–
Includes
identifying, analyzing, and responding to risk areas; maximizing results of
positive events and minimizing consequences of adverse events
•
Risk
Identification – which are likely to affect the project
•
Risk
Quantification – evaluation of risk to assess the range of possible outcomes
–
Sometimes
treated as single process; risk analysis/assessment
(Click above for PMBOK4 Article)
•
Risk
Response Development – defining enhancement steps for opportunities and
response
–
Sometimes
called response planning/mitigation
•
Risk
Response Control – responding to changes in risk over course of project
–
May
be combined as risk management
•
Risk
Identification
–
Determining
which risks are likely to affect the project and documenting them
–
Performed
on a regular basis; address internal and external risks
•
Internal
–project team has control/influence over
•
External
– beyond project team’s control
–
Identify
cause and effect and effects and causes; what could happen vs. what outcomes
should be avoided
•
Inputs
to Risk Identification
–
Product
Description – more risk associated with unproven technologies (innovation/invention). Often described in terms of cost and schedule
impact
–
Other
Planning Reports
•
WBS (any non-traditional approaches)
•
Cost/Duration
Estimates – aggressive schedules; limited amount of information
•
Staffing
Plan – hard to replace/source skill sets
•
Procurement
Management Plan – market conditions
–
Historical
Information – previous projects
•
Project
Files
•
Commercial
Databases
•
Project
Team Knowledge – member experiences
•
Tools
& Techniques for Risk Identification
–
Checklists
– organized by source of risk, included project context, process outputs,
product and technology issues, internal sources
–
Flowcharting
– understand cause and effect relationships
–
Interviewing
– conversations with stakeholders
•
Outputs
from Risk Identification
–
Sources
of Risk – categories of possible risk events, all-inclusive
•
Changes
in requirements
•
Design
errors, omissions, misunderstanding
•
Poorly
defined roles and responsibilities
•
Insufficiently
skilled staff
–
Include
estimate of probability, range of possible outcomes, expected timing,
anticipated frequency
–
Potential
Risk Events – discrete occurrences that may affect project
•
Identified
when probability/magnitude of loss is high (e.g. turnover)
–
New
technologies obsolete need of product
–
Socio,
Political and Economic events
–
Include
estimate of probability, range of possible outcomes, expected timing, anticipated
frequency
–
Risk
Symptoms – triggers that are indirect manifestations of actual risk events
(e.g. poor morale)
–
Inputs
to other processes – identify need in another area; constraints and assumptions
•
Risk
Quantification
–
Evaluation
of possible project outcomes and determining which events warrant response
•
Opportunities
and threats can provide unanticipated results (e.g. schedule delay considers a
new strategy)
•
Multiple
effects from a single event
•
Singular
Stakeholder opportunities may force suffering in other areas
•
Reliance
on statistics and forecasting (mathematical errors)
•
Inputs
to Risk Quantification
–
Stakeholder
risk tolerance
•
More
capital to expend; perceptions of severity
–
Sources
of Risk
–
Potential
Risk Events
–
Cost
Estimates
–
Activity
Duration Estimates
•
Tools
& Techniques for Risk Quantification
–
Expected
Monetary Value – product of 2 numbers
•
Risk
Event Probability – estimate that event will occur
•
Risk
Event Value – estimate of gain or loss
–
Statistical
Sums – calculate range of total costs from cost estimates for individual work
items
–
Simulation
– representation or model; provide statistical distribution of calculated
results.
•
Monte
Carlo, Critical Path, PERT techniques
–
Decision
Trees – depicts key interactions among decisions and possible outcomes
–
Expert
Judgment
•
Outputs
from Risk Quantification
–
Opportunities
to pursue; threats to respond
–
Opportunities
to ignore; threats to accept
•
Risk
Response Development
–
Defining
enhancement steps for opportunities and responses to threats
•
Avoidance
– eliminating threat by eliminating the cause
•
Mitigation
– reducing expected monetary value of event by reducing the probability of occurrence
•
Acceptance
– accept the consequences (active -
contingency plan - or passive response)
•
Inputs
to Risk Response Development
–
Opportunities
to pursue, threats to respond
–
Opportunities
to ignore, threats to accept
•
Tools
& Techniques for Risk Response Development
–
Procurement
– acquire resources (exchange 1 risk for another)
–
Contingency
Planning – defining action steps should a risk event occur
–
Alternative
Strategies – change planned approach
–
Insurance
•
Outputs
from Risk Response Development
–
Risk
Management Plan – document procedures to manage risk events. Addresses risk identification and
quantification processes, personnel responsible for managing areas of risk,
maintenance of identification and quantification process, implementation of
contingency plans and allocation of reserve
–
Inputs
to other processes – alternative strategies, contingency plans, anticipated
procurements
–
Contingency
Plans
–
Reserves
– provision in project plan to mitigate costs and schedule risks. Used with a
modifier (management, schedule, budget) to provide further detail when
type of reserve can be used
–
Contractual
Agreements – insurance, services and other functions to avoid and mitigate
threats.
