Professional Documents
Culture Documents
m3 Reviewer
m3 Reviewer
m3 Reviewer
- Project risk management is the art and science of identifying, analyzing, and responding to
riskthroughout the life of a project and in the bestinterests of meeting project objectives
- Risk management is often overlooked in projects,but it can help improve project success by
helpingselect good projects, determining project scope,and developing realistic estimates
- Study by Ibbs and Kwak shows risk has the lowest lowestmaturity rating of all knowledge areas
- A similar survey was completed with development companies in Mauritius, South Africain 2003,
and risk management also had the lowestmaturity
- KLCI study shows the benefits of following good software risk management practices
Global Issues
- Many people around the world suffered from financial losses as various financial markets
dropped in the fall of 2008, even after the $700 billion bailout bill was passed by the U.S.
Congress
- According to a global survey of 316 financial services executives, over 70 percent of respondents
believed that the losses stemming from the credit crisis were largely due to failures to address
risk management issues
- Worldwide banking and insurance sectors will spend about $78.6 billion on risk information
technologies and services in 2015, growing to $96.3 billion by 2018
Negative Risk
- Positive risks are risks that result in goodthings happening; sometimes calledopportunities
- A general definition of project risk is anuncertainty that can have a negative orpositive effect on
meeting project objectives
- The goal of project risk management is tominimize potential negative risks whilemaximizing
potential positive risks
Best Practice
- Some organizations make the mistake of onlyaddressing tactical and negative risks
whenperforming project risk management
- David Hillson, (www.risk-doctor.com) suggestsovercoming this problem by widening the scope
ofrisk management to encompass both strategicrisks and upside opportunities, which he refers
toas integrated risk management
- In a 2014 paper Hillson described the importanceof good working relationships, especially
betweenthe project sponsor and project manager
Risk Utility
- Risk utility or risk tolerance is the amount ofsatisfaction or pleasure received from a
potentialpayoff
o Utility rises at a decreasing rate for people who are risk-averse
o Those who are risk-seeking have a higher tolerance forrisk and their satisfaction
increases when more payoff isat stake
o The risk-neutral approach achieves a balance betweenrisk and payoff
Project Risk Management Processes
- Planning risk management : Deciding how toapproach and plan the risk management activities
forthe project
- Identifying risks: Determining which risks are likelyto affect a project and documenting
thecharacteristics of each
- Performing qualitative risk analysis: Prioritizingrisks based on their probability and impact
ofoccurrence
- Performing quantitative risk analysis:Numerically estimating the effects of risks on
projectobjectives
- Planning risk responses: Taking steps to enhanceopportunities and reduce threats to meeting
projectobjectives
- Controlling risk: Monitoring identified and residualrisks, identifying new risks, carrying out
riskresponse plans, and evaluating the effectiveness ofrisk strategies throughout the life of the
project
- The main output of this process is a riskmanagement plan—a plan that documents
theprocedures for managing risk throughout aproject
- The project team should review projectdocuments and understand the organization’sand the
sponsor’s approaches to risk
- The level of detail will vary with the needs of theproject
- Methodology
- Roles and responsibilities
- Budget and schedule
- Risk categories
- Risk probability and impact
- Revised stakeholders’ tolerances
- Tracking
- Risk documentation
- Contingency plans are predefined actions that the projectteam will take if an identified risk event
occurs
- Fallback plans are developed for risks that have a highimpact on meeting project objectives, and
are put into effectif attempts to reduce the risk are not effective
- Contingency reserves or allowances are provisions heldby the project sponsor or organization to
reduce the risk ofcost or schedule overruns to an acceptable level;management reserves are
funds held for unknown risksthat are NOT part of the cost baseline but ARE part of thebudget
and funding requirements
- Market risk
- Financial risk
- Technology risk
- People risk
- Structure/process risk
Identifying Risks
- Identifying risks is the process of understanding potential events might hurt or enhance a
particular project
- Another consideration is the likelihood ofadvanced discovery
- Risk identification tools and techniques include:
o Brainstorming
o The Delphi Technique
o Interviewing
o SWOT analysis
Brainstorming
- The Delphi Technique is used to derive a consensus among a panel of experts who
makepredictions about future developments
- Provides independent and anonymous inputregarding future events
- Uses repeated rounds of questioning and writtenresponses and avoids the biasing effects
possiblein oral methods, such as brainstorming
Interviewing
SWOT Analysis
- SWOT analysis (strengths, weaknesses,opportunities, and threats) can also be usedduring risk
identification
- Helps identify the broad negative and positiverisks that apply to a project
Risk Register
- The main output of the risk identification process is a listof identified risks and other information
needed to begincreating a risk register
- A risk register is:
o A document that contains the results of various riskmanagement processes and that is
often displayed in atable or spreadsheet format
o A tool for documenting potential risk events and relatedinformation
- Risk events refer to specific, uncertain events that mayoccur to the detriment or enhancement
of the project
- Triggers for each risk; triggers are indicators orsymptoms of actual risk events
- Potential responses to each risk
- The risk owner or person who will own or takeresponsibility for each risk
- The probability and impact of each risk occurring.
