What is Risk

A dictionary definition of risk is “the possibility of loss or injury”.

“A risk is a combination of constraint and uncertainty” by Larry
Krantz.
Project risk management involves understanding potential problems
that might occur on the project and how they might impede project
success.
Risk management is like a form of insurance; it is an investment
 Major Types of Risks In Software Project
Technical risks Management risks External Risks
Functionality
Size Lack of planning Customer Risk
Standard Lack of experience Religious issue
Lack of commun.
Platforms Cultural Risk
Lack of authority
Cybersecurity Risk Ethical Risk
Lack of schedule
Lack of budget
.
Contractual and legal
risks
Environmental Risks Economic Risks
Health issues
Government regulation Weather Risk Currency Exchange
Market-driven Pollution risk Economic Downturn risk
Political risk
 Risk Utility
Risk utility or risk tolerance is the amount of satisfaction or
pleasure received from a potential payoff.
 Utility rises at a decreasing rate for a person who is risk-
averse.
 Those who are risk-seeking/taking have a higher tolerance for
risk and their satisfaction increases when more payoff is at
stake.
 The risk neutral approach achieves a balance between risk and
payoff.
 Potential Payoff
The potential payoff is the expected return or benefit from
taking on a certain risk. This is often compared to the risk cost
(the potential loss if the risk occurs).

Decision-making processes involve calculating the risk-to-

reward ratio to ensure that the benefits outweigh the risks.
Risk Utility Function and Risk Preference
 What Is Project Risk Management?
Project risk management is the process of identifying,
assessing, and controlling risks to ensure the successful
completion of a project.
Effective risk management helps minimize potential
threats and maximizes opportunities.
 Project Risk Management Processes
Risk management planning
Risk identification
Resik Analaysis
• Qualitative risk analysis
• Quantitative risk analysis

Risk Response Planning

Risk Monitoring and Control
 Risk Management Planning
This is the process of defining how to conduct risk
management activities for a project.
The project team should review project documents and
understand the organization’s and the sponsor’s approach to
risk.
The main output of risk management planning is a risk
management plan.
 Questions Addressed in a Risk Management Plan
What is the specific risk, and what are the risk mitigation deliverables?

Why is it important to take/not take this risk in relation to the project objectives?
How is the risk going to be mitigated?

Who are the individuals responsible for implementing the risk management plan?
When will the milestones associated with the mitigation approach occur?
 Contingency and Fallback Plans, Contingency Reserves

Contingency plans Pre-determined actions to mitigate or address

specific risks when they occur.

Fallback plans Backup plans that are activated if contingency plans are
ineffective or inadequate.

Contingency reserves or allowances are provisions held by the project

sponsor or organization to reduce the risk of cost.
 Contingency ,Fallback Plans and Contingency Reserves
1. Contingency Plans
The primary goal of a contingency plan is to ensure that, if a risk occurs, the project can continue
with minimal disruption or loss. These plans are created in advance, based on identified risks,
and specify the actions to take if those risks materialize.
2. Fallback Plans
The fallback plan serves as a “plan B” when the primary contingency plan doesn’t effectively
manage the risk. These plans ensure that, even in the worst-case scenario, the project has a
structured response to continue operations.
Example:
In a software development project, a contingency plan might involve outsourcing certain features
to another team in case a developer is unavailable. A fallback plan, on the other hand, might
involve adjusting the project’s scope, extending timelines, or re-prioritizing features to meet the
delivery date.
3. Contingency Reserves
Contingency reserves are designed to cover the cost or time impact of risks that
may occur during the project. By setting aside these reserves, the project team
ensures that there is financial or resource flexibility to deal with risk events without
jeopardizing the project's overall budget or schedule.
Types of Reserves:
• Time Reserves: Extra time added to the project schedule to account for risks that may
cause delays.
• Cost Reserves: Budgetary funds set aside for managing the financial impact of risk events.
• Resource Reserves: Allocating extra human resources, equipment, or materials to manage
risk events if they occur.
 Risk Identification
RI is a set of activities that detect, describe, and catalog all potential risks
to assets and processes that could have negatively impacted business
outcomes in terms of performance or quality.
Identifying risks is crucial for preventing or mitigating them.
The main output of the risk identification process is a list of identified risks and

other information needed to begin creating a risk register.

risk identification
 …risk identification

Techniques such as brainstorming, historical data review, and expert

judgment are used to identify potential risks early in the project.
Risk identification is the process of understanding what potential
unsatisfactory outcomes are associated with a particular project.

