1 / 29

Project Risk Management

Project Risk Management. Presenter: Phil Harman, PMP Executive Director for ZCS Internal PMO and Enterprise Project Management (EPM) Practice Manager September 2007. Agenda. Project Risk Management - What the Text Book says Core Processes, Techniques, and Outputs

michellek
Download Presentation

Project Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Project Risk Management Presenter: Phil Harman, PMP Executive Director for ZCS Internal PMO and Enterprise Project Management (EPM) Practice Manager September 2007

  2. Agenda • Project Risk Management - What the Text Book says • Core Processes, Techniques, and Outputs • Project Risk Management - In Practice • Project Risk Identification > The Questionnaire • Project Risk Management Plan > The Project Risk Log • Risk Monitor and Control > Risk applied to the Project Plan with assigned ownership Page 2

  3. Theory and Practice Text Book Definition:Risk Management is the systematic process of identifying, analyzing, and responding to project risk. It includes maximizing the probability and consequences of positive events and minimizing the probability and consequences of adverse events to project objectives. Simple Terminology:Risk Management is the identification of an unborn issue (a risk) that will have a negative impact on the project that must be eliminated with proactive planning, monitoring, and activities or tasks. Page 3

  4. Text Book - Risk Management Processes Risk Identification Risk Assessment Risk Analysis Risk Prioritization Risk Management Risk Mgmt Planning Risk Control Risk Resolution Risk Monitoring Page 4

  5. Output Tools & Techniques • Risk Management Plan • Planning Meetings Inputs • Project Charter • Organizations Risk Mgmt Policy • Defined Roles & Responsibilities • Stakeholder Risk Tolerances • Template for the Organizations risk management plan • Work breakdown structure Text Book - Risk Management Planning DEFINITION:The process of deciding how to approach and plan the risk management activities for a project. • Organizational Risk Management Policy: Predefined approaches to risk analysis and resolution that needs tailoring to a particular project. • Defined roles and responsibilities: Predefined roles, responsibilities, and authority levels for decision making will influence planning. • Stakeholder Risk Tolerance: Different organizations and different individuals have different tolerances for risk. Policies or historical actions may communicate this. • Planning Meetings: Project teams hold risk management planning meetings to develop the plan. Page 5

  6. Text Book - Risk Management Plan • Risk Management Planning output is the“Risk Management Plan” • The plan describes how risk identification, qualitative and quantitative analysis, resolution planning, monitoring, and control will be structured and performed during the project life cycle. • The plan may include: • Methodology • Roles & Responsibilities • Budgeting • Timing • Scoring and interpretation • Thresholds • Reporting formats • Tracking Page 6

  7. Text Book - Risk Identification DEFINITION: The process of determining which risks might affect the project and document the characteristics. ** Risk identification is an iterative process ** Inputs Output Tools & Techniques • Risk management plan • Project planning outputs • Risk categories • Historical information • Risks • Triggers • Inputs to other processes • Documentation reviews • Information gathering • techniques • Checklists • Assumption analysis • Diagramming techniques • INPUTS • Risk Management Plan: See previous slide • Project Planning Outputs: Items to be reviewed, but not limited to: project charter, WBS, product description, schedule and cost estimates, resource plan, procurement plan, assumption and constraints. • Risk Categories: Risks that may affect a project for better or worse can be identified and organized into risk categories. Categories include: • Technical, quality, and performance risks • Project Management risks • Organizational Risks – cost, time, and scope • External risks – shifting legal or regulatory environment, labor issues, natural events. • Historical Information: Information on prior projects may be available to help leverage lessons learned. Page 7

  8. Risk Identification- Tools/Techniques and Outputs • Outputs • Risks: Yep! This an output! • Triggers: Sometimes called risk assumptions or warning signs, these are indications that a risk has occurred or is about to occur. • Inputs to other processes: Risk identification may identify a need for a further action in another area or to other projects. • Tools and Techniques • Documentation Reviews: Performing a structured review of the project plans and assumptions. • Information gathering techniques: Examples of information gathering include: • Brainstorming – most common • Delphi technique – Consensus of experts on a subject area • Interviewing – Seek input from project managers or subject matter experts • Strengths, Weaknesses, Opportunities, and Threats (SWOT) analysis • Checklist: Using historical information and knowledge is a quick and simple way to identify risk. • Assumption analysis: Every project is conceived and developed based on a set of hypotheses, scenarios, or assumptions. • Diagram techniques: Cause-and-effect, System or process flow charts, and Influence diagrams . Page 8

