College of Business and Economics

Project Appraisal

CHAPTER V PROJECT RISK ANALYSIS

Sources of Risk Project Risk Vs Portfolio Risk Management of Risks Techniques of Measuring risk - Sensitivity Analysis Scenario Analysis Simulation Analysis Contingency Planning.

Introduction Risk is inherent in almost every business decisions. More so in capital budgeting decisions as they involve costs and benefits extending over a long period of time during which many things can change in unanticipated ways. In the context of projects, risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on project objectives. Risk management attempts to recognize and manage potential and unforeseen trouble that may occur when the project is implemented. It identifies as many risk events as possible, minimizes their impact, manages responses to those events that do materialize and provides contingency funds to cover risk events that actually materialize. Total Project Risk It refers to the chance that a project will perform below expectations possibly resulting in losses from the project and for the firm. Portfolio Risk It refers to the risk associated with collection of physical and financial assets. Management of Risks/ Risk Management Process 1. Risk Identification The risk management process begins by trying to generate a list of all the possible risks that could affect the project. During the planning phase, a risk management team uses brainstorming and other techniques to identify potential problems. Participants are encouraged to keep an open mind and generate as many probable risks as possible. Later during the assessment phase, participants will have a chance to analyze and filter out unreasonable risks. One common mistake that is made here is to focus on consequences and not on the events that could produce consequences. A risk profile is another tool that can help management teams identify and eventually analyze risks. It is a list of questions that address traditional areas of uncertainty on a project. It recognizes the unique strengths and weaknesses of the firm. These are usually generated and maintained by the project office. They are updated and refined during the post project audit. The risk identification process should not be limited to just the core team. Input from customers, sponsors, subcontractors, vendors should be solicited. One of the keys to Chapter V Project Risk Analysis

College of Business and Economics

Project Appraisal

success in risk identification is attitude. A can do attitude is essential. The goal is to find problems before they happen. 2. Risk Assessment: All identified risks do not deserve attention. Some are trivial and can be ignored, while others pose serious threats to the welfare of the project. Scenario analysis is the easiest and most commonly used technique for analyzing risks. Team members assess each risk in terms of The undesirable event All the outcomes of the events occurrence The severity of the events impact Probability of the event happening Interaction with other parts of this project

Documentation of scenario analysis can be seen in various risk assessment forms used by companies. For example the risk assessment form used on an IS project involving the upgrade from Windows Office 97 to Windows Office 2000 XP. The project team identified risks, including interface problems with current software systems, the system freezing after installation, end-users resisting and complaining about the changes, and hardware equipment malfunctioning. In addition to assessing the chances, severity, and when the event is likely to occur, the project team also assessed whether they would be able to detect that the event was going to occur in time to take mitigating action. Notice that the team rated the detection difficulty high (#5) for the system freezing since systems crash without warning, while user backlash was rated medium (#3) because a ground swell of resistance could be detected before there is open rebellion.

Risk Event Interface Problems System Freezing User Backlash Hardwar Malfunctioning

Likelihood 4 2 4 1

Impact 4 5 3 5

Detection Difficulty 4 5 3 5

When Conversion Start-Up Post-Installation Installation

Often organizations find it useful to categorize the severity of different risks into some form of risk assessment matrix. The matrix is typically structured around the impact and likelihood of the risk event. The matrix is divided into red, yellow, green zones representing major, moderate, and minor risks respectively. Chapter V Project Risk Analysis

College of Business and Economics

Project Appraisal

5 4 Likelihood 3 2 1 1 2 3 Impact 4 5

Red Zone (Major risk)

The above risk severity matrix provides a basis for prioritizing which risks to address. Red zone receives first priority followed by yellow zone. Green zone risks are typically considered and ignored unless their status changes. 3. Risk Response Development: When a risk event is identified and assessed a decision must be made concerning which response is appropriate for the specific event. Responses to risks are as follows. a) Mitigating Risk: Reducing risk is usually the first alternative considered. There are two strategies for mitigating risks. (1) Reducing the likelihood that the event will occur and or (2) reduce the impact that the adverse event would have on the project. b) Avoiding Risk: Risk avoidance is changing the project plan to eliminate the risk or condition. Although it is impossible to eliminate all risk events, some specific risks may be avoided. For example, adopting a proven technology instead of experimental technology can eliminate technical failure.

