CH. 11 Risk Management
Integrated Risk Management
*some organizations make the mistake of only addressing tactical and negative risks when performing risk management ... David Hilson, suggests overcoming this problem by widening the scope of risk management to encompass both strategic and upside opportunities (integrated) * also, described the importance of good working relationships between project sponsor and PM
Broad Categories of Risk
1. Market 2. Financial 3. Technology 4. People 5. Structure/Process
Importance of Project Risk Management
Art and science of identifying, analyzing and responding to risk throughout the life of a project and in the best interests of meeting objectives *often overlooked, but can help improve success by helping select good projects, determining project scope and developing realistic estimates Need to Improve: (Ibbs + Kwak) study shows risk has lowest maturity rating of all knowledge areas; Mauritius, South Africa software development companies show same results & KLCI study shows benefits - 80% anticipate/avoid problems; 60% prevent surprises; 47% improve negotiation ability; 47% meet customer commitments; 43% reduce schedule slips; 35% reduce cost overruns; 6% none
Performing Qualitative Risk Analysis
Assess the likelihood and impact of identified risks to determine their magnitude and priority Tools & Techniques: 1. Probability/Impact Matrix 2. Top Ten Risk Item Tracking 3. Expert Judgment
Risk-Neutral
Balancing risk and payoff
Risk Enhancement
Changing the size of an opportunity by identifying and maximizing key drivers of the positive risk Risk ___________ is changing the size of an opportunity by identifying and maximizing key drivers of the positive risk
Risk Appetite
Degree of uncertainty an entity is willing to take on, in anticipation of a reward
Fallback Plans
Developed for risks that have a high impact on meeting project objectives, and are put into effect if attempts to reduce the risk are not effective
Influence Diagram
Diagrams that represent decision problems by displaying essential elements, including decisions, uncertainties and objectives, and how they influence each other
Flowcharts
Diagrams that show how various elements of a system relate to eachother
Secondary Risks
Direct result of implementing a risk response
Risk Exploitation
Doing whatever you can to make sure a positive risk happens Risk ________ is doing whatever you can to make sure the positive risk happens
Risk Avoidance
Eliminating a specific threat or risk, usually by eliminating its causes Risk _________ involves eliminating a specific threat or risk, usually by eliminating its causes
Controlling Risks
Executing risk management process to respond to risk events and ensuring that risk awareness is an ongoing activity performed by entire team throughout entire project - Workarounds are unplanned responses to risks events that must be done when there are no contingency plans
Interviewing
Fact-finding technique for collecting information in face-to-face, phone, e-mail, or instant-messaging discussions - interviewing people with similar project experience is an important tool for identifying potential risks
Management Reserves
Funds held for unknown risks that are NOT part of the cost baseline but ARE part of the budget and funding requirements
Brainstorming
Group attempts to generate ideas or find a solution for a specific problem by amassing ideas spontaneously and without judgement - Experienced facilitator should run session - Be careful not to overuse/misuse: individuals produce a greater number of ideas working alone than brainstorming in small, face-to-face groups - Group effects inhibit idea generation
Risk-Seeking
Having a high tolerance for risk; satisfaction increases when more payoff is at stake Risk _______ people have a high tolerance for risk
Risk-Averse
Having a low tolerance for risk; utility rises at a decreasing rate
Top Ten Risk Item Tracking
Helps to identify risks and maintain an awareness of risks throughout the life of a project - Establish a periodic review of the top ten; list the current and previous ranking, number of times risk appears on the list over a period of time, and a summary of progress made in resolving the risk item The ________ Risk Item Tracking is a qualitative risk analysis tool that helps to identify risks and maintain an awareness of risks throughout the life of a project
Risk Breakdown Structure
Hierarchy of potential risk categories for a project, similar to WBS but used to identify and categorize risks
Triggers
Indicators or symptoms of actual risk events
Risk Response Planning
Involves taking steps to enhance opportunities and reduce threats to meeting project objectives. Using outputs from the preceding risk management processes, project teams can develop risk response strategies that often result in updates to the project management plan and other project documents Risk ________ planning is taking steps to enhance opportunities and reduce threats to meeting project objectives The main outputs are project management plan updates, project document updates
Watch List
List of risks that are low priority, but are still identified as potential risks; qualitative analysis can also identify risks that should be evaluated on quantitative basis
Probability/Impact Matrix
Lists the relative probability of a risk occurring on one side and the relative impact of the risk occurring on the other; list the risks and then label each one as high, medium or low in terms of its probability of occurrence and its impact if it did occur *Calculate Risk Factors: numbers that represent overall risk of specific events based on their probability of occurring and the consequences to the project if they do occur A ________/impact matrix or chart lists the relative probability of a risk occurring on one side of a matrix or axis on a chart and the relative impact of the risk occurring on the other
Risk Tolerance
Maximum acceptable deviation an entity is willing to accept on a project or business objectives as the potential impact
Risk Factors
