RISK MANAGEMENT

Module—4 Part 3

Madhulika ,Amity University,Noida,CSE

Department
Madhulika ,Amity University,Noida,CSE
Department
• Would you buy a T-shirt that said, “Risk
Happens”?

Madhulika ,Amity University,Noida,CSE

Department
• If you answered yes, then you’re thinking
like a project manager.

• Risk is part of your planning makeup. When you start the

planning process for a project, one of the first things you
think about is: what can go wrong?

Madhulika ,Amity University,Noida,CSE

Department
• It sounds negative, but it’s not. It’s
preventative.
• Because issues will inevitably come up, and
you need a mitigation strategy in place to
know how to manage risks on your project.

Madhulika ,Amity University,Noida,CSE

Department
• But how do you work towards resolving the
unknown?
• It’s sounds like a philosophical paradox, but
it’s not. It’s very practical.
• There are many ways you can get a glimpse at
potential risks, so you can identify and track
risks on your project.

Madhulika ,Amity University,Noida,CSE

Department
• Certain Event. A certain event is an event that
is sure to happen. E is a certain event if and
only if P(E) = 1.
• In flipping a coin once, a certain event would
be getting a head or a tail.

Madhulika ,Amity University,Noida,CSE

Department
• When the economy is going bad and causing
everyone to worry about what will happen
next, this is an example of an uncertainty.

Madhulika ,Amity University,Noida,CSE

Department
 What is Risk
• Uncertain event or condition that if it occurs
has positive or negative condition on project
objectives.
• Key elements of Risk follows:-
It relates to the future-risk involves
speculating about future events.
 Involves cause & effects

Madhulika ,Amity University,Noida,CSE

Department
Madhulika ,Amity University,Noida,CSE
Department
Madhulika ,Amity University,Noida,CSE
Department
• A s a result of using novel hardware, unexpected
system-integration errors may occur which would
lead to overspending on the project.”
• The use of novel hardware is a definite fact that is
a cause of uncertainty and gives rise to risk.
• The risk itself is the possibility of encountering
unexpected errors, which of course might not
occur. If, however, the errors were to happen,
there would be an effect on the project budget.
Madhulika ,Amity University,Noida,CSE
Department
• Because our organization has never done a project like
this, we might misunderstand the customer's
requirement, and our solution would not meet the
performance criteria.”
• The definite factual cause is the organization's lack of
relevant prior experience. The uncertain event is the
possibility of misunderstanding requirements (although
lack of experience does not necessarily mean that this
will happen), so it is a risk.
• The contingent future effect would be failure to meet
the performance objective

Madhulika ,Amity University,Noida,CSE

Department
• The plan states a team size of 10, but we have
only six staff available; so we might not be
able to complete the work in the required
time and we could be late.”
• The definite staff shortage is the cause, giving
rise to a risk that the available team may be
too small for the required scope, with a
possible effect on project timescales.

Madhulika ,Amity University,Noida,CSE

Department
 ?
• Risk is the possibility of loss or injury.
• Project risk is an uncertain event or condition that, if it
occurs, has an effect on at least one project objective.
• Risk management focuses on identifying and
assessing the risks to the project and managing those
risks to minimize the impact on the project.
• There are no risk-free projects because there are an
infinite number of events that can have a negative
effect on the project.
• Risk management is not about eliminating risk but
about identifying, assessing, and managing risk.
Madhulika ,Amity University,Noida,CSE
Department
• Risk is any unexpected event that can affect your project
— for better or for worse.
• .
• This is an important distinction: risks are not the same as
issues.

• Issues are things you know you’ll have to deal with, and
may even have an idea of when they’ll occur, like a team
member’s scheduled vacation, or a big spike in product
demand around the holidays.

