Risk Management for Projects

John Kafuku

1
 Project Risk Management
 Review risk concepts

– Risk Management Overview and the Risk

Management Plan
– Risk Identification
– Risk Quantification
– Risk Response
– Risk Control
2
 Project Risk Management

Risk Management Overview

and the Risk Management Plan

Risk Management Overview

and the Risk Management Plan

3
 Project Risk Management
Risk Management Overview

 What is risk?
Risk: An uncertain event or condition that, if it occurs, has a positive
or negative effect on a project’s objectives

VENTURE OUTCOME
(Project) (Products)

FAVORABLE
UNKNOWNS (Opportunity)
(Uncertainty)
UNFAVORABLE
(Risks)

4
5
 Project Risk Management

 Risks vs Issues
– Many projects use risk and issue logs. Sometimes the management of
issues and risks can become confusing.
– The definition of an Issue: A point or matter in question or
in dispute, or a point or matter that is not settled and is
under discussion or over which there are opposing views or
disagreements.
– If you define these items and their logs and the subsequent
management of risks and issues then you can handle risks and issues as
you desire
– If you are dictated by the company, or management team to handle
risks and issues in a particular manner, then follow Risk Management
Plan, and or Issue Management Plan to handle risks and issues.
6
 Project Risk Management

Project Lifecycle
Risk vs. Amount at Stake

I
CONCEPT DEVELOPMENT IMPLEMENT CLOSE
N
PHASE PHASE PHASE PHASE
C
R $
OPPORTUNITY AND RISK
E
A V

S A
PERIOD WHEN
I HIGHEST RISKS L

N ARE INCURRED U

G E

PERIOD OF
R HIGHEST
I RISK IMPACT
AMOUNT AT STAKE
S

7 K
 Phase Risks Control
Planning,  Inadequate • Establish comprehensive
Feasibility requirements requirements
Study and  Inadequate scope • Conduct of FS
Design  Incomplete data • Check design team (staff)
 Poor estimating • Review design and approve
 Lack of FS • Review consultant
 Lack of details in contracts
design • Undertaken value
 Over design engineering

Tendering  Lack of competition • Confirm bidders in TANEPS

Process  Incomplete RFP/ or • Check procurement time as
Tender documents per PPR
 Delays of process • Check corruption
 Fraud and indicators.
corruption • Review contract award
 Complaints process
• Review contract documents
 Phase Risks Control
Constru  Delays in handing • Check the effective and
ction over the site start date
 Delays in mobilization • Check payment of advance
 Lack of equipment payment or inception report
 Delays in project • Check involvement of key
execution staff
 Delay in payments • Cost project tracking
 Poor quality system
 Excessive variation • Change order review and
orders approval
 Non-compliance of • Check quality of work
OHSE • Safety audits
 Price escalation • Check for environmental
 Dispute alert compliance
 Unforeseeable • Robust contract
conditions management
 Force Majeure • Cover works by insurance
 Phase (Closure) Risks Control
 Claim for work  Claims not • Project evaluation
completion honored

 Delay in  Liquidated • Impose liquidated

completion damages damages

 Poor outputs of  Final testing • Confirmatory tests

works report • Verification of
acceptance testing
 Maintenance  Failure to • Quality assurance
manual; As built approve final plan
drawings etc. drawings • Penalties

 Project ethics  Corruption and • Conduct corruption

collusion red-flag
 Project Risk Management

 What is risk management?

– Identifying, analyzing, prioritizing, and responding to
risk events
– Integration of risk management activities into your
other project management functions
– Developing responses to risk to meet your project
objectives
– Project risk management is PROACTIVE

11
 Project Risk Management

INTEGRATING RISK WITH OTHER PROJECT MANAGEMENT FUNCTIONS

PROJECT
MANAGEMENT
INTEGRATION
INFORMATION /
SCOPE
COMMUNICATIONS
Life Cycle and
Expectations Environment Variables
Ideas, Directives, Data
Feasibility
Exchange Accuracy

QUALITY
Requirements PROJECT Availability HUMAN
Standards RISK Productivity
RESOURCE

Services, Plant, Materials:

