Risk Management in Projects

SUBMITTED BY
DEEPIKA JAGGI
BTB/07/2013
th
PROJECTS
Projects are risky undertakings, and modern approaches to managing projects
recognise the central need to manage the risk as an integral part of the project
management discipline.

All projects share a range of features which inevitably introduce uncertainty.

 
CHARACTERSTICS:
 
Factors found in all projects which make them inherently risky include:
 
 Uniqueness. Every project involves at least some elements that have not been

done before, and naturally there is uncertainty associated with these elements.
 
 Complexity. Projects are complex in a variety of ways, and are more than a

simple list of tasks to be performed. There are various kinds of complexity in

projects, including technical, commercial, interfaces or relational, each of
which brings risk into the project.
 
 
 Assumptions and constraints. Project scoping involves making a range of
guesses about the future, which usually include both assumptions (things we
think will or will not happen) and constraints (things we are told to do or not
do). Assumptions and constraints may turn out to be wrong, and it is also
likely that some will remain hidden or undisclosed, so they are a source of
uncertainty in most projects.
 
 People. All projects are performed by people, including project team
members and management, clients and customers, suppliers and
subcontractors. All of these individuals and groups are unpredictable to some
extent, and introduce uncertainty into the projects on which they work.

 Stakeholders. These are a particular group of people who impose

requirements, expectations and objectives on the project. Stakeholder
requirements can be varying, overlapping and sometimes conflicting, leading
to risks in project execution and acceptance.
 
 Change. Every project is a change agent, moving from the known present into
an unknown future, with all the uncertainty associated with such movement.
 
DELIBERATE DESIGN:

Each organisation wishes to move ahead as quickly as possible, and

that involves taking risk as the business exposes itself to a range of
uncertainties that could affect whether or not it achieves its desired
aim. This can be achieved in two ways:

 One option might be to take small steps, making incremental

changes to existing products and services, seeking continuous
improvement and evolutionary change. While this strategy might
appear to be less risky, it delivers smaller advantages at each
increment, and relies on a constant supply of value-enhancing
developments.
 An alternative is to be revolutionary, looking for major innovations
and paradigm-breaking change, trying to leapfrog the competition
and get several steps ahead. This is a more risky strategy but the
potential gains are larger and might be achieved more quickly.
 
EXTERNAL ENVIRONMENT:

Projects are not conducted in a vacuum, but exist in an environment

external to the project itself which poses a range of challenges and
constraints. This includes both the wider organisation beyond the
project and the environment outside the organisation, and changes
which are outside the project’s control can occur in both of these.
Environmental factors which introduce risk into projects include:

 Market volatility
 Competitor actions
 Emergent requirements
 Client organisational changes
 Internal organisational changes
 PESTLIED (political, economic, social,
technological, legal, international, environmental, demographic)
factors.
Projects are risky as a result of their common
characteristics, by deliberate design, and because
of the external environment within which they
are undertaken.
It is impossible to imagine a project without risk.
Of course some projects will be high-risk, while
others have less risk, but all projects are by
definition risky to some extent. The ‘zero-risk
project’ is an oxymoron and a logical
impossibility – it does not and cannot exist.
RISK MANAGEMENT
 Risk management is concerned with
identifying risks and drawing up plans to
minimise their effect on a project.

 A RISK is a probability that some adverse

circumstance will occur
◦ Project risks affect schedule or resources;
◦ Product risks affect the quality or performance of
the software being developed;
◦ Business risks affect the organisation developing or
procuring the software.
Types of risks
 Technology Risks
 People Risks
 Organisational Risks
 Requirement Risks
 Estimation Risks
 Risk Management involves how management
responds to risks. It includes:

 recognising preventive measures to minimise risk.

 implementing contingency plans to counter risk.
 reduce doubts via investigation through useful
information.
 transfer of risk to another asset.
 risk allocations in contractual agreements.
 setting contingencies to budget allocations.
THE PROCESS
RISK IDENTIFICATION
Risk Identification involves in pinpointing the risks that may
affect a project.
It has to be conducted at regular intervals throughout the life
span of the project.

Risk Identification has to take into consideration internal and

external factors.
Internal factors involve risks that the group which is handling
the project can manage. Some examples of internal factors are
the delegation of work, freezing of vacation leaves and budget
allocation.

External factors involve risks that the project personnel are not
in command of. Some examples of external factors are
economic fluctuations, policy restructuring or natural disasters.
RISK QUANTIFICATION
Risk Quantification is the assessment
of risks and how different risks are
linked and communicated with each
other, in order to determine the
activity required for different risk
occurrence.