Madhulika ,Amity University,Noida,CSE

Department
• Risk can affect anything:
• people,
• processes,
• technology, and
• resources

Madhulika ,Amity University,Noida,CSE

Department
When determining what is a risk in project management,
consider these five elements:

Madhulika ,Amity University,Noida,CSE

Department
Risk Management

Madhulika ,Amity University,Noida,CSE

Department
• An asteroid has just collided with Earth.
• Luckily it was a small asteroid, so we’re all okay. Not so
luckily, that lump of space rock landed smack in the middle
of your project site. Your new construction, your server
warehouse, your team headquarters — your whole project
has been flattened to a pancake under a mountain of
rubble. What now?
• Life is full of surprises, and even if you budget every penny
and map out each milestone, project risk can sneak up and
pull the rug out from under you. You can’t predict the
future,
• S o you can prepare for the next asteroid Risk
Management

Madhulika ,Amity University,Noida,CSE

Department
Risk management

Madhulika ,Amity University,Noida,CSE

Department
• Project risk management is the process of
identifying, analyzing and then responding to
any risk that arises over the life cycle of a
project to help the project remain on track
and meet its goal.
• Risk management isn’t reactive only; it should
be part of the planning process to figure out
risk that might happen in the project and how
to control that risk if it in fact occurs.

Madhulika ,Amity University,Noida,CSE

Department
 Categories of Risk
• Project Risk:-are those could prevent
achievement of objectives given to the
project manager & project team.
• Business Risk:-Economic downturn or import
of cheaper alternative products

Madhulika ,Amity University,Noida,CSE

Department
 What Risk Can be?
• We’ve all been conditioned to think of risks as
negative.
• But risk is a way to safeguard yourself by
preparing for the possibility of failure or danger.
That brings us back to the skiing example. The
risk of going skiing without the right kit is that
you will fall over and break your leg, ruining your
holiday and having to rely on your friends and
family to make you cups of tea while they would
rather be out on the slopes themselves.
Madhulika ,Amity University,Noida,CSE
Department
• Sure, that’s obvious. Always be prepared.
However, what about the things you can’t
prepare for?
• The happy accidents that may lead you done a
road you’d never have thought to explore.
What if taking that risk meant discovering a
whole new way of skiing that started a
fabulous new trend and saved people lots of
money on their ski holidays?

Madhulika ,Amity University,Noida,CSE

Department
Socio technical model of Risk

ACTORS

STRUCTURE TECHNOLOGY

TASKS

Madhulika ,Amity University,Noida,CSE

Department
• ACTORS-refer to all people involved in the
development of application.
• Includes various department specialists, user
groups, managers with different
responsibilities.
• Example:-if developer builds software
components & leave before testing, team
member taking over that component find lack
of familiarity with software make correction of
faults difficult
Madhulika ,Amity University,Noida,CSE
Department
• TECHNOLOGY:-consist of both technology
used to implement application & embedded in
the delivered products.
• STRUCTURE:-describe management structure
& system structure.
Implementation need User->Responsibility is
not clear.
• TASKS:-work to be carried out is called tasks.
Complexity of work->delays in integration
Madhulika ,Amity University,Noida,CSE
Department
Madhulika ,Amity University,Noida,CSE
Department
 FRAME WORK DEALING WITH RISK

• Risk identification
• Risk analysis prioritization
• Risk planning
• Risk monitoring

Madhulika ,Amity University,Noida,CSE

Department
 Risk Identification
• Identify potential risks. Sit down and create a
list of every possible risk and opportunity you
can think of.
• If you only focus on the threats, you could
miss out on the chance to deliver unexpected
value to the customer or client. Ask your team
to help you brainstorm during the
project planning process, since they might see
possibilities that you don't.
By. Dr.Madhulika 31
By. Dr.Madhulika 32
 Planning a Road Trip

Road trip to several states

By. Dr.Madhulika 33
By. Dr.Madhulika 34
• As a Project Manager

you do risk identification

By. Dr.Madhulika 35
Risk identification

By. Dr.Madhulika 36
It’s a process

By. Dr.Madhulika 37
“The risk identification process should cover
all risks, regardless of whether or not such
risks are within the direct control of the
Institution. Institutions should adopt a
rigorous and on-going process of risk
identification that also includes mechanisms
to identify new and emerging risks
timorously.”

