ITM215 Risk

Management
Week 3 – Risk Management Planning
Risk Management Planning - RMP

 Context for risks!

 https://www.youtube.com/watch?v=Q6JHsVEOVhM&list=PLsz8d8r2a9
95J2pzE1gifZoh8J0Ky7oZQ&index=8
Risk Management Planning - RMP

 Integral aspect of project planning

 RMP developed after the Charter and PM team are
established
 RMP is usually part of the Project Mgmt Plan (PMP)
 Some organizations have RMP procedures and policies
 RMP is a sequential and iterative process
RMP Process

 Some organizations place less weight on the RMP

 Some type of RMP is completed
 The Project Plan is iterative – always refined, adjusted,
reassessed
 Based on the identification, analysis/assessment, and response to
overly risky activities
 The more risky the project the more RMP details
RMP Process

 Relatively small, low-risk projects may not require an RMP

 Most complex, inherently risky projects should have an
RMP
 Can be a stand-alone document, part of the project
management plan
 RMP templates differ between organizations
RMP Process
RMP Process

http://infodinero.info/example-of-a-risk-management-plan-template/risk-management-plan-template-depict-revolutionary-captures-project-
sample-4/
RMP Methodology

 RMP is intended to be a stand-alone document

 Section should include a brief approach as to how to plan,
monitor and control risks
 Includes the tools and techniques used
 assumption register, risk register, risk matrix, risk burn-down
schedule
 Key elements in the plan
 project name, major project objectives, priorities, project manager's
name, key project leadership team members, and RMP revision
history
RMP Methodologies

 Other elements in the section

 cost and schedule estimating technique
 organizational assets used
 scheduling technique
 cost and schedule control technique
 requirements tracking methodology
Roles and Responsibilities

 Reference the section(s) of the project management plan

that define project roles and responsibilities
 Specify the team members who are responsible for
carrying out the specific risk management tasks
 References to the WBS
 RACI is helpful to define roles
Risk Management Budgeting

 Some budgets are tracked around risk mgmt tasks

 Some budgets are covered with general mgmt funds
 Some funds may be set aside to specifically accommodate
issues and additional risks discovered
 “contingency” funds and “management reserves”
 not allocated until certain events occur and/or criteria are met
Contingency Funds

 Guidelines for the establishment and use of these funds

should be clearly spelled out in the RMP or PMP
 Backup plans, iterative cycles, unknowns
 Used to fund more cycles in the project
 Used to fund the unexpected
 Used to fund risks that are accepted, yet are contained
within the baseline
Management Reserve Funds

 Higher complex project have a higher rate of the

unexpected
 “Known Unknowns”
 incompatibility issues between parts
 compatibility issues with systems from certain customers
 integer versus floating point calculations
 human error on behalf of one of your team members
 communication mix-up with a key supplier
Management Reserve Funds

 Management reserves are sometimes set aside

 Not typically included within the project's cost baseline
 No hard, fast general rules for establishing management
reserves
 Organizations, sponsors, and/or customers will likely exert
their influence for using the funds
 the project manager is usually obliged to provide justification and
negotiate the specifics
Management Reserve Funds

 Typically, these reserves require project sponsor or upper

management approval for release
 The particular policies and procedures for administering
the allocation need to be established
Risk Mgmt Scheduling and Timing

 Contains both the timing of project risk management

activity and information about schedule reserves
 Schedule reserves = buffers (extra time allocations)
 Timing of formal risk reviews might be periodic or event-
driven
 Teams may include additional organizational resources to
do more in-depth risk reviews
Risk Mgmt Scheduling and Timing

 A schedule buffer may be established to specifically

accommodate issues and additional risks discovered
 a “contingency” schedule buffer and a “management reserve”
schedule buffer
 Usually contained within the approved project delivery
schedule
 they are not planned into the schedule until certain events occur
and/or criteria are met
Project Risk Categories

