Risk Management

• Risk can be defined as any uncertainty or unexpected

about the schedule, the costs and the quality of the
end objectives.
• Risk management is the means by which uncertainty
is systematically managed to increase the likelihood
of meeting project objectives.
• The more disciplined the systematic approach the
more we are able to control and reduce the risks.
• Risk planning represents the formal activities of the
project manager and team to identify risks and to
formulate strategies for managing the risks.
 Identified and Unexpected

Known Unknowns Identified potential We don’t know exactly what

problems will happen, but we do know
that it has a potential to
damage the project
Unknown Unknowns Problems that arrive We didn’t expect this to
unexpectedly happen but has occurred in
the project and the manager
has to respond

• All Project management is Risk management

• Risk management is one of the primary jobs of project manager
• Every technique in project management is really a risk management technique
 Risk management in three functions of
Project management

As a result of
effective risk
management
• Assumptions are in- • Identified risks are • known risks are
fact the initially analysed and strategies watched and new risks
identified risks are formulated for are identified.
• once these effective risk • Risks that don’t
assumptions become management which in materialize are
certain, then they turn affect the detailed removed and new risks
become the first plan and schedule are added to risk plan
documented risks.
 Risk management and project plan

DEFINITION PLANNING

• Project deliverables
• Statement of work • Development approach
• Responsibility matrix • Responsibilities
• Communication plan • Risk monitoring

All stakeholders Schedule

Risk
authorize and budget
management
the project rules development

Changes to: scope, deliv-

erables, responsibilities,
cost and schedule, New risks
communication plan

• Risk management influences the project plan and changes assumptions in the
project rules.
Project Risk Management Framework
Identify Risks
1. Identify potential risks
2. Review previous low-priority risks

Known Risks

Analyze & Prioritize

1. Perform initial prioritization
2. Define each risk, including the
probability and potential negative
impact
3. Prioritize the known risks

Prioritized Risks

Develop Response Plans

1. Develop a response for high-priority
risks

Risk Management Plan Risk Management Plan

Establish Reserves Continuous Risk Mgmt.

1. Allocate risk contingency for 1. Monitor for new risks
known risks 2. Report status at regular intervals
2. Establish management reserve 3. Upon a risk event: New
for unknown risks Execute the response plan. Risks
Reserves Update the entire plan.
Updates to Risk Management Plan
 Step One: Identify the Risks
• Identifying risks involve skill, experience, and a
thorough knowledge of projects and its management
techniques
• Four techniques to identify risks:
– Asking the stakeholders
– Making a list of possible risks (a risk profile)
– Learning from past, similar projects
– Focusing on the risks in the schedule and budget
 Step Two: Analyze and Prioritize the
Risks
• Analyzing the identified risks for magnitude and
probability of occurrence.
• Three steps:
– Define the risks, including the severity of the negative
impact.
– Assign a probability to the risk. How likely isit that this
problem will occur?
– Rank the risks according to probability and impact. This
prioritized list focuses the project team on which risks to
manage.
Figure 5.3 Probability and Impact Matrix

5 5 15 25
Probability 5 = High
3 = Medium
3 3 9 15 1 = Low

1 1 3 5

Impact
1 3 5
 Step Three: Develop Response Plans
• Developing strategies for dealing with identified risks
– Reduce the impact, the probability, or both
• Five categories of classic risk response strategies:
– Accept the risk and choose to do nothing (when probability is low and/or
consequences are cheaper than cure).
– Avoid the risk (not to do that part of the project or choose a lower-risk
option) –> Low Risk = Low Returns
– Contingency plans - monitor the risk and have an alternative course of
action ready. (when avoiding the risk is not an option and the consequences
are high)
– Transfer the risk - ex. Purchasing insurance, hiring expert, contract for
service, subcontracting, etc.
– Mitigate the risk - all the actions to overcome risks from the project
 Step Four: Establish Contingency and
Reserve
• Contingency funds or risk funds set aside for the
situations of risks (known unknowns)
– Identify all the risks in the risk log for which the strategy is to monitor
and prepare contingency plan
– For each of these risks, estimate the additional cost of executing the
contingency plan (cost of contingency).
• If probability is not 100% then multiply the estimate with the probability (expected
value of contingency = cost of contingency x probability of risk event)
– Sum the expected value of contingency for each of these risks.
– Negotiate with the executive management.
• Management reserves are for the purpose of
unknown unknowns. (a certain % of the budget is added)
 Step Five: Continuous Risk
Management
• The practice of repeating the major risk management
processes throughout the life of the project.
– Risk plans are based on the best information available at
the beginning of the project.
– As the project progresses new information emerge and the
risk plan requires modification / updating.
• Monitor known risks and update for any changes to the risk log
• Check for new risks at a regular status meetings
• Repeat the major risk identification activities at preplanned milestones
within the project.
• Check the contingency and management reserves whenever new risks
arise.
 Critical Points
• Risk management is essentially the management of
uncertainties in a project life cycle.
• Every function within the project management is
effectively a risk management
• Skeptism and critical analysis helps in identifying
problems and a rational assessment helps in
developing a strategy to overcome these problems
• Continuous, systematic risk management uncovers
problems before they damage the project.