RISK MANAGEMENT IN

THE REAL BUSINESS

 Table of Contents

01 02 03 04
Objectives of Project Risk Tools &
Risk Envisioning Management Practices
Management Practices Lifecycle

05 06 07 08
Mitigation Checking
Risk The Real
Strategies
Response Business Result
For
Strategies Examples Financial Risks
 Risk Defined

Risk is an uncertain event or

condition that, if it occurs, has a
positive or negative effect on one
or more objectives.
Objectives of Risk Management

Risk management is not stand-alone

discipline but requires integration with
existing business processes such as
business planning and Internal Audit
Key Objectives Risk Management
Procedure

1 Anticipate and manage change

Improve decision making

Proactively implement typically lower-cost

2 prevention actions instead of higher cost reaction to
issues

3 Increase the chances to realize opportunities

for the benefit of the business

4 Generate broad awarenesses of uncertainty

of outcomes

5
Act upon the transformation taking place in its
business environment andrequirements

6 Support organizational agility and resilience

Traditional Risk Management Pros and Cons
PROS
Risks identified before major
investment
Early analysis can help with
a go/ no decision
Contingency planning that
avoids waste
Risks exposed to the team
at large
Lessens chance of mid-
project surprises
CONS
Usually done at the start but
not throughout a project
May be performed on projects
where there is no value add
Often done by a small group –
not the entire team
No correlation to project
specific processes to
identify and minimize risk
Often done without examination
of specific requirements
 How is Agile different?

Traditional planning does risk

management upfront. Whereas
Agile looks for risk throughout
the lifecycle.

Agile
 How Does Agile Address Risk?

Individual and Interactions over process and tools:

Software development is a complex task that takes expertise
and judgement. Members of a team must work closely together
to solve the problem in front of them.
There is greater collaboration in agile teams over traditional
teams, this in itself reduces risk. If your teams are working well
together, there should be plenty of talking and workshops,
which means that it is likely that most ( if not all) risks will be
identified.
Using collaboration to reduce risk can be illustrated by what
happens during a good iteration planning meeting.

Working Software over Comprehensive Documentation

Producing working software on a continuous basis at the end
of each iteration already reduces product and project risk by
allowing the business to give feedback regularly.

Customer Collaboration over Contract Negotiation

In agile, we recognize that things will changes as we learn

more about what we are building, and we adapt to new knowl-
edge and information we discover. In order to be effective,
contracts in agile delivery need to be written to support this
adaptation. This means we must all work together to continu-
ally manage risk and reduce it as soon as it get identified.
The continuous involvement of actual customers not just
customer proxies, like the PO builds a better product that
is fit for its purpose. As they are available, involving custom-
ers in all ceremonies ( including daily standups) can reduce
more risk.

Responding to Change over Following a Plan

In agile we are planning and replanning on a very regular basis
as we enter sprints, refine our blacklog, and talk daily at
standups.
This means that risk is being identified, analyzed, and mitigated
(or at least planned to be mitigated) on a daily basis.
 Agile Principles Address Risk

Collaborative Customer
Transparency planning involvement

Harness the Mitigate cus-

Expose every-
knowledge of tomer risk by
thing we are
the entire involving them
doing so we
team and see throughout the
can see risks
more risks lifecycle
early
Project Envisioning Practices
Envisioning the product with the customer
•The team and customer are synchronized on the
need
• Less risk of delivering the wrong product

Quantifying the value with the customer

• Less risk of the team not supporting the project

Project Planning Practices

Estimation based on history
• Risk of estimate inaccuracy reduced since constants are
involved in estimation

Work reviewed at the feature level for more detailed risk

evaluation:
• Less chance of missing a risk since features are
examined separately for technical risk
 Project Tracking Risk Practice

Don’t Manage Based on % of Plan Complete

• Percentages are misleading

• There is a risk that 1% takes as long as 99
 Can I use Traditional Risk Management
on My Agile Project?

YES PLEASE DO!

