Chapter 9: Project Risk

Management
  Overview of Project Risk Management
  Plan Risk Management Process
  Identify Risks Process

  Perform Qualitative Risk Analysis Process

  Perform Quantitative Risk Analysis Process
  Plan Risk Responses Process
  Control Risks Process
triggers or a change in severity.
Overview of Project Risk Management

The PMBOK Guide defines risk as:

“ An uncertain event or condition that, if it occurs, has a
positive or negative effect on one or more project
objectives such as scope, schedule, cost, and quality. A
risk may have one or more causes and, if it occurs, it may
have one or more impacts. “
Risks can be positive or negative, so risk management is
about maximizing the probability and impact of positive
events (opportunities) and minimizing the probability and
impact of negative impacts (threats) to the project.
Overview of Project Risk Management
Major Processes

Plan Risk
Management Project Risk
Management
Identify Risks

Perform Qualitative
Risk Analysis

Perform Quantitative
Risk Analysis

Plan Risk Responses

Control Risks
Plan Risk Management Process
Identify Risks Process
Risk Management Plan
Risk Breakdown Structure
Project

Technical External Organizational Project

Management

Requirements Subcontractors Project Estimating

and Suppliers Dependencies

Technology
Regulatory Planning
Resources
Complexity Market
and Interfaces Controlling
Funding
Customer

Performances
and Reliability Weather Prioritization Communication

Quality
Based on the PMBOK Guide, Fourth Edition
Risk Management Plan
Risk Categories
The following may be sources or categories of risk:

Technical, quality, or performance risks

Project management risks

Organizational risks

External risks

Internal risks

Unforeseeable risks
Outputs
Risk Register
Use the risk register to document risks and their impact.
Risk Management Matrix (Risk Register)
Project Project #
Project manager Sponsor
Project artifacts Updated

Trigger
Event/ Date
ID Risk Description Category Indicator Contingency Plan Fallback Plan Owner Status Entered Date to Review

1
2
3
4
5
6
7
8
9
Perform Qualitative Risk Analysis
Process
 Tools and Techniques
Probability and Impact Matrix

Probability Threat Risks Opportunity Risks

0.90 0.09 0.27 0.45 0.63 0.81 0.81 0.63 0.45 0.27 0.09

0.70 0.07 0.21 0.35 0.49 0.63 0.63 0.49 0.35 0.21 0.07

0.50 0.05 0.15 0.25 0.35 0.45 0.45 0.35 0.25 0.15 0.05

0.30 0.03 0.09 0.15 0.21 0.27 0.27 0.21 0.15 0.09 0.03

0.10 0.01 0.03 0.05 0.07 0.09 0.09 0.07 0.05 0.03 0.01

Impact 0.1 0.3 0.5 0.7 0.9 0.9 0.7 0.5 0.3 0.1

Gray zone threat requires both contingency and fall back plans. Gray zone opportunity should be pursued.
Purple zone threat requires contingency plans. Purple zone opportunity requires at least an
enhancement plan.
Blue zone threat may be acceptable. Blue zone opportunity may be acceptable.
Perform Quantitative Risk Analysis
Process
Data Gathering and Representation Techniques
Probability Distributions
Beta Distribution Triangular Distribution

P 0.1 P 0.1
r r
o o
b b
a a
b b
i i
l l
i i
t 0.0 0.0
t
y y
Time Time
Quantitative Risk Analysis and Modeling Techniques
EMV Analysis

Event Probability Impact Risk Type EMV

1 25% $10,000 Opp. +$2,500

2 75% $22,500 Threat -$16,875

3 55% $86,000 Opp. +$47,300

4 20% 30 days Threat -6 days

Decision
Definition Decision Node Chance Node Net Path Value EMV
Decision
Definition Decision Node Chance Node Net Path Value EMV
Decision
Decision Node Chance Node Net Path Value EMV
Quantitative Risk Analysis and Modeling Techniques
Sensitivity Analysis
Risk Register Updates
Probabilistic Analysis of the Project

Risk Impact Probability Completion

Probability
Date
Technical lead
$1,733 80%
reassigned July 1 15%
Underestimated
$3,220 70% July 10 22%
task duration
Project manager July 15 30%
$2,177 50%
leaves
August 1 50%
System
$1,425 40%
connectivity August 13 80%
Underestimated
$838 30% August 28 100%
equipment costs
Plan Risk Responses Process
* The two most widely used strategies are mitigate
(threats) and enhance (opportunities).
Tools and Techniques
Contingency and Fallback Plans

Contingency plan or contingent

response strategy
Actions taken if an identified risk occurs
or if triggers occur

Fallback plan
Developed when the selected risk
strategy is not fully effective or if risk has
a high impact
Outputs
Risk Register Updates
The updated (completed) risk register might include:
Identified risks and descriptions
Triggers (symptoms and warning signs)
Risk owners and assigned responsibilities
Outputs of qualitative and quantitative analysis
Response strategies
Specific actions taken if risk occurs
Results from qualitative and quantitative risk analysis
Primary and secondary responses for each risk
Residual and secondary risks
Risk budget
Contingency and fallback plans
Contingency reserves for time and cost
Control Risks Process
Tools and Techniques
Workarounds

Performed when no contingency plan exists

Unplanned responses to risk

Created as needed to deal with unanticipated risk

End of Chapter 9: Project Risk
Management
  Overview of Project Risk Management
  Plan Risk Management Process
  Identify Risks Process

  Perform Qualitative Risk Analysis Process

  Perform Quantitative Risk Analysis Process
  Plan Risk Responses Process
  Control Risks Process