 Brainstorming – group discussion

 Delphi technique – panel of experts

Read more on these tools and
 SWOT analysis
techniques
 Interviewing
 Risk Analysis
Qualitative Risk Analysis: Assessing the probability and impact of
risks to prioritize them based on severity. Tools such as risk
matrices and expert judgment are commonly used.

Quantitative Risk Analysis: Involves more mathematical methods,

such as Monte Carlo simulations or decision tree analysis, to
determine the numerical impact of risks and to evaluate potential
project outcomes.
 Qualitative Risk Analysis
Assess the likelihood and impact of identified risks to determine
their magnitude and priority.

Risk quantification tools and techniques include

• Probability/Impact matrixes
• The Top 10 Risk Item Tracking technique
• Expert judgment
Probability/Impact Matrices
Definition: This tool is used to prioritize risks based on their
likelihood of occurrence (probability) and their impact on the
project. Risks are plotted on a grid, with one axis representing
probability and the other representing impact.
Example:
Imagine a software project where you assess risks like "team
member unavailability" (high probability, medium impact) and
"server crash" (low probability, high impact). You would place
these risks in a matrix to visually prioritize them. High-
probability, high-impact risks require immediate attention.
The Top 10 Risk Item Tracking Technique
Definition: This technique involves maintaining a list of the top 10
risks that could impact a project. These risks are reviewed and
updated regularly, ensuring the team remains focused on the most
critical risks.
Example:
In a construction project, the top 10 risks might include weather
delays, supply chain disruptions, and equipment breakdowns. By
tracking these risks, the team can allocate resources effectively to
mitigate them.
 Risk Description Likelihood Impact (High Mitigation Plan status
(High/Medium/Low) /Medium Risk
/Low)
Score

1 Weather delays High High 9 Schedule buffer days Being

monitored

2 Equipment High High 9 Regular Mitigation

breakdowns maintenance ongoing

3 . . .
4 Budget overruns Medium High 6 Implement cost Resolved
control measures
5 Communication Low low 1 Use collaborative Resolved
. problem . . tools .
. . . . . .
. . . . . .
10 Stockholder Low High 3 Regular meetings Accepted
Expert Judgment
Many organizations rely on the intuitive feelings and past
experience of experts to help identify potential project risks.
Experts can categorize risks as high, medium, or low with or
without more sophisticated techniques.
Scenario: The team is unsure about the risks associated with deploying a new AI
feature.
Expert Role: An AI specialist assesses the likelihood of algorithmic errors and their
potential to disrupt user experience. Based on their judgment, the team prioritizes
testing and mitigation efforts for this risk.
 Quantitative Risk Analysis

Quantitative Risk Analysis is a numerical method used to evaluate the impact of

identified risks on project objectives.
Main techniques include
• Decision tree analysis with Expected Monetary Value (EMV)
• Monte Carlo Simulation (by using simulation SW Google Workspace ,GAMS,Oracle Crystal Ball
,Simul8)
 Decision Trees and Expected Monetary Value (EMV)

A decision tree is a diagramming method used to help you select the best course of
action in situations in which future outcomes are uncertain.
EMV is a type of decision tree where you calculate the expected monetary value of a
decision based on its risk event probability and monetary value.

Project X has a 60% Probability of success with an impact of Birr 50,000 and has a 40%
chance of failure with an impact of Birr- 20,000. What is the Expected Monetary Value
of this Project?
EMV of success = Birr 50,000 * 60% = Birr 30,000
EMV of failure = Birr -20,000 * 40% = Birr -8,000
Total EMV = Birr 22,000

In all cases, a positive EMV indicates that it is an opportunity while a negative EMV
indicates a Risk.
 Risk Response Planning
After identifying and quantifying risk, you must decide how to respond to them.
Four main strategies
Risk avoidance: eliminating a specific threat or risk, usually by eliminating its
causes.
Risk mitigation: reducing the impact of a risk event by reducing the probability of
its occurrence.
Risk transference: shifting the consequence of a risk and responsibility for its
management to a third party.
Risk acceptance: accepting the consequences should a risk occur.
 Risk Monitoring and Control
Monitoring risks involves knowing their status.
Controlling risks involves carrying out the risk management plans as risks occur
The main outputs of risk monitoring and control are corrective action, project
change requests, and updates to other plans.

Workarounds are unplanned responses to risk events that must be done when
there are no contingency plans.
.

End