Project Risk Management

Hargeisa University
2018

1
 Introduction
• Why is risk management important?
• Risk is not a bad thing!
• A certain amount of risk taking is inevitable if
we want to achieve our aims and objectives.
• Effective management of risk is crucial.
• The absence of risk management leads to
reactive, fire-fighting activity and potentially,
project failure.
 Cont…
• All projects involve risk.
• Modern projects are particularly risky:
– They are complex and highly varied
– Projects have unique aspects
 Cont…
• Modern projects are frequently “lean,”
• Challenged to work with minimal:
– funding,
– staff, and
– Equipment
– etc
 Why Do Projects Fail?
• Generally, from poor risk management
– Failure to identify risks
– Failure to actively plan for, attack and eliminate
“project killing” risks.

5
 Cont…
• Risk comes in different shapes and sizes
– Schedule risks (short to long)
– Cost risks (small to large)
– Technology risks (probable to impossible)
 Cont…
• For each and every risk, there is the potential
impact of:
– Cost overruns,
– Schedule delays
– Compromises in quality
– Safety if the risk occurs
 Cont…
• Projects that succeed generally do so because
their leaders do two things well.
– leaders recognize that much of the work on any
project is not new
• For this the notes, records, and lessons learned
on earlier projects can be a road map.
 Cont…
• For identifying, and in many cases avoiding,
many potential problems.
– Second, they plan project work thoroughly in order
to understand the challenges ahead and to
anticipate many of the risks.
 Cont…
• Effective project risk management relies on
both of these ideas.
– by looking backward, past failures may be
avoided, and
– by looking forward via project planning, many
future problems can be minimized or eliminated.

– If a project has no risks, then don't do it“

(DeMarco and Lister, 2003).
 Project Risk Management
• Project risk management is the art and science of:
– identifying,
– assigning, and
– responding to risk throughout the life of a project and
– in the best interests of meeting project objectives
• It can help improve project success by helping:
– select good projects,
– determining project scope, and
– developing realistic estimates

11
 Cont…
– Risk management planning: deciding how to
approach and plan the risk management activities
for the project
– Risk identification: determining which risks are
likely to affect a project and documenting their
characteristics
– Qualitative risk analysis: characterizing and
analyzing risks and prioritizing their effects on
project objectives
 Cont…
– Quantitative risk analysis: measuring the
probability and consequences of risks
– Risk response planning: taking steps to
enhance opportunities and reduce threats to
meeting project objectives
– Risk monitoring and control: monitoring
known risks, identifying new risks, reducing
risks, and evaluating the effectiveness of
risk reduction
 What is Risk?
• A dictionary definition of risk is “the
possibility of loss or injury”
• Project risk involves understanding potential
problems that might occur on the project.
– How they might impede project success?
• Risk management is like a form of insurance;
it is an investment

Copyright Course Technology 2001 14

 Elements of Risk
• „ A definable event
• Probability of occurrence
• „ Impact (consequence) of occurrence
 Cont…
• A risk may lead to positive or negative
consequences.
• Our goals are to maximize the probabilities
and opportunities of positive
• Minimize the probabilities and impact of
negative
 Benefits of Risk Management
• Lower cost and less chaos
• Minimize management by crisis
• Encourage proactive management
• Minimize surprises and problems
• Project Justification
 Cont…
• „Decrease overall probability of project
variances.„
• Increase probability of project success
• Increase profitability.
• Prevent problems from occurring, or if they
occur, from escalating.
 Cont…
• Project Risk Management has Cost
– Managing risk entails work

– This requires investment in both time and effort

(cost)
 Responsibilities in Risk Management

Project manager
• Initiate and lead the risk management process
• Provide direction to the project team on the
risk management process and tools
 Cont…
Project team
• Understand and follow the risk management
process
• Execute risk management strategies
• Report status on the risk management process
Risk Management Process
Risk Management Planning

II
 Cont…
• Risk management involves specific planning
for risk.

