11.

3 Project risk Management

Applied Risk Case Study

Project Risk Management

Scope
University of the West of Scotland
Quality

Time is the scarcest resource and unless it

is managed nothing else can be managed.
Time Cost
PETER DRUCKER (1909–2005),
Austrian Management Consultant
 2

Learning Objectives
• Upon completion, you should be able to:
– Distinguish between a project and a process.
– Explain the purpose and benefits of performing project
risk management.
– Outline common sources of risk found in projects in
general and in IT systems development specifically.
– Discuss the impact of uncertainty throughout the stages
of a project life cycle.
– Give a chronological list and some details of the various
project risk management methodologies.
 3

Introduction
• In this presentation, we will look at the specific issues of
risk in the context of Project Management.
• Risk management has a particular role to play in project
management. In particular, it is concerned with the risks
that might prevent the successful outcome of a project.
• Whatever discipline you work in, everyone is involved in
projects at some time.
 4

What is a Project?
• First we need to be clear what we mean by a project,
because today, projects come in all shapes and sizes.
• The following is a common definition of a project:
• A unique set of co-ordinated activities, with a definite
starting and finishing point, undertaken by an individual
or organisation to meet specific performance objectives
within defined schedule, cost and performance goals.
• The key word is unique – a project is a non-repetitive
activity.
 5

Benefits of Project Risk Management (PRM)

• PRM delivers a number of values, including:
– Recognizes uncertainty and provides forecasts of possible
outcomes.
– Produces better business outcomes through more informed
decision making.
– Has a positive influence on creative thinking and innovation.
– Creates opportunities for improved project monitoring and
control.
– Can aid in addressing concerns with respect to overhead and
time.
– Contributes to project success.
(Washington State Department of Transportation,
Project Risk Management Guide, 2018)
 6

Purpose of PRM
• PRM is a process which enables the analysis and
management of the risks associated with a project.
• Properly undertaken it will increase the likelihood of
successful completion of a project to cost, time and
performance objectives.
• That is, PRM is concerned with both the positive and
negative side of risk; Chapman and Ward (2004) equate
PRM to Project Uncertainty Management.
 7

Project Uncertainty
“Uncertainty which matters is central to all projects. It is not
just a question of how long a project will take, or how much it
will cost. Uncertainty which matters includes which parties
ought to be involved, the alignment of their motives, the
alignment of project objectives with corporate strategic
objectives, shaping the design and resource requirements,
choosing and managing appropriate processes, managing
the underlying trade-offs between all relevant attributes
measuring performance, and the implications of associated
risk.” – (Ward and Chapman, 2003)
 8

A History of ‘Challenged’ Projects

• One of the reasons for so much focus on PRM is a long
history of projects that have encountered problems.
• There are many well-known examples of projects which
have encountered major problems:
– the cost of the Channel Tunnel; the cost of the Scottish
Parliament building; the cost of the UK’s HS2 high-speed
railway line; numerous major IT projects that have simply
been abandoned.
• However, there is also now a great deal of data about the
more routine problems found in Project Management.
 9

The Peril Database

• One area where projects have often encountered problems,
has been in the delivery of new IT systems.
• The Peril Database (Project Experience Risk Information
Library) is based on the outcomes of over 600 mainly IT
projects. Staff on these projects were asked to log problems
that they had encountered.
http://www.failureproofprojects.com/index.php
 10

Sources of Risk – PERIL Database

The PERIL database classifies sources of risk by scope,
resources and schedule, as follows:
• Scope (or project deliverables) problems include scope
change(or scope creep) and defects (technical failures).
• Schedule problems include delays (due to unrealistic
deadlines); incorrect estimates (learning curves); and task
dependencies (e.g. interdependencies between tasks or
other projects).
• Resource problems include various people issues
(loss/resignation, motivation), outsourcing (vendor late),
and money (funding limits).
 11

PERIL – Sources of Risk Histogram

 12

Sources of Project Risk – The 7 Ws

• Chapman and Ward (2011) describe the 7 Ws as sources of
project risk. They offer a 7 Ws framework based on the
following 7 (paraphrased) questions:
1. Who are the parties ultimately involved?
2. Why do the parties want to achieve this?
3. What is it that each party is interested in?
4. Which way (how) is each party’s work to be done?
5. What resources are required?
6. When does it have to be done?
7. Where will this take place?
• “Understanding the uncertainty associated with each of
these basic questions, and the implications of interactions
between them, is fundamental to effective identification and
management of both threats and opportunities.”
 13

Integration of Risk and Project Management

• Both risk and project management provide sufficient
challenges on their own, their successful integration
provides another dimension of difficulty.
• Project management requires a tricky balancing act
between quality, schedule and costs.
(the so-called Iron Triangle).
• When risk is factored into the equation, there are new
major issues to consider such as the risk tolerance of
the various project stakeholders.
 14

Project Life Cycles

• Projects have specific start and end points and project life
cycles, such as the following:
– Conception
– Design
– Planning
– Resourcing
– Execution
– Delivery
– Review
– Support
• The following table shows some of the uncertainty issues to
consider at different stages in the project life cycle.
 15

