PROJECT RISK MANAGMENT

Chapter one
Introduction
KURABACHEW M.(PhD)
 Contents

1. Definition and Concepts

2. Importance of Project Risk Management

3. Building Risk Management Culture

4. Project Risk Management Process

 d ”
oo
ih
Risk ik el
“L
y
d b Section I:
l ie
lti p
mu Definitions and Concepts
s s”
o
“L
 1. Project Risk/Risk
 What is Risk?
A risk is the product of the probability of an event happening, and its
consequences.
The impact can be either positive or negative.
 Project risk:
An uncertain future event that will affect the project from
achieving its goals and objectives within cost, schedule and
performance constraints
or more simply, the effect of uncertainty on achievement of objectives
In general it is an uncertain event or condition that, if it occurs, has an effect
on at least one project objective.
 1. Project Risk/Risk
Objectives can include :
1. scope,
2. schedule,
3. cost,
4. quality and
5. client satisfaction
A risk may have one or more causes and, if it occurs, it may have one
or more impacts.
A cause may be a requirement, assumption, constraint, or
condition that creates the possibility of negative or positive
outcome.
 1.Project Risk/Risk
Risk can be Positive Or Negative

Negative risk identification involves understanding potential problems

that might occur in the project and how they might impede project
success

Negative risk management is like a form of insurance; it is an

investment
Example:
Unproven technology impacting project schedule

Loosing critical resources from Project

 1.Project Risk/Risk

 Positive risks are risks that result in good things happening;

sometimes called opportunities
 Examples:
 Emergence of new tool to increase productivity

 New resource replacing the lost resource which is better one

Negative risks are threats to the project while the

positive once are opportunities.
 2. Project Risk/Risk Management
 Risk management is applying:
Principles and processes that help minimize the negative impacts of risks and
maximize the positive impacts.

 It is the art and science of identifying, assigning, and responding to risk

throughout the life of a project and in the best interests of meeting
project objectives.

 The goal of risk management is to minimize potential negative

risks while maximizing potential positive risks.
 2. Project Risk/Risk Management
Project risk management uses the two fundamental parameters of
risk
 Likelihood: “probability” estimated in several ways for project events
(though often by guessing)
 Loss/gain: generally referred to for projects as “impact,” and it is
based on the consequences to the project if the risk does occur.
 Measured in time or cost
 2. Project Risk/Risk Management

There are no risk-free projects because there is an infinite

number of events that can have a negative effect on the project.
Risk management is not about eliminating risk but about identifying,
assessing, and managing risk..
 3. Project Risk Classification
 Known vs. unknown or unforeseen Risk
 Known risks are events that have been identified and analyzed for
which advanced planning is possible.
 Risks that can be anticipated, required on the project. such as exceptionally bad
weather.

 Other risks are unknown or unforeseen.

 Terrorist Attack

 Sudden Family Death

 Natural disaster
 3. Project Risk Classification
 Project risks Vs organizational risks
 Organizational Risk:
 Possible loss that is associated with the business purpose of
the project
 Assumed by the client when deciding to do the project.

 For Example:
 A copper mine project chartered to design and construct, a drop in price of copper
is an organizational or business risk.
 3. Project Risk Classification
 Risks versus Issues
 Issue:
 any event described in the past tense it is an issue to manage and not a risk.

 It is something that has already happened and the consequences should be dealt with.

 Identify issues and manage the consequences

 Risks:
 are future events and the focus of risk management is to identify,
plan and execute strategies and plans to prevent them from happening, or mitigate their
impact.
 identify risks and manage the root causes
 Concern is
Risk Is not
analyzed to
Adequately
identify root
Addressed
cause(s)
CONCERN RISK ISSUE

 Uneasy feeling that  Occurrence of risk

 Likelihood that an
an issue may arise event which will
issue may arise which
which could affect the affect the project’s
could affect the
project’s success. success.
project’s success.
 No root cause or firm
 Root cause(s) i.e. firm
basis for concern yet
basis/ justification of
identified.
risk is identified
 4. Risk utility
Different organizations and people have different tolerances for risk

Risk utility or risk tolerance is the amount of satisfaction or pleasure

received from a potential payoff

Utility rises at a decreasing rate for people who are risk-averse

Those who are risk-seeking have a higher tolerance for risk and
their satisfaction increases when more payoff is at stake

The risk-neutral approach achieves a balance between risk and

payoff

15
 4. Risk utility
Risk Utility Function and Risk Preference

16
 Section II:

Importance of Project Risk Management

 Importance of Project Risk Management
 Project risk management is primarily undertaken to improve
the chances of projects achieving their objectives.

 It can help improve project success by helping select good projects,

determining project scope, and developing realistic estimates

 Risk management helps a project to have fewer problems to begin with.

 Project Risk Management is One of the nine knowledge Areas of

the Project Management
 Knowledge areas of project management
1. Project Integration Management

ent
2. Project Scope Management

em
3. Project Time Management

na g
4. Project Cost Management

Ma
5. Project Quality Management

k
Ris
6. Project Human Resource Management

ct
7. Project Communications Management

je
Pro
8. Project Risk Management

9. Project Procurement Management

 Importance of Project Risk Management
Risk analysis can reveal opportunities for improving projects
that can result in increased project value
Adequate risk analysis lowers both the overall cost and the
frustration caused by avoidable problems.
It Helps to get Project Priority and Management Support
Project risk response register is an input for project portfolio
management
 Importance of Project Risk Management
Risk analysis uncovers weaknesses in a project plan and
triggers changes, new activities, and resource shifts that
improve the project.
Risk analysis demonstrates the uncertainty of project
outcomes and is useful in justifying reserves for schedule
and/or resources.
Project communication is most effective when there is a solid,
credible risk plan.
 Importance of Project Risk Management
Risk assessments also build awareness of project exposures for the
project team, showing when, where, and how painful the problems
might be.
This causes people to work in ways that avoid project difficulties.

