APPENDIX 2

Risk Management

Risk management is an ongoing process that continues through the life of a project.
It includes processes for risk management planning, identification, analysis,
monitoring and control. Many of these processes are updated throughout the project
lifecycle as new risks can be identified at any time. Its the objective of risk
management to decrease the probability and impact of events adverse to the
project. In this chapter will provide risk analysis of this project and the mitigation of
the risk.
14.1 Risk Project Analysis
Risk analysis needs some steps to make a good risk analysis and mitigation.
The steps to analysis the risk are:

Risk Identification

Risk Assessment

Risk Mitigation or Risk response

Risk Tracking and Reporting

Identification of risk is the first step in managing risk. Risk should be identified
to know how much risk will occur in the project. Some risks may be quite
obvious and will be identified prior to project kickoff. Others will be identified
during the project lifecycle, and risk can be identified by anyone associated
with the project. Some risk will be inherent to the project itself, while others
will be the result of external influences that are completely outside the control
of the project team. The several ways could be used to identify risk such as:
1. Analogy,
2. Interview with SMEs,
3. Delphi technique,
4. Nominal Group Technique,
5. Crawford Slip,
6. Check List Forms and Templates,

7. Work Breakdown Structure analysis,

8. Surveys,
9. Lesson Learned,
10.Etc.

In this project, to identify risk use WBS (Work Breakdown Structure) as basis to
analysis. In WBS, the activities occur in project will be shown, the risk that
possible occur could be analyzed from every activity. The risk is divided to
internal and external. The risk could be happen because of internal project are
communication problem and human error. External risk has more risk category,
such as communication, finance, regulatory, and weather.
After identified, the next step is risk assessment. Risk assessment is the act of
determining the probability that a risk will occur and the impact that event
would have, should it occur. This is basically a cause and effect analysis. The
cause is the event that might occur, while the effect is the potential impact
to a project, should the event occur. In this area the risk should be considered
to some area such as, cost, scope, schedule, and performance/ quality. Risks
will be assigned one category, but some might be assigned more than one, or
all.

Cost This impact is usually estimated as a dollar amount that has a

direct impact to the project. However, cost is sometimes estimated and
reported as simply additional resources, equipment, etc. This is true
whenever these additional resources will not result in a direct financial
impact to the project due to the fact the resources are loaned or
volunteer, the equipment is currently idle and there is no cost of use, or
there are other types of donations that wont impact the project budget.
Regardless of whether there is a direct cost, the additional resources
should be documented in the risk statement as part of the mitigation
cost.

Scope Whenever there is the potential that the final product will not be
completed as originally envisioned there is a scope impact. Scope impact
could be measured as a reduction of the number of studies completed, or
not providing a deliverable such as an IND.

Schedule It is very important to estimate the schedule impact of a risk

event as this often results is the basis for elevating the other impact
categories. Schedule delays frequently result in cost increases and may
result in a reduction of scope or quality. Schedule delays may or may not
impact the critical path of the project and an associated push out of the
final end date.

Performance/Quality Performance/Quality is frequently overlooked as an

impact category and too often a reduction in quality is the preferred
choice for mitigation of a risk. Short cuts and low cost replacements
are ways of reducing cost impacts. If not documented appropriately and
approved by the project sponsor, mitigation strategies that rely upon a
reduction in quality can result in significant disappointment by the
stakeholders.

Risk management register is made to compile and arrange all of risk identify
result and assessment of risk regarding the effect to cost, schedule, scope and
performance/ quality. The matrix will be shown in 14.3.

14.2 Risk Mitigation

Risk mitigation is defined as taking steps to reduce adverse effects. There are
five types of risk mitigation strategies that hold unique to project. Its
important to develop a strategy that closely relates to and matches with
projects and companys profile. The mitigation for this project can also be
shown in 14.3.
Risk Acceptance:
Risk acceptance does not reduce any effects however it is still considered
a strategy. This strategy is a common option when the cost of other risk

