Presentation on Risk Management

Presented to: Prof. Rajeev Jain

Department of management studies
Introduction to Project Risk Management

• Risk management is a core discipline that

assists managers at all levels to make
correct and informed decisions.
• It involves the identification, analysis and
evaluation of the risks presented by the
system being acquired and the activities to
acquire it, and the development of cost-
effective treatments for those risks.
• It applies to projects and programs of all
sizes.
• Effective risk management has costs. It is
an overhead to prevent loss
Continue….
• In ideal risk management, a prioritization process
is followed whereby the risks with the greatest
loss and the greatest probability of occurring are
handled first, and risks with lower probability of
occurrence and lower loss are handled in
descending order. In practice the process can be
very difficult, and balancing between risks with a
high probability of occurrence but lower loss
versus a risk with high loss but lower probability
of occurrence can often be mishandled.
Risk-management activities as applied to
project management

In project management , risk management includes the

following activities:
• Planning how risk will be managed in the particular
project. It include risk management tasks,
responsibilities, activities and budget.
• Assigning a risk officer - a team member other than a
project manager who is responsible for foreseeing
potential project problems.
• Maintaining live project risk database. Each risk should
have the following attributes: opening date, title, short
description, probability and importance.
Continue….

• Creating anonymous risk reporting

channel.
• Preparing mitigation plans for risks that are
chosen to be mitigated.
• Summarizing planned and faced risks,
effectiveness of mitigation activities, and
effort spent for the risk management.
CONCEPTS
• Risk management is an iterative process
for identifying, analyzing, evaluating,
treating and monitoring risks. It is governed
by a Risk Management Plan and controlled
via a Risk Register.
• Risks are significant uncertainties about
outcomes, the uncertainty is in two
dimensions, the likelihood of the risk event
occurring, and the extent of the
consequences if it does.
CONCEPTS
• For example security tends to use
‘threat’.
• Risk events give rise to problems, some of
which may be absorbed or
accommodated, but others have impacts
that affect project objectives.
CONCEPTS
CONCEPTS
• The risks associated with a project can be:
• Inherent, which result from the nature of the
project objectives and scope
• Acquired, which result from the selected
organization, approach, technology, methods,
tools, techniques, skills and experience that
are applied to the project
• Contextual, which result from events,
circumstances or inter-relationships outside or
across the project or system boundary and
impact aspects of the project
CONCEPTS
Effective management of project risks requires:
• Commitment at all level.
• Communication and consultation.
• Effective system engineering and project
management.
• Risk ownership.
• A continuous approach.
• A partnership approach.
• An appropriate risk management process.
KEY ROLES & RESPONSIBILITIES

SENIOR MANAGEMENT:
• -should be able to make risk mgt policies
• -support risk mgt actions & all project
stakeholders participate in them.
SPONSOR:
• -adequate resources are available
• -active participation by stakeholders
• -project affecting risks are managed
• -monitoring & reporting progress/effectiveness of
risk treatment
Continue….
PROJECT MANAGEMENT DIRECTOR:
• -heads project team
• -meet project objective with over all mgt of
risks within the project
RISK OWNERS:
• Authority for treating & monitoring the
identified risks with adequate resources.
Continue….
RISK MANAGER:
• -ensures that risk mgt process is applied effectively that
involves:
• -driving & managing all aspects of risk mgt process & plan
• -appropriate & frequent risk reviews to identify new or
changing risks
• -all risks have an appropriate owner
• -monitoring cost effectiveness & practicability of risk
treatments
• preparing regular risk reports
• -seeking & implementing continuous improvement to risk
mgt process
• -sharing lessons with other projects & shareholders
Continue….
BUSINESS REPERESENTATIVES & BUSINESS
OWNERS:
• -must assist with identification, analysis, &
evaluation of risks & support implementation of
selected risk treatments.
PROJECT TEAM MEMBERS:
• -assisting with identification, analysis &
evaluation
• -assisting with development of risk treatment
• -setting out risk mgt activities
Risk Management Process
Risk Management Process
1. Establish the context
• Purpose
• Commentary
• Outputs
• Summary of key elements in establishing the risk
context for a project -
 Establish the strategic context
 Establish the organizational context
 Establish the risk management context
 Prepare the initial version of the Risk
Management Plan
Risk Management Process
2. Identify and define risks
• Purpose
• Commentary
• Effective methods of risk identification
include
• Output
Risk Management Process
• Summary of the key elements in the identification
of a project’s risks
 Identify risks in the initial and revised business
cases
 Review risks throughout the project in
accordance with the Risk Management Plan
 Document identified risks in the Risk Register
Risk Management Process

Encourage wide participation

Use a formal process and appropriate
methods and techniques
Consider all risk sources
RISK ANALYSIS

• It the process of identifying the potential for

possible harm to occur to a particular set of
assets or simply is processes and
determining the impact.
 Vulnerab
Mitigation
Asset ility
Threat What is currently
What are you How could
What are you afraid
trying the
of happening? reducing the
to protect? threat
risk?
occur?
Probability
Impact //Severity
Likelihood
What How
is thelikely
impact
is the
to the
threat?
business?

             
          

1.Negligible
2.Minor
3.Moderate 1.Unforeseeabl
4.Major e
5.Critical 2.Very Unlikely
6.Catastroph 3.Possible
ic 4.Likely
5.Very Likely
6.Almost
Certain

                           

Risk Log
 Tolerability Level
Risk Log - Example of Security Hazards
12
Impac Probabilit Risk Rating
Priorit
Hazard t y (Impact *
y
(1-6) (1-6) Probability)
1 Data loss due to virus attack 5 4 20

2 Denial of Service attack 5 3 15

Theft of proprietary
3 4 3 12
information
4 Insider net abuse 4 3 12

5 Abuse of wireless networks 3 4 12

6 Financial fraud 5 2 10

7 Laptop theft 3 3 9

8 Unauthorised access 3 3 9

9 Telecom fraud 2 3 6

10 Web site defacement 3 2 6

11 System penetration 3 2 6

12 Sabotage 4 1 4
TYPES OF RISK ANA LYSIS
PROCESSES
• The two primary types of risk analysis processes are:
1. Qualitative : A simplified process of identifying the major threats to
which an enterprise is exposed.
• What could happen?
• How likely is it to occur?
• What is the impact?
Qualitative answers to one or more of these questions usually can
provide sufficient information to allocate resources and dollars to
protect an enterprise's assets or processes.

1. Quantitative:
• quantitative approach, is used to provide statistical insight to risk
prediction and impact.
• This method requires that one establish a monetary value for the
assets and processes, estimate the probability of a threat occurring,
and determine the ROI
RISK EVALUATION
• The Cabinet’s Magenta Book has
proposed the following definition of
evaluation:
• “.. evaluation uses a range of research
methods to systematically investigate the
• effectiveness of …. interventions,
implementation & processes, and to
determine the
• merit, worth or value …”
• Risk evaluation is concerned with assessing probability and impact
of individual risks, taking into account any interdependencies or
other factors outside the immediate scope under investigation.
There are three major points in this definition.

• Probability
• Impact of individual risks
• Elements of the impact

1. Time
2. Quality
3. Benefit
4. People/resource

Risk is evaluated on the basis of high, medium or low.

• 5. DEVELOP AND IMPLEMENT RISK
TREATMENT:

• Risk treatments developed

• Risk management reporting mechanisms
also defined.
• 6.MONITOR, REPORT,UPDATE AND
MANAGE RISK:

• Risk profile continuously monitored,

reviewed, and updated
• New risk identified as more inform
information becomes available.
• Existing risk eliminated through risk
treatment.