Risk data can also be useful in negotiations with project

sponsors.
 Section III:

Building a Risk Management Culture

 Building a Risk Management Culture

 It is the process of developing people in an organization who think

and plan projects effectively, and who are supported by company
systems that encourage them to think and plan effectively.

 This involves looking constantly at what could go wrong and

knowing the difference between theoretical risk and practical risk.
 Theoretical risk is risk that could happen;

 practical risk is risk that is likely to happen.

 Experience helps to differentiate the two.
 Building a Risk Management Culture

 The successful risk management organization has five basic

competencies:
1. Active training and development in risk planning and management

2. Strong linkage between corporate planning and project planning,

3. Deep project experience in its industry

4. Capacity to document project experience and "learn" as an organization

5. A workforce of strong functional managers who address product quality as a

risk reduction issue
 Building a Risk Management Culture

 The organization must position itself for risk and must empower and
enable its business and project people to address and take
risks, but there must be an open, organization-wide process for
addressing and absorbing risk.

 If these conditions don't exist, the project manager is not

"incentivized" to address risk and will avoid risk, often at the expense
of opportunity.
 Building a Risk Management Culture

 Any organization building a risk-based culture must provide incentives

for integrating risk into the project planning and control process.

 The incentive for handling risk is top management support and

resources.

 Project managers who manage risks effectively are likely to be more

successful in acquiring additional resources because they tend to
have backup and contingency plans ready when risks occur.
Building a Risk Management Culture

The beginning of
good risk management
is the capacity to know
what the organization
and its people can do
and
what they cannot do.
Widen the open
Quadrant
Johari Window
 Risk management process (based on ISO 31000)

Section IV:

Project Risk Management Process

 Project Risk Management Process

Project has Five process Groups:-

1. Initiating,
2. Planning,
3. Executing,
4. Monitoring and Controlling, and
5. Closing

Project Risk Management is related to two of these groups:

the Planning and
 the Monitoring & Controlling Process Group
Project Risk Management Processes

It is all about planning

1. Planning risk management
2. Identifying risks
3. Performing qualitative risk analysis
4. Performing quantitative risk analysis
5. Planning risk responses

Controlling and Monitoring

6. Controlling risk

31
Project Risk Management Process
Project Risk Management Process
 1. Risk Management Planning

It is the systematic process of deciding how to approach, plan, and

execute risk management activities throughout the life of a project.

It is intended to maximize the beneficial outcome of the

opportunities and minimize or eliminate the consequences of
adverse risk events.
 2. Risk identification

Risk identification involves determining and documenting which risks can affect
the project.

It may be a simple risk assessment organized by the project team, or an outcome
of a formal risk assessment process such as the Cost Estimate Validation Process.

Risk identification tools and techniques include

 Brainstorming
 The Delphi technique
 Interviewing
 SWOT analysis
 3. Qualitative risk analysis

Qualitative risk analysis involves Project teams assessing identified risks for probability of
occurrence and impact on project objectives.

Teams may elicit assistance from subject matter experts or functional units to assess the risks in
their respective fields.

Risks are measured by their “quality” in words rather than quantified in numbers.

Risk quantification tools and techniques include:

 Probability/impact matrixes

 The Top Ten Risk Item Tracking

 Expert judgment
 4. Quantitative risk analysis

Quantitative risk analysis is a way of numerically estimating the probability

that a project will meet its cost and time objectives.

Quantitative analysis is based on a simultaneous evaluation of the impacts of

all identified and quantified risks.

Main techniques include:

• Decision tree analysis
• Simulation
• Sensitivity analysis
 5. Risk Response

Risk response involves developing options and determining actions to reduce

threats or enhance opportunities to project objectives.

Actions are identified and assigned to parties that take responsibility for the risk
response.
 This process ensures each risk requiring a response has an “owner.”

The Project Manager and the project team identify a strategy that is best for
each risk, and then select specific actions to implement that strategy.
 5. Risk Response

Four main response strategies for negative risks:

• Risk avoidance
• Risk acceptance
• Risk transference
• Risk mitigation
§Response Strategies for Positive Risks
 Risk exploitation
 Risk sharing
 Risk enhancement
 Risk acceptance
 6. Risk Monitoring & Control

Risk monitoring and control tracks identified risks, monitors residual risks, and
identifies new risks—ensuring the execution of risk plans and evaluating their
effectiveness in reducing risk.
Residual risks are risks that remain after all of the response strategies have been
implemented

Risk monitoring and control is an ongoing process for the life of the project.
Project Risk Monitoring Process
 Project Risk and the Project Complexity Profile

There is a positive correlation between the complexity of a project and the risk.

 Increased levels of complexity imply

more people, newer technologies, and increased internal and external
unknown factors.

High scores for external complexity imply high risks to

 the schedule, budget, and quality due to unknown factors and limited
resources.
 Project Risk and the Project Complexity Profile

High scores for internal complexity imply high risks to

the budget, schedule, and quality due to organizational complexity and changes of scope due to lack of clarity in
project and scope statements.

High scores for technological complexity imply high risks to the

budget, schedule, and quality due to unknown flaws in the technology and lack of familiarity with it.

 Environmental complexity includes legal, cultural, political, and ecological issues.

High scores for complexity in this category imply high risks for delay and expensive resolution
to lawsuits, public opposition, changes for political considerations, and unforeseen ecological
impacts.
END OF CHAPTER