Project Risk Management

- JAYATI SINGH

INTRODUCTION
It includes the process concerned with conducting

risk management planning, identification, analysis,

responses, monitoring and control on a project; most
of these processes are updated throughout the
project.
The objectives are:
Increase the probability and impact of positive
events
Decrease the probability and impact of events
adverse to the project.

PROCESS OF PROJECT RISK

MANAGEMENT
Risk Management Planning: decide how to approach, plan

and execute the risk management activities for a project.

Risk Identification: determine which risk might affect the
project and documenting their characteristics.
Quality Risk Analysis: prioritizing risks for further
analysis.
Quantitative Risk Analysis: numerically analyzing the
effect on overall project objectives of identified risks.
Risk Response Planning: developing actions and options to
enhance opportunities.
Risk Monitoring and Control: identify and monitor the risk

Plan Risk Management

The process of defining how to conduct risk management

activities for a project

Important to provide sufficient resources and time for risk

management activities, and to establish an agreed upon

basis for evaluating risk.

Plan Risk Management:

Tools & Techniques
Planning Meetings and Analysis

Project teams meet with stakeholders

High level plans for risk management are define in these

meetings

Plan Risk Management: Outputs

Methodology Defines the tools, approaches and data

sources that may be used to perform risk management on

the project.
Budgeting A budget for project risk management should

be established and included in the risk management plan.

Role & Responsibility Defines the lead, support and risk

management team membership for each type of action in

the risk management plan.

Plan Risk Management: Outputs

Timing Defines how often the risk management activities

will be performed throughout the project life cycle.

Risk categories Documentation such as risk breakdown

structures (RBSes) or categories from previous projects will

help identify and organize risks.
Definitions of risk Risks and their probabilities are

probability & impact defined for use in Qualitative Risk

Analysis using a scale of very Unlikely to almost certain.

Risk Breakdown Structure

A risk breakdown structure (RBS) organizes

potential sources of risk to the project.

Functioning much like a work breakdown structure,

an RBS arranges categories into a hierarchy.

This approach allows the project team to define risk

at very detailed levels.

Risk Breakdown Structure for a Software

Development Project

Risk Profile
A risk profile is a list of questions that address

traditional areas of uncertainty on a project.

These questions has been designed and developed

from the experience of past projects.

Risk Profile Questions

Identify Risks
This is the phase where you work with your team to

identify as many risks as possible.

Identify Risk: Tools & Tech

Documentation Reviews including charter, contracts,

and planning documentation, can help identify risks.

Those involved in risk identification might look at this

documentation, as well as lessons learned, articles, and

other documents, to help uncover risks.

Identify Risk: tools & tech

Brainstorming: One idea generates another
Delphi technique: Expert participate anonymously; facilitator

use questionnaire; consensus may be reached in a few rounds;

Help reduce bias in the data and prevent influence each others.
Interviewing: interviewing experts, stakeholders and
experienced PM
Root cause analysis: Reorganizing the identified risk by their
root cause may help identify more risks
Checklist analysis: checklist developed based on accumulated
historical information from previous similar project
Assumption analysis: identify risk from inaccuracy, instability,
inconsistency, incompleteness.
SWOT analysis Strengths, Weaknesses, Opportunities, Threats

Output: Risk Register

Output is initial entries into the risk register. It

includes:

List of risk
List of POTENTIAL responses
Root causes of risks
Updated risk categories

Perform Qualitative Risk Analysis

This is the phase where you rank the risks youve identified

from Identify Risks to come up with a list of risks you will

create plans for dealing with

Tools and Techniques of Qualitative

Analysis
Risk Data Quality Assessment What is the quality of

the data used to determine or assess the risk?

Extent of the understanding of the risk

Data available about the risk
Quality of the data
Reliability & Integrity of the data

Perform Quantitative Risk Analysis

A numerical analysis of the probability and impact of the

risks with the highest risk rating score determined from

qualitative analysis
Is a numerical evaluation (more objective)

Tools and Techniques of Quantitative

Analysis
EMV Expected Monetary Value What is the

probability of the risk occurring multiplied by the

impact if the risk does occur? If the risk occurs, what
could the financial or time loss be to your project?
In the example below, this project has an EMV of
($58,250), this means that you need to put aside
$58,250 in your risk reserve account for potential risks

Sensitivity Analysis
To determine which risks have the most potential

impact to the project

Changing one or more elements/variables and set
other elements to its baseline then see the impact.
One typical display of sensitivity analysis is the
tornado diagram
Tornado diagram is useful in analyzing risk
taking scenarios.
They provide the positive and negative impact of
each risk on the project and let you decide to
choose which risk to take.

Tornado Diagram

Risk Response Planning

Eliminate the threats before they happen
Make sure opportunities happen
Decrease the probability and/or impact of threats
Increase the probability and/or impact of

opportunities
For Residual Threats

Contingency Plans
Fallback Plans

Contingency and Fallback Plans,

Contingency Reserves
Contingency plans are predefined actions that the

project team will take if an identified risk event

occurs.
Fallback plans are developed for risks that have a

high impact on meeting project objectives, and are

put into effect if attempts to reduce the risk are not
effective.
Contingency reserves or allowances are

provisions held by the project sponsor or

organization to reduce the risk of cost or schedule
overruns to an acceptable level.

Plan Risk Response

Strategies for NEGATIVE Risks

or THREATS

Avoidance
Risk prevention
Changing the plan to eliminate a risk by avoiding

the cause/source of risk

Protect project from impact of risk
Examples:
Change the supplier / engineer
Do it ourselves (do not subcontract)
Reduce scope to avoid high risk deliverables
Adopt a familiar technology or product

Mitigation
Seeks to reduce the impact or probability of the

risk event to an acceptable threshold

Be proactive: Take early actions to reduce
impact/probability and dont wait until the risk
hits your project
Examples:
Staging - More testing - Prototype
Redundancy planning
Use more qualified resources

Transfer
Shift responsibility of risk consequence to another

party
Does NOT eliminate risk
Most effective in dealing with financial exposure
Examples:
Buy/subcontract: move liabilities
Selecting type of Procurement contracts: Fixed Price
Insurance: liabilities + bonds + Warranties

Strategies for POSITIVE Risks

or Opportunities

Strategies for Opportunities

Exploit: Ensure opportunity is realized
Ex: Assigning organization most talented resources to
the project to reduce cost lower than originally planned.
Enhance: Increase the probability and/or the positive
impact of the opportunity
Ex: Adding more resources to finish early
Share: Allocating some or all of the ownership to third
part best able to capture the opportunity
Ex: Joint ventures, special-purpose companies

Monitor and Control Risk

The process of

implementing risk response plans

tracking identified risks
monitoring residual risks
identifying new risks and
evaluating risk process effectiveness throughout the project
risk audit.