Project Risk

Management

Planning, identifying, analyzing, responding &

monitoring to risk throughout the life of a project and
in the best interests of meeting project objectives.
Every project is
risky, meaning
there is a chance
things w o n ’ t
t u r n out exactly
as planned.
 percent of runaway
projects

“ Did no risk management at

all 38 percent did some, and 7
percent were not sure whether
they did risk management or
not” (KPMG,1995)
Project Risk Objective
Increase or decrease
the probability and impact of

Positive risk/
opportunities
Negative risk/
threats
 Terms & Concept
– Uncertainty: a lack of knowledge
about an event that reduces
confidence

– Risk adverse: someone who

does not want to take risks.
 Terms & Concept
– Risk tolerances: area of risk that
are acceptable/unacceptable.

– Risk thresholds/apetite: high level

of individual/group’s openness to
risk
 Terms & Concept

– Threshold is a measurement amount of risk that

individual/group willing to accept a specific of
category
– the point at which a risk become unacceptable
The Advantages
of Project Risk
Management
Better Scope
Better Project
Selection
Better Schedulling
Realistic Cost
Budgeting
Project Management Maturity by industry group

Risk is not big attention among industrial group

Risk Survey
 • Remember that in this area there is no activity in executing process
group

Project Risk Plan Risk

Identify Risks
Perform Qualitative Risk Analysis
Perform Quantitative Risk Analysis
Plan Risk Responses
Implement Risk Responses

Monitor Risks
 Monitoring &
Controlling Processes
Planning
Processes

Enter phase/ Initiating Closing Exit phase/

Start project Processes Processes End project

Executing
Processes

Process
Knowledge
Area Monitoring &
Initiating Planning Executing Closing
Control
Plan Risk Management
Identify Risk Monitor
Perform Qualitative Risk Implement Risk
Control
Scope Analysis Response
Perform Quantitative Risk Risk
Analysis
Plan Risk Response
Plan Risk
The process of defining how to conduct risk
management activities for a project.
 Inputs
1. Project Charter Tools &
[Link] Techniques
Outputs
Management
1. Expert Judgement 1. Risk
Plan
2. Data Analysis Management
[Link]
Documents
3. Meetings Plan
4. EEF
5. OPA
 Plan Risk

• Source of risk is RISK CATEGORY

– A standard list of risk categories can help to
make sure areas of risk are not forgotten.
– Companies and PMO should have standard list of
risk categories to help identify risk.
– Resource Breakdown Structure=RISK Category
 Risk Category

• External: EEF, regulatory, market shift

• Internal: inexperience tem, staffing, issues, changes to
schedule, scope, equipment, material
• Technical: changes in technology, technical process
• Commercial: customer stability, terms and cond within
contract vendor
• Unforeseeable: small portion of risk, only 10 %
 Risk Cause

• The customer
• Lack of project management effort
• Lack of knowledge management by PM and stakeholder
• The customers 'customer
• Supplier
• Resistance to change
• Cultural differences
 Source of risk
• Schedule
• Cost
• Quality
• Scope
• Resources
• Customer satisfaction
 2 main type of risk
Pure (insurable)
Business risk – Only a risk of
Risk of gain Loss loss (i.e. fire, theft,
personal injury,
etc)
 Risk Management Plan
✓ Risk Strategy ✓Stakeholder Risk
✓ Methodology Appetite
✓Roles & ✓Definitions of Risk
Responsibilities Probability & Impact
✓ Funding ✓Probability and Impact
✓ Timing
Matrix
✓ Reporting Formats
✓ Risk Categories
✓ Tracking
Example of RBS
 THE POTENTIAL RISK
IN KNOWLEDGE AREA
INTEGRATION

Inadequate planning, poor resource

allocation, poor integration
Management, lack of post-project
review
SCOPE

Poor definition of scope or work packages;

incomplete definition
COST

Estimating errors; inadequate

productivity, cost, change, or
contingency
QUALITY

Poor attitude toward quality

substandard design, materials, and
Workmanship, inadequate quality assurance
program
COMMUNICATION

