Ioan Gheorghe DUBAR Master AES, Anul I

A risk is a combination of the probability (OCCURRENCE) of an event, and

its consequence (SEVERITY/IMPACT)

The purpose of Risk Management is to identify potential problems before they occur, so that risk-handling activities may be planned and invoked as needed across the life of the product or project to mitigate adverse impacts on achieving objectives. CMMI 2001 The organization shall prepare contingency plans to satisfy customer requirements in the event of an emergency such as utility interruptions, labour shortages, key equipment failure and field returns. ISO TS 16949

 Risk Management Planning / Strategy decide how to approach, plan and execute the risk management activities for a project / company. Risk Identification determining which risks might affect the project and documenting their characteristics. Qualitative Risk Analysis prioritizing risks for subsequent further analysis or action by assessing and combining their probability of occurrence and impact. Quantitative Risk Analysis numerically analyzing the effect on overall project objectives of identified risks.

Risk Response Planning developing options and actions to enhance opportunities, and to reduce threats to project objectives.
Risk Monitoring and Control tracking identified risks, monitoring residual risks, identifying new risks, executing risk response plans, and evaluating their effectiveness throughout the project life cycle.

The risk must be communicated to the project team and to the management

 Uncertain requirements Unprecedented efforts - estimates unavailable Infeasible design Unavailable technology

Unrealistic schedule estimates or allocation

Inadequate staffing and skills Cost or funding issues Uncertain or inadequate subcontractor capability

Uncertain or inadequate vendor capability

Lack of experience in project management

 The scope of the risk management effort Methods and tools to be used Project-specific sources of risks How these risks are to be organized, categorized, compared, and consolidated Parameters, including likelihood, consequence, and thresholds, for taking action on identified risks Risk mitigation techniques to be used, such as prototyping, simulation, alternative designs, or evolutionary development Definition of risk measures to monitor the status of the risks Time intervals for risk monitoring or reassessment

Probability of occurrence of an event : = Probability that the event / risk becomes a problem It can be evaluated within 3 levels : level 1: low; e.g. probability 30% level 2: medium; e.g. 30% < probability 90% level 3: high; e.g. probability > 90% Severity (impact) of an event: = Level of consequences or impact on cost, time, function. It can be evaluated within 3 levels : L (low), M (medium), H (hi h)