Monday, February 16, 2009

Project Risk Management

Project Risk Management







Definition


Project Risk Management is the systematic process of identifying, analyzing, and responding to project risk. It includes maximizing the probability and consequences of positive events and minimizing the probability and consequences of adverse events to project objectives.


Project Risk is an uncertain event or condition that, if occurs, has a positive or a negative effect on a project objective.


Processes


There are following six processes which are part of Project Risk Management.



  • Risk Management Planning

  • Risk Identification

  • Qualitative Risk Analysis

  • Quantitative Risk Analysis

  • Risk Response Planning

  • Risk Monitoring and Control




Risk Management Planning



Process of deciding how to approach and plan the risk management activities for a project.


Risk Management Planning process is a part of "Project Planning Phase".




(1) Risk Management Planning - Inputs



(1.1) Enterprise Environmental Factors: The attitudes toward risk and the risk tolerance of organizations and people involved in the project will influence the project management plan.


(1.2) Organizational Process Assets: Organizations may have predefined approaches to risk management such as risk
categories, common definition of concepts and terms, standard templates, roles and responsibilities, and authority levels for decision-making.


(1.3) Project Scope Statement


(1.4) Project Management Plan







(2) Risk Management Planning - Tools & Techniques



(2.1) Planning Meetings and Analysis: Attendees are the PM, leadership team, key stakeholders and those in the organization responsible to manage project risks.







(3) Risk Management Planning - Output



(3.1) Risk Management Plan Describes how risk identification, analysis, response planning and monitoring will take place.


The Risk Management Plan may include the following:



  • Methodology: Defines the approaches, tools, and data sources that may be used to perform risk management on the project.

  • Approach and tools to be used

  • Roles and responsibilities

  • Budgeting

  • Timing

  • Thresholds

  • Reporting and tracking





Risk Identification



Determining which risks might affect the project and documenting their characteristics.


Risk Identification is an iterative process, involving the project team, management team, stakeholders and subject matter experts (if required).


Risk Identification process is a part of "Project Planning Phase".




(1) Risk Identification - Input



(1.1) Enterprise Environmental Factors: Published information, including commercial databases, academic studies, benchmarking, or other industry studies, may also be useful in identifying risks.


(1.2) Organizational Process Assets: Information on prior projects may be available from previous project files, including actual data and lessons learned.


(1.3) Project Scope Statement: Project assumptions are found in the project scope statement. Uncertainty in project assumptions should be evaluated as potential causes of project risk.


(1.4) Risk Management Plan: Risk Management Plan Key inputs from the risk management plan to the Risk Identification process are the assignments of roles and responsibilities, provision for risk management activities in the budget and schedule, and categories of risk, which are sometimes expressed in an RBS.


(1.5) Project Management Plan: The Risk Identification process also requires an understanding of the schedule,
cost, and quality management plans found in the project management plan.






(2) Risk Identification - Tools & Technology



(2.1) Documentation reviews: Review project plans, assumptions.


(2.2) Information Gathering Techniques: Delphi, brainstorming, interviewing, SWOT analysis.


(2.3) Checklists Analysis: can be developed based on historical information and knowledge.


(2.4) Assumptions analysis: Explores the validity of each assumption made.


(2.5) Diagramming Techniques: It may include



  • Cause-and-effect diagram or Ishikawa or fishbone diagrams: This is useful for identifying causes of risks


  • System or process flow charts: Shows how various elements of a system inter-relate and the mechanism of causion


  • Influence diagram: A Graphical representation of a problem showing casual influences, time ordering of events and other relationships among variables and outcomes.








(3) Risk Identification - Outputs



(3.1) Risks Register: The risk register ultimately contains the outcomes of the other risk management processes as they are conducted. The preparation of the risk register begins in the Risk Identification process with the following information, and then
becomes available to other project management and Project Risk Management processes.



  • List of identified risks

  • List of potential responses

  • Root causes of risk

  • Updated risk categories





Qualitative Risk Analysis



Process of assessing the impact and likelihood of identified risks. This process prioritizes risks according to their potential effect on the project.


Qualitative Risk Analysis process is part of "Project Planning Phase".