Carelessness in planning or
communicating
HUMAN RESOURCE

Poor conflict management; poor project

organization and definition of
responsibilities; absence of leadership
RISK

Ignoring risk; unclear analysis of

risk; poor insurance management
PROCUREMENT

Unenforceable conditions or
contract clauses; adversarial
relations
STAKEHOLDER

Lack of consultation with

key stakeholder
 Identify Risk
• The process of identifying individual risks as well
as source of overall project risk and
documenting their characteristic
 Inputs Tools & Techniques Outputs
1. Project 1. Expert Judgment
Management Plan 2. Data Gathering 1. Risk Register
2. Project 2. Risk Report
3. Data Analysis
Documents
4. Interpersonal and [Link]
3. Agreements
Team Skills Documents
4. Procurement
5. Prompt Lists Updates
Documentation
5. EEF 6. Meetings
6. OPA
Identify Risk
• Risk should be continually reassessed
(iterative) such as in integrated change
control activity
• Information gathering techniques
– Brainstorming
– Delphi technique
– Interviewing:
– Root cause analysis
– SWOT
SWOT Strengths, Weaknesses,
Opportunities, Threats
Opportu
nities

STRENGTHS
WEAKNESS

Threats
Cause & effect diagram
Risk Register
Risk Register
 Perform Qualitative
Risk Analyis
• Pioritizing individual project risks for futher
analysis or action by assessing their probability of
occurrence and impact as well as other
characteristics
 Tools &
Techniques
Inputs [Link] probability and Outputs
[Link] register impact assessment
[Link]
[Link] management [Link] and impact ducuments
plan matrix update
3. Scope baseline 3. Risk data quality
4. EEF assessment
5. OPA [Link] categorization
[Link] urgency
assessment
[Link] judgment
 Qualitative risk

• Help to focus on high priority risks

• A subjective analysis
• Can be also used to:
– Compare risk to the overall risk of other projects
– selected, continued or terminated?
– Proceed to Perform Quantitative Risk Analysis?
 Probability Impact Matrix
• Different matrices can be used for cost, time, scope
• It helps guide risk responses (priority action & response
strategies)

PROBA RISK
No Category Description of Risk IMPACT
BILITY LEVEL

1 Resource Testing environment not available 4 B ORANGE

Documentation approval took longer

2 Schedule 4 A RED
time
Colors shows level
of importance
 10
9
8
7
probability

6
5
4
3
2
1

1 2 3 4 5 6 7 8 9 10
impact
Scale for probability Scale for impact
Rating interpretation Rating interpretation
1-2 Low 1 No real impact
3-4 Medium 2 Small reduction of cost and time reserves
5-6 Medium-high 3 Medium reduction of cost and time
reserves
7-8 High
4 Large reduction of cost and time reserves
9-10 Fact
5 Slightly overbudget
6 Over budget by 10% to 20% or project
delayed by 10% to 20%
7 Over budget by 20% to 30% or project
delayed by 20% to 30%
8 Over budget by 30% to 40% or project
delayed by 30% to 40%
9 Over budget by 40% or project delayed
by 40%
10 Project Failure
 Risk Parameter Assessment
• Urgency: risk likely to occur soon
• Dormancy: anticipated time when risk occur
and its impact
• Manageability and controlability: level of
difficulty
• Strategic impact: risk occurrence would affect
strategic goal
 Perform quanitative
risk analyis
• Numerically analyzing the combined effect of
identified individual project risks and other
sources of uncertainty on overall project objectives
 Inputs Tools &
Techniques
[Link] Outputs
1. Expert Judgment
Management 2. Data Gathering
Plan 3. Interpersonal 1. Project
[Link] and Team Skills Document
Documents 4. Representations Updates
3. EEF of Uncertainty
4. OPA 5. Data Analysis
Quantitative Risk

• A numerical evaluation
(more objective)
• This process may be skipped.