- The status of each risk
Performing Qualitative RiskAnalysis
- Assess the likelihood and impact of identifiedrisks to determine their magnitude and priority
- Risk quantification tools and techniques include:
o Probability/impact matrixes
o The Top Ten Risk Item Tracking
o Expert judgment
Probability/Impact Matrix
- A probability/impact matrix or chart lists therelative probability of a risk occurring on one side
ofa matrix or axis on a chart and the relative impact ofthe risk occurring on the other
- List the risks and then label each one as high,medium, or low in terms of its probability
ofoccurrence and its impact if it did occur
- Can also calculate risk factors:
o Numbers that represent the overall risk of specific eventsbased on their probability of
occurring and theconsequences to the project if they do occur
Top Ten Risk Item Tracking
- Top Ten Risk Item Tracking is a qualitative riskanalysis tool that helps to identify risks
andmaintain an awareness of risks throughout the lifeof a project
- Establish a periodic review of the top ten projectrisk items
- List the current ranking, previous ranking, numberof times the risk appears on the list over a
periodof time, and a summary of progress made inresolving the risk item
Watch List
- A watch list is a list of risks that are low priority,but are still identified as potential risks
- Qualitative analysis can also identify risks thatshould be evaluated on a quantitative basis
- Often follows qualitative risk analysis, but both canbe done together
- Large, complex projects involving leading edgetechnologies often require extensive
quantitativerisk analysis
- Main techniques include:
o Decision tree analysis
o Simulation
o Sensitivity analysis
- A decision tree is a diagramming analysistechnique used to help select the best course ofaction
in situations in which future outcomes areuncertain
- Estimated monetary value (EMV) is the product ofa risk event probability and the risk
event’smonetary value
- You can draw a decision tree to help find the EMV
Simulation
Sensitivity Analysis
- Sensitivity analysis is a technique used to showthe effects of changing one or more variables on
anoutcome
- For example, many people use it to determine whatthe monthly payments for a loan will be
givendifferent interest rates or periods of the loan, or fordetermining break-even points based
on differentassumptions
- Spreadsheet software, such as Excel, is a commontool for performing sensitivity analysis
- After identifying and quantifying risks, you mustdecide how to respond to them
- Four main response strategies for negative risks:
o Risk avoidance
o Risk acceptance
o Risk transference
o Risk mitigation
Response Strategies for Positive Risks
- Risk exploitation
- Risk sharing
- Risk enhancement
- Risk acceptance
Controlling Risks
- Involves executing the risk management process torespond to risk events and ensuring that
riskawareness is an ongoing activity performed by theentire project team throughout the entire
project
- Workarounds are unplanned responses to risk eventsthat must be done when there are no
contingencyplans
- Main outputs of risk control are:
o Work performance information
o change requests
o updates to the project management plan, other projectdocuments, and organizational
process assets
- Risk registers can be created in a simple Word orExcel file or as part of a database
- More sophisticated risk management software,such as Monte Carlo simulation tools, help
inanalyzing project risks
- You can purchase add-ons for Excel and Project2013 to perform simulations
Results of Good Project RiskManagement
Chapter Summary
- Project risk management is the art and science ofidentifying, analyzing, and responding to
riskthroughout the life of a project and in the bestinterests of meeting project objectives
- Main processes include:
o Plan risk management
o Identify risks
o Perform qualitative risk analysis
o Perform quantitative risk analysis
o Plan risk responses
o Control risks