Chapter 11
Probability and Impact Matrix
A grid for mapping the probability of each risk and its impact on project objectives if that risk occurs
Probability and Impact Matrix
A grid for mapping the probability of each risk occurrence and its impact on project objectives if that risk occurs. Risk are prioritized according to their potential implications for project objectives. Uses negative for threats and positive for opportunities
Risk Categories
A means of grouping potential causes of risk
Negative Risk Events are
Called Threats
Ambiguity Risk
Uncertainty about the future where limited knowledge may affect the project's ability to achieve objectives. Addressed by defining knowledge deficiencies and filling the gap.
Escalate
Used when the project team or sponsor agrees it is outside the scope of the project or the proposed response exceeds the PM's authority.
What are two types of non-event risks?
Variability Risk and Ambiguity Risk
VUCA
Volatility Uncertainty Complexity Ambiguity
Internal Risk
Within the control of project manager
The Risk Breakdown Structure (RBS)
a hierarchical representation of risks according to their risk categories
SWOT Analysis
a planning tool used to analyze an organization's strengths, weaknesses, opportunities, and threats Strengths to identify opportunities Weaknesses to identify threats strengths may offset threats weaknesses may hinder opportunities
In identify Risks, Prompt Lists are:
a predetermined list of risk categories used to point out individual project risks and sources of overall project risk RBS lowest level is often used as a prompt list
Accept
acknowledge the existence of the risk but no proactive action is taken
Risk-neutral
middle ground attitude toward risk.
Risk-seeker
not afraid of risk, looking for risk
Quantitative Risk Analysis
numerical analysis done in order to calculate a rating of critical risk in currency -the known probability (a % or value between zero and one) -the impact of cost (currency or unit)
Pure or insurable risk
only involves change for a loss (e.g. fire, flood, personal injury, typically insurable)
Sensitivity Analysis
technique to determine which individual project risk have the most potential impact on project outcomes
Variability Risk
uncertainty about key characteristics of a planned event, activity, or decision. Addressed using Monte Carlo analysis -productivity may be above or below target -higher or lower number of errors found during testing -season weather conditions may occur
Risk-related questions on the exam are very complex and assume a proper risk management plan is being utilized.
.•Risk owners are in place and are tracking their risks. •The project has less risk since risk management plan has been done.
Risk Response Basic Steps
1.Identify and address the root cause of the risk. 2.Identify ALL potential risk responses for evaluation. 3.Analyze the top potential risk responses as required. 4.Agree on a selected risk response that may involve changes,including changing the entire project. 5.Assign a risk owner to plan and implement the response. Responses must be timely and cost-effective to risk. 6.Responses must be realistic to project context. 7.Response should be in line with the risk significance. 8.Once the risk response is implemented, evaluate it. Was the desired result achieved?
Risk Parameters:
1.Urgency-How soon a response must be implemented to be effective. 2.Proximity-Period of time before a risk impacts one or more objectives. 3.Dormancy-Period of time after a risk occurs before it's discovered. 4.Manageability-The ease with which the risk owner or organization can manage the occurrence or impact of a risk. 5. Controllability-The degree to which the risk owner or organization is unable to control the risk outcome. 6. Detectability-The ease with which the results of the risk occurring or being about to occur, can be detected and recognized. 7.Connectivity-The extent a risk is related to other individual risk. 8.Strategic Impact-The potential for the risk to have a positive or negative affect on the organization's strategic goals. 9.Propinquity-The degree to which a risk is perceived to matter by one or more stakeholders.
Plan Risk Management*
A process of defining how to conduct risk management activities for a project The degree, type, and visibility of risk management must be in line with both the level of risk exposure and the importance of the project to the organization. Ask yourself: who has a ROLE in risk management? what METHODS the PM will use? How much MONEY will be expended How much TIME will be expended
Risk Report*
A project document which summarizes information on individual project risk and the level of overall project risk.
