Slide Note
0 likes | 1 Views
Project risks can impact a project positively or negatively. It is essential to identify, analyze, and manage risks proactively to increase the likelihood of project success. Risks can be categorized into direct risks to project success, such as health and safety concerns, and other risks like environmental or legal factors. Attendees for risk management planning should include project managers, team leaders, stakeholders, and risk management personnel. Various methods like SWOT analysis, cause-and-effect diagrams, and interviews can help identify and assess project risks.
E N D
Project risk is a potential source of deviation from the project plan. Project risks can have negative or positive impact on the project. Project risks that are negative are called threats. Project risks that are positive are called opportunities.
Attitudes Toward Risk Attitudes Toward Risk Clinically depressed people judge risks more accurately than ‘normal’ people do. ◦ ‘Safe as houses’ – real estate will always go up. ◦ ‘Everything will be OK’ ◦ Darwin awards ◦ Other examples? ◦
‘Get ‘r done!’ ‘Get ‘r done!’ – – No matter what? No matter what? From Pamela S. Evers, ‘Business and Contract Law’, Cameron School of Business Executive Certificate Program
Types of Project Risks Types of Project Risks 1. Direct Risks to the Success of the Project 1. Direct Risks to the Success of the Project 2. Other Risks 2. Other Risks Health and safety ◦ Environmental ◦ The Iron Triangle The Iron Triangle Time Cost Legal ◦ Others? ◦ Scope (Quality)
The Biggest Risk of All The Biggest Risk of All
Risk Management Processes Process Project Phase Key Deliverables Plan Risk Management Planning Risk Management Plan Identify Risks Planning Risk register Perform Qualitative Risk Analysis Planning Risk register updates Perform Quantitative Risk Analysis Planning Risk register updates Risk related contract decisions Plan Risk Responses Planning Monitor and Control Risks Monitoring and Controlling Risk register updates
Risk ◦ Uncertain or chance events that planning can not overcome or control. Risk Management ◦ A proactive attempt to recognize and manage internal events and external threats that affect the likelihood of a project’s success. What can go wrong (risk event). How to minimize the risk event’s impact (consequences). What can be done before an event occurs (anticipation). What to do when an event occurs (contingency plans).
A proactive rather than reactive approach. Reduces surprises and negative consequences. Prepares the project manager to take advantage of appropriate risks. Provides better control over the future. Improves chances of reaching project performance objectives within budget and on time.
The risk management plan does not detail the planned responses to individual risks within the project-this is purpose of the risk response plan. The risk management plan is responsible for determining: How risks will be ID How quantitative and qualitative analysis will be completed How risk response planning will happen How risks will be monitored How ongoing risk management activities will happen throughout the project lifecycle
Attendees should include Attendees should include: Project Manager Project team leaders Key stakeholders Personnel specific to risk management Others
Categories of Risk to Project Success Categories of Risk to Project Success 1. 1. Technical, quality or performance risks: equipment or technology used on the project are not able to do the job properly Technical, quality or performance risks: People, 2. 2. Organizational risks: misaligned processes, requirements, constraints, inadequate funding or resources, etc. Organizational risks: Unreasonable expectations, 3. 3. External risks: politics, economic shifts, weather External risks: Legal and labor issues, regulations, 4. 4. Project management risks: management of time and resources, poor understanding of project scope or objectives Project management risks: Misallocation or poor Examples? Examples?
