Project Risk Management PDF

Project Risk Management 1 What is Risk? A dictionary definition states that risk is “the possibility of loss or injury”. A risk is anything that could potentially impact your project’s timeline, performance or budget. Negative risk (threats) are potential problems that might occur in the project and impede/block project success. Negative risk management is like a form of insurance; it is an investment. 2 Risk Can Be Positive Positive risks are risks that result in good things happening (it can result in good outcomes for a project), sometimes called opportunities. i.e., general definition of project risk is, an uncertainty that can have a negative or positive effect on meeting project objectives. But, managing negative risks involves a number of possible actions that project managers can take to avoid, lessen, change, or accept the potential effects of risks on their projects. 3 Importance of Risk Managemen Risk management can have result in significant improvements in the ultimate success of projects and have a positive impact on selecting projects, determining their scope, and developing realistic schedules and cost estimates. In addition to anticipating and avoiding problems, risk management practices helps software project managers:  Prevent surprises,  Improve negotiations,  Meet customer commitments, and  Reduce schedule slips and cost overruns. Risk Utility Different organizations and people have different attitudes toward risks. Some organizations or people have a neutral tolerance for risk, some have an aversion to risk, and others are risk-seeking. These three preferences are part of the utility theory of risk. Risk utility or risk tolerance is the amount of satisfaction or pleasure received from a potential payoff. It measures how much satisfaction or pleasure is derived from a risky payoff. Cont’d Figure 7-2 shows the basic difference between risk- averse, risk-neutral, and risk-seeking preferences. The y-axis represents utility, or the amount of pleasure received from taking a risk. According to Utility Theory of Risk , It is the level of satisfaction or pleasure gained from a given outcome. Cont’d… The x-axis shows the amount of potential payoff or dollar value of the opportunity at stake. Utility rises at a decreasing rate for a risk-averse person. Those who are risk-seeking/taking have a higher tolerance for risk and their satisfaction increases when more payoff is at stake. A risk neutral person achieves a balance between risk and payoff Risk seekers enjoy high risks, risk-averse people do not like to take risks, and risk neutral people seek to balance risks and potential payoff, evaluating decisions based on expected value(mathematical average of potential outcomes). What is Project Risk Management?  Risk management is the systematic process of identifying, analyzing, and responding to project risk.  It is the art and science of identifying, analyzing, and responding to risk throughout the life of a project and in the best interests of meeting project objectives.  It is the process of identifying, analyzing and responding to any risk that arises over the life cycle of a project to help 8 the project remain on track and meet its goal. Cont’d… Risk management isn’t reactive only; it should be part of the planning process to figure out the risk that might happen in the project and how to control that risk if it in fact occurs. It involves all activities relating to identification ,analyzing and making provision for predictable as well as non predictable risk in the project. The term known risks is sometimes used to describe risks that the project team has identified and analyzed. Known risks can be managed proactively. However, unknown risks, or risks that have not been identified and analyzed, cannot be managed. 9 Cont’d. The goal of project risk management is to minimize potential negative risks as well as maximizing potential positive risks. Risk such as : Experienced staff leaving the project and new staff coming in. Changing in organizational manag’t. Requirement change or misinterpreting. Under estimation of required time and resources. Technological changes, environmental changes, business competition….. 10 Common Sources of Risk in IT projects People risk: Does the organization have people with appropriate skills to complete the project successfully? If not, can the organization find such people? Technology risk: Is the project technically feasible? Will it use mature, leading-edge, or bleeding-edge technologies? When will decisions be made on which technology to use? Will hardware, software, and networks function properly? Will the technology be available in time to meet project objectives? 11 Common Sources of Risk in IT projects You can also break down the technology risk category into hardware, software, and network technology, if desired. Financial risk: Can the organization afford to undertake the project? How confident are stakeholders in the financial projections? Market risk: If the IT project will create a new product or service, will it be useful to the organization or marketable to others? Will users accept and use the product or service? Will someone else create a better product or service faster, making the project a waste of time and money? 12 Project Risk Management Processes 13 Planning Risk Management It is the process of deciding and plan risk management activities for the project. The main output of this process is a risk management plan, a plan that documents the procedures for managing risk throughout a project. The project team should review project documents and understand the organization’s and the sponsor’s approach to risk. 14 Cont.… It is important to clarify roles and responsibilities, prepare budget and schedule estimates for risk-related work. It is also important to review the risk tolerances of various stakeholders. Project teams should hold several planning meetings early in the project’s life cycle to develop risk management plan. This plan summarizes how risk management will be performed on a particular project. 