Time Objectives, Performance
Cost Objectives,
Constraints Restraints

CONTRACT /
TIME
COST PROCUREMENT

12
 Project Risk Management

 Components of the Risk Management Plan

– Methodology
– Roles and responsibilities
– Budgeting
– Timing
– Risk categories
– Definitions of risk probability and impact
– Probability and impact matrix
– Stakeholder’s tolerances
– Reports
13 – Tracking
 Project Risk Management

 Results from developing the Risk Management Plan

– You have a written plan
– You know what actions you have to do
– You know who is responsible for what
– You can track your work
– You can learn from your risk activities and help others with
their risk
14
 Project Risk Management

Risk Identification

15
 Project Risk Management
Risk Identification

 Risk in business is typically divided into 2 basic types

 Business Risk: Chances of profit or loss associated with a business
endeavor
 Business employs a staff of qualified workers to increase profit and
reduce chances of loss
 Pure or Insurable Risk: Divided into 4 categories
 Direct property: Destruction of property by fire, etc.
 Indirect property: Extra expenses associated with rental property
or loss due to a business interruption
 Liability: Chance of a lawsuit of bodily injury, damages, etc.
 Personnel: Injuries to workers (Worker’s Comp)
16
 Project Risk Management
Risk Identification

 Risk in project management

– Usually not enough attention is paid to risk on projects
– All risks are not independent and frequently the greatest risk
on a project comes from a series of related/integrated events
– Ultimate responsibility of risk management resides with the
project sponsor
– As the project manager representing the sponsor, risk
management becomes a large responsibility
17
 Project Risk Management
Risk Identification

 Risk identification is never done

 Risk identification is performed throughout the life of the

project

 The process for identifying risk

– Understand the project

– Identify the risk event

– Document the results and take appropriate actions

18
 Project Risk Management
Risk Identification

 Types of risk
– Technical
– External
– Organizational
– Project Management
Note: These are example types of risk and this list can be
modified to meet the needs of your project
 Developing a project RBS (Risk Breakdown Structure) is an
excellent tool to help identify risks
19
 Project Risk Management
Risk Identification
PROJECT
RBS

PROJECT
TECHNICAL EXTERNAL ORGANIZATIONAL
MANAGEMENT

SUBCONTRACTORS PROJECT
REQUIREMENTS ESTIMATING
& SUPPLIERS DEPENDENCIES

TECHNOLOGY REGULATORY RESOURCES PLANNING

COMPLEXITY &
MARKET FUNDING CONTROLLING
INTERFACES

PERFORMANCES
& RELIABILITY CUSTOMER PRIORITIZATION COMMUNICATIONS

The Risk Breakdown Structure (RBS) lists categories

and sub-categories for project risk. The actual
20 QUALITY WEATHER
categories will vary across different types of projects.
 Project Risk Management
Risk Identification

 What you need to identify risk

– Product description
– Planning documents
 Project scope statement
 Cost mgt plan
 Schedule mgt plan
 Communications mgt plan
 Enterprise environmental factors
 Stakeholder register
 Quality mgt plan
 Organizational process assets
– Historical Information
 Previous project data
 Expert knowledge
21
 Project Risk Management
Risk Identification

 In your risk identification meeting

– Validate RBS with core team

– Identify risks by source (RBS)

– Identify risks by level of uncertainty:

Known Known / Unknown Unknown / Unknown

Situation with no Situation with an Situation whose
uncertainty identifiable uncertainty existence we cannot
imagine

22
 Project Risk Management
Risk Identification

 Conduct a risk identification meeting

– Gather all relevant data
– Schedule a risk management meeting with your core team members
– Use a structured approach: Brainstorming, Nominal Group Technique, Delphi
Technique, Mind Mapping, Project Lessons Learned
– Focus on identifying risk only

 Schedule risk identification meetings in your project plan

– After certain milestones: Requirements complete, design complete, etc.