Tornado Diagram
A typical display of sensitivity analysis.
Share
Allocate some or all of the ownership of the opportunity to the third party
Impact of risk
Amount at stake or consequence
Risk Exposure*
An aggregate measure of the potential impact of all risk at any given point in time in the project, program, or portfolio
Risk Management Plan*
Describes how risk management activities will be structured and performed.
Decision Tree Anaylsis
Diagramming and calculation technique used to support selection between several alternative courses of action when faced with risk used EVM to make a choice between each decision tree branch
Exploit
Ensure the opportunity definitely happens Eliminating the uncertainty of an upside risk
Risk Data Quality Assessment*
Evaluate the degree to which the data about risk is useful to risk management May include -data availability to assess the risk -accuracy and quality of the data -reliability and integrity of the data
Individual Project Risk*
Event or condition that, if it occurs, has a positive or negative effect on one or more project objectives
Risk Categories*
Group(s) of potential causes of risk. -categories need to addressed individually -may be hierarchical shown using the Risk Breakdown Structure (RBS) -A decomposition of potential sources of risk
Using the Monte Carlo Analysis outputs
Histograms show the quantity of iterations where a particular outcome resulted
Enhance
Increase the probability or positive impact
Risk exist and must be address at 2 levels within every project:
Individual Project Risk Overall Project Risk
Cost-Benefit Analysis
Individual project risk impacts are quantified in currency to calculate the ratio Change in impact level/implementation cost= Response strategy Cost Effective The higher the ratio, the more effective the response ( BIGGER IS BETTER)
Business or Inherent Risk
Inherent chance for either profit or loss, which is associated with a business venture
Passive acceptance
Involves no actions are taken except periodic review to see if the risk changes to occurs. Must be communicated to stakeholders
Risk Threshold*
Level of risk exposure above which risks are addressed and below which risk may be accepted. Explicitly stated specific degree of acceptable variation around the objective
Expected Monetary Value (EMV)
Multiplying the probability (P) times impact (I) to calculate a risk value EMV= P*(I$) Probability is % between zero and one Impact is (I) is $ currency
Positive risks are called
Opportunitites
External Risk
Outside the control of project manager
Keeping the project out of trouble and being proactive is a major part of ____'s job
PM PM strives to reduce or avoid threats
PESTLE
Political, Economic, Social, Technological, Legal, Environmental
Perform Quantitative Risk Analysis
Process numerically analyzes the effect of identified risks/uncertainty on overall project objectives.
Identify Risks*
Process of identifying individual project risk and sources of overall project risk, and then documenting their characteristics. involves ALL stakeholders to build ownership and responsibility for risk. Iterative process potential risk responses may be identified and recorded at any time.
Risk Management Plan may include:
Risk Strategy •General approach to managing risk. Methodology •Defines tools, specific approaches, and data sources used. Roles and Responsibilities •Defines the lead, support, and risk management team members. Reporting formats •Define how the outcomes of the risk management process will be documented and communicated. Tracking •Define how risk activities will be recorded and audited on the project.
Integrated Risk Management
Risk at each level of the organization, project, program, or portfolio should be owned and managed at the appropriate level.
Qualitative Risk Analysis
SUBJECTIVE comparison of risk to set a priority
Strategies for Negative Risks and Threats
Strategies for Negative Risks and Threats Avoid •Eliminate the threat by eliminating the cause, including terminating the project Transfer •Make another party responsible for the risk •Through insurance, performance bonds, warranties, or guarantees •Use outsourcing to transfer ownership and liability of risk via procurement Mitigate •Reduce the probability or impact of a threat •Look at options separately for both probability vs impact Escalate •Used when the project team or sponsor agrees a threat is outside the scope of the project or the proposed response would exceed the PM's authority Accept •Acknowledges the existence of the risk but no proactive action is taken
TECOP
Technical, Environmental Commercial, Operational and Political
In data gathering for risk, the Delphi Technique is
Technique which uses a questionnaire to solicit experts anonymously, data is summarized, recirculated, until consensus is reached Reduces bias of data and keeps a one person from having too much influence.
