Project risk management

• Nitishree Upadhyay
• Sanam Shrestha
• Sayar Prajapati
• Sushrut Gautam
Introduction
A project risk is an uncertain event that may or may not occur during a project. If it
occurs it has a positive or negative effect on a project objective.
The notion of project risk involves two concepts:
I. The likelihood that some problematic event will occur.
II. The impact of the event if it does occur.
Types of Project Risk
A.External risk:
 Mainly outside the control of the project manager and in most case the organization.
Examples:
 Market risks- include competition, foreign exchange, internal rate risk
 Government regulatory changes
 Disaster such as flood, fire, earthquake, or other natural disaster
 Risk associated with labor strikes, and civil unrest
 Communication system and security sensor failures

B. Cost Risk:
 Directly or indirectly under project manager’s control
 Cost risk usually arise due to poor cost estimation, accuracy and scope creep
Examples:
 Cost overruns by project team or subcontractors, vendors, and consultants
 Poor estimation or errors that result in unforeseen costs
 Overrun of budget and schedule
Project Risk
Schedule Risk
 Can cause project failure by missing or delaying a market opportunity for a product or service
 the risk that activities will take longer than expected
 Slippages in schedule typically increase cost, delay the receipt of project benefits
Schedule risk are caused by:
 Inaccurate estimation, resulting in errors
 Increased effort to solve technical, operational, and external problems
 Resource shortfalls, including staffing delays, insufficient resources
 Unplanned resource assignment- loss of staff due to other higher priority projects

D. Technology risk
 Failure to meet system target functionality or performance expectations
 It is the risk that project will fail to produce results consistent with project specifications
Examples:
 Problems with immature technology
 Use of wrong tools
 Software that is untested or fails to work properly
Project Risk
E. Operational Risk
 Characterized by an inability to implement large scale change effectively
 This risk can result in failure to realize the intend or expected benefit of the project

Causes of operational risk:

 Inadequate resolution of priorities or conflicts
 Failure to design authority to key people
 Insufficient communication or lack of communication plan
 Size of transactions volume- too great or too small
 Poor implementation
Risk Analysis
 Risk Analysis is the process that helps in identification of potential threats that
could affect the success of a business or project.
 It includes means to measure, mitigate and control risks effectively.
 It is an essential tool when the work involves threats and risks.
Methods of Risk Analysis
 Two methods
i. Qualitative Approach
ii. Quantitative approach
Qualitative Approach
 It uses the probability of occurrence and
consequences of occurrence scales
together with a risk mapping matrix to
convert the values to risk levels.
 It is the application of methods for
ranking the identified risk according to
their potential effect on project objective.
Quantitative Approach
 Quantitative risk analysis analyzes numerically the effect a project risk has on a
project objective.
 It uses the technique such as expected value, decision tree analysis, payoff
matrices, modeling and simulation.
 It determines best management decision when conditions or outcomes are
uncertain.
Analysis of major source of Risk
• Insufficient skilled staff
• Inaccurate cost and schedule estimates
• Design errors and omissions
• Change in project scope and requirements
• Inadequately defined roles and responsibilities
• New technology
Source of Risk
 Insufficient skilled staff
- Manager must ensure sufficient skilled staffs as lack of skilled staff causes
various problems in future,
 It effects project during implementation phase and its effect is inefficiency

 Inaccurate cost and schedule estimates

 This source results from ineffective project planning at early stage, if project cost
and schedule are not effectively planned then the project goes in wrong direction,
 Its effects are poor coordination, ineffective use of resources, delay of project and
increased project cost.
Source of Risk
 Design errors and omissions
 There might be some intentional or unintentional omissions or errors to
implement the project, and due to complexity of project and tight time frame a
project team might misunderstand due to ineffective communication
 Examples: deficiency design document, improperly sized equipment , design
calculation errors.

 Change in project scope and requirements

 As project progresses, the scope and requirements may change due to change in
user requirement and technical feasibility,
 Its impacts are inefficiency, disruption, delay and increased cost
Source of Risk
 Inadequately defined roles and responsibilities
 This source of risk is most common in projects of Nepal because of project
management structure and ambiguous roles and responsibilities
 It causes project inefficiency, disruption and delay.