 Event driven
– A risk event happens and becomes part of the risk register
23
 Project Risk Management
Risk Identification

 Brainstorming

– Chose a facilitator (best if other than the project manager)

– Chose a scribe to capture the risks

– Use a category or categories to start the creativity flowing

– Do not judge or analyze during this effort

– Focus on getting the universe of risks for your project

24
 Project Risk Management
Risk Identification

 Nominal Group
– Gather the core team for a risk workshop

– Use flip charts or a whiteboard to collect info

– Begin by having each person identify potential areas of risk

– Then within each area have each person write at least 3-5 risk

events

– Repeat until everyone has listed their risks

25
 Project Risk Management
Risk Identification

 Delphi technique
– Identify a facilitator
– The facilitator then identifies qualified experts to participate
– The facilitator poses questions to the experts individually
– The facilitator then analyzes the results to identify common
themes
– The results are then shared with the experts for validation
– The list is then refined and again shared with the panel
– The facilitator the creates a single results document
26
 Project Risk Management
Risk Identification

 Mind mapping

– Begin with a category of risk in the center represented by a

circle
– Major risks for that category are represented by lines
connecting with the circle
– For each major risk identify smaller risks that are part of that
risk
– Do not judge or evaluate at this time
27 – Continue until no more risks can be identified
 Example of Risks Identification
 Risk identification process:
• Interview project stakeholders. Ask stakeholders,
leadership, and experts in the topic.
• Brainstorm potential risks with your project team.
• Document and ratify your assumptions.
• Check your checklists.
• Perform a risk assessment matrix. A risk assessment
matrix categorizes severity into four buckets:
catastrophic, critical, marginal, and minor.
• Important risk events, put them into a Risk Register

28
29
 Project Risk Management

Risk Quantification

30
 Project Risk Management
Risk Identification

 Identify your risks in a risk register or a risk log

Functional Area Identify the functional business areas

potentially impacted by the risk

Risk Category Cost; External; Schedule; Technical;

Resources; Operational

Risk Description Description of the risk and the impact of it

Date Identified Date the risk was identified

Raised By Who identified the risk

31
 Project Risk Management
Risk Quantification

 What are the right risks to manage

– Analyzing risks for probability and impact
– Developing a risk profile for your project
– Prioritizing your risks
 When to quantify risks
– Whenever a new risk is created
– An existing risk changes
– Influential factors change
– New information surfaces
– A change is proposed by the sponsor
– Market conditions change
– Significant personnel leave the project
32
 Project Risk Management
Risk Quantification
 Quantitative Analysis
– Relies on a numeric value
– Uses objective data
– Requires understanding of
probability theory
– Removes some uncertainty
– Should be based on
historical data
– Some examples are:
sensitivity analysis,
expected monetary
analysis, and modeling and
simulation
33
 Qualitative Analysis
– Uses subjective values:
Green, Amber, Red
– Requires common
understanding of ordinal
ranking system
– May be less precise than
quantitative analysis
– Should be defined in terms
of the parameters of the
project
 Project Risk Management
Risk Quantification

 Probability
– Can be done in a basic approach by developing a simple estimate of the probability that an
event will be late in delivery
 Ed says it is 50% likely this task will be late
 Probability of Event 1 x Probability of Event 2 = Probability
– Can be done in a more complex manner by using weighted averages
 Joe says 35% chance of being late
 Mary says 40% chance of being late
 Ed says 50% chance of being late
 Joe gets twice as much credit because he knows more about the situation
 The probability is: ((2 x 35) + (40) + (50)) / 4 = 40%
– Quantifying risk probability can become quite complex, there are many resources to assist
you with more detailed approaches (books, internet research, multi-day training,
34 consultants).
 Project Risk Management
Risk Quantification

 Assessing Impact
– Schedule Tools:
 Network analysis (relationships, durations, critical path(s),
near critical paths, hard constraints)
 Resources (availability, competency, productivity)
 Estimates (accuracy, source, method)
– Cost tools:
 WBS
 Requirement definition
 Estimating methodologies
 Expected monetary value
 Decision trees
35  Financial analysis
 Project Risk Management
Risk Quantification

 Assessing Impact (cont.)