Preparing for Murphy’s Law Preparing for Murphy’s Law What might cause scope creep or poor quality? ◦ What might cause work to be delayed? ◦ What might cause costs to increase? ◦ What might cause the project to generate ‘negative externalities’? (e.g. health/safety, environment, etc.) ◦
Ways to Identify Risks Ways to Identify Risks Brainstorm with team members – using SWOT analysis, Ishikawa cause-and-effect diagrams, flow charts, influence diagrams or other tools ◦ Interview customers, partners, other stakeholders ◦ Use the Delphi technique (anonymous inquiry) ◦ Work ‘backwards’ from effects through proximate causes to root causes – ask ‘why?’ five times. ◦ Identify risks through interviews. ◦ Identify and examine all assumptions! Identify and examine all assumptions! ◦
Analyzing Assumptions Analyzing Assumptions Probability: the assumption – how likely is it to be wrong? Probability: How reliable is the information underlying ◦ Impact: assumption is wrong? Impact: How badly would the project be affected if the ◦
Understanding Risks through Assumptions Understanding Risks through Assumptions High Medium Priority Risks High Priority Risks Probability Probability Medium Priority Risks Low Priority Risks Low Low High Impact Impact
Three Ways to Manage Risks Three Ways to Manage Risks High Medium Priority Risks High Priority Risks Probability Probability Medium Priority Risks Low Priority Risks Low Low High Impact Impact
Risks Potential responses The root cause of risk Updates risk categories
Qualifying the risks that have been identified; subjectively
Steps in Qualitative Risk Analysis Steps in Qualitative Risk Analysis 1. Identify risks 2. Prioritize risks by probability and impact 3. Identify risks that require more analysis 4. Highlight risks to be addressed first
Creating a Risk Register Creating a Risk Register Probability Probability Impact Impact Score Score Risk Risk Merged systems fail to communicate Internet connectivity is lost Low High Moderate High Low Moderate Customer data is lost High Moderate High Client does not accept recommendations Client accepts recommendations, but does not implement Project staff are kidnapped Moderate High High Moderate Moderate Moderate Low High Moderate Funding ceases before completion of project Moderate Low Moderate
Numerical Risk Register Numerical Risk Register Probability Probability Impact Impact Score Score Risk Risk Merged systems fail to communicate Internet connectivity is lost 0.5 4 2 0.75 2 1.5 Customer data is lost 0.75 3 2.25 Client does not accept recommendations Client accepts recommendations, but does not implement Project staff are kidnapped 0.5 5 2.5 0.50 3 1.5 0.25 5 1.25 Funding ceases before completion of project 0.5 2 1
The ‘RAG’ Risk Register The ‘RAG’ Risk Register Probability Probability Impact Impact Score Score Risk Risk Merged systems fail to communicate Internet connectivity is lost Low High Amber Amber High Low Amber Amber Customer data is lost High Moderate Red Red Client does not accept recommendations Client accepts recommendations, but does not implement Project staff are kidnapped Moderate High Red Red Moderate Moderate Amber Amber Low High Amber Amber Funding ceases before completion of project Moderate Low Amber Amber
Assessing Risks Assessing Risks – – Key Considerations Key Considerations Data precision: about probability and impact? (assumptions!) Data precision: How much do we really know ◦ Reporting bias: the information have a reason to under/over estimate probability or impact? Reporting bias: Does the person who generated ◦ Timing: distant? Imminent risks require greater attention. Timing: Is the risk imminent, medium-term or ◦ Update the risk register regularly! Update the risk register regularly!
Numerically assessing the probability and impact of identified risks
Ascertain the likelihood of reaching project success Ascertain the likelihood of reaching a particular project objective Determine the risk exposure for the project Determine the likely amount of contingency reserve needed Determine the risks with the largest impact Determine realistic, time, cost, scope targets
Risk register Risk management plan Cost management plan Schedule management plan Organizational process assets
Notes on Quantitative Risk Analysis Notes on Quantitative Risk Analysis Risk distribution: probability: uniform, normal, triangular, beta or logonormal. Risk distribution: Describes relationship between impact and ◦ Sensitivity analysis: Assesses impact on the project (cost, Sensitivity analysis: time, scope/quality) of various risk outcomes ◦ Expected monetary value: Quantifies financial impact of a Expected monetary value: given risk based on the probability that it will occur. (Value- at-Risk) ◦ Decision trees: the best outcome (highest expected value) Decision trees: Quantifies probabilities in order to determine ◦ Monte to simulate decision-making in a complex environment. Monte- -Carlo and other simulations: Carlo and other simulations: Use computer algorithms ◦
Scenario 1 Best case provides a 20% probability of making $180,000 BC = 20% X $180,000= $36,000 Worst case provides a 15% probability of loosing [-$20,000] WC = 15% X(-$20,000) =(-$3,000) Most likely case provides a 65% probability of making $ 75,000 MLC = 65% X $75,000 = $48,750 Total Expected Monetary Value 100% $81,750
Scenario 2 Best case provides a 15% probability of making $200,000 Worst case provides a 25% probability of making $15,000 Most likely case provides a 60% probability of making $45,000 BC=15% X $200,000 =$30,000 WC= 25% X $ 15,000 = $ 3,750 MLC=60% X $45,000 = $27,000 Total Expected Monetary Value 100% $60,750 which scenario do you choose? Number one, because it has the highest EMV, or $81,750
List ways project might fail Evaluate severity (S) of each failure Estimate likelihood (L) of each failure occurring Estimate ability to detect each failure (D) Calculate Risk Priority Number (RPN) Sort potential failures by their RPNs
Strategies for negative risks or threats Strategies for positive risks and opportunities Strategies for both threats and opportunities Contingent response strategy
Strategies for Negative Strategies for Negative Risk Risk Avoid: the risk entirely. Avoid: Change some element of the project to remove ◦ Transfer: a third party. Transfer: Move ‘ownership’ of all or part of the risk to ◦ Mitigate: impact or the probability of the risk, or both. Mitigate: Take steps in advance to reduce either the ◦ Examples? Examples?
