⚫ The process of numerically analyzing the effect of identified risks
on overall project objectives.
⚫ Risk response : taking steps/actions to enhance opportunities and
reduce threats to meeting project objectives
⚫ Risk monitoring and control: monitoring known risks, identifying new
risks, reducing risks, and evaluating the effectiveness of risk reduction. 4
 RISK MANAGEMENT PLANNING
 The main output of risk management planning is a risk
management plan -a plan that documents the procedures for
managing risk throughout a project.
 The project team should review project documents and
understand the organization’s and the sponsor’s approach to risk.

5
CONTINGENCY AND FALLBACK PLANS AND CONTINGENCY RESERVES

 Contingency plans are predefined actions that the project team

will take if an identified risk event occurs.
 Fallback plans are developed for risks that have a high impact
on meeting project objectives.
 Contingency reserve or allowances are provisions held by the
project sponsor that can be used to mitigate cost or schedule
risk if changes in scope or quality occur.

6
RISK IDENTIFICATION

 Risk identification is the process of understanding what

potential unsatisfactory outcomes are associated with
a particular project.
 Determine which risks may affect and document the
characteristics of the risks.
 Several risk identification tools and techniques include

⚫ Brainstorming
⚫ The Delphi technique(panel discussion of experts)
⚫ Interviewing
⚫ SWOT analysis

7
 RISK FA C T O R S

 Lack of top management commitment to the project

 Failure to gain user commitment

 Misunderstanding the requirement

 Lack of adequate user involvement

 Failure to manage end user expectation

 Changing scope and objectives

 Lack of required knowledge/skill in the project staffs

 New technology

 Insufficient / inappropriate staffing

8
B ROA D C AT E G O R I E S O F R I S K

 Market risk
 Financial risk

 Technology risk

 People risk

 Structure/process risk

9
R I S K B R E A K D O W N S T RU C T U R E
 A risk breakdown structure is a hierarchy of potential risk
categories for a project
 Similar to a work breakdown structure but used to identify and
categorize risks.
 Fig below shows the example of risk breakdown structure

10
 20-Jul-22 Compiled By: Bizuayehu S.

11
CONT.…
POTENTIAL RISK CONDITIONS ASSOCIATED WITH EACH KNOWLEDGE AREA

Knowledge Area Risk Conditions

Integration Inadequate planning; poor resource allocation; poor integration
management; lack of post-project review
Scope Poor definition of scope or work packages; incomplete definition
of quality requirements; inadequate scope control
Time Errors in estimating time or resource availability; poor allocation
and management of float; early release of competitive products
Cost Estimating errors; inadequate productivity, cost, change, or
contingency control; poor maintenance, security, purchasing, etc.
Quality Poor attitude toward quality; substandard
design/materials/workmanship; inadequate quality assurance
program
Human Resources Poor conflict management; poor project organization and
definition of responsibilities; absence of leadership
Communications Carelessness in planning or communicating; lack of consultation
with key stakeholders
Risk Ignoring risk; unclear assignment of risk; poor insurance
management
12
Procurement Unenforceable conditions or contract clauses; adversarial relations
W H O PA RT I C I PAT E S I N R I S K I D E N T I F I C AT I O N ?
 Project manager

 Project team members

 End users

 Other project managers

 Other stakeholders

 Risk management experts

13
 O U T P U T F O R R I S K I D E N T I F I C AT I O N
 Risk Register: is an output of the risk identification
process.
It is tool for documenting potential risk events and
related information.
 List of Identified Risks –outline of event, cause and
impact records.
 List of potential response – early identification of
response to be used.

14
 CONTENTS OF RISK REGISTER
 An identification number for each risk event.
 The name of each risk event.
 Description of each risk event.
 The category under which each risk event falls.
 The root cause of each risk.
 Triggers for each risk; triggers are indicators or symptoms of actual
risk events.
 Potential responses to each risk.
 The risk owner or person who will own or take responsibility for each
risk.
 The probability and impact of each risk occurring.
 The status of each risk.
 Rank for each risk event.
15
RISK REGISTER EXAMPLE

16
QUALITATIVE RISK ANALYSIS
 Assess the likelihood and impact of identified risks to
determine their magnitude and priority
 Tools and techniques include:

⚫ Probability/Impact matrixes
⚫ The Top 10 Risk Item Tracking technique
⚫ Expert judgment

17
PROBABILITY / IMPACT M AT R I X

o A probability/impact matrix lists the relative probability

of a risk occurring and the relative impact of the risk.
 Determine the probability (likelihood) of each risk
occurring (Low, Medium, High)
 Determine the impact (consequences) of each risk
occurring (Low, Medium, High)