15 Cont’d… General topics that risk management plan should address: 1. methodology, 2. roles and responsibility, 3. budget and schedule risk categories , 4. risk probability and its impact , 5. revised stakeholder tolerance, 6. tracking and risk documentation. 16 Contingency and Fallback Plans, Contingency Reserves In addition to a risk management plan, many projects also include:- 1. Contingency plans are predefined actions that the project team will take if an identified risk event occurs. 2. Fallback plans are developed for risks that have high impact on meeting project objectives. 3. Contingency reserves or contingency allowances are provisions held by the project sponsor or organization to reduce the risk of cost or schedule overruns to an acceptable level. 17 Risk Identification It is important to identify potential risks early, but you must also continue to identify risks based on the changing project environment. Because, you cannot manage risks if you do not identify them first. By understanding common sources of risks and reviewing a project’s planning documents (for risk, cost, schedule, quality, and HRM ), cost and duration estimates, the scope baseline, stakeholder register, project documents, procurement documents, and etc. project managers and their teams can identify many potential risks. 18 Cont.… This process helps in documenting the existing project risks and sources of overall project risk. In this way, it is similar to collect requirement process in scope management knowledge area. Identifying risks is the process of understanding what potential events might hurt or enhance a particular project. Determining which risks are likely to affect a project and 19 documenting their characteristics. Cont.… After identifying potential risks at the initial meeting, the project team might use different information- gathering techniques to further identify risks.  Four common risk identification tools and techniques include Brainstorming Interviewing The Delphi technique Read more on these tools and techniques SWOT analysis/ root cause analysis 20 Risk Breakdown Structure(RBS) RBS is a hierarchical representation of potential risk categories for a project. It provides a structured approach to organizing risks by breaking them down into different levels, based on their sources or categories. This helps project managers and teams systematically identify risks and understand how they might impact the project. Similar to a work breakdown structure but RBS is used to identify and categorize risks. 21 Sample RBS 22 Risk Condition Associated With Each Knowledge Area In addition to identifying risk based on the nature of the project or products created, it is also important to identify potential risks according to project management knowledge areas, such as scope, time, cost, and quality as shown table below….. 23 Cont.… Knowledge Area Risk Conditions Integration Inadequate planning; poor resource allocation; poor integration management; lack of post-project review Scope Poor definition of scope or work packages; incomplete definition of quality requirements; inadequate scope control Time Errors in estimating time or resource availability; poor allocation and management of float; early release of competitive products Cost Estimating errors; inadequate productivity, cost, change, or contingency control; poor maintenance, security, purchasing, etc. Quality Poor attitude toward quality; substandard design/materials/workmanship; inadequate quality assurance program Human Resources Poor conflict management; poor project organization and definition of responsibilities; absence of leadership Communications Carelessness in planning or communicating; lack of consultation with key stakeholders Risk Ignoring risk; unclear assignment of risk; poor insurance management Procurement Unenforceable conditions or contract clauses; adversarial relations 24 Risk Register The main output of the risk identification process is a list of identified risks and other information needed to begin creating a risk register document. A risk register is a risk management document that allows project managers to identify and keep track of potential project risks. Using a risk register to list down project risks is one of the steps in the risk management process and one of the most important because it sets the stage for future risk management activities 25 Risk Register A risk register is: A document that contains the results of various risk management processes and that is often displayed in a table or spreadsheet format. A tool for documenting potential risk events and related information in a table form. Use a Risk Register to record: Risk Description: Clear definition of each risk. Risk Category: Type or source of the risk (e.g., technical, financial, environmental). Potential Causes: Factors that might trigger the risk. Potential Impact: Description of how the risk could affect the project. 26 Qualitative Risk Analysis Assess the probability and impact of identified risks to determine their magnitude and priority. The process of characterizing and analyzing risks and prioritizing their effects on project objectives. This section describes how to use a probability/ impact matrix to produce a prioritized list of risks The major benefit of this process is leads to focuses on high 27 priority risks. Qualitative Risk Analysis Using tools and techniques include: Probability/Impact matrixes The Top 10 Risk Item Tracking technique Expert judgment 28 Probability/Impact matrix which lists the relative probability of a risk occurring and the relative impact of the risk occurring. Many project teams would benefit from using this simple technique to help them identify risks that need attention. To use this approach, project stakeholders list the risks they think might occur on their projects. They then label a risk as having a high, medium, or low probability of occurrence and a high, medium, or low impact if it does occur. 