Exploit impacts, you want to make sure it will occur on the project. Exploit: looking for opportunities for positive Share: third party who may be best able to exploit the opportunity. Share: similar to transferring, assigning risk to a Enhance: triggers to assure the organization realizes the benefits. Enhance: entails watching for and emphasizing risk
Acceptance strategy: ◦ Passive acceptance: you make no plans to try and avoid or mitigate the risk, your willing to accept the consequences ◦ Active acceptance: developing contingency reserves to deal with risks should they occur
Contingency Reserve Planning Contingency Reserve Planning 1. Estimate the percentage probability of each risk occurring 2. Calculate the dollar value of its impact (negative) 3. Multiply the two to get the expected value 4. Add up expected value of all down-side risks 5. Offset with the expected value of any up-side opportunities 6. Sum is the recommended contingency reserve.
Contingency Reserve Planning Contingency Reserve Planning Expected Value Expected Value Risk Risk Probability Probability Impact Impact Travel costs increase 33% - $3000 - $1000 Initial analysis takes more time 25% - $12,500 -$3125 Client requests further study 10% -$5,000 -$500 Initial analysis takes less time 25% +$12,500 +$3125 (?) (?) What drives the monetary impact of each risk? What drives the monetary impact of each risk?
Four Possible Responses to Every Risk Four Possible Responses to Every Risk Risk Avoidance Risk Avoidance Use a proven rather than a new technology Add more time to the project period Clarify scope and expected deliverables Take out an insurance policy Buy/require a performance bond Use a fixed-price contract with vendors Bring in additional experts at critical points Hold frequent up-date meetings with clients Use simulations, prototypes and pilot-tests Include contingency funds in the project budget Understand impact of project failure Make contingency or ‘rescue’ plans in advance Risk Transference Risk Transference Risk Mitigation Risk Mitigation Risk Acceptance Risk Acceptance
Exercise: Identify the type of risk response strategy (avoid the probability, mitigate the impact, transfer, exploit, enhance the probability, enhance the impact, share, or accept) being described Name of Risk Response Strategy Description of Strategy 1 2 Remove a work package of activity from the project. Assign a team member to visit the seller's manufacturing facilities frequently to learn about a problem with delivery as early as possible. Move a work package to a date when a more experienced resource is available to be assigned to the project. Begin negotiation for the equipment earlier than planned so as to secure a lower price. Outsource a work package so as to gain an opportunity. Notify management that there could be a cost increase if a risk occurs because no action is being taken to prevent the risk. 3 4 5 6
Exercise: Identify the type of risk response strategy (avoid the probability, mitigate the impact, transfer, exploit, enhance the probability, enhance the impact, share, or accept) being described Description of Strategy Name of Risk Response Strategy 7 Remove a troublesome resource from the project. 8 Provide a team member who has limited experience with additional training. 9 Train the team on conflict resolution strategies. 10 Outsource difficult work to a more experienced company. 11 Ask the client to handle some of the work. 12 Prototype a risky piece of equipment.