 Usually risks are categorized into at least one grouping

 The most popular risk categorization is by major project objective
 Also by RBS and/or WBS
 Should be documented in the RMP
 The various risks and the respective categories they fall
into should be appropriately documented in the project's
risk register
Individual (Qualitative) Risk Assessment
Definitions
 Project risks can be
assessed based on
probability of occurrence
and impact
 Scale showing a numerical
rating to risk impact of
various magnitudes is used

http://ubclfs-wmc.landfood.ubc.ca/webapp/IWM/course/methods-techniques/risk-assessment-15/
Individual (Qualitative) Risk Assessment
Definitions
 Probability of occurrence can be denoted as the specific
probability (ranging from 0.0 to 1.0)
 Scales should be documented in the RMP
 Should be consistently applied
 Should facilitate consistent determinations of relative
risk-severity levels
Project Stakeholder Tolerances

 Tolerances will emerge by the time a project plan is

approved
 Some plans come in with risks understated
 Caution on plans without the approval of contingency
reserves or management reserves!!
 Use a Stakeholder Analysis Tool
Project Stakeholder Tolerances
Project Stakeholder Tolerances

 A stakeholder analysis is a technique to determine the

stakeholder interests
 Important for external stakeholders
 There should be an understanding of the level of risk
severity that constitutes an acceptable risk and an
unacceptable risk
 risk register and risk matrix
Project Stakeholder Tolerances

 High-risk-level items typically exceed the organization's

acceptable risk-level threshold
 Project sponsors can accept high-level risk or agree to
compensate accordingly
 Medium risks should either be accommodated with
additional risk-response actions or accepted
 Low risks can typically be accepted, and documented
within the risk register as “watch list” items
Risk Reporting Formats

 Reporting formats should be provided in the RMP to ensure

team understanding and compliance
 Templates should exist for the assumptions register, risks
register, risk matrix, risk burn-down plan, overall project
cost and schedule risk
 There might be more than one format for these templates
depending on the report level
Initial Project Assessment—Assumptions
and Risks
 This is released at kick-off
 Should contain
 the project assumptions
 the overall (quantitative) project risks
 individual (qualitative) project risks (threats and opportunities)
Initial Project Assessment—Assumptions
and Risks
 Initial Assessment of Project Assumptions
 Project assumptions have a direct impact on project risks
 Example: “Product feature A will only be incorporated into the
design if there is no impact to overall project cost and/or
schedule”
Initial Project Assessment—Assumptions
and Risks
 Initial Assessment of Overall (Quantitative) Project Risks
 Other tools and techniques can enable a more appropriate overall
project risk assessment
 Interviewing
 Expert judgement
 WBS expert judgement
 Modeling/simulation
 Independent assessment
Initial Project Assessment—Assumptions
and Risks
 Initial Assessment of Individual (Qualitative) Project Risks
 Initial risk register, risk matrix, and risk burn-down plan
 Higher-priority risks and their corresponding action plans should
be detailed
 Should include the summary-level risk data
Monitoring and Controlling Project Risks

 Monitoring of project risks is accomplished through

implementation of risk management processes throughout
the project life cycle
 The timing and metrics used should be clearly articulated
 cadence of periodic team risk assessment
 core team involved
 events that might trigger an out-of-cycle risk assessment
Monitoring and Controlling Project Risks

 Costs and controls – if not in another section of the RMP

 Post-mortem plan
Risk Management Process

 The RMP should be an automatic process led by structured

policies and procedures with a little help from templates
 After a team completes its draft of the project plan, one
of the final courses of action is to assess risk to test the
plan's true validity
 identify risks
 assessing the level of risk
 if deemed necessary, developing risk (threat) reduction plans
Risk Management Process

 No one best way to assess risk

 One of the ways is to assess individual risk – analyze and
responded to
 A driving factor is usually the access and availability of experts to
support such activities
 The final phase of the project risk management process is
controlling risks
Summary

 PMBOK risk Mgmt process steps

 1) Plan Risk Management
 2) Identify Risks
 3) Perform Quantitative Risk Analysis
 4) Perform Qualitative Risk Analysis
 5) Plan Risk Responses
 6) Control Risks
Summary

 Risk management processes are inherent within the

natural process of project planning
 A project risk management plan (RMP) can take on several
forms
 The heart of the project risk management process is the
process of identifying, analyzing, and responding
effectively to project risks
 Other project management tools and techniques provide
valuable inputs for controlling risks