The Truth Most projects Mix
Traditional and Agile Methods
Where most projects live
Traditional Agile
Project Project
Methods Methods

Work Breakdown Structure Team Customer Interview

Formal requirements Agile estimating

Detailed task estimates Burn down charts

Customer Signature Daily standup meeting

One delivery Iterative delivery

Microsoft Project Plan Daily customer Interaction

Formal risk Management Iteration retrospective

 But – Make the Call on Each Project

Do Traditional Risk Probably Skip, or do lightly,

Management when Project: when Project:
Has technology never used Is a simple release on
by the team existing platform

Is expensive Only runs a few days

Schedule is tight and extended

Has many touch points
risk planning could jeopardize
delivery

Longer than a few weeks We have a lot of experience

with this type of project

Is required to be compliant We can leverage an existing

risk plan
 Types Of Risks

Demand Shortfall Cost Overrun

Customer retention Operational Controls
Integration problems Poor Capacity man-
JV or partner losses agement
Supply Chain Issues

Strategic Operational

Types Of
Hazard Financial

Macroeconomic Debt and interest rates

Political Issues Poor Financial
Legal Issues management
Terrorism Asset losses
Natural disasters Accounting problems
 Risk Management Lifecycle

B
Establishing a frequent Identifying individual
rhythm or cadence of review project risk, and
and feedback sessions is documenting their
helpful for negative project characteristics
risk.
Daily standup meetings can
be used in any project

Risk Management
Lifecycle

D
Identifies appropriate Prioritizing individual project
ways to address overall risks, by assessing their
probability of occurrence &
project risks and impact.
individual project risks Perform Quantitative Risk
Analysis: This process is not
required for every project. A
Stakeholder Engagement

Stakeholders Risk Appetite

RISK
Risk appetite is a classification of
how much risk are specific stake-
holders, or the overall organization,
willing to accept while pursuing
project objectives

Risk Tolerance

Risk tolerance is the degree of risk

that an investor is willing to endure
given the volatility in the value of
an investment.
 Tools & Practices

Brainstorming

The goal of brainstorming is to obtain a comprehensive list of individual

project risks and sources of overall project risk. The project team usually
performs brainstorming, often with a multidisciplinary set of experts who
are not part of the team. Ideas are generated under the guidance of a
facilitator, either in a free-form brainstorming session or one that uses
more structured techniques. Categories of risk, such as in a risk breakdown
structure, can be used as a framework.
 Tools & Practices

Interviews
Individual project risks and sources
of overall project risk can be identified
by interviewing experienced project
participants, stakeholders, and
subject matter experts.

Checklists
A checklist is a list of items, actions, or points to be
considered. It is often used as a reminder.
Risk checklists are developed based on historical
information and knowledge that has been accumulated
from similar projects and from other sources of information.
 Tools & Practices

Technical performance analysis

Technical performance analysis compares technical
accomplishments during project execution to the schedule
of technical achievement. It requires the definition of
objective, quantifiable measures of technical performance,
which can be used to compare actual results against targets.
Such technical performance measures may include weight,
transaction times, number of delivered defects, storage
capacity, etc. Deviation can indicate the potential impact
of threats or opportunities.

Reserve analysis
Throughout the execution of the project, some individual
project risks may occur with positive or negative impacts
on a budget or schedule contingency reserves. Reserve
analysis compares the amount of the contingency reserves
remaining to the amount of risk remaining at any time in the
project in order to determine if the remaining reserve is
adequate. This may be communicated using various
graphical representations, including a burn-down chart.
 Risk Response Plan

Responding to Risk

Avoid
Risk avoidance is when the
project team acts eliminate the
threat or protect the project
from its impact

Mitigate
In risk mitigation, action is taken
to reduce the probability of
occurrence and/or impact of a
threat

Negative
Risk
Transfer
Transfer involves shifting
ownership of a threat to a third
party to manage the risk.
Risk transfer often involves
payment of a risk premium

Accept
Lorem ipsum dolor sit amet, con-
Risk acceptance
sectetuer acknowledges
adipiscing elit, sed diam the
nonummy nibh euismod tincidunt
existence of a threat, but no
ut laoreet dolore magna aliquam
proactive actionUtis
erat volutpat. taken
wisi enim ad
 Risk Response Plan

Responding to Risk
Exploit
The exploit strategy may be
selected for high-priority
opportunities where the
organization wants to ensure
that the opportunity is realized

Enhance
The enhance strategy is used
to increase the probability
Positive and/or impact of an
Risk opportunity

Share
Sharing involves transferring
ownership of an opportunity
to a third party

Accept
Accepting an opportunity
acknowledges its existence but
no proactive action is taken
The Real Business Examples!
Enterprise Project Risk Management
Process Worldwide

o Project Planning With Authorized Budget

o Collect Project Documents –

Reports, Schedules Etc.