• Risk planning begins by reviewing the initial

project documents.
 Cont…
• The ultimate goal of risk management is to
increase the probability of project success.
– It makes us focusing attention on problem areas
early.
– Reducing the amount of costly rework in the
future.
 Cont…
• The main output of risk management planning
is a risk management plan.
• The project team should review project
documents.
• The level of detail will vary with the needs of
the project.

Copyright Course Technology 2001 26

 Elements of Risk Management
Plan
• Managing risk consists of: identifying, addressing and
eliminating risks.
• (WORST) Crisis management/Fire fighting : addressing risk after they
present a big problem
• (BAD) Fix on failure: finding and addressing as they occur.
• (OKAY) Risk Mitigation: plan ahead and allocate resources to address
risk that occur, but don’t try to eliminate them before they occur
• (GOOD) Prevention: part of the plan to identify and prevent risks before
they become problems
• (BEST) Eliminate Root Causes: part of the plan to identify and
eliminate the factors that make specific risks possible

27
 Project Selection
• Project risk is a significant factor even before
there is a project.
• The process for choosing projects both creates
project risk and relies on project risk
analysis.
• So the processes for project selection and
project risk management are tightly linked.
 Cont…
• Project risk management data is also a critical
input to the project selection process.
– Without high-quality risk data and
– Credible estimates for candidate projects,
– Excessive numbers of projects, many unrealistic,
will be undertaken and many of them will fail.
 Cont…
• Project selection affects project risk in a
number of ways.
– Too many projects competing for limited resources
– Project priorities that are misaligned with overall
strategies
– Inadequately funded projects
– Unrealistic project deadlines
 Cont…
• Project plan is very crucial for project success.

• An excellent project risk management plan can

decrease the level of problems affecting the
project by around 80% – 90%.
 Cont…
• All projects need to have a project risk
management plan at hand.
• A project risk management plan is basically a
step-by-step instructional document:
– Identifying and anticipating scenarios that can put
the project at risk
– Find ways and means of solutionizing the risk.
 Cont…
• The project risk management plan summarizes the
project risk management approach.

• It is usually part of the project plan.

 Cont…
• The project risk management plan contain the
following elements:

• Process:- adopted in order to identify, analyze,

evaluate, and mitigate risks throughout the
project life cycle.
 Cont…
• Work Breakdown Structure
• Risk Register
• Roles and Responsibilities
• Reporting Structure
• Risk Categories
How to Plan for Project Risk Management

• Do you plan to manage risk for your project?

YES!
• Then include risk management in your Project
Management Plan.
1. Incorporate risk management activities into
the project schedule.
 Cont….
3. Make risk management an agenda item for
regularly scheduled project meetings.
4. Communicate the importance of risk
management to the entire project team.
5. Establish the expectation that risk will be
managed, documented, and reported.
 Tips for Risk Management Planning
• Risk assessment should begin early.

• Allow a budget for risk assessment, risk

management, and risk response activities.

• Report on the status of project risk in

regularly scheduled project meetings.
Risk Identification

III
Risk Related to Management
Practices
 Cont…
• It is the process of understanding what
potential problems associated with a
particular project.
• Several risk identification tools and techniques
include
– Brainstorming
– The Delphi technique
– Interviewing
– SWOT analysis

Copyright Course Technology 2001 41

 Identifying Project Scope Risk
• “Well begun is half done” ARISTOTLE
• Although beginning well will never actually
complete half of a project.
• Beginning poorly will lead to:
– disappointment,
– rework,
– stress, and
– potential failure
 Cont…
• A great deal of project risk can be discovered
at the earliest stages of project work.

– When defining the scope of the project.

 Cont…
• There is a lack of consensus and precise
definition of “scope.”
• Broad definitions use scope to refer to
everything in the project.
• Narrow definitions limit project scope to
focus on project deliverables.
 Cont…
How to Identify Risk

• Focus on identifying large significant risks that affect

project objectives.