  9. Text Book - Risk Analysis • Quantitative: The process of measuring the probability and consequences of risks and estimating their implications for project objectives. • Determine the probability of achieving a specific project objective. • Quantify the risk exposure for the project, and determine the cost and schedule contingency reserves that may be needed. • Identify risks requiring the most attention by quantifying their relative contribution to project risks. • Identify realistic and achievable cost, schedule, and scope targets. • Qualitative: The process of performing a qualitative analysis of risks and conditions to prioritize their effects on project objectives. Page 9

  10. Qualitative Risk - Tools and Techniques • Risk probability and consequences: This is generally described in qualitative terms such as VERY HIGH, HIGH, MODERATE, LOW, VERY LOW. • Risk Probability is the likelihood a risk will occur. • Risk Consequences is the effect on the project objectives if the risk event occurs. • Probability/impact risk rating matrix: The use of risk’s probability scale and risk’s impact scale is generally used. • Risk scale falls between 0.0 (no probability) and 1.0 (certainty) – See next slide • Risk impact scale reflects the severity of its effect on the project objective. Page 10

  11. Rating Impacts for a Risk Evaluating Impact of a Risk during Major Project Milestones Project Very Low Low Moderate High Very High Objective .05 .1 .2 .4 .8 Cost Insignificant <5% 5-10% 10 – 20% >20% Cost Increase Increase Increase Increase Increase Schedule Insignificant Schedule Slip Overall Prj Slip Overall Prj Slip Overall Prj Slip Schedule Slippage <5% 5-10% 10-20% Slips>20% Scope Scope Reduction Minor areas of Major Areas Scope Reduction Project end item scope affected of scope affected unacceptable to is not meeting client business need Quality Quality Only very Quality Reduction Quality Reduction Project end item Degradation small demanding Apps requires client unacceptable to is useless affected approval client Page 11

  12. Qualitative and Quantitative Risk Outputs • Qualitative • Overall risk rating for the project: Risk ranking is used to rank the risk of the project under evaluation against other projects. • List of prioritized risks: Risk can generally ranked as low, moderate, or high. • List of risks for additional analysis and management: Risk categorized as moderate or high would be prime candidates for more analysis, including quantitative risk analysis, and for risk management. • Trends in qualitative risk analysis results: As the analysis is repeated, a trend of results may become apparent, and can make risk resolution or further analysis more or less urgent and important. • Quantitative • Prioritized list of quantified risks: This list of risks include those that pose the greatest risk threat or present the greatest opportunity to the project together with a measure of their impact. • Probabilistic analysis of the project: Forecasts or potential project schedule and cost results listing the possible completion dates or project duration and costs with their associated confidence levels. • Probability of achieving the cost and time objectives: The probability of achieving the project objectives under the current plan and with the current knowledge of the risks facing the project. Page 12

  13. Text Book - Risk Resolution DEFINITION: The process of developing procedures and techniques to reduce threats to the project objectives. Inputs Output Tools & Techniques • Risk Management Plan • List of prioritized risks • Risk ranking of the project • Prioritized list of quantified risks • Probabilistic analysis of the project • Probability of achieving the cost and time objectives • List of potential resolutions • Risk thresholds • Risk owners • Common risk causes • Trends in qualitative and quantitative risk analysis results • Risk resolution plan • Residual risks • Secondary risks • Contractual agreements • Contingency reserve amounts needed • Inputs to other processes • Inputs to a revised project plan • Avoidance • Transference • Mitigation • Acceptance Page 13