management options such as avoidance or limitation may outweigh the

cost of the risk itself. A company that doesnt want to spend a lot of
money on avoiding risks that do not have a high possibility of occurring
will use the risk acceptance strategy.
Risk Avoidance:
Risk avoidance is the opposite of risk acceptance. It is the action that
avoids any exposure to the risk whatsoever. Risk avoidance is usually the
most expensive of all risk mitigation options.
Risk Reduction:
Risk limitation is the most common risk management strategy used by
businesses. This strategy limits a companys exposure by taking some
action. It is a strategy employing a bit of risk acceptance along with a bit
of risk avoidance or an average of both. An example of risk limitation
would be a company accepting that a disk drive may fail and avoiding a
long period of failure by having backups.
Risk Transference:
Risk transference is the involvement of handing risk off to a willing third
party. For example, numerous companies outsource certain operations
such as customer service, payroll services, etc. This can be beneficial for a
company if a transferred risk is not a core competency of that company. It
can also be used so a company can focus more on their core
competencies.
Risk Contingency Planning:
Contingency planning is the act of preparing a plan, or a series of
activities, should an adverse risk occur. Having a contingency plan in
place forces the project team to think in advance as to a course of action
if a risk event takes place.

14.3

Risk Management Project

Risk Management in general has been shown above. This project needs to do
risk identification, assessment, and mitigation. Below, the register risk shows
the combined tree steep to manage the risk in this project. The project
identification as explained above use WBS to identified what risk possible to
occur. After the activity is analyzed, the risk is classified based on internal and
external project. The possible risk occur from internal project is because of
communication and human error.

While, external project there are some

category such as communication, finance, regulation, political, technical,

safety, and weather-storm. Each category has one or more risk that possible to
occur.
Then, each risk is assessed for the impact to cost, schedule, scope, and
performance/ quality. Risk impact can affect to one category or more. To
mitigate the risk, the response should be choose the strategy to face the risk,
which are to avoid, to accept, to reduce, to transfer, to make contingency plan.
After that, the description of strategy should be explained clearly. For more
detail about risk management, Table contained risk register is shown below.

Risk Register for Project (Deck Extension of EB Platform)

Impact Factor
Risk
Category

Description

Cos
t

Sched
ule

Sco
pe

Risk
Quality/ Respon
Performa
se
nce

Detail
Response

Internal Project

Communicat
ion Risk

1. Miss
communication due
to an agreement
made in meeting

Reduce
Risk

Providing minute of
meeting

2. Wrong report
format

Reduce
Risk

Template report is
distributed over all
division

Responsibi
lity
(Authority)

Evaluation and Cut

Off

Reduce
Risk

Make tight schedule

Reduce
Risk

Make a guideline

Reduce
Risk

Giving detail
information

Transfer

Insurance and

1. The company
personnel does not
adequate to follow
working standard
Human

2. Review work cycle

need additional time
3. Working wrong
procedure

External Project
Communicat
ion

1. Miss Information
with sub-con or
vendor

Finance

1. Currency Rate

v
v

Impact Factor
Risk
Category

Political

Regulation

Technical

Description

Cos
t

Sched
ule

Sco
pe

Risk
Quality/ Respon
Performa
se
nce

Detail
Response

The Risk

contract option

2. Internal rate
changing

Transfer
The Risk

Insurance and
contract option

3. Inflation

Transfer
The Risk

Insurance and
contract option

1. Alteration of
Government
personnel

Transfer
The Risk

Insurance company,
and contract content

1. Custom Duty

Transfer
The Risk

Insurance company,
and contract content

2. Regulatory
changes

Transfer
The Risk

Insurance company,
and contract content

1. Material does not

fill the standard
requirement

Responsibi
lity

Vendor responsibility
to change with
required material

2. Design change
order

Avoid

Fix design in
beginning

3. Material defective

Responsibi
lity

Vendor responsibility
to change with
required material

4. Market inavailability

Contingen
cy

Preparing all vendor

company

Contingen
cy

Design with safety

factor

5. Technical Query

Impact Factor
Risk
Category

Description

Cos
t

Sched
ule

Sco
pe

Risk
Quality/ Respon
Performa
se
nce

Responsibi
lity and
Reduce

Vendor responsibility
to change with
required material.
Reduce the risk by
better quality
performance

Contingen
cy

Design with safety

factor

Contingen
cy

Design with safety

factor

Avoid

Make safety plan

Avoid

Make a guideline
when close to easy
fire detector

4. Accident due to
Human Error

Avoid

Put a sign to reminds

human about safety

1. Installation delay

Accept

Do Nothing

2. Shipping and
Transporting problem

Accept

Do Nothing

Contingen
cy

Make other plan

schedule

Transfer

Vendor requisition or
contract

6. High Repair Rate

7. Failure Installation

1. Lifting Failure

2. Fabrication
accident

3. Fire accident

Safety

Weather Storm

Detail
Response

3. Labor delayed
attendance
4. Material defect or
loose