• Carefully document and describe risks in a risk

register.

• Characterize risks in terms of impact and probability.

 Cont…
• Change Risk
– Some of the overlooked requirements.

– These gaps were due to incomplete or rushed

analysis.
 Cont…
• Scope Dependencies
– These are due to external factors that affect the
project.

– legal and regulatory changes do sometimes

happen without notice.
 Cont…
• Not all scope risks are strictly within the
practice of project management.

• These risks are related, and although they may

not show up in all projects, they are fairly
common.
– Ignoring these risks is inappropriate and
dangerous.
 Identifying Project Schedule Risk
• Schedule risks fall into three categories:
– Delays
and
– estimates
 Cont…
• Delay risks were most numerous: these are
defined as schedule slips.

• Estimate risks these are cases of inadequate

durations allocated to project activities.
 Cont…
• Schedule risk found in projects:
– estimating is the most visible

• Imposed deadlines were the subcategory of

estimating risks.
Identifying Project Resource Risk
– A lack of technical skills or
– Access to appropriate staff is a large source of
project risk for complex projects.

• Risk management on these projects requires

careful assessment of the skills needed and
the commitment of capable staff.
 Cont…
• There are three categories of resource risk:
– people,
– outsourcing, and
– money.

– People risks arise within the project team.

– Outsourcing risks are a consequence of using
people and services outside the project team for
critical project work.
 Examples
• Loss: Permanent staff member loss to the
project due to:
– resignation,
– promotion,
– reassignment,
– health, or other reasons
 Cont…
• Temporary loss: Short-term staff loss due to:
– illness,
– hot site,
– support priorities,
– or other reasons
 Cont…
• Late start:
– Staff not available at project start; often because of
the late finish of previous projects.

• Motivation:
– Loss of team unity and interest, typical of long
projects.
 Cont…
• Delayed starts are also fairly common with
outsourced work.
• Outsourcing risks can be detected through
planning processes:

– by careful analysis and thorough understanding of

all contract terms
Cont…
Cont…
Identification Techniques
Cont…
Cont…
 Retrospective Analysis
• Another technique for finding risks in a new
project is retrospective analysis of earlier
projects.
– The old adage that “Lightning never strikes twice
in the same place” is demonstrably false.
• lightning strikes the same spot hundreds of
times.
• Always the highest place with the best
electrical connection to the ground.
 Cont…
• On projects, the analogous statement “That
can never happen again” is equally untrue.

• Risks tend to recur in project after project,

unless you deal with the source of chronic
problems by doing things differently to avoid
them.
Early Identification

•Risk identification should be

performed as early as possible.

•Early risk identification

enables key project decisions.
 Iterative Identification

• Since not all risks can be identified at any

given point in the project.
• It is essential that risk identification is repeated
throughout the project life cycle.
–This should be done periodically.
–The frequency determined during the Plan Risk
Management process.
 Emergent Identification

•The Project Risk Management process should

permit risks to be identified at any time.

•i.e not limited to formal risk identification

events or regular reviews.
 Organizational Physical Physical Risks

 Accident on Site
Stakeholder Act of God  Damage to
Equipment
Risks  Damages to
Financial and
Machinery
Economical Design
 Human injuries
 Damages to
Labor & Site Related Political Infrastructure
Environmental  Fire eruption
 Theft
 Cont…

Organizational Physical Risks due to Act of

Nature

Stakeholder Act of God  Floods

 Earthquake
Risks  Landslide
Financial and
Economical Design  Fire
 Wind damage

Labor & Site Related Political

Environmental
 Cont…

Engineering Design
Organizational Physical
Risks
 Incomplete design
 Inexperience Designer
Stakeholder Act of God
 Defective design

Risks  Poor Scope

understanding
Financial and
Economical Design  Errors & omissions
 Inadequate
specifications
Labor & Site Related Political