Uncertainty and the Project Life Cycle

The following is an extract from a table showing uncertainty
issues at different stages of the Project Life Cycle.
(Atkinson, Crawford and Ward, 2006)
Project Life Cycle Stage Uncertainty Management Issues
Conception Level of definition
Definition of appropriate performance objectives
Managing stakeholder expectations
Design Novelty of design and technology
Determining ‘fixed’ points in the design
Control of changes
Planning Identifying and allowing for regulatory constraints
Concurrency of activities required
Capturing dependency relationships
Errors and omissions
 16

Project Risk Management

• Project Risk Management is a continuous process that can
be started at almost any stage in the life-cycle of a project
and can be continued until the costs of using it are greater
than the potential benefits to be gained.
• As time progresses, the effectiveness of Project Risk
Management tends to diminish, therefore it is most
beneficial to use it in the earlier stages of a project.
• There are points in a project where particular benefits can
be achieved by using it….
– Feasibility Study - At this stage the project is most flexible so
risks can be reduced at relatively low cost. It can also help in
deciding between various project implementation options.
 17

Stages of a Project
– Sanction: The client can view the risk exposure associated
with the project and check that all possible steps to manage
risks have been taken. If a quantitative analysis has been
carried out the client will be able to understand the likelihood of
achieving the project objectives (cost, time and performance).
– Tendering: The contractor can ensure that all risks have been
identified and set risk contingency or check risk exposure.
– Post Tender: The client can ensure that all risks have been
identified by the contractor and assess the likelihood of
tendered programmes being achieved.
– At Intervals during Implementation: It can help to improve the
likelihood of completing the project to cost and timescale if all
risks are identified and are correctly managed as they occur.
 18

Risk Management During a Project

 19

PRM Methodologies
• Today there are a number of methodologies which integrate
risk and project management, for example, PERT, PRAM,
RAMP and SHAMPU. These methodologies have been
evolving for over 50 years.
• The key stages and milestones in this history, are:
– 1950s: Program Evaluation and Review Technique (PERT)
– 1960s: PERT was combined with Monte Carlo Simulation.
– Towards the end of the 1960s: Graphical Evaluation and
Review Technique (GERT)
 20

PRM Methodologies
– 1970s: Synergistics Contingency Planning and Review
Technique (SCERT)
– Mid 1990s: Project Risk Analysis and Management (PRAM)
developed by APM
– 1997: Shape, Harness and Manage Project Uncertainty
(SHAMPU2)
– 1998: Risk Analysis and Management of Projects (RAMP)
(Simon, 1998)
– 2000, 2004: PMBOK (PMI): PRM
 21

More Recent Developments

• 2000 (Leach) Identify potential risk events, estimate the risk
probability, estimate the risk impact, identify potential risk
triggers, analyse risks, prevent risk event, plan for
mitigation, insure against risk, monitor for risk triggers.
• 2002 IRM/ AIRMIC/ ALARM Strategic objective,
assessment, reporting, decision, response, reporting,
monitoring.
• 2002 (Smith and Merritt) Identification, analysis, prioritizing
and mapping, response, monitoring.
• 2004 PRMA8 Establish context, identify risks, analyse risks,
evaluate risk, response risks, review and monitoring,
communicate with consultants.
 22

PRAM
• Project Risk Analysis and Management
• Define, focus, assess (structure, ownership, estimate,
evaluate), planning, management.
– Step 1: Identify the Risks
– Step 2: Assess The Risk
– Step 3: Plan Risk Mitigation
– Step 4: Develop the Project Risk Profile
– Step 5: Update Project Plan
 23

SHAMPU
• Shape, Harness And Manage Project Uncertainty.
• In its simplest form, SHAMPU process calls for the shaping
of the project which will include clarifying risk ownership,
harnessing plans and implementation management.
• For example, it specifies:
– Identify sources of uncertainty at a strategic level in terms of
opportunities and threats. Identify what might be done about it,
in terms of proactive and reactive responses. Identify
secondary sources of uncertainty associated with responses.
 24

Summary
• Because projects are unique, they are sources of much
uncertainty.
• Over the years, many projects have failed to deliver
successfully.
• Therefore Project Risk Management has evolved as a
separate discipline in itself.
• The basic concepts of Risk Management are still the same.
• However, its integration with Project Management can be
problematic.
• At what stage in the project should risk assessments be
conducted – and how much?
 25

References and Further Reading

• Atkinson, R et al. (2006) Fundamental Uncertainties in Projects
and the Scope of PM, Intl. J. of PM, 24(8): 687-698.
• APM (2010) Project Risk Analysis and Management Guide, 2e.
• Chapman and Ward (2011) How to Manage Project Opportunity
and Risk, 3e, Wiley.
• Chapman, C and Ward, S (2004) Why Risk Efficiency is a Key
Aspect of Best Practice Projects, Intl. J. of PM, 22(8): 619-632.
• Kendrick, T (2018) Identifying and Managing Project Risk:
Essential Tools for Failure-Proofing Your Project, 3e, AMACOM.
• Ward, S and Chapman, C (2003) Transforming Project Risk
Management into Project Uncertainty Management, Intl. J. of
PM, 21(2): 97-105.
• Washington State Department of Transport (2018) Project Risk
Management Guide.