By. Dr.Madhulika 38
“Good quality information is important in
identifying risks.
The starting point for risk identification may
be historical information about this or similar
Institutions and then discussions with a wide
range of stakeholders about historical, current
and evolving issues, data analysis, review of
performance indicators, economic
information, loss data, scenario planning and
the like can produce important risk
information.”
By. Dr.Madhulika 39
• Documentation Reviews
• Documentation review consists of collecting project documentations and
reviewing them in a structured way, to determine the accuracy,
completeness and consistency of the information.
• These project documentations are plans, assumptions, previous project
files, agreements, etc.
• The purpose is to gain a scheme of possible risk sources in the project.
Indicators of risk can be determined form the quality and consistency
between the requirements and assumptions of the project information,
inaccurate, incomplete or inconsistency project documentation

By. Dr.Madhulika 40
• Brainstorming as a method of identifying risks
in a project.
• It is one of the oldest and most commonly
used technique
• The method involves a small group of relevant
parties, such as the project team, stakeholders
and independent experts who under a short
period, generate ideas, under the leadership
of a facilitator. These ideas generated are
possible project risks.
By. Dr.Madhulika
• Time frame is limited to increase productivity
during the meetings and uphold
concentration.
• The time pressure set on the brainstorming
sessions can hinder creativity as the time for
adjusting to the change in working is limited
but on the other hand longer time periods
lead to less productivity.
• Also, this new way of working might not suit
everyone By. Dr.Madhulika 42
• It might inhibit their creative thinking or due
to the social aspect of it so they might not
express their ideas and opinions.
• Judgment of proposals in the early stage of
the process can discourage members from
presenting their ideas.
• Lastly, the facilitator can influence the
discussion in a preferable direction and thus,
respectively influence the results.
By. Dr.Madhulika 43
• Delphi technique
• The Delphi Technique in Project Management involves a
panel of project risk experts, who offer their expert opinion
to identify project risk in a faster and more reliable manner
without influences. The experts answer questioners
anonymously provided by a facilitator. The experts’
responses are summarized and recirculated for further
comment until a consensus is reached [5].

By. Dr.Madhulika 44
• There are some limitations to the method. The
interpretation of the results from the
questioners and the classification of the risks
developed can be challenging, as objectivity
and bias thinking must be adapted to achieve
a realistic view.

By. Dr.Madhulika 45
• Interviewing
• The method of interviewing experienced project
participants, stakeholders, and experts in the subject to
identify project risk sources, essentially involves
documenting known risks as well as identifying new
risk sources [5].
• The interview is conducted face to face for a relative
short time and the method is a flexible tool which is
easily adaptable to different types of projects [6].
Despite the method of interviewing is considered to
have various advantages it has its limitations as well.
By. Dr.Madhulika 46
• As in using the Delphi technique, the interpretation
and classification of the results can be challenging, as
objectivity and bias thinking must be adapted to
achieve a realistic view.
• Moreover, training and practice is needed to write
open-ended questions and to lead the interview in an
explicit direction to get structural result.
• Finally, the preparations, documentation, transcription
and interpretation of data which is inherent in the
process is time-consuming [7].

By. Dr.Madhulika 47
Diagramming Techniques

By. Dr.Madhulika 48
• Checklist Analysis
• Checklist analysis has also been found as one of the more commonly used
methods for risk identification.
• Checklist with possible risk sources can be developed based on historical
data from previous projects and other sources.
• This method is a quick and simple way of identifying risks in a project and
requires relatively limited experience.
• When creating a checklist for risk identification, it is important to
remember that it is not possible to create an all-inclusive list and that each
project, though similar, have project specific risks.
• Additionally, items missing from the checklist should also be explored and
the checklist review throughout the project life-cycle.