Environmental
 Cont…

Organizational Physical
Political Risks
 Disownership of
Project
Stakeholder Act of God  Changes in laws and
regulations
Risks  Law & order Situation
Financial and Design  New Legislation
Economical

Labor & Site Related Political

Environmental
 Cont…

Environmental Risks
Organizational Physical
 Pollution and Safety
Rules
 Climatic risks like rain,
Stakeholder Act of God
snow etc

Risks
Financial and Design
Economical

Labor & Site Related Political

Environmental
 Cont…

Site Related Risks

Organizational Physical
 Labor disputes
 Stakeholder’s
Stakeholder Act of God interventions
 Labor inefficiency
Risks  Extreme site conditions
Financial and  Design changes during
Economical Design
currency of project
 Machinery, equipment
failure
Labor & Site Related Political
 Supply breakdown
Environmental
 Cont…

Financial & Economical

Organizational Physical
Risks
 Inflation
Stakeholder Act of God  Rise in Salaries
 Change in Interest
Risks Rates
Financial and
Economical Design  Escalation in
Materials Costs
 Cash flows
Labor & Site Related Political
 Exchange rate
Environmental
fluctuations
 Cont…

Stakeholders Risks
Organizational Physical

 Withdrawal of
Stakeholder Act of God
Acceptance
 Lobbying for
Risks Rejection

Financial and
 Protests
Economical Design
 Strikes
 Denying access to
Labor & Site Related Political site
Environmental
 Cont…

Organizational Risks
Organizational Physical

 Demotivation of
Project Team
Stakeholder Act of God  Leaving of Team
Member
Risks  Organization's Ability
Financial and
to keep the project
Economical Design

 Financial health

Labor & Site Related Political

Environmental
 Creating a Risk Register
• A risk register is:-
– A document that contains the results of
various risk management processes.
– It is often displayed in a table or
spreadsheet format.
– A tool for documenting potential risk events
and related information.

77
 Risk Register Contents
• The name of each risk event
• A description of each risk event
• The category under which each risk event falls
• The root cause of each risk

78
 Cont…
• Once you have listed and clearly defined all
the risks you have identified.

• Start to assemble a risk register to support the

next steps of analysis and assessment.
 Risks Linked to Project Objectives

•Each identified project risk should relate to at

least one project objective:
– time,
– cost,
–quality,
–scope, etc.
 Risk Identification Exercise
• As a team identify risk events for either:
a) Construction of Berbera corridor Road.
b) Building a drainage system of the Hargiesa city.
– As a group, select a project and identify potential
risk events.
• Brainstorm potential risks events
– Identify root cause identification risk
• Record on Risk Register (present)
 Exercise I

Identify 5 Threats Associated with Your

Project
Risk Analysis
 Cont…
• Risk analysis strives for deeper
understanding of potential project problems.

• Techniques for doing this are based on:

– qualitative information (used to prioritize risks)

– quantitative risk estimates (used to measure them)
 Qualitative
• Qualitative techniques are easier to apply and
generally require less effort.
• Qualitative assessment considers ranges for
probability.
– Qualitative methods are not precise
• Qualitative risk assessment is generally the
basis for rank-ordering risks.
 Quantitative Risk Analysis
• Assess the likelihood and impact of
identified risks.

• Risk quantification tools and techniques

include.
– Probability/Impact matrixes
– Expert judgment

86
 Cont…
• Quantitative methods strive for greater
precision.
• They can reveal more about each risk.
– the methods require more work
• Quantitative analysis also provides insight into
the absolute magnitude of risk impacts.
 Risk Probability
• Probability of any specific risk will always be
somewhere between:
– zero (occurrence impossible) and
– one (occurrence inevitable)
 Cont…
• Qualitative risk assessment methods divide the
choices into probability ranges.