 New technology
 It often plays an important role in project risk analysis , since it might force
project members to change the strategy of project or revise the technology used,
 Its impact in a project is significantly increased project time and cost
Risk management
Risk management is an important practice that helps to identify, evaluate, track, and
mitigate the risks present in the business environment. The process involves:

Risk management
planning

Identifying the
risk
Qualitative risk

Risk
monitoring Analysis of risk

Quantitative risk

Prioritization of
Solution risk
implementation
Risk management planning
It is the process of deciding how to plan and execute risk management activities for a
project.
Objectives:
• Establish basis for evaluating risk
• Ensure risk management effort is proportionate to both risk and importance of
project
• Provide enough resources for risk management activities
Risk management Plan(RMP)
It is the document prepared after the risk management planning meeting.
It involves:
 Methodology
 Roles and responsibility
 Timing
 Budgeting
 Risk categories and risk breakdown structure
 Risk probability and impacts
 Revised stakeholder’s risk tolerances
 Reporting format
 Tracking
Risk Identification
It is the process of identifying the risk with the involvement of various participants of
project.
The participants can be project team, risk management team, subject matter experts,
customers and users.
It is an iterative process and its objectives are:
 To determine the risks that may affect the project
 To document their characteristics in Risk Register
Risk response planning
 Risk response planning addresses the matter of how to deal with risk.
 Risk response planning is the process of developing options and determining
actions to enhance opportunities and reduce threats to the project`s objectives.
It includes the identification and assignment of individuals or parties to take
responsibility for each agreed risk response.

 Objective of risk response planning

 Develop options and determine action to enhance opportunities and minimize
threats to project objectives.
 Assign responsibility to individuals or parties for each risk response.
Risk response strategies

i. Strategies for negative risk (threats)

ii. Strategies for positive risk (opportunity
Strategies for positive risk (opportunity)

a). Exploit the opportunity

 Ensure that the risk event happens by eliminating the uncertainty.
 Examples;- assign qualified personnel, provide better quality etc.

b). Share the risk

 Allocate ownership to a third party who has who has better chance of achieving the required
results.
 Examples;- partnerships, joint ventures, rewards etc.

c). Enhance
 Improve chances for the event to happen so the opportunity becomes more certain.
 Increase the likelihood of occurrence of impact of the event.

d). Accept the risk

 Active acceptance;- developing a contingency plan to execute should a risk occur.
 Passive acceptance;- it requires no action. The project team will deal with the risk as it occurs.
Strategies for negative risk( threats)

a). Risk avoidance

 Process to avoid risk by changing the project plan to eliminate risk.
 Examples:- add resources , improve communication, avoid unfamiliar sub-contractor etc.

b). Risk transfer

 Transfer the risk to the third party who will carry the risk impact and ownership of the risk response.
 Examples;- transfer or risk liability to sub-contractors, performance bonds, warranties etc.

c). Risk mitigation

 Aims at reducing the probability/impact of a risk to within an acceptable threshold .
 Examples;- adopting less complex process, adding resource, conducting more engineering test and
inspections etc.

d). Risk acceptance

 Acceptance indicates a decision not to make any changes to the project plan to deal with a risk or
that a suitable risk strategy.
Risk monitoring and control

 Monitoring identified and residual risk, identifying new risks, executing risk
response plan and evaluating their effectiveness throughout project life cycle.

 Purpose of risk monitoring

The purpose is to determine if :
 Risk response have been implemented as planned.
 Risk response actions are as effective as expected.
 Project assumptions are still valid.
 Risk exposure has changed from its prior state, with analysis of trends.
 Proper policies and procedures are followed.
 New risks have occurred that were not previously identified.
Methods of risk monitoring and control

a). Risk reassessment

 Reviews project risk at project team meetings.
 Major reviews are made at major milestones.
 Risk rating and prioritization may change during the project life cycle.
b). Risk audits
 Examine and document the effectiveness of the risk response planning in controlling risk and the effectiveness of the risk
owner.

c). Variance and trend analysis

 Used for monitoring overall project cost and schedule performance against baseline plan.
 Significant deviations indicates that updated risk identification and analysis should be performed.

d). Reserve analysis

 As execution progresses, some risk events may happen with positive or negative impact on cost or schedule contingency
reserves. Reserve analysis compares available reserves with amount of risk remaining at the time and determines
whether reserves are sufficient.

e). Status meeting

 Risk management can be addressed regularly by including the subject in project meeting.
Benefits of Risk Management
 Protects project investments
 Early warning
 Saves time and money
 Decreases the impact of negative events
 Achieve project objectives
Conclusion
 While we can never predict the future with certainty, we can apply risk
management process to predict the uncertainties in the projects and
minimize the impact of these uncertainties.
 Risk management not only helps in avoiding crisis situations but also aids
in remembering and learning from past mistakes. This improves the chance
of successful project completion and reduces the consequences of those
risks.
 Risk management is a constant learning process to be able to constantly
improve our practices to increase our process efficiency.
THANK YOU