By. Dr.Madhulika 49
 SWOT
• It is advisable to make a SWOT analysis
(Strengths, Weaknesses, Opportunities and
Threats); particularly the weak points and the
threats will offer a view of the risks facing the
entrepreneur.

By. Dr.Madhulika 50
By. Dr.Madhulika 51
• Expert Judgment
• The method utilizes the expert judgment and
experience of experts in the relevant field.
• The project manager appoints the experts
who identify and suggest possible risks
directly by considering all aspects of the
project.

By. Dr.Madhulika 52
 RISK IDENTIFICATION
• Main approaches for Risk Identification
• Use of check lists
• Brainstorming

Madhulika ,Amity University,Noida,CSE

Department
 CHECKLISTS
• They are simply lists of the risks have been
found to occur regularly in software
development projects
• Creators of checklists also suggest potential
counter measures for each risk.
• If manager identifies risk ,he can use counter
measures to cope with them.

Madhulika ,Amity University,Noida,CSE

Department
 BRAIN STORMING
• Representative of main stakeholders can be
brought together ,and a plan is drafted.
• It is used to identify the possible solutions to
the problem.
• All stakeholders have a meeting and risk in the
projects are discussed.

Madhulika ,Amity University,Noida,CSE

Department
 CASUAL MAPPING
• One way of identifying possible threats to the
success of a project & measures that might
eliminate & reduce them is the use of casual
mapping.
• Casual maps & diagrams represent chains of
causes & effects that will influence outcomes
in particular area inactivity

Madhulika ,Amity University,Noida,CSE

Department
Casual map of problem area
High
In-Experienced -low
Low staff productivity
turnover staff

Deadline
Met-missed

Uncertain-certain Heavy
Stable-
user mgmt
unstable
requirement pressure
environment

Madhulika ,Amity University,Noida,CSE

Department
Casual map of problem area with solution

High
In-Experienced -low
Low staff productivity
turnover staff

prototype Deadline
Met-missed
High
salaries

Uncertain-certain Heavy
Stable-
user mgmt
unstable
requirement pressure
environment

Madhulika ,Amity University,Noida,CSE

Department
By. Dr.Madhulika 59
 Risk Assessment
• Problem with risk identification is lists of risk is
endless.
• Risk assessment is distinguishing more
damaging & likely risks.
• This can be done by risk exposure for each risk
using formula
risk exposure=(potential damage
X(probability of occurrence)

Madhulika ,Amity University,Noida,CSE

Department
 Risk planning
• Now the task is to deal with identified risks
• Risk acceptance
• Risk avoidance
• Risk reduction & mitigation
• Risk transfer

Madhulika ,Amity University,Noida,CSE

Department
 Risk acceptance
• This is do nothing option.
• We would decide that damage inflicted by
some risk would be less than cost of action.

Madhulika ,Amity University,Noida,CSE

Department
By. Dr.Madhulika 63
By. Dr.Madhulika 64
 Risk avoidance
• Some activities are so prone to accidents that
it is best to avoid them
• If u are worried about crocodiles then don’t go
into the water
• When Manager will decide to avoid the risk he
will buy an off the shelf components.

Madhulika ,Amity University,Noida,CSE

Department
 Risk reduction & mitigation
• If a risk is identified to reduce possible
departure of staff—then reduce by providing
them bonus,
• Risk reduction attempts to reduce likelihood
of risk occurring.
• Risk mitigation is action taken to ensure that
impact of risk is lessened when it occurs.

Madhulika ,Amity University,Noida,CSE

Department
 Example
• Taking regular backups of data storage would
reduce impact of data corruption but not its
likelihood

Madhulika ,Amity University,Noida,CSE

Department
 Risk transfer
• Risk is transferred to another person or
organization
• With software projects example would be
where a software development task is
outsourced to an outside agency for a fixed
fee.

