Chapter 9

Project Risk
Management

1
 What is Risk?
A dictionary definition of risk is “the possibility
of loss or injury”
 Project risk involves understanding potential

problems that might occur on the project and

how they might impede project success
 Risk management is like a form of insurance; it is

an investment

2
 What is Project Risk Management?
The goal of project risk management is to minimize potential risks
while maximizing potential opportunities. Major processes include
 Risk management planning: deciding how to approach and plan
the risk management activities for the project.
 Risk identification: determining which risks are likely to affect a
project and documenting their characteristics.
 Qualitative risk analysis: characterizing and analyzing risks and
prioritizing their effects on project objectives.
 Quantitative risk analysis: measuring the probability and
consequences of risks.
 Risk response planning: taking steps to enhance opportunities
and reduce threats to meeting project objectives.
 Risk monitoring and control: monitoring known risks,
identifying new risks, reducing risks, and evaluating the
effectiveness of risk reduction.
3
 Risk Management Planning
 The main output of risk management is a risk
management plan.
 The project team should review project

documents and understand the organization’s

and the sponsor’s approach to risk.
 The level of detail will vary with the needs of the

project.

4
Questions Addressed in a Risk Management Plan

5
 Risk Identification
 Risk identification is the process of
understanding what potential unsatisfactory
outcomes are associated with a particular
project.
 Several risk identification tools and
techniques include
Brainstorming
Interviewing

6
Potential Risk Conditions Associated With Each Knowledge Area
Knowledge Area Risk Conditions
Integration Inadequate planning; poor resource allocation; poor integration
management; lack of post-project review
Scope Poor definition of scope or work packages; incomplete definition
of quality requirements; inadequate scope control
Time Errors in estimating time or resource availability; poor allocation
and management of float; early release of competitive products
Cost Estimating errors; inadequate productivity, cost, change, or
contingency control; poor maintenance, security, purchasing, etc.
Quality Poor attitude toward quality; substandard
design/materials/workmanship; inadequate quality assurance
program
Human Resources Poor conflict management; poor project organization and
definition of responsibilities; absence of leadership
Communications Carelessness in planning or communicating; lack of consultation
with key stakeholders
Risk Ignoring risk; unclear assignment of risk; poor insurance
management
Procurement Unenforceable conditions or contract clauses; adversarial relations
7
 Qualitative Risk Analysis
 Assess the likelihood and impact of identified
risks to determine their magnitude and priority
 Risk quantification tools and techniques include

Probability/Impact matrixes
The Top 10 Risk Item Tracking technique

Expert judgment

8
 Top 10 Risk Item Tracking
 Top 10 Risk Item Tracking is a tool for
maintaining an awareness of risk throughout the
life of a project.
 Establish a periodic review of the top 10 project

risk items.
 List the current ranking, previous ranking,

number of times the risk appears on the list over

a period of time, and a summary of progress
made in resolving the risk item.
9
 Expert Judgment
 Many organizations rely on the intuitive
feelings and past experience of experts to
help identify potential project risks.
 Experts can categorize risks as high,

medium, or low with or without more

sophisticated techniques.

10
 Quantitative Risk Analysis
 Often follows qualitative risk analysis, but both
can be done together or separately.
 Large, complex project involving leading edge

technologies often require extensive quantitative

risk analysis.
 Analyzing the probability of risk occurrence and

consequences.
 Main techniques include
 Decision tree analysis
 simulation
11
Decision Trees and Expected Monetary Value (EMV)
A decision tree is a diagramming method
used to help you select the best course of
action in situations in which future
outcomes are uncertain.
 EMV is a type of decision tree where you

calculate the expected monetary value of a

decision based on its risk event probability
and monetary value.

12
 Simulation
 Simulation uses a representation or model of a
system to analyze the expected behavior or
performance of the system.
 Monte Carlo analysis simulates a model’s outcome

many time to provide a statistical distribution of the

calculated results.
 To use a Monte Carlo simulation, you must have

three estimates (most likely, pessimistic, and

optimistic) plus an estimate of the likelihood of the
estimate being between the optimistic and most
likely values. 13
 Risk Response Planning
 After identifying and quantifying risk, you must
decide how to respond to them.
 Four main strategies:
 Risk avoidance: eliminating a specific threat or risk,
usually by eliminating its causes.
 Risk acceptance: accepting the consequences should a
risk occur.
 Risk transference: shifting the consequence of a risk
and responsibility for its management to a third party.
 Risk mitigation: reducing the impact of a risk event by
reducing the probability of its occurrence.
14
 Risk Monitoring and Control
 Monitoring risks involves knowing their status.
 Controlling risks involves carrying out the risk
management plans as risks occur.
 Workarounds are unplanned responses to risk events
that must be done when there are no contingency
plans.
 The main outputs of risk monitoring and control are
corrective action, project change requests, and
updates to other plans.

15
 Risk Response Control
 Risk response control involves executing the risk
management processes and the risk management
plan to respond to risk events.
 Risks must be monitored based on defined

milestones and decisions made regarding risks and

mitigation strategies.
 Sometimes workarounds or unplanned responses to

risk events are needed when there are no

contingency plans.

16
THANK YOU!!

QUESTION???
17