Lecture Eight:

Project Risk Management

 What’s Risk

Risk: An event that identified in

advance that may or may not happen
which have impact on project
objectives
The impact could be positive then it
will be considered as good risk which
named opportunities
The impact could be negative then it
will be considered as Threats
 Risk Factors

When evaluating risk the following

should e determined:
1-The probability of risk occurrence
2-The impact
3-Expected time to occur
4-The anticipated frequency of risk
events
 Risk Management Processes
Plan Risk-Planning Group

Identify Risk-Planning Group

Qualitative Analysis-Planning

Quantitative Analysis-Planning

Plan Risk Reponses-Planning

Monitor and Control Risk

 First Process: Plan Risk Management

It define how risk management will be

performed for the project
How much time should spend working
on risk
Who will be
involved,methodology,acceptance
tolerances….etc
 Tools: Planning meeting and Analysis

Project team hold planning meeting to

develop the risk management plan.
PM,project team, other stakeholder
could participate in this meeting
Any one from stake holder could
support in making more approach to
how we can manage risk can
participate
 Output :Risk management plan
 The plan could contains the following items:

 Methodology :Tools, data that could be used to perform risk management

 Roles and responsibilities: Define risk management team members and clarifies their
responsibilities

 Budgeting: Estimate funds required for risk management, establish policies for
application of contingency reserve

 Timing :Define when and how often the risk management process will performed
through the project life cycle
 Output :Risk management plan
 The plan could contains the following items:
 Risk Categories: Risk could be categorized based on the following
 External: New Government Laws
 Internal: poor planning, imposed date to finish ,staffing materials
 Technical: changes in technology
 Unforeseeable: small portion of risk 10% are actually unforeseeable

 Risk also could be generated due to:

 The Customer attitude
 Lack of project management effort
 Suppliers
 Resistance to change
 Cultural differences
 Second Process : Identify Risk

Risk identification is done through this

process where PM,Project team,
customer risk management if
assigned , talking to experts outside
the projects ,stakeholders can
participate to identify risk
Everyone is involved to identify risk
 Tools:

Documentation Review :
 Many document could be revised to identify risk like project charter, contract, lesson
learned from other project..etc

 Information Gathering technique: like brain storming,delphi technique

 Checklist analysis: Risk identification checklist can be developed based on historical

information and knowledge that has been accumulated from pervious similar projects

 Assumption Analysis: Risk identification could b according to different scenarios that

could occur during project execution, this scenarios is considered as assumption which
has to be analyzed in order to explore its validity

 Diagramming Technique: like Cause and effect diagram, flow chart..etc

 Tools:
 SWOT Analysis:

SWOT stands for:

Strengths (what are the positive
attributes of your company, product or
service?)
Weaknesses (what are the negative
attributes of your company, product or
service?)
Opportunities (where are the market
opportunities for your product or
service?)
Threats (what are the main threats to
your company?)
 Output: Risk Register

Risk Register:
•It contains required information
concerning risk, like Description of
risk, Owner of risk, potential
impact, description of impact,
probability,Potentail Responses
•Remark:
•Update Risk register is the
common output for next process.
•Responses for risk are documented
in identify risk and plan risk
response as in identify you could
mention preliminary plan for
response.
 Third Process: Perform Qualitative Risk
analysis
To perform this analysis we need to
Used to take decision of determine:
what risk will be in next •The probability of each risk occurring
stage, which if them we using standard like low ,high
need to perform another ,moderate
examination ,which need •The impact can be determined with
more analysis as same sale or from 1 to 10
quantitative Qualitative
analysis

Quick and easy to Subjective analysis :

perform Subjectivity means subject's
personal perspective, feelings,
No special tools is
beliefs, desires or discovery, has
required
opposite to numerical analysis
  Tools & Techniques:
 1-Risk probability  Output:
and impact 1-Risk
Inputs:


assessment Register
 1-Risk Register  2-Risk probability updates
 2-Risk and impact matrix
management plan  3-Risk data quality
 3-Project scope assessment
statement  4-Risk categorization
 4-Organizational  5-Risk urgency
process assets assessment
 6-Expert judgment
 Tools: Qualitative Analysis
 Risk Probability and impact assessment:
 It investigates the likelihood that each specific risk will occur, the potential effect on
project objectives such as schedule, cost ,quality…etc.
 Risk with low ratings of probability and impact will be included on a watch list for future
monitoring.