Overall Project Risk
The effect or uncertainty on a project as a whole arising from all sources of uncertainty (including individual risk), representing the exposure of stakeholders to the implications of variations in project outcome, both positive and negative
Risk Appetite*
The general degree of uncertainty that an entity is willing to take on in anticipation of reward
What is Uncertainty?
The lack of knowledge about an event, known as risk, found in all project areas -cost -time -quality -scope By analyzing the uncertainty, we can identify risk
Risk Probability and Impact Assessment
The probability and impact of each risk is evaluated, and rated on a standard scale. Typically done in interviews and meetings using definition tables.
Project Risk Management*
The process of conducting risk management planning, identification, analysis, response planning, a response implementation, and monitoring risk on a project.
Implement Risk Responses
The process of implementing an agreed upon risk response plan Key benefit: ensure that agreed upon risk responses are executed as planned to address overall project risk exposure.
Monitor Risks*
The process of monitoring the implementation of agreed-upon risk response plans, tracking identified risks, monitoring residual risks, identifying and analyzing new risks, and evaluating risk process effectiveness throughout the project.
Perform Qualitative Risk Analysis*
The process of prioritizing individual project risks for further analysis or action by assessing their probability of occurrence and impact as well as other characteristics. Enables PM to reduce the level of uncertainty and to focus on high priority risks. typically subjective Identifies a risk owner to plan the appropriate risk response and ensure that it is implemented. attention should be paid to identify and correct bias
Plan Risk Responses*
The process to develop options, select strategies, and agree on actions to address the overall project risk exposure, and to treat individual project risks. plans made by risk owner
Risk Register (created)*
The repository in which outputs of risk management processes are recorded Risk details include: list of identified risks, risk title, list of potential responses, WBS reference
Project resiliency requires:
The right levels of budget and schedule contingency for emerging risk, in addition to a specific budget for known risk. •Flexible project processes to cope with an emergent risk while maintaining overall direction toward project goals(including strong change management). •Empowered project team with clear objectives, trusted to get the job done within agreed-upon limits.•Frequent review of early warning signs to identify emerging risks. •Clear input from stakeholders to clarify areas where the project scope or strategy can be adjusted in response to an emergent risk
Simulation*
analytical technique that models the combined effect of uncertainties used to evaluate the potential impact on objectives. Monte Carlo technique is typically used.
Risk-averse
attitude of risk avoidance, typically selects the lowest risk item or the sure thing
Emergent Risk
becomes clear when you become aware of "unknowable unknowns" after the risk occurred.
Active Acceptance
creates contingency time reserves, cost reserves or contingency plans to use if the risk occurs. must be communicated to stakeholders
Stakeholder Anaylsis
determine the risk appetite of stakeholders
Key benefit of Monitor Risk
enables project decisions to be based on current information about overall project risk exposure and individual project risk
Enterprise-wide risk management
ensures alignment and coherence in risk management across all levels and provides the greatest overall value for the risk exposure
Agile projects use cross-functional project teams to
frequently review incremental work products to accelerate knowledge sharing and ensure that risk is understand and managed. 1.Risk is considered when selecting the content of each iteration. 2.Risks are identified, analyzed, and managed during each iteration. 3.Requirements documents are dynamic and updated regularly. 4.Work may be prioritized based on improved understanding of current risk exposure.
In Data Representation for Risk analysis
hierarchical charts risks are categorized using more than two parameters.
Risk Checklist
using historical information from previous similar projects Helps identify specific risks within each risk category. updated regularly.
Criticality Analysis
which risk elements have the greatest effect on the project's critical path -a criticality index is calculated for each risk element showing the frequency (%) of the element on the critical path