(1) Qualitative Risk Analysis - Input



(1.1) Organizational Process Assets: Data about risks on past projects and the lessons learned knowledge base can be used in the Qualitative Risk Analysis process.


(1.2) Project Scope Statement


(1.3) Risk Management Plan: Key elements of the risk management plan for Qualitative Risk Analysis include roles and responsibilities for conducting risk management, budgets, and schedule activities for risk management, risk categories, definition of probability and impact, the probability and impact matrix.


(1.4) Risk Register: A key item from the risk register for Qualitative Risk Analysis is the list of identified risks.






(2) Qualitative Risk Analysis - Tools & Techniques



(2.1) Risk probability and impact Assessment: Probability is the likelihood the event will occurs. Impact is the effect on project objectives if the risk occurs.


(2.2) Probability/Impact risk rating matrix


(2.3) Risk Data Quality Assessment: A qualitative risk analysis requires accurate and unbiased data if it is to be credible. Analysis of the quality of risk data is a technique to evaluate the degree to which the data about risks is useful for risk management. It involves examining the degree to which the risk is understood and the accuracy, quality, reliability, and integrity of the data about the risk.


(2.4) Risk Categorization

(2.5) Risk Urgency Assessment: Risks requiring near-term responses may be considered more urgent to address.








(3) Qualitative Risk Analysis - Output



(3.1) Risk Register updates: The risk register is initiated during the Risk Identification process. The risk register is updated with information from Qualitative Risk Analysis and the updated risk register is included in the project management plan.




Quantitative Risk Analysis


Aims to analyze numerically the probability of each risk and its consequence of project objectives.


Quantitative Risk Analysis process is part of "Project Planning Phase".




(1) Quantitative Risk Analysis - Input



(1.1) Organizational Process Assets: Information on prior, similar completed projects, studies of similar projects by risk specialists, and risk databases that may be available from industry or proprietary sources.


(1.2) Project Scope Statement


(1.3) Risk Management Plan: Key elements of the risk management plan for Quantitative Risk Analysis include roles and responsibilities for conducting risk management, budgets, and schedule activities for risk management, risk categories, the RBS, and revised stakeholders's risk tolerances


(1.4) Risk Register: Key items from the risk register for Quantitative Risk Analysis include the list of identified risks, the relative ranking or priority list of project risks, and the risks grouped by categories.


(1.5) Project Management Plan






(2) Quantitative Risk Analysis - Tools & Techniques



(2.1) Data Gathering and Representation Techniques:



  • Interviewing: Interviewing techniques are used to quantify the probability and impact of risks on project objectives


  • Probability distributions.: Continuous probability distributions represent the uncertainty in values, such as durations of schedule activities and costs of project components. Discrete distributions can be used to represent uncertain events, such as the outcome of a test or a possible scenario in a decision tree.


  • Expert judgment: Subject matter experts internal or external to the organization, such as engineering or statistical experts, validate data and techniques.



(2.2) Quantitative Risk Analysis and Modeling Techniques:



  • Sensitivity analysis: Sensitivity analysis helps to determine which risks have the most potential impact on the project.


  • Expected monetary value analysis: Expected monetary value (EMV) analysis is a statistical concept that calculates the average outcome when the future includes scenarios that may or may not happen.


  • Decision tree analysis: Decision tree analysis is usually structured using a decision tree diagram that describes a situation under consideration, and the implications of each of the available choices and possible scenarios.


  • Modeling and simulation: A project simulation uses a model that translates the uncertainties specified at a detailed level of the project into their potential impact on project objectives.








(3) Quantitative Risk Analysis - Outputs



(3.1) Risk Register updates: Risk Register is further updated in Quantitative Risk Analysis. The risk register is a component of the project management plan. Updates include the following main components:



  • Prioritized list of quantified risks


  • Probabilistic analysis of project : Forecast of schedule and cost results and confidence levels of achieving these.


  • Probability of achieving cost and time objectives: Probability of achieving project objectives.


  • Trends in quantitative risk analysis results: As the analysis is repeated, a trend may become apparent that leads to conclusions affecting risk responses.





Risk Response Planning



Process of developing options to enhance opportunities and reduce threats to the project.s objectives.


Risk Response Planning process is a part of "Project Planning Phase".