 Probability and Impact Matrix:

 IT allows you to rate potential risks on these two dimensions. The probability that a risk
will occur is represented on one axis of the chart – and the impact of the risk, if it
occurs, on the other.
 You use these two measures to plot the risk on the chart. This gives you a quick, clear
view of the priority that you need to give to each.
 Tools:
 Probability and Impact Matrix
To use the Risk Impact/Probability
Chart, print this free worksheet, and
then follow these steps:
1.List all of the likely risks that your
project faces. Make the list as
comprehensive as possible.
2.Assess the probability of each risk
occurring, and assign it a rating. For
example, you could use a scale of 1 to
10. Assign a score of 1 when a risk is
extremely unlikely to occur, and use a
score of 10 when the risk is extremely
likely to occur.
3.Estimate the impact on the project if
the risk occurs. Again, do this for each
and every risk on your list. Using your
1-10 scale, assign it a 1 for little
impact and a 10 for a huge,
catastrophic impact.
4.Map out the ratings on the Risk
Impact/Probability Chart.
5.Develop a response to each risk,
according to its position in the chart.
 Tools:
 Probability and Impact Matrix
Low impact/low probability – you
can often ignore them.
Low impact/high probability – are
of moderate importance – if these
things happen, you can overcome
with them and move on. However,
you should try to reduce the
likelihood that they'll occur.
High impact/low probability – Risks
i are of high importance if they do
occur, but they're very unlikely to
happen. For these, however, you
should do what you can to reduce
the impact they'll have if they do
occur, and you should have
contingency plans in place just in
case they do.
High impact/high probability –
importance. These are your top
priorities, and are risks that you
must pay close attention to.
 Tools:
 Probability and Impact Matrix
Key points:
To successfully implement a
project, you must identify and
focus your attention on middle
and high-priority risks –
otherwise you risk spreading your
efforts too thinly, and you'll waste
resources on unnecessary risk
management.
With the Risk Impact/Probability
Chart, you map out each risk –
and its position determines its
priority. High-probability/high-
impact risks are the most critical,
and you should put a great deal of
effort into managing these. The
low-probability/high-impact risks
and high-probability/low-impact
risks are next in priority, though
you may want to adopt different
strategies for each.
Low-probability/low-impact risks
can often be ignored.
 Tools :
 Risk Quality data assessment :
 This tool is used to determine How accurate are the data-Data available about the risk-
How far is project team understand the risk

 Risk Categorization
 Risk can grouped by categories, work package , or by cause to know which work
package or other potential causes have the most risk associated with them

 Risk Urgency assessment :

 Project manager has to focus on the urgency of the risk, probability of risk, impact
rating from the probability impact matrix to determine the overall severity of the risk
 Notes:

Qualitative Risk can be used:

1-Determined whether the project
should be selected ,continued or
terminated
2-Determine whether to proceed
to perform quantitative risk
analysis or plan risk response
3-Compare the risk of the project
to other project exists in same
organization
 Quantitative Analysis:
 It involves a numerical analysis of the probability and impact of the risks .

 The risk which will be performed in this analysis has to be analyzed first in the
pervious process ( qualitative analysis ) then it need more analysis to determine its
impact

 This kind of analysis express the probability and impact in terms of numerical

 Qualitative analysis is always performed for all project ,but quantitative not for all
project it can be skipped but in condition that there is no risk which has a big effect on
time or cost
 Tools
 Data Gathering and representation Technique:
 probability distribution :
 All probability distributions can be classified as discrete probability distributions or as
continuous probability distributions, depending on whether they define probabilities
associated with discrete variables or continuous variables
 Tools :Data Gathering and representation Technique:
 probability distribution:
 Discrete vs. Continuous Variables
 If a variable can take on any value between two specified values, it is called a
continuous variable; otherwise, it is called a discrete variable.
 Some examples will clarify the difference between discrete and continuous variables.
 Suppose the fire department mandates that all fire fighters must weigh between 150
and 250 pounds. The weight of a fire fighter would be an example of a continuous
variable; since a fire fighter's weight could take on any value between 150 and 250
pounds.