•
Risk
Response Control
–
Involves
executing the risk management plan in order to respond to risk events during
the project
•
Control
and iteration are required; not all risks can be identified
•
Inputs
to Risk Response Control
–
Risk
Management Plan
–
Actual
Risk Events – recognize occurrence
–
Additional
Risk Identification – surfacing of potential or actual risk sources
•
Tools
& Techniques for Risk Response Control
–
Workarounds
– unplanned responses to negative risk events (response was not defined in
advance)
–
Additional
Risk Response Development – planned response may not be adequate
•
Outputs
from Risk Response Control
–
Corrective
Action – performing the planned risk response
–
Updates
to Risk Management Plan
•
Tips
from Review Guide
–
Definition
of risk: a discrete occurrence that may affect the project for good or bad
–
Definition
of uncertainty: an uncommon state of nature, characterized by the absence of
any information related to a desired outcome
–
Definition
of risk management: The processed involved with identifying, analyzing, and
responding to risk. Maximize results of positive events; minimizing
consequences of negative events
–
Inputs
to Risk Management:
•
All
project background information
•
Historical
records
•
Past
Lessons Learned
•
Project
Charter
•
Scope
Statement
•
Scope
of work
•
WBS
•
Network
Diagram
•
Cost
and Time estimates
•
Staffing
Plan
–
Risk
Management Process
•
Risk
Identification – majority during Planning; onset of project to close of project
–
2
Types
•
Business:
Risk of a gain or loss
•
Pure
(insurable): only a risk of loss
–
Sources:
•
External:
Regulatory, environmental, government
•
Internal:
Schedule, cost, scope change, inexperience, planning, people, staffing,
materials, equipment
•
Technical:
Changes in technology
•
Unforeseeable:
small (only about 10%)
–
Risk
Management Process
•
Risk
Factors – determine:
–
Probability
that it will occur (what)
–
Range
of possible outcomes (impact, amount at stake)
–
Expected
Timing (when)
–
Anticipated
frequency (how often)
•
Symptoms
– early warning signs determined by PM
•
Risk
Tolerances – amount of risk that is acceptable
–
Common
Stumbling Blocks
•
Risk
identification is completed without knowing enough about the project
•
Project
Risk evaluated only by questionnaire, interview or Monte Carlo; does not
provided a per task analysis of risk
•
Risk
identification ends too soon
•
Project
Risk identification and Evaluation are combined – results in risks that are
evaluated when they appear; decreased total number of risks and stops
identification process
•
Risks
are identified too generally
•
Categories
of risks are forgotten (technology, culture)
•
Only
1 identification method is used
•
First
risk response strategy is used without other consideration
•
Risks
are not devoted enough attention during the Execution phase
–
Risk
Management Process
•
Risk
Quantification – assess risks to determine range of possible outcomes; which
risk events warrant a response
–
Probability
–
Amount
at stake (impact)
–
Develop
a ranking (priority) of risks
•
Qualitative
– take an educated guess
•
Quantitative
– estimation by calculation
•
Risk
Assessment = Risk Identification + Risk Quantification
–
Risk
Management Process
•
Monte
Carlo simulation – simulates cost and schedule results of project
–
Indicates
risk of a project and each task by providing a percent probability that each
task will be on the critical path
–
Accounts
for path convergence (where tasks in a Network diagram converge into 1 task –
more risk)
•
Expected
Monetary Value – multiply probability by impact
–
Helps
define and prove what the project reserve should be
•
Decision
Trees
–
Takes
into account future events when making a decision today
–
Makes
use of expected value calculations and mutual exclusivity
–
Be
able to draw one; boxes are decisions, circles are what can happen as a result
of the decision
–
Risk
Management Process
•
Outputs
from Risk Quantification
–
Determination
of top risks
–
Opportunities
to pursue
–
Opportunities
to ignore
–
Threats
to respond to
–
Threats
to ignore
–
Risk
Management Process
•
Risk
Response Development (what will be done, how to make risk smaller or eliminate)
–
Not
all risks can be eliminated
–
Alternative
Strategies (risk mitigation)
•
Avoidance
– eliminate the cause
•
Mitigation
– effect the probability or impact of risk
•
Acceptance
– do nothing
•
Deflection
(transfer, allocate) – make another party responsible, insurance, outsourcing
–
Risk
Management Process
•
Outputs
from Risk Response Development
–
Insurance
– exchange an unknown risk for a known risk (response to pure risks)
–
Contracting
– hire experience to perform work
–
Contingency
Planning – specific actions to take if risk event occurs
–
Reserves
(contingency) – recommended total of 10% to account for known and unknown risks
•
Risk
Management Plan – documents risks identified and how they are addressed;
non-critical risks should be recorded to revisit during the execution phase
–
Risk
Management Process
•
Risk
Response Control – executing and updating the Risk Management Plan
–
Workarounds
– Unplanned responses to risks; addressing risks that were unanticipated
–
Contingency
Plans – planned responses to risks; risk response development actions
–
Risk
Mitigation – does not involve ID of risks (they are already known)
–
Self
Insurance – can lead to failure to ensure funds for low probability events and
confuse business risks with pure risks
–
Risk
mitigation – can purchase insurance
–
Schedule
Risk – critical path adjusted by High Risk activity float
–
Sensitivity
Analysis – estimate the effect of change of one project variable on overall
project
–
Standard
Deviation of project completion – relationship of uncertainty of critical path
activities; indicator of project end target confidence