(1) Risk Response Planning - Input



(1.1) Risk Management Plan: It includes



  • List of prioritized risks

  • Prioritized list of quantified risks

  • Probabilistic analysis of project

  • Probability of meeting time and cost objectives

  • Trends in risk analysis results


(1.2) Risk Register: It includes



  • Relative rating or priority list of project risks

  • A list of risks requiring response in the near term

  • A list of risks for additional analysis and response

  • Trends in qualitative risk analysis results

  • Root causes of risks

  • Risks grouped by categories







(2) Risk Response Planning - Tools & Techniques



(2.1) Strategies for Negative Risks or Threats: Three strategies typically deal with threats or risks that may have negative impacts on project objectives if they occur. These strategies are to avoid, transfer, or mitigate:



  • Avoidance: Changing the project plan to eliminate the risk and protect the project objectives.


  • Transference : Shift the consequence of the risk and ownership to a third party. (E.g. insurance)


  • Mitigation : To reduce the probability/impact of a risk to an acceptable threshold. (E.g. prototype).



(2.2) Strategies for Positive Risks or Opportunities: Three responses are suggested to deal with risks with potentially positive impacts on project objectives. These strategies are to exploit, share, or enhance.



  • Exploit: This strategy may be selected for risks with positive impacts where the organization wishes to ensure that the opportunity is realized. This strategy seeks to eliminate the uncertainty associated with a particular upside risk by making the opportunity definitely happen. Directly exploiting responses include assigning more talented resources to the project to reduce the time to completion


  • Share: Sharing a positive risk involves allocating ownership to a third party who is best able to capture the opportunity for the benefit of the project. Examples of sharing actions include forming risk-sharing partnerships, teams, special-purpose companies, or joint ventures.


  • Enhance: This strategy modifies the .size. of an opportunity by increasing probability and/or positive impacts, and by identifying and maximizing key drivers of these positive-impact risks.



(2.3) Strategy for Both Threats and Opportunities:


Acceptance : Project plan will not be changed to deal with the risk. May develop a contingency plan if the risk does occur.


(2.4) Contingent Response Strategy: Some responses are designed for use only if certain events occur. For some risks, it is appropriate for the project team to make a response plan that will only be executed under certain predefined emergency conditions.







(3) Risk Response Planning - Outputs



(3.1) Risk Register updates: It includes following but not limited to:


  • Risk response plan: Risks, description, owners, responsibilities, agreed response.


  • Residual risks : Risks that remain after avoidance, transfer or mitigation done.


  • Secondary risks : Caused by implementing a risk response.


  • Inputs to other processes : Expenditure of additional time, cost or resources required.


  • Contractual agreements:Contractual agreements may be entered into specify each party's responsibility for specific risks.


  • Contingency reserve amount needed


  • Input to a revised project plan: The result of the response planning must be incorporated into the project plan.



(3.2) Project Management Plan updates: Risk response strategies, once agreed to, must be fed back into the appropriate processes in other Knowledge Areas, including the project.s budget and schedule.


(3.3) Risk-Related Contractual Agreements: Contractual agreements, such as agreements for insurance, services, and other items as appropriate, can be prepared to specify each party.s responsibility for specific risks, should they occur.





Risk Monitoring and Control





Process of keeping track of identified risks, monitoring residual risks, executing risk plans and evaluating the effectiveness in reducing risk.


Risk Monitoring and Control process is a part of "Project Controlling Phase".




(1) Risk Monitoring and Control - Input



(1.1) Risk Management Plan: This plan has key inputs that include the assignment of people, including the risk
owners, time, and other resources to project risk management.


(1.2) Risk Register: The risk register has key inputs that include identified risks and risk owners,
agreed-upon risk responses, specific implementation actions, symptoms and warning signs of risk, residual and secondary risks, a watch list of low priority risks, and the time and cost contingency reserves.


(1.3) Approved Change Requests: Approved changes can generate risks or changes in identified risks, and those changes need to be analyzed for any effects upon the risk register, risk response plan, or risk management plan.


(1.4) Work Performance Information: Work performance information, including project deliverables status, corrective actions, and performance reports, are important inputs to Risk Monitoring and Control.