 Suppose we flip a coin and count the number of heads. The number of heads could be
any integer value between 0 and plus infinity. However, it could not be any number
between 0 and plus infinity. We could not, for example, get 2.5 heads. Therefore, the
number of heads must be a discrete variable.
 Just like variables, probability distributions can be classified as discrete or continuous
 Tools :Data Gathering and representation Technique:
probability distribution:
Discrete distribution can
be used to represent It represents the uncertainty y in
uncertain events such as values such as durations of
the outcome of tests schedule activities and costs
,over certain range
 Tools
 Quantitative Risk Analysis and Modeling
Technique:
 Sensitivity Analysis: It helps to determine which risks have the most potential
impact on the project ,It examines the extent to which the uncertainty of each project
affects the objective being examined when all other uncertain held constant
 Another Definition
 If a small change in a parameter (input factor) results in relatively large changes in the
model outcome, the outcome is said to be sensitive to that parameter.
If this is the case, either the input factor will need accurate control or the process will
need redesign to reduce the sensitivity.
 Tools
 Quantitative Risk Analysis and Modeling Technique:
 Sensitivity Analysis: Tornado Diagram
Basically, the tornado diagram is a typical display
format of the sensitivity analysis. Let’s look at
this in more detail.
A Tornado diagram, also called tornado plot or
tornado chart, is a special type of Bar chart,
where the data categories are listed vertically
instead of the standard horizontal presentation,
and the categories are ordered so that the largest
bar appears at the top of the chart, the second
largest appears second from the top, and so on.
They are so named because the final chart
appears to be one half of a tornado. This diagram
is useful for sensitivity analysis – comparing the
relative importance of variables. For example, if
you need to visually compare 100 budgetary
items, and identify the largest ten items, it would
be nearly impossible to do using a standard bar
graph. However, in a tornado diagram of the
budget items, the top ten bars would represent
the top ten largest items.
The longer the bar, the greater the sensitivity of
the project objective to the factor. The factor that
have the greatest impact is located at the top,
and the bar ends indicate the low and high value
of the factor. It assists the project manager in
focusing on the most critical variable of the
project, sort and prioritize the variable according
to their impact on the project objective, realize
how much the value of the project is impacted by
the uncertainties of the project, and decide where
you need to invest any additional efforts.
 Tools
 Quantitative Risk Analysis and Modeling Technique:
 Expected Monetary Value analysis:
 EMV analysis is a statistical concept that calculated the average outcome when the
future includes Scenario that may or may not happen
 EMV= P* I
 Tools :
 Quantitative Risk Analysis and Modeling Technique:
 Monte Carlo Analysis
 It’s use network diagram and estimates to perform the project many times and to stimulate the
cost and schedule with different scenario
 It’s usually done with computer software
 Provides the probability of completing the project on any specific day ,or specific cost
 Results in probability distribution
 Translate uncertainties into impact to the total project
 Output : Update risk register:
 It can includes:

 1-Prioritized list of quantified risks

 2-Amount of contingency time and cost reserve

 3-Possible realistic and achievable completion dates and project costs with confidence
levels

 4-Quantified probability of meeting project objectives

 Plan Risk Response

In risk response planning you find ways to reduce

the threat or eliminate it entirely as well as find
ways to make opportunities more likely or
increase impact
If risk ( residual Risk ) still exists and can’t be
eliminated then a contingency plan has to be
applied
If contingency plan is not effective enough , PM
has to have a Fallback plan ( plan B)
Risk with low impact and probability has to be in
watch list and monitor from time to time
  Outputs:
 Tools:
Inputs:
 Risk Register
Strategies for
 
updates
 1-Risk negative risk
Register
 Risk related
 Strategies for contract decision
 Risk positive risk
management
 Project
 Contingent management plan
plan response updates
 Expert judgment  Project
documents
updates
 Tools : Risk Strategies for Negative Risk
 Avoid: Eliminate the threat by eliminating the cause ( work package or person)

 Mitigate : reduce the probability of risk and its impact, give your team a training to
reduce their lack of information about certain topic

 Transfer: like outsourcing and depending on Sub contractors

 Tools : Risk Strategies for Positive Risk:

 Exploit ( reverse of avoid ): add work or make a change to project to assure opportunity
occur

 Enhance: Increase the probability of opportunity

 Share: Participate with a second party to enhance the chance to get opportunity