29 Sample Probability/Impact Matrix for Qualitative Risk Assessment 30 Top 10 Risk Item Tracking Top 10 Risk Item Tracking is a tool for maintaining an awareness of risk throughout the life of a project qualitatively. Establish a periodic review of the top 10 project risk items. List the current ranking, previous ranking, number of times the risk appears on the list over a period of time, and a summary of progress made in resolving the risk item. 31 Example of Top 10 Risk Item Tracking Monthly Ranking Risk Item This Last Number Risk Resolution of Months Progress Month Month Inadequate 1 2 4 Working on revising the planning entire project plan Poor definition 2 3 3 Holding meetings with of scope project customer and sponsor to clarify scope Absence of 3 1 2 Just assigned a new leadership project manager to lead the project after old one quit Poor cost 4 4 3 Revising cost estimates estimates Poor time 5 5 3 Revising schedule estimates estimates 32 Expert Judgment Many organizations rely on the intuitive feelings and past experience of experts to analysis potential project risks qualitatively. Experts can categorize risks as high, medium, or low with or without more sophisticated techniques. 33 Quantitative Risk Analysis Often follows qualitative risk analysis, but both can be done together or separately The nature of the project and availability of time and money affect which risk analysis techniques are used. Large, complex projects involving leading-edge technologies often require extensive quantitative risk analysis. It involves numerical quantification or measuring the probability and consequences of risks in the project. 34 Cont... Main techniques include: Decision tree analysis(diagramming analysis technique) Simulation Decision tree analysis A common application of decision tree analysis involves calculating expected monetary value. Expected monetary value (EMV) is the product of a risk event probability and the risk event’s monetary value for the risk item. 35 Expected monetary value (EMV) EMV is a decision rule used in quantitative risk analysis that calculates the expected value of a risk by multiplying the probability of the risk event by its potential monetary impact (either positive or negative). Formula: EMV=P×IEMV = P \times IEMV=P×I Where: P = Probability of the risk event. I = Impact of the risk event (typically in terms of monetary value). EMV is particularly useful for evaluating financial risks and deciding on the best course of action for risk mitigation. 36 Example of Quantitative Risk Analysis: Imagine a project with a risk of a material supply delay. Here's how it might be quantified: Risk: Material Supply Delay Probability: 40% chance of occurring. Impact if occurs: 2 weeks delay to the project, costing an additional $20,000 in labor costs. Expected Monetary Value (EMV): EMV=P×I =0.40×20,000=8,000EMV The EMV of this risk is $8,000, meaning that, on average, this risk would add $8,000 in expected costs to the project. 37 Simulation A more sophisticated technique for quantitative risk analysis is simulation, which uses a representation or model of a system to analyze its expected behavior or performance. Most simulations are based on some form of Monte Carlo analysis. 38 Simulation (e.g., Monte Carlo Simulation): Monte Carlo analysis simulates a model’s outcome many times to provide a statistical distribution of the calculated results. Key Features of Monte Carlo Simulation: Uses random sampling to model the probability distributions of risks. Simulates thousands of possible project scenarios to estimate a range of outcomes. Provides insights into the likelihood of meeting project objectives (e.g., budget, schedule). 39 Risk Response Planning After identifying and quantifying risk, you must decide how to respond to them. So ,next process is taking steps to enhance opportunities and reduce threats for meeting project objectives using different risk response strategies. It is the process of developing options , selecting strategies, and approving on action to address overall risk disclosure in order to reducing negative risks and enhancing positive risks. It also identifies appropriate ways to address overall/ individual project risks. 40 Strategies for Risk Response Four main strategies: Risk avoidance: eliminating a specific threat or risk, usually by eliminating its causes. Of course, not all risks can be eliminated, but specific risk events can be. Risk mitigation: reducing the impact of a risk event by reducing the probability of its occurrence. Risk transference: shifting the consequence of a risk and responsibility for its management to a third party. Risk acceptance: accepting the consequences if a risk occurs. 41 Possible Risk Strategies Can I avoid the risk? Can I reduce the risk impact or Can I reduce the risk probability? Risk Reduction Staircase Can I limit the risk? (Contingency)? Can I transfer the risk? Can I accept the risk ? 42 GENERAL RISK MITIGATION STRATEGIES FOR TECHNICAL, COST, AND SCHEDULE RISKS 43 Implement Risk Responses This process helps in implementing approved risk response plans (act on your plan). The benefit of this process is to ensure that decided upon risk responses are executed as planned, in order to address overall project risk exposure, minimize threats(- ve risk) ,and maximize opportunities(+ve) for project. 44 Monitor and Control Risk Monitoring risks involves ensuring the appropriate risk responses are performed, tracking identified risks, identifying and analyzing new risk, and evaluating the effectiveness of risk management throughout the entire project. Project risk management does not stop with the initial risk analysis. Identified risks may not materialize, or their probabilities of occurrence or loss may diminish. Tools and techniques for monitoring risks include data analysis, audits, and meetings. 45 Using Software to Assist in Project Risk Management Risk registers can be created in a simple Word or Excel file or as part of a database More sophisticated risk management software, such as Monte Carlo simulation tools, helps for analyzing project risks quantitively. Etc. 46. Many thanks 47

Project Risk Management PDF

Document Details

Tags

Related

Summary

Full Transcript