Chapter V

Project Risk Analysis

College of Business and Economics

Project Appraisal

c) Transferring Risk: Passing risk to another party is common. This transfer does not change risk. It results in paying premium. Fixed price contracts are the classic example of transferring risk. Another way to transfer risk is insurance. d) Sharing Risk: Risk sharing allocates proportions of risk to different parties. Sharing risks has drawn more attention in recent years as a motivation for reducing risk and, in some cases, cutting project cost. e) Retaining Risk: In some cases, a conscious decision is made to accept the risk of an event occurring. Some risks are so large it is not feasible to consider transferring or reducing the event. The project owner assumes the risk because the chance of such an event occurring is slim. The risk is retained by developing a contingency plan to implement if the risk materializes. In a few cases a risk event can be ignored and a cost overrun accepted should the risk event occur. 4. Risk Response Control: The last step in the risk management process is risk control executing the risk response strategy, monitoring triggering events, initiating contingency plans, and watching for new risks. Project managers need to monitor risks just like they track project progress. The project team, management needs to be on constant alert for new unforeseen risks. Project managers need to establish an environment in which participants feel comfortable raising concerns and admitting mistakes. Participants should be encouraged to identify problems and new risks. A positive attitude by the project manager towards risks is a key. A second key for controlling cost or risks is documenting responsibility. Each identified risk should be assigned. If risk management is not formalized responsibility and response to risk will be ignored. Change Control Management: A major element of risk control process is change management. Every detail of a project plan will not materialize as expected. Coping with and controlling project changes present a challenge for most project managers. Changes comes from Changes in the form of design or additions represent big changes; for example customer requests for a new feature. Implementation of contingency plan, when risk event occur. Changes suggested by project team members.

Change control systems involve reporting, controlling and recording changes to the project baseline. The following diagram represents change control process.

Chapter V

Project Risk Analysis

College of Business and Economics

Project Appraisal

Change Originates

Change request submitted

Review change request

Approved?

No

Yes
Update plan of record

Distribute for action

Techniques of Measuring risk: Measures of dispersion are used in measuring project. Some of them are probabilities, others do not. Some consider default probability equal, if probabilities are not assigned. The following statistical techniques are available for measuring risk. Range Mean absolute deviation Variance Semi-variance Standard deviation Co-efficient of variation Range: This is the difference between the highest value of outcome and the lowest value of outcome. Rg= Rh Ri where Rg = range of distribution Rh= highest value Ri = lowest value Project Risk Analysis

Chapter V

College of Business and Economics

Project Appraisal

The range does not consider probabilities, nor does it pay attention to other possible outcomes between the highest and lowest values. The sensitivity analysis uses range values in its application. Mean Absolute Deviation (MAD) The term mean absolute deviation is self-explanatory. The deviation of each observation from their mean is added up to get mean absolute deviation. While adding up the difference, the signs are ignored. It is called absolute because negative sign is ignored.
n i=1
__

Pi |Ri R|
Where, Pi = the probability of the ith possible value = the ith possible value of the variable = the expected value of the distribution
__

Ri
__

Ri R = only the absolute value is considered; a negative value is ignored

Variance:
n i=1
__

Variance = Pi (Ri R)2 The difference of the value from the mean of distribution is squared to avoid a negative sign. By squaring the difference the values which are far away from the mean are given more weightage. Due to squaring, however, the variance cannot be compared with expected (mean) return. Semi-variance:
__

It is same as variance but it considers R values only if Ri < R (i.e. only if there is a chance
__ __

of getting less than the expected result). If Ri > R then zero value is taken for ((Ri R)2.
n i=1 n i=1
__ __