18
EXAMPLE

19
 TOP 10 RISK ITEM TRACKING

 Top 10 Risk Item Tracking is a tool for maintaining an awareness

of risk throughout the life of a project.
 Establish a periodic review of the top 10 project risk items
(High Priority Risks)
 List the current ranking, previous ranking, number of times the
risk appears on the list over a period of time, and a summary of
progress made in resolving the risk item

20
 EXAMPLE OF T O P 10 R I S K I T E M T R A C K I N G
Monthly Ranking
Risk Item This Last Number Risk
Month Month of Resolution
Months Progress
Inadequate 1 2 4 Working on revising the
planning entire project plan
Poor definition 2 3 3 Holding meetings with
of scope project customer and
sponsor to clarify
scope
Absence 3 1 2 Just assigned a new
of project manager to
leadership lead
the project after old
one quit
Poor cost 4 4 3 Revising cost estimates

estimate
s
Poor time 5 5 3 Revising schedule 21
estimates estimates
EXPERT JUDGMENT
 Many organizations rely on the natural feelings and past
experience of experts to help identify potential project
risks
 Experts can categorize risks as high, medium, or low with
or without more sophisticated techniques.

22
QUANTITATIVE RISK ANALYSIS
 Often follows qualitative risk analysis, but both can be done
together or separately
 Large, complex projects involving technologies often
require extensive quantitative risk analysis.
 Main techniques include

⚫ Decision tree analysis

⚫ E M V analysis
⚫ Sensitivity analysis

23
 DECISION TREES AND E ST I M AT E D MONETARY VALUE (EMV)

 A decision tree is a diagramming method used to help you

select the best course of action in situations in which
future outcomes are uncertain.
 Estimated monetary value (EMV) is a type of decision tree
technique where you calculate the expected monetary value of
a decision based on its risk event probability and monetary
value.
 You can draw a decision tree to help find the E M V.
24
EXAMPLE: WHICH PROJECT IS MORE RISKY?
 It is the one with Higher E M V

Project 1
 20% chance of gaining
$300,000 (+ Risk)
 80% chance of losing $40,000 (-
Risk)
Project 2
 70% chance of gaining $60,000
(+Risk)
 20% chance of losing $50,000 (-
Risk)
 10% chance of losing $20,000 (-
Risk)

25
C A L C U L AT E E M V AS FOLLOWS

26
 SENSIBILITY A NA LY S I S
 Sensitivity analysis is a technique that helps to determine
which risks have the most potential impact on the project.

27
RISK RESPONSE
 The process of developing options and actions to
enhance opportunities and to reduce threats to project
objectives.
Negative Risks
 A dictionary definition is “the possibility of loss or
injury.”
Positive risks :
 Positive risks are risks that result in good things
happening; sometimes called opportunities.
 Negative risk management involves understanding
potential problems that might occur in the project and
how they might impede project success
 Negative risk management is like a form of insurance;
it is an investment. 28
 R E S P O N S E TO N E G AT I V E R I S K S
 After identifying and quantifying risk, you must decide how
to respond to them.
 Four main strategies:
⚫ Risk avoidance: eliminating a specific threat or risk, usually
by eliminating its causes. Not performing an activity that
could carry risk.
⚫ Risk acceptance: Accepting the loss, or benefit of gain,
from a risk when it occurs.
⚫ Risk transference/share: shifting the consequence
of a risk and responsibility for its management to a third
party.
⚫ Risk mitigation: reducing the impact of a risk event by
reducing the probability of its occurrence.
⚫ Reducing the harshness of the loss or the likelihood
o29f the loss from occurring.
G E N E R A L R I S K M I T I G AT I O N S T R AT E G I E S F O R T E C H N I C A L ,
COST, AND S C H E D U L E RISKS

30
RISK MONITORING AND CONTROL

 Monitoring risks involves knowing their status.

 Controlling risks involves carrying out the risk
management
plans as risks occur.
 Risks must be monitored based on defined milestones and
decisions made regarding risks and mitigation strategies.
 Workarounds are unplanned responses to risk events that must
be done when there are no contingency plans.

31
CONT.…
 The main outputs of risk monitoring and control are:

 project change requests, and updates to other plans

 Recommended corrective and
preventive actions
 Updates to the risk register, project
management plan, and organizational
process assets.
32
R E S I D UA L A N D S E C O N DA RY R I S K S
 It’s also important to identify residual and secondary
risks
 Residual risks are risks that remain after all of the
response strategies have been implemented.
 Secondary risks are a direct result of implementing a
risk response.

33
Thank you

34