Madhulika ,Amity University,Noida,CSE

Department
 Risk Management
• Contingency Plan

By. Dr.Madhulika 69
 Risk Management
• A contingency plan is essentially a “Plan B.” It’s
a backup plan in place for when things go
differently than expected. In other words, a
contingency plan in project management is a
defined, actionable plan that is to be enacted
if an identified risk becomes a reality.

By. Dr.Madhulika 70
• For a more “official” version of the term, the
Project Management Institute defines it as,
“Contingency planning involves defining
action steps to be taken if an identified risk
event should occur.”
• Contingency plans in project management are
a component of risk management, and they
should be part of the risk management plan.

By. Dr.Madhulika 71
 When to use a contingency plan

• Contingency plans can only be created for

identified risks, not unidentified or unknown
risks. Since, if you don’t know what your risk
is, it’s impossible to plan for it.
• It should be noted that contingency plans are
not only put in place to anticipate when things
go wrong.

By. Dr.Madhulika 72
• They can also be created to take advantage of
strategic opportunities.
• For example, you’ve identified that a new
training software should be released soon.
• If it occurs during your project, you may have
a contingency plan on how to incorporate it
into the training phase of your project.

By. Dr.Madhulika 73
• The difference between a contingency plan
and a mitigation plan
• A mitigation plan attempts to decrease the chances
of a risk occurring, or decrease the impact of the risk
if it occurs.
• A contingency plan explains the steps to take after
the identified risk occurs, in order to reduce its
impact. Think of a contingency plan as the last line of
defense.

By. Dr.Madhulika 74
 Risk management
• Contingency
• In a project of 10 people one fall ill then this
kind of risk needs a contingency plan .
• The manager will draft another member to
cover that work

Madhulika ,Amity University,Noida,CSE

Department
Dealing on the risk action

Risk exposure

RRL >1 means reduction in risk exposure

achieved by measure is greater then its cost

By. Dr.Madhulika 76
 Evaluating risk to schedule
• We use PERT technique
• Use to evaluate the effects of uncertainty
• PERT require three estimates
Most likely time
Optimistic time
Pessimistic time

Madhulika ,Amity University,Noida,CSE

Department
• We have seen that not all risks can be
eliminated - even those that are classified as
avoidable or manageable can. in the event,
still cause problems affecting activity
durations.
• By identifying and categorizing those risks,
and in particular, their likely effects on the
duration of planned activities, we can assess
what impact they are likely to have on our
activity plan. By. Dr.Madhulika 78
• PERT then combines these three estimates to
form a single expected duration.

By. Dr.Madhulika 79
• Most likely time --The time we would expect
the task to take under normal circumstances
,denoted by:-m
• Optimistic time—shortest time in which we
could expect to complete the activity, denoted
by a.
• Pessimistic time—worst possible ,denoted by
b( reasonable eventualities)
• te=(a+4m+b)/6
Madhulika ,Amity University,Noida,CSE
Department
By. Dr.Madhulika 81
• The PERT technique uses the following three-
step method for calculating the of meeting or
missing a target date:

By. Dr.Madhulika 82
Pert technique use three steps to calculate
probability of meeting & missing the target

• Calculate standard deviation for each project

events s=(b-a)/6
• Calculate z value for each event that has
target date z=(T - t e) /s
• t e expected date
Activity A has optimistic time(a)=5
• T target date Pessimistic time (b)=8,most
likely(m)=6,T(target date)=10

Madhulika ,Amity University,Noida,CSE

Department
 example
• Activity A has optimistic time(a)=5
Pessimistic time (b)=8,most likely(m)=6,T(target
date)=10
S=(8-5)/6=0.5
te=(5+4(6)+8)/6=6.16
z=(10-6.16)/0.5=7.68
Target date T is 10

Madhulika ,Amity University,Noida,CSE

Department
By. Dr.Madhulika 85
By. Dr.Madhulika 86