Project Risk Management Overview

Risk is defined as the possibility of loss or injury, impacting project timelines, performance, or budget.
Negative risks (threats) are potential problems that hinder project success.
Managing negative risks is an investment, like insurance.
Risks can be positive (opportunities) leading to good project outcomes.
Project risk is uncertainty that may affect project objectives either negatively or positively.
Managing risks involves various actions like avoidance, lessening the impact, changing the scenario, or accepting the effect of the risk on the project.

Effective risk management improves project success and positively impacts project selection, scope definition, and realistic scheduling/cost estimations.
Risk management helps software project managers prevent surprises, improve negotiations, meet customer commitments, and reduce schedule/cost overruns.

Different organizations and individuals have varying risk attitudes.
Some are neutral, averse, or seeking risk.
Risk utility/tolerance measures the satisfaction/pleasure derived from a potential payoff.

Planning Risk Management: Deciding and planning risk management activities.
Identifying Risks: Identifying and analyzing any risk that arises during the project's life cycle to help maintain the project on track and meet its goal.
Performing Qualitative Risk Analysis: Characterizing, analyzing, and prioritizing risk effects on project objectives.
Performing Quantitative Risk Analysis: Numerically quantifying risk probability and consequences.
Planning Risk Responses: Developing, selecting, and approving actions to address risks.
Implementing Risk Responses: Implementing approved risk response plans.
Monitoring Risks: Ensuring appropriate risk responses are performed, tracking risks, identifying and analyzing new risks, and evaluating the effectiveness of risk management overall.
Risk management isn't just reactive; it's proactive, part of the planning phase.
Known risks are those the team has identified and analyzed and managed.
Unknown risks cannot be managed.

People risk: Adequate skills, finding replacements, skill gaps.
Technology risk: Technical feasibility, technology maturity, timing, hardware/software/network reliability, technology availability for project objectives.
Financial risk: Organization's ability to fund, stakeholder confidence in projections.
Market risk: Project's usefulness, user acceptance, and timely completion.

Includes a plan to manage risks throughout the project.
Clarifies roles and responsibilities, budget/schedule estimates for risk-related work, and reviews risk tolerances of stakeholders.
Planning meetings are held early in the project's life-cycle to develop a project risk plan.
The plan summarizes the methodology, roles/responsibilities, and budget/schedule risk categories, risk probability/impact, revised stakeholder tolerance levels for risks, risk tracking, and documented risks.

Contingency plans are predefined actions taken if risk events occur.
Fallback plans are created for significantly affecting project objectives.
Reserves/allowances are provisions to help reduce cost/schedule overruns to an acceptable level.

Identifying potential risks early is crucial, but continuous risk identification is needed due to a changing project environment.
Reviewing project planning documents, documents on cost, schedule, quality, HRM, cost/duration estimates, scope baseline, stakeholder register, and project documents can help identify potential risks.
This process helps to document existing risks and overall project risks.
Information gathering techniques include brainstorming, interviewing, Delphi technique, SWOT analysis, and root cause analysis.

A hierarchical representation of potential risk categories for a project.
Offers a structured arrangement of risks, breaking them down into different levels based on source/category.
Helps project managers systematically identify/understand potential risk impacts on the project.

A risk management document allowing project managers to identify and track potential risks.
Contains identified risks and other information for effective risk register creation.
Helps set the stage for future risk management activities.
Records risk description, category, potential causes, potential impact, and relevant risk information.

Assessing the probability and impact of identified risks to determine their magnitude and priority.
Characterizing, analyzing, and prioritizing risk effects on project objectives.
Using a probability/impact matrix to create a prioritized list of risks.
Methods include probability/impact matrices, Top 10 Risk Item Tracking, and expert judgment.

Numerical quantification of risk probability and consequences.
Decision tree analysis calculates expected monetary value (EMV).
Simulation (e.g., Monte Carlo simulation) models system outcomes for expected outcomes and probability distributions.

Implementing approved responses to ensure execution as planned.
This aims to address risk exposure, minimize threats, and maximize opportunities.

Ensuring appropriate risk responses, tracking risks, and evaluating risk management effectiveness.
Continuously monitoring risk situations from the initial analysis.