(1.5) Performance Reports: Performance reports provide information on project work performance, such as an analysis that may influence the risk management processes.







(2) Risk Monitoring and Control - Tools & Techniques



(2.1) Risk Reassessment: Risk Monitoring and Control often requires identification of new risks and
reassessment of risks, using the processes of this chapter as appropriate.


(2.2) Risk Audits: Risk audits examine and document the effectiveness of risk responses in dealing with identified risks and their root causes, as well as the effectiveness of the risk management process.


(2.3) Variance and Trend Analysis: Trends in the project.s execution should be reviewed using performance data.
Earned value analysis and other methods of project variance and trend analysis may be used for monitoring overall project performance.


(2.4) Technical Performance Measurement :Technical performance measurement compares technical accomplishments during project execution to the project management plan.s schedule of technical achievement.


(2.5) Reserve Analysis : Throughout execution of the project, some risks may occur, with positive or negative impacts on budget or schedule contingency reserves. Reserve analysis compares the amount of the contingency reserves remaining to the amount of risk remaining at any time in the project, in order to determine if the remaining reserve is adequate.


(2.6) Status Meetings: Project risk management can be an agenda item at periodic status meetings.







(3) Risk Monitoring and Control - Outputs



(3.1) Risk Register updates


(3.2) Requested Changes


(3.3) Recommended Corrective Actions: Recommended corrective actions include contingency plans and workaround plans.


(3.4) Recommended Preventive Actions: Recommended preventive actions are used to bring the project into compliance
with the project management plan.


(3.5) Organizational Process Assets updates: The six Project Risk Management processes produce information that can be used for future projects, and should be captured in the organizational process assets.


(3.6) Project Management Plan updates: If the approved change requests have an effect on the risk management processes, then the corresponding component documents of the project management plan are revised and reissued to reflect the approved changes





Last Moment Revision:



  • A project risk is a potential source of deviation from the project plan. Project risks can have a negative or positive impact on the project. Project risks that are negative are called threats. Project risks that are positive are called opportunities.


  • Non-critical risks should be documented. They should be revisited and reviewed regularly.


  • Risks are identified in all phases.


  • Work-around refers to how to handle risks that have occurred but are not part of risk response plan. This happens in risk monitoring and control phase.

  • Amount at Stake: The extent of adverse consequences which could occur to the project. (Also referred to as risk impact).


  • Business Risk: The inherent chances for both profit or loss associated with a particular endeavor.


  • Contingency Planning: The development of a management plan that identifies alternative strategies to be used to ensure project success if specified risk events occur.


  • Contingency Reserve: A separately planned quantity used to allow for future situations which may be planned for only in part ("known unknowns"). Contingency reserves are intended to reduce the impact of missing cost or schedule objectives. Contingency reserves are normally included in the project's cost and schedule baselines.


  • Deflection: The act of transferring all or part of a risk to another party, usually by some form of contract.


  • Expected Monetary Value: The product of an event's probability of occurrence and the gain or loss that will result. For example, if there is a 50% probability it will rain, and rain will result in a $100 loss, the expected monetary value of the rain event is $50 (.5 * $100).


  • Impact Analysis: The mathematical examination of the nature of individual risks on the project, as well as potential arrangements of interdependent risks. It includes the quantification of their respective impact severity, probability, and sensitivity to changes in related project variables, including the project life cycle.


  • Insurable Risk: A particular type of risk which can be covered by an insurance policy. Also referred to as a pure risk.


  • Management Reserve: A separately planned quantity used to allow for future situations which are impossible to predict. ("unknown unknowns") Management reserves are intended to reduce the risk of missing cost or schedule objectives. Use of management reserves requires a change to the project's cost baseline.


  • Mitigation: Taking steps to lessen risk by lowering the probability of a risk event's occurrence or reducing its effect should it occur.


  • Monte Carlo Analysis: A schedule risk assessment technique that performs a project simulation many times in order to calculate a distribution of likely results.


  • Opportunities: As related to risk, positive outcomes of risk.


  • Project Risk Management: Includes the processes concerned with identifying, analyzing, and responding to project risk.


  • Risk Event: A discrete occurrence that may affect the project for better or worse.


  • Risk Identification: Determining which risk events are likely to affect the project.


