Download - 07 managing risk
Purpose
The purpose of risk management is to reduce
the overall project risk to a level that is
acceptable to the project sponsor and other
stakeholders.
4
Understanding the Project Risk
• Project risk is defined by PMI as “an uncertain event or
condition that, if it occurs, has a positive or negative
effect on a project’s objectives”.
• A negative impact poses a threat
threat – “a condition or situation unfavorable to the
project…a risk that will have a negative impact on a project
objective if it occurs.” PMBOK® Guide
5
Understanding the Project Risk
• A positive impact poses an opportunity
• A project manager proactively seeks to
eliminate/reduce the impact of threats and
capitalize on opportunities
opportunity – “a condition or situation favorable to the
project … a risk that will have a positive impact on a project
objective if it occurs.” PMBOK® Guide
6
Risk Management
• Risk Management
–A proactive attempt to recognize and manage internal
events and external threats that affect the likelihood of
a project’s success.
• What can go wrong (risk event).
• How to minimize the risk event’s impact (consequences).
• What can be done before an event occurs (prevention).
• What to do when an event occurs (contingency plans).
9
Risk Management’s Benefits
• A proactive rather than reactive approach.
• Reduces surprises and negative consequences.
• Prepares the project manager to take advantage
of appropriate risks.
• Provides better control over the future.
• Improves chances of reaching project
performance objectives within budget and on time.
10
1. Risk Identification
• Information gathering
• Risk Profile
• Risk Breakdown Structure (RBS)
• Understanding relationships
• Risk register
Risk identification – “the process of determining which
risks might affect the project and documenting their
characteristics.” PMBOK® Guide
12
• A brainstorming activity considering “what could go wrong”
• Interview stakeholders
• Use a SWOT analysis
• Use a structured review – review a variety of project and other documents to uncover possible risks
Information Gathering
13
14
A risk profile is a list of questions that address traditional areas of
uncertainty on a project. These questions have been developed
and refined from previous, similar projects
Partial Risk
Profile for
Product
Development
Project
Risk Profile
15
Risk Breakdown Structure (RBS)
Organizations use risk breakdown structures (RBSs) in conjunction with
work breakdown structures (WBSs) to help management teams identify and
eventually analyze risks.
• Learn the cause and effect relationships on risk events
– Use a flow chart that shows how people, money, data, or materials
flow from one person/location to another
• Consider why a certain risk event may happen through
root cause analysis
– “Why might this happen?”
Root cause analysis – “an analytical technique used to
determine the basic underlying reason that causes a
variance or defect or risk. A root cause may underlie more
than one variance or defect or risk.” PMBOK® Guide
Understanding Relationships
16
• Understand triggers
• A trigger may be specific to an individual risk
• Triggers can be general indications of problems
for the project as a whole
Triggers – “indications that a risk has occurred or is about
to occur.” PMBOK® Guide
Understanding Relationships
17
• Project manager displays lack of self-esteem
• Team members do not show enthusiasm for project.
• Project was started with inadequate time for planning.
• Communications is overly general with little focus.
• Reports yield little information about true project status.
• Little effort has been given to risk management.
Trigger for a Project as a Whole
18
• The primary output of risk identification is the risk
register
• The risk register includes risk categories, identified risks,
potential causes, potential responses
• The risk register is a living document
Risk register – “the document containing the results of the
qualitative risk analysis, quantitative risk analysis, and risk
response planning. The risk register details all identified
risks, including description, category, cause, probability of
occurring, impact(s) on objectives, proposed responses,
owners, and current status.” PMBOK® Guide
Risk Register
19
2. Risk Assessment
• Qualitative Risk Analysis
• Quantitative Techniques in Risk Analysis
• Risk Register Updates
21
Risk event / condition
Severity Impact (Effect or Consequences)
Causes
Likelihood of occurrence
Controllability
Risk assessment is the determination of quantitative or qualitative value
of risk related to a concrete situation and a recognized threat (also called
hazard).
• How likely is a risk to happen?
• How big will the impact be?
• When is the risk likely to occur?
• How easy will it be to notice and correctly
interpret the trigger?
Qualitative risk analysis – “the process of prioritizing risks
for subsequent further analysis or action by assessing and
combining their probability and impact.” PMBOK® Guide
Qualitative Risk Analysis
22
Qualitative Risk Assessment - Risk Severity Matrix
24
Very Low Low Medium High Critical
Very High
High
Medium
Low
Very Low
Hardware
Malfunctio
ning
Interface
Problem
System
freezing
• Bigger, more complex, riskier, more expensive projects
may benefit from the rigor of quantitative structured
techniques
• Use when it is critical to predict the probability of
completing a project on-time, on-budget, at the agreed
upon scope and/or agreed upon quality
Quantitative risk analysis – “the process of numerically
analyzing the effect on overall project objectives of identified
risks.” PMBOK® Guide
Quantitative Techniques in
Risk Assessment
25
• Add the probability of each risk occurring and its
impact to the register
• Document results of quantitative risk analysis in
the risk register
Risk Register Updates
27
3. Risk Response Development
• Strategies for Responding to Risks
• Develop contingency plans
• Risk Register Updates
Risk response planning – “the process of developing
options and actions to enhance opportunities and reduce
threats to project objectives.” PMBOK® Guide
28
• Contingency Plan
– An alternative plan that will be used if a possible foreseen risk
event actually occurs.
– A plan of actions that will reduce or mitigate the negative impact
(consequences) of a risk event.
• Risks of Not Having a Contingency Plan
– Having no plan may slow managerial response.
– Decisions made under pressure can be potentially dangerous
and costly.
Contingency Planning
30
4. Risk Response Control
• Step 4: Risk Response Control
–Risk control
• Execution of the risk response strategy
• Monitoring of triggering events
• Initiating contingency plans
• Watching for new risks
–Establishing a Change Management System
• Monitoring, tracking, and reporting risk
• Fostering an open organization environment
• Repeating risk identification/assessment exercises
• Assigning and documenting responsibility for managing risk
32
• Sources of Change
–Project scope changes
–Implementation of contingency plans
–Improvement changes
Change Management Control
33
• The Change Control Process
– Identify proposed changes.
– List expected effects of proposed changes on schedule and
budget.
– Review, evaluate, and approve or disapprove of changes
formally.
– Negotiate and resolve conflicts of change, condition, and cost.
– Communicate changes to parties affected.
– Assign responsibility for implementing change.
– Adjust master schedule and budget.
– Track all changes that are to be implemented
Change Management Control
34
Key Terms
Avoiding risk
Change management system
Contingency plan
Mitigating risk
Risk
Risk profile
Risk severity matrix
Scenario analysis
Sharing risk
Transferring risk
37