  14. Risk Resolution – Outputs • Risk Resolution plan: This is also called “risk register” and should include some or all of the following: • Identify risks, their description, the area(s) of the project effected, their causes, and how they may affect project objectives • Risk owners and assigned responsibilities • Results from the qualitative and quantitative risk analysis • Agreed to response including avoidance, transference, mitigation, acceptance for each risk in the risk resolution plan • The level of residual risk expected to be remaining after the strategy is implemented • Specific actions to implement the chosen resolution strategy • Budget and times for resolution • Contingency plans and fallback plans • Residual risk: Residual risk are those that remain after avoidance, transfer, or mitigation resolutions have been taken. They also include minor risks that have been accepted and addresses. • Secondary risks: These risks arise as a direct result of implementing a risk resolution. • Contractual agreements: Contractual agreements may be used to specify each party’s responsibility for risks. • Contingency reserve amounts needed: Probabilistic analysis of the project and risk thresholds help the project manager determine the amount of contingency needed to reduce risk. • Inputs to other processes: Most resolutions to risk involve expenditure of additional time, cost, or resources and require changes to project plans. • Inputs to a revised project plan: The results of the resolution planning process must be incorporated into the project plan, to ensure that agreed actions are implemented and monitored as part of the ongoing project. Page 14

  15. Risk Resolution –Tools/Techniques • Tools and Techniques • Avoidance: Risk avoidance is changing the project plan to eliminate the risk or condition or to protect the project objectives from its impact. • Transference: Risk transference is seeking to shift the consequences of a risk to a third party together with ownership of the resolution. (Financial risk is most common) • Mitigation: Mitigation seeks to reduce the probability and or consequences of an adverse risk event to an acceptable threshold. • Acceptance: This technique indicates that a project team has decided not to change the project plan to deal with a risk. Developing a contingency plan is a way to managing known risks. The contingency plan adopt contingency allowance or reserve that includes: • Time • Money • Resources Page 15

  16. Text Book - Risk Monitoring & Control DEFINITION: The process of monitoring residual risks, identifying new risks, executing risk reduction plans, and evaluating their effectiveness throughout the project life cycle. The purpose of risk monitoring is to determine if: • Risk resolution have been implemented as planned • Risk resolution actions are as effective as expected, or if new resolutions should be developed • Project assumptions are still valid • Risk exposure has changed from its prior state, with analysis and trends • A risk trigger has occurred • Proper policies and procedures are followed • Risks have occurred or arisen that were not previously identified Inputs Output Tools & Techniques • Risk Management Plan • Risk resolution plan • Project communication • Additional risk identification and analysis • Scope Changes • Workaround plans • Corrective action • Project change request • Updates to the task resolution plan • Risk database • Updates to risk identification checklist • Project Risk resolution audits • Periodic project risk reviews • Earned Value analysis • Technical performance measurements • Additional risk resolution planning Page 16

  17. Project Risk Management (RM) - In Practice Practice = Text Book Identification Risk Assessment Quantification Prioritization Risk Management Risk Mgmt Plan and Log Risk Monitor and Control Risks tracked in Project WBS Where the rubber hits the road! Risk Ownership Page 17

  18. Project RM – In Practice • Project Risk Identification > Use a Questionnaire • Risk Monitor and Control • Project Risk Management Plan = The Project Risk Log • Describes • Quantifies • Probability of Occurrence • Resolution • Prioritizes • Ownership • Status • Risk Ranking • Project Schedule > Risk Items get put into project WBS (as contingency) and Assigned Ownership Page 18

  19. Project RM – In PracticeRisk Identification Categories • Project Integration Management • Scope Management • Time Management • Cost Management • Human Resource Management • Communication Management • Procurement Management • Quality Management • Technology • Data Conversions • External Factors Page 19

  20. Risk Identification using a questionnaire Page 20

  21. Risk Identification using a questionnaire (cont’d) Page 21

  22. Risk Identification using a questionnaire (cont’d) Page 22

  23. Risk Identification using a questionnaire (cont’d) Page 23

  24. Project Risk Management Plan and Log Page 24

  25. Managing the Risk Assessment Results Risk Monitor and Control The “No Surprise Approach” to Risk Management is accomplished by: • All identified risk items get put into the project work breakdown structure (WBS) • All risk items have owners > including the executive sponsors and senior management • Risks are reported to the senior and executive leadership in the project dashboard • When a RISK EVENT does occur, becomes an issue, then a Project Change Request (PCR) is immediately submitted …. No Surprise PCR Page 25

  26. Project WBS Example Page 26

  27. Project Dashboard Page 27

  28. Risk Summary Dashboard – Example 1 Page 28

  29. Risk Summary Dashboard – Example 2 Page 29

More Related