01 o
02 Identify Project Ambiguity

03
Managing
Risk into 04 Formulate Initial
Steps Risk Management
05

06 o
07 Communicate Plan
With Top Management

o
Implement Risk Management
Action Plan

Risk Monitoring
 Risk Response Plan

Negative Risk

Extending the schedule.

Changing the project Strategy. Avoid
Reducing Scope

Adapting less complex process.

Conducting more tests. Mitigate
Choosing a more stable seller

Use of insurance.
Performance Bonds. Transfer
Warranties & Guarantees.

Establish a contingency reserve.

Including a mount of time, Accept
money or resources.
Risk Response Plan

Positive Risk

Assigning an organization’s most

Exploit talented resources to the project.
Using new technologies or
Technology upgrades.

Enhance Adding more resources to an

activity to finish early.

Sharing actions include forming

Share risk sharing partnership, teams,
special purpose companies or
joint Ventures

Establish a contingency reserve.

Accept Including a mount of time, money or
resources.
 Mitigation Strategies For Financial Risks
Risk
Foreign currency fluctuation risk
Includes changes in investments value
Interest rate risk/market risk
Exposure to changes in fair values of
certain liabilities
Intense competition in marketplace
adverse global economic conditions
reports of food-borne illness or food
tampering threat from natural disasters
Reward
Business uses foreign-exchange debt
and derivative instruments
to mitigate the effects of those changes
Company uses fixed pricing
agreement with suppliers
Although, the company follow key steps
to deal with such risks (i.e. signing
agreement with third
parties); however, these risks are
dependent on external forces and
cannot be monitor completely
 Risk Tolerance

The probability is the likelihood of an event occurring and the

consequences, to which extent the project is affected by an event, are
the impacts of risk. By combining the probability and impact, the Level of
Risk can be determined

Risk Likelihood
is the possibility of a potential risk
occurring, interpreted using qualitative
values such as low, medium, or high

Loss Of Key Managers

Business Continuity Problems X

Likelihood

Supplier Default
IT Problems Risk impact
is an estimate of the potential losses
Loss Of Key Partnerships associated with an identified risk

Product Or Service Quality

=
Poor Project Management
Risk Tolerance
Is The Probability Of An Unfortunate
Event Occurring, Multiplied By The
Impact Potential Impact Or Damage Incurred By
The Event
 Checking Result

Outcome Check

Awareness Of The Environment Considering Environmental Factors

(Technical - Social - Political - Market - Economic) When Evaluating Risks And Response

Risk Responses Aligned With Project

Proactive Respond To Uncertainty
Budget, Schedule And Performance

Actions Addressing All Appropriate

Awareness Of All Project Variables
Factors For The Project

Ability To Prosect Threats Systems For Identifying And

And Opportunities Responding To Risk Are Robust

Project Delivery With Set Delivery Date Are Met,

Low Negative Impact Within Set Budget

Improving Project Teams Use Established Mechanism To

Performance & Outcome Identify Opportunities

Cost & Time Aligning Teams Take Proactive Steps To Prevent

With Project Objectives Threats, So Limiting Cost & Time
 Important Risk Management Terms

RESIDUAL RISK:
01 A risk that remains after risk response strategies
have been implemented.

SECONDARY RISK:
02 A risk that emerges as a result of implementing a risk
response strategy.

FALLBACK PLAN:
03 A planned response to a risk used when a primary
risk response fails.

UNKNOWNS:

04 Unknown risks or outcomes. Management reserves are used to

manage project unknowns and typically the project manager must
get management permission to apply management reserves
to the project.
 Important Risk Management Terms

RISK SEEKING:
05 A behavioral attitude in certain stakeholders
characterized by the willingness to take risks.

ISSUE:
06 A project risk that has occurred.

RISK TRIGGER:
07 A warning sign that a risk has occurred or is about
to occur.

WORKAROUND:
A response to a negative risk (unplanned at the time the
08 risk occurred) used when prior planned responses have
failed.
 Important Risk Management Terms

PURE RISK:
09 A term used to describe risks that are purely negative
or with no chance of gain.

RISK AVERSE:
10 A behavioral attitude in certain stakeholders
characterized by the unwillingness to take risks.

BUSINESS RISK:
11 A term used to describe risks that businesses encounter which
could be either positive or negative with a chance of loss or gain.
 Reference: Contact Number
PMBOK Guide +966 50 772 7773