Risk Quantification includes several different aspects:

 Complex calculations may result to incorrect accuracy and
consistency. Good prospects for one stakeholder may be a
downfall for another.
 A risk occurrence can have a snowball effect.
 Chance and ways to exploit this chance communicate in
unexpected ways.
RISK RESPONSE DEVELOPMENT
Risk Response Development includes preventive
measures against threats. These measures fall
into one of the below-mentioned categories:

 Avoidance and abolishing a particular danger.

This is by abolishing the root of the problem.
 Mitigation and lessening the cost of a risk
occurrence by lessening the likelihood of this
occurrence.
 Acceptance and to absorb the consequences
RISK RESPONSE CONTROL
 Once risks have been identified and adequate control measure
assessed, decisions need to be taken on how to respond to
specific risks by taking action to improve the outcome.
Risk Response will help this process. Possible responses to risk
should include one of the four T's as follows:

 Transfer - Transferring some aspects of risk is a recognised

method either by paying a third party to take it on or if available,
an insurance policy.
 Tolerate - Perhaps nothing can be done at a reasonable cost to
stop the risk, although, ideally, the risk should be monitored by
using the relevant Risk Register/Tracker template to ensure it
remains acceptable.
 Treat - Treating the risk – take action to control it in some way by
applying containment of contingent actions. Within this
categorisation:
Containment actions are those which lessen the likelihood of the risk
or the consequences, and are applied before the risk materialises.
Contingent actions are those which are put into place after the
outcome from the risk has happened (therefore becoming an issue
needing quick decisions). Here the focus is on reducing the impact
of the risk. These actions can be pre-planned so that people know
what to do in advance.

 Terminate - By doing things differently and thus removing the risk,
where it is either feasible or practical to do so.
RISK PLANNING
Consider each risk individually and develop a
strategy to manage that risk.
 Avoidance strategies
◦ The probability that the risk will arise is reduced;
 Minimisation strategies
◦ The impact of the risk on the project or product will
be reduced;
 Contingency plans
◦ If the risk arises, contingency plans are used to deal
with that risk;
MANAGING RISK
Risk may be managed in a number of ways:

Byusing existing assets:

Here existing resources can be used to counter risk. This may
involve improvements to existing methods and systems, changes in
responsibilities, improvements to accountability and internal
controls, etc.

By contingency planning:

You may decide to accept a risk, but choose to develop a plan to
minimize its effects if it happens. A good contingency plan will allow
you to take action immediately, with the minimum of project control
if you find yourself in a crisis management situation. Contingency
plans also form a key part of Business Continuity Planning (BCP) or
Business Continuity management (BCM).
 By investing in new resources:
Your risk analysis should give you the basis for deciding whether to
bring in additional resources to counter the risk. This can also
include insuring the risk: Here you pay someone else to carry part of
the risk – this is particularly important where the risk is so great as
to threaten your or your organization's solvency.
Examples of few Risks and strategies
to overcome them….
Risk Strategy
Organisational Prepare a briefing document for senior management
financial problems showing how the project is making a very important
contribution to the goals of the business.
Recruitment Alert customer of potential difficulties and the
problems possibility of delays, investigate buying-in
components.
Staff illness Reorganise team so that there is more overlap of work
and people therefore understand each other’s jobs.
Defective Replace potentially defective components with bought-
components in components of known reliability.
Risk Strategy
Requirements Derive traceability information to assess requirements
changes change impact, maximise information hiding in the
design.
Organisational Prepare a briefing document for senior management
restructuring showing how the project is making a very important
contribution to the goals of the business.
Database Investigate the possibility of buying a higher-
performance performance database.
Underestimated Investigate buying in components, investigate use of a
development time program generator
Risk monitoring
 Assess each identified risks regularly to
decide whether or not it is becoming less or
more probable.
 Also assess whether the effects of the risk

have changed.
 Each key risk should be discussed at

management progress meetings.

10 Golden Rules
 Rule 1: Make Risk Management Part of
Your Project
 Rule 2: Identify Risks Early in Your Project
 Rule 3: Communicate About Risks
 Rule 4: Consider Both Threats and Opportunities
 Rule 5: Clarify Ownership Issues
 Rule 6: Prioritise Risks
 Rule 7: Analyse Risks
 Rule 8: Plan and Implement Risk Responses
 Rule 9: Register Project Risks
 Rule 10: Track Risks and Associated Tasks