  • Risk Management Plan: A subsidiary element of the overall project plan which documents the procedures that will be used to manage risk throughout the project. Also covers who is responsible for managing various risk areas; how contingency plans will be implemented, and how reserves will be allocated.


  • Risk Quantification: Evaluating the probability of risk event occurrence and effect.


  • Risk Response Control: Responding to changes in risk over the course of the project.


  • Risk Response Development: Defining enhancement steps for opportunities and mitigation steps for threats.


  • Threats: As related to risk, negative outcomes of risk.


  • Total Certainty: All information is known.


  • Total Uncertainty: No information is available and nothing is known. By definition, total uncertainty cannot be envisaged.

  • Uncertainty: The possibility that events may occur which will impact the project either favorably or unfavorably. Uncertainty gives rise to both opportunity and risk.


  • Workaround: A response to a negative risk event. Distinguished from contingency plan in that a workaround is not planned in advance of the occurrence of the risk event.


  • Avoidance: Changing the project plan to eliminate the risk and protect the project objectives.


  • Transference : Shift the consequence of the risk and ownership to a third party. (E.g. insurance)


  • Mitigation : To reduce the probability/impact of a risk to an acceptable threshold. (E.g. prototype).


  • Exploit: This strategy may be selected for risks with positive impacts where the organization wishes to ensure that the opportunity is realized. This strategy seeks to eliminate the uncertainty associated with a particular upside risk by making the opportunity definitely happen. Directly exploiting responses include assigning more talented resources to the project to reduce
    the time to completion


  • Share: Sharing a positive risk involves allocating ownership to a third party who is best able to capture the opportunity for the benefit of the project. Examples of sharing actions include forming risk-sharing partnerships, teams, special-purpose companies, or joint ventures.


  • Enhance: This strategy modifies the .size. of an opportunity by increasing probability and/or positive impacts, and by identifying and maximizing key drivers of these positive-impact risks.



11 comments:

  1. It was really very nice and it has covered almost all the points which is important in project management thank you for your post.

    ReplyDelete
  2. I experienced that PMP Certification program helps us to deal with the daily challenges that come with every project. PMP credential proves that we have the experience, knowledge and ability to successfully lead and direct projects.I suggest SABCONS PMP traning program session to clear PMP exam.To know more about this program visit http://www.sabcons.com/

    ReplyDelete
  3. @Olivia is right. I agree with her that PMP Certification is very beneficial for both IT and Non-IT professionals. No doubt high level of project management skills are required to be awarded by the PMP certification. I recent passed pmp exam. I have got training from Trainings24x7 and got the access of more that 1200 questions + 6 Simulations + Mobile apps etc at just INR 8450. I would like to highly recommend to get PMP Certification Training from Trainings24x7.

    ReplyDelete
  4. #App for your #smartphone:
    Get prepared for the Project Management Professional Certification ( #PMP ) #PMI #PMBOK 4-5 Editions,
    This app allows you to learn and practice questions and answers of the #PMP #certification.

    Check it out : Price is lowest compared to other online or offline materials.​
    Download here:
    https://play.google.com/store/apps/details?id=syscross.mobile.PMP_Certification

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete
  6. If you successfully get Pass in PMP certification Exam then, it provides you numbers of better job opportunities, and also enhances your promotion prospects in the current organization you’re working.

    ReplyDelete
  7. Really you blog have very interesting and very valuable information about the PMP well done.
    PMP

    ReplyDelete
  8. Your blog is very useful, I am truly to this blog which is specially design about the project risk management.
    Great job.

    GM Talk

    ReplyDelete
  9. If you need PMP Exam Dumps then go to RealExamdumps.us Simply click on PMP exam Dumps and get accurate and more valuable PMP dumps with best-helping study material. We provide an easy and fine way to pass this exam in the first attempt.You can find here Everything you need to prepare and quickly pass your PMP exam with Realexamdumps.us

    ReplyDelete
  10. Usually, I never comment on blogs but your article is so convincing that I never stop myself to say something about it. You’re doing a great job Man, Keep it up.

    FSC Certification

    ReplyDelete
  11. Nice Article I really enjoyed this post Thanks For Sharing, check out this


    WRAP Certification

    ReplyDelete