Create realistic and achievable cost,

schedule, or scope targets.
Quantitative Risk T&T
Sensitivity analysis – tornado diagram
Expected monetary value (EMV)
analysis
Decision tree
Monte Carlo analysis (simulation)
PERT
 Expected monetary value
EMV = (Probabili ty) (Impact) 
EMV (expected monetary value) used with Decision Tree to choose between many
alternative which take into account the future event
Example:

Example Source:
Decision Tree / EMV
 Plan Risk Responses

Developing options, selecting strategies and

agreeing on actions to address overall project
risk exposure, as well as to treat individual
project risk
 Tools &
Inputs Techniques
Outputs

1. Risk register 1. Strategies for negative 1. Project management

2. Risk risks or threats plan updates
management 2. Strategies for positive 2. Project document
risks or opportunities updates
plan 3. Contingent response
strategies
4. Expert judgment
S F
T O
R
R
A T
T H
E R
E
G A
Y T
ACCEPT
Deal with the risks
Project management plan is not changed
 AVOID
Eliminate the threat entirely
Isolate project objectives from
the risk’s impact
TRANSFER/DEFLECT/
ALLOCATEE
Shift some or all the negative impact of a threat
to a third party e.g insurance, outsourcing
 MITIGATE
Implies a reduction in the probability and/or
impact of an adverse risk event to be within
acceptable threshold limits
 STRATEGY FOR

EXPLOIT SHARE

ENHANCE ACCEPT
 EXPLOIT
Seek to ensure the opportunities definitely
happen. E.g: add work/change to the project
 ENHANCE
Increase the probability and/or the positive
impacts of an opportunity.
 ACCEPT

Not actively pursuing an opportunity

 Share

Sharing the opportunity to another party

Response for Both Strategy
• Escalate: a threat and opporutinity should be
escalated if it is outside the scope of the
project or beyond PM’s authority
 Risk Register updates
• Residual Risk
• Contingency Risk
• Fallback plan
• Risk owners
• Secondary risk
• Risk triggers
• Contract
• Reserves (contingency)
 Risk Register updates
• Residual Risk→ risk remain after risk response
planning
• Contingency Risk
• Fallback plan→ specific action if contingency
planning is not working
• Risk owners
• Secondary risk
• Risk triggers
• Contract
• Reserves (contingency)
 Implement Risk Responses

The process of implementing agreed-upon

risk response plan
 Inputs Tools &
Techniques
Outputs
[Link]
1. Expert Judgment [Link]
Management
2. Interpersonal & Request
Plan
Team Skills [Link]
[Link] [Link]
Documents Documents
Management
3. OPA Information Updates
System
 Monitor Risks
• The process of ..
– implementing risk response
plans
– tracking identified risks,
– monitoring residual risks,
– identifying new risks, and
– evaluating risk process
effectiveness throughout the
project.
 Inputs
[Link]
Tools & Outputs
Management Techniques 1. Work Peformance
Plan Information
[Link] [Link] 2. Change Requests
Documents Analysis 3. Project Management
[Link] Plan Updates
Performance
2. Audits 4. Project Documents
Data 3. Meetings Updates
5. OPA Updates
[Link]
Performance
Reports
 Create Workarounds

• If the project has deviated from the

baseline, the team may take
corrective actions to bring it back in
line
Plan Identify Qualitativ Quantitati Plan risk Implemen monitor
e ve response t tisk
Policies Brainstor Probabilit Numerical Create Implemen respond
ming y impact ly response t Create
evaluate contingen
cy and fall
back

Risk interview Assess the Determine Create Monitor

threshold risk initial contingen residual
reseve cy and fall risk
back
Document Determine Workarou
watch list secondadr nds
y and
residual
Risk Risk audit
owner
 Risk Monitoring & Controlling

• Other purposes are to determines if

– Project assumptions are still valid
– Risk has changed or can be retired
– Risk management policy & procedure are being
followed
– Align contingency reserves with current risk
assessment
 Example: Definition of Risk Probability and Impact
• This should be defined in Risk Management Plan
• Required for Perform Qualitative Risk Analysis
• Can reduce the influence of bias

Image Source: PMBOK Guide 4th Edition. PMI © 2009, p.281

 Example: Influence Diagram
• Diagramming technique used when Identify Risk
Decision Node
ValueNode

Usage
decision
Test
Survey Economic
Value

Chance event Net

Node Human Value
Exposure Cancer
Cost

Cancer
Risk
Carcinogenic
potential