• Require project team members to assign each

risk to one of the defined ranges.
• Quantitative risk assessment assigns each risk
a specific fraction between zero and one.
 Cont…
• Assessing probability with qualitative methods
requires less precision.
• Because it does not require specific numerical
values.
• Qualitative assessment divides the complete
range of possibilities into two or more no
overlapping ranges of probability.
 Cont…
• The simplest qualitative assessment uses two
ranges:
– More likely (0.5 to 1) and
– Less likely (0 to 0.4999).

• Project teams may be able to pick one of these

choices for each risk with little difficulty.
 Cont…
• A more common method for qualitative
assessment uses three ranges, assigning a
value of:
– high,
– medium, or
– low to each risk
 Cont…
– The definitions for these categories vary, but these
are typical:
• High: 50 percent or higher (likely)
• Medium: Between 10 and 50 percent
(unlikely)
• Low: 10 percent or lower (very unlikely)
Cont…
 Cont…
• There are a number of ways to assess
probability.
• For qualitative assessment methods:
– Experience,
– Interviewing, and
– Rough analysis of the risk situation may be
sufficient
 Impact/Probability Matrix
• A common method/tool to determine whether
a risk is considered: low, moderate, or high
• By combining the two dimensions of a risk:
- its probability of occurrence, and
- its impact on objectives if it occurs
 Cont….

Using a 2x2 Impact/Probability Matrix

Green: Low Risk
Yellow: Moderate Risk
High

Red: High Risk

Probability
Low

Low High
Impact
40
 Cont….

2x2 Impact/Probability Matrix example

Risk: Key project team
member with specialized skill
leaves project team before
High

work is done.
Probability

Impact: High
Probability: Low

X
Low

Low High
Impact Impact
40 Yellow Zone – Moderate Risk
Qualitative Risk Analysis Exercise
• Using a 2x2 impact & probability matrix, assess the
risks identified in the last exercise.
• First, evaluate the impact of the risk event on the
project objectives.
• Then, with the risks identified as “high” impact,
assess the probability of the risk event.
 Quantitative Analysis
• Historical data is always the best data source
for quantitative.

• It provides an empirical foundation for

probability assessment and is less subject to
bias.
 Cont…
• Information is central to managing projects
successfully.

• The overall assessment of project risk provides

concrete justification for necessary changes in
the project objective.
 Questionnaires and Surveys
• Questionnaires and surveys are a well
established technique for assessing project
risk.

• These can range from simple, multiple-

response survey forms.
 Cont….
• A risk assessment rating between 1 and 5 for
each project.
• Every project, regardless of size, was required
to have the risk survey.
• The survey was put to several uses. Any
project with a low risk score get (1 or 2).

• Projects having a high risk score (4 or 5).

 Cont…
• Many organizations have and use risk surveys.

• If you do not have a standard survey format.

• A generic three-option risk survey that can be

adapted for use on a wide range of project
types.
 Cont…
• Once you have finalized the risk assessment
questionnaire.
• The next step is to collect data.

• Gather responses for each question from

contributors who participated in project
planning.
 Cont…
• The number of total questions is kept to a
minimum.

• Select only the questions that are most relevant

to your project risks.
 Cont…
• When collecting data, encourage contributors
to choose the response that best describes your
project.
• Sum up the responses, then divide each sum
by the number of responses tallied.

• Average all questions to determine project risk

categories.
Risk Probability of Occurrence
Cont…
 Consequence of the Risk
• For example, if a contingency plan cost is
$10,000
• The associated with a risk of one day slip
having a 5 percent probability.

• The consequence of the contribution to the

project totals cost will be $500.
Risk Response Planning
 Taking Action
• Project Managers and project teams must act.
• Focus should be directed toward risks of most
significance.

• Effective project risk management can shift

the odds in favor of project success.
 Cont…
• Four main strategies:
– Risk avoidance: eliminating a specific threat or risk,
usually by eliminating its causes

– Risk transference: shifting the consequence of a risk and

responsibility for its management to a third party

– Risk mitigation: reducing the impact of a risk event by

reducing the probability of its occurrence

Copyright Course Technology 2001 114

 Cont….