– Quality
 Ask yourself the question “What if the project fails to perform
as expected during its operational life?”
 Of all the project objectives, conforming to quality objectives
is the one most remembered
 Therefore, this is one of the most important dimensions
impacting your project
 You can use financial analysis to identify risk for poor quality
by quantifying long term activities that will impact the
product lifecycle for your analysis
36
 Analyze and Prioritize
 Analyze the likelihood, severity, and response
plan. Depending on the complexity of your
project risks, consider doing your risk analysis
with your project team or with key
stakeholders. To decide severity, think of how
the risk will impact your project objectives. Will
it delay your timeline, undermine your budget,
or reduce the impact of your project
deliverables? Then, for each risk, come up with
a response plan. Your response plan isn’t
necessarily an action item
37
38
39
 Project Risk Management

Risk Response

40
 Project Risk Management
Risk Response

 Risk response is:

– Defining steps for responses to opportunities and threats
– Assigning responsibility
– Developing responses for negative risks:
 Avoiding: Changing the project mgt plan to eliminate the risk.
Could involve changing the objective, modifying the
schedule, or reduction in scope.
 Mitigating: A reduction in the probability or impact to the
project. Taking early action to reduce the probability,
adopting less complex processes, or conducting more tests.
 Transferring: Shifting the risk to a third party for the
management of the risk. Does not eliminate the risk, could
involve insurance, warranties, bonds.
 Insurance: Purchase insurance to reduce/eliminate risk – an
athlete may purchase insurance against injury to guarantee
their income.
41
 Project Risk Management
Risk Response

 Risk response is:

– Developing responses for negative risks:
 Accepting: It is possible that the risk cannot be eliminated or
managed. Can be active or passive in approach – a contingency
reserve in time, money, or resources.
– Developing responses for positives risks or opportunities
 The strategies for managing positive risks are:
– Exploit the situation. We make sure the event does happen
so we can enjoy the rewards of the event.
– Enhance the probability and positive impacts of the event.
– Share the ownership with a third party who can better
enhance the situation.
– Accept the opportunity, take the advantages provided by
42 the event, but do not actively pursue the event.
 Project Risk Management
Risk Response

 Approach response development from a project wide

perspective
 Consider related risks
 Stay within your project scope on your responses
 Consider the following for contingency planning:
– The management of a contingency budget
– The development of schedule alternatives and work-
arounds
– Complete emergency responses to deal with major areas
of risk
43 – An assessment of project shut-down liabilities
 Project Risk Management

Risk Control

44
 Project Risk Management
Risk Control

 Actively work your risk register/log

 Update risks as needed (data, new resources,
new/changing requirements)
 Review the log in status calls, set and use due dates for
active contingency plans
 Hold assigned resources accountable for their action
items
 Engage sponsor when invoking contingency plans to
ensure they know a risk has happened and the team is
actively working the response plan
45
 Project Risk Management
Risk Control
Risk ID
Functional Area
Risk Category
Risk Description
Date Identified
Raised By
Date Assigned
Assigned To
Probability
Potential Impact
Risk Factor (P*I)
Positive or Negative Impact
Response Category
Status/Comments
Trigger
Proposed/Actual Resolution
46
Contingency Plan
Example Log
Sequential number assigned
Identify the functional business areas potentially impacted by the risk
Cost; External; Schedule; Technical; Resources; Operational
Description of the risk and the impact of it
Date the risk was identified
Who identified the risk
Date the risk was assigned
Who the risk was assigned to
1, 2, 3, 4
1, 2, 3, 4
Probability * Impact
Will the risk have a Positive, Negative, Both or Unknown?
Acceptance; Mitigation; Transfer; Avoidance
Status of risk and update/comments about it
Preliminary event that will indicate the risk is about to take place
Risk Response plan
Alternate Plan if Risk Response fails
 Project Risk Management
Conclusion

 Risk management requires:

– Planning
– Structure
– Analysis
– Creativity
– Constant attention
– Flexibility

47 – Communications, communications, communications !!

 Project Risk Management
Group Exercise

 Assignment to develop a risk plan for a

project
 Work in group of 3-5 students
 Consider any project which you are familiar
with
 Develop risk plan and summary of what
happened, then each project group will
submit the assignment by 9th June, 2022
48
 Project Risk Management
Group Exercise

 Your assignment, as the Project Managers is to:

– Develop a Risk Management Plan
– Develop an RBS
– Conduct a Risk Identification
– After the identification, quantify risks
– Develop risk responses for all significant risks
– Prepare a summary sheet on findings and
write report
– Prepare risk register
49 – Updates the project information