SV = Pi (Ri R)2 Variance = Pi (Ri R)2 Where SV= semi-variance

__

(Ri R) is always positive

__

Negative (Ri R) is taken as zero

Chapter V

Project Risk Analysis

College of Business and Economics Standard Deviation (SD) SD=(Sigma)= variance =

Project Appraisal

__

Pi (Ri R)2

i=1

The variance cannot be compared with the expected (mean) return. Therefore, its root is taken and standard deviation is calculated so that it can be compared with return. However, it ignores the size of the project, and therefore, the comparison of two projects becomes difficult. Coefficient of Variation (CV) The size of the project is considered in the coefficient of variation
__

CV= : R When standard deviation () is divided by expected returns (i.e. mean or R) we get the coefficient of variation. It is, therefore, useful in comparing risks of two projects of different sizes. Lower Coefficient of variation is considered good.
__

Example: Let us compute these six measures of risk for the outcome of an investment below: Outcomes (Nakfa) 1100 700 600 Range = 1,100 600 = 500
__

Probability 0.2 0.5 0.3

MAD: Expected value = R = {(1100x 0.2) + (700 x 0.5) + (600 x 0.3)} = 750 MAD = 0.2 x (1100-750) + 0.5x (700-750) +0.3x (600-750) = 70-25-45 =0 If the mean absolute deviation is calculated on the basis of arithmetic mean (170) rather than the expected value then, answer will be 170. For the rest of the calculations the following working will be useful:
P 0.2 0.5 0.3 R 1100 700 600 PxR 220 350 180 _ R 750 _ (R-R) 350 -50 -150 _ (R-R)2 122,500 2,500 22,500 _ P(R-R)2 24,500 1,250 6,750 2 32,500 180

Variance Chapter V

= 0.2 x 3502 + 0.5 x 502 +0.3 x 1502 Project Risk Analysis

College of Business and Economics = 32,500 Semi- variance= 0.2 x 3502 + 0.5 x 02 + 0.3 x 02 = 24,500

Project Appraisal

Standard Deviation = 32,500 = 180 (using variance) Or = 24,500 = 156.5 (using semi-variance) The coefficient of variation = 180 : 750 = 0.24 (using variance) Or = 156.5 : 750 = 0.209 (using semi-variance) Sensitivity Analysis/ What-if Analysis: Since the future is uncertain, you may like to know what will happen to the viability of the project when some variable like sales or investment deviates from its expected value. In other words, a decision maker can determine how sensitive a projects return is to changes in a particular variable. It is a procedure that calculates the change in net present value given a change in one of the cash flow elements such as product price. It is useful in pinpointing those variables that deserve the most attention. The results of sensitivity analysis can be illustrated graphically by way of a straight line. The steeper the resulting line is, the greater the sensitivity of that variable being investigated. Scenario Analysis: It is another technique that has been used to assess the risk of an investment project. Sensitivity analysis considers the impact of changes in key variables, one at a time, on the desirability of a project. In contrast, scenario analysis, considers the impact of simultaneous changes in key variables on the desirability of an investment project. All the needed estimates were made by categorizing optimistic, most likely and pessimistic scenario. Simulation Analysis: This approach is more appropriate for analyzing larger projects. A simulation is a financial tool that models some event. Its a combination of sensitivity and scenario analysis. As it considers a very large number of scenarios computer assistance is certainly needed. Contingency Planning: A contingency plan is an alternative plan that will be used if a possible foreseen risk event becomes a reality. The contingency plan represents actions that will reduce or mitigate the negative impact of the risk event. Like all plans, the contingency plan answers the questions of what, where, when and how much action will take place. Contingency planning evaluates alternative remedies for possible foreseen events before the risk event occurs and selects the best plan among alternatives. Conditions for activating the implementation of the contingency plan should be decided and clearly documented. The plan should include a cost estimate and identify the source of funding. All parties affected should agree to the contingency plan. Because implementation of a contingency plan embodies disruption in the sequence of work, all contingency plans should be communicated to team members so that surprise and resistance are minimized. Chapter V Project Risk Analysis