Risk Response Strategy

• Realistic within project context
• Agreed upon by project team and all parties
involved
• Assigned to / owned by a responsible person

45
 Cont…

Risk Response Definitions

• Avoidance – Changing a project objective to
eliminate the threat posed by an adverse
risk event.

45
 Cont…
• Risk avoidance is a risk response strategy.
• Project team acts to eliminate the threat to
protect the project from its impact.
• It usually involves changing the project
management plan to eliminate the threat
entirely.
• The project manager may change the objective
that is in jeopardy.
 TRANSFER (threats)

• Transferring a threat does not eliminate it the

threat still exists.
– However, it is owned and managed by another
party.
• Transferring risk can be an effective way to
deal with financial risk exposure.
 Cont…
• Transferring project risk involves payment of a
risk premium to the party taking the risk.
• Contracts may be used to transfer specified
risks to another party.

• Transferring the risk simply gives another

party responsibility for its management it does
not eliminate it.
 Cont…
• Transference tools can be quite diverse and
include:
– the use of insurance
–performance bonds
–guarantees, etc.
–Contracts may be used to transfer liability for
specified risks to another party.
A fixed-price contract may transfer risk to the
seller.
 Cont…
• A transfer shifts the liability of risk to someone
else.

• This can be done through terms and conditions

in a contract or through insurance.
 Cont…
• Transferring liability for risk is most effective
in dealing with financial risk exposure.
 Cont…

Risk Response Definitions

• Mitigation – Reducing the Probability or
Impact of an adverse risk event (threat) to
an acceptable threshold.

45
 MITIGATE – or reduce (threats)
• Risk mitigation implies a reduction in the
probability or impact.
– Taking early action is often more effective to
repair than trying to repair the damage after the
risk has occurred.
• Examples of mitigation strategies include:
– adopting less complex processes, conducting test/
field investigations
 Risk Mitigation Strategies
Technical Risks Cost Risks Schedule Risks
Emphasize team support Increase the frequency of Increase the frequency of
and avoid stand alone project monitoring project monitoring
project structure
Increase project manager Use WBS Use WBS and PERT/CPM
authority
Improve problem handling Improve communication, Select the most experienced
and communication project goals understanding project manager
and team support
Increase the frequency of Increase project manager
project monitoring authority

125
 Cont…
•Once the set of potential responses
identified.
•Decision-support techniques may need to be
applied to select the best possible responses.
•The selection process should take into
account:
– the cost of the responses,
–the impact on the project objectives

126
 Risk Response Strategy Exercise
• Using the results from the qualitative analysis from
the last exercise:
• Identify risk response strategies for the “high-
high” (red zone) risk events.
• Decide who will be the responsible person to
monitor the risk event and the effectiveness of the
risk response
 Risk Monitoring & Control
• Risk response control involves executing
the risk management processes.
• Risks must be monitored
• Risk management is an integral component
of day-to-day project management.
• Project teams implement and continually
upgrade the Risk Management Plan.

128
 Cont…
– Monitor risks
– Identify new risks
– Evaluate and update risks
– Devise and implement response strategies
– Determine effectiveness of responses
– Report to management and stakeholders
 Cont…
• High impacts demand attention.
• If risk has a high impact and high probability,
it is intuitively recognized that it deserves a
response.
• Also, high-impact risks with low probability
require attention.
 Cont…
• Implemented response actions

• We must track and record their effectiveness

and any changes to the project risk profile.

• Did the response actions have a desired effect

on achieving project objectives?
 Cont…
• Communication within and among the project
team will be complete, correct, and timely.
• Effectiveness of the risk response actions will
be monitored and reported regularly.
• If need adjustments will be made as needed.
Thank You !!!