Numbers that represent the overall risk of specific events based on their probability of occurring and the consequences to the project if they do occur
Performing Quantitative Risk Analysis
Often follows qualitative risk analysis, but both can be done together - large, complex projects involving leading edge technologies often require extensive quantitative analysis (Excel common tool) Techniques: 1. Decision Tree Analysis 2. Simulation 3. Sensitivity Analysis
Risk Management Plan
Plan that documents the procedures for managing risk throughout a project, team should review project documents and understand the organizations and sponsors approach to risk; level of detail will vary with project needs Contents: 1. Methodology 2. Roles and responsibilities 3. Budget and schedule 4. Risk categories 5. Risk probability and impact 7. Revised stakeholders' tolerances 8. Tracking 9. Risk Documentation
Contingency Plans
Predefined actions that the project team will take if an identified risk event occurs
Identifying Risks
Process of understanding what potential events might hurt or enhance a particular project, another consideration is the likelihood of advancement Tools & Techniques: 1. Brainstorming 2. Delphi Technique 3. Interviewing 4. SWOT Analysis
Contingency Reserves/Allowances
Provisions held by the project sponsor or organization to reduce the risk of cost or schedule overruns to an acceptable level Contingency________ or allowances are provisions held by the project sponsor or organization to reduce the risk of cost or schedule overruns to an acceptable level
Risk Mitigation
Reducing the impact of a risk event by reducing the probability of its occurrence Risk _______ is reducing the impact of a risk event by reducing the probability of its occurance
Residual Risks
Remain after all of the response strategies have been implemented
Positive Risk
Result in good things happening (opportunities)
Unknown Risks
Risks that have not been identified and analyzed so they cannot be managed proactively
Known Risks
Risks that the project team has identified and analyzed and that can be managed proactively
Risk Transference
Shifting the consequence of a risk and responsibility for its management to a third party Risk __________ occurs when the consequenmces of a risk and responsibility for its management are shifted tp a third party
Runaway Project
Significant cost or schedule overruns and often does no risk management at all
Risk Events
Specific uncertain events that may occur to the detriment or enhancement of the project Risk _______ refer to specific, uncertain events that may occur to the detriment or enhancement of the project
SWOT Analysis
Strengths, Weaknesses, Opportunities and Threats: helps identify broad negative and positive risks that apply to a project
Risk Register
The main output of risk identification process is a list of identified risks and other information needed to begin creating a risk register (Word, Excel or database) - Document that contains the results of various risk management processes and that it is often displayed in a table/spreadsheet format - Tool for documenting potential risk events and related information Contents: 1. Identification number for each risk event 2. Rank for each risk event 3. Name of each risk event 4. Description of each risk event 5. Category under which each risk event falls 6. Root cause of each risk 7. Triggers for each risk 8. Potential responses to each risk 9. Risk owner or person who will take responsibility for reach risk 10. Probability and impact of each risk occurring 11. Status of each risk
Risk Owner
The person who will take responsibility for each risk and its associated response strategies and tasks
Negative Risk
Understanding potential problems that might occur and how they might impede success *negative risk management is like a form of insurance; it is an investment
Workarounds
Unplanned responses to risk events that must be done when there are no contingency plans
Delphi Technique
Used to derive a consensus among a panel of experts who make predictions about future developments - Provides independent and anonymous input - Uses repeated rounds of questioning/written responses and avoids the biasing effects possible in oral methods (brainstorming)
Decision Trees & Expected Monetary Value (EMV)
Used to help select the best course of action in situations in which future outcomes are uncertain *Estimated Monetary Value (EMV): product of a risk event probability and the risk event's monetary value, you can draw a decision tree to find EMV
Sensitivity Analysis
Used to show the effects of changing one or more variables on an outcome - many people use it to determine what the monthly payments for a loan will be given different rates/periods of the loan, or for determining break-even points based on different assumptions *Excel is common tool
Simulation/Monte Carlo Analysis
Uses a representation or model of a system to analyze the expected behavior or behavior of the system *can be used on agile projects, Proctor & gamble uses it to model foreign exchange risk, and GM uses it for forecasting its net income, predicting structural costs and purchasing costs of vehicles and determining companies susceptibility to different types of risk *Monte-Carlo Analysis: simulates a model's outcome many times to provide a statistical distribution of the calculated results To use, you must have three estimates: most likely, pessimistic and optimistic plus an estimate of the likelihood of the estimate being between the most likely and optimistic values Steps: 1. Assess the range for the variables being considered 2. Determine the probability distribution of each variable 3. For each variable, select a random value based on the probability distribution 4. Run a deterministic analysis or one pass through the model 5. Repeat steps 3 and 4 many times to obtain the probability distribution of the model's results
Risk
An uncertainty that can have a negative or positive effect on meeting project objectives *dictionary: "possibility of loss or injury"
Risk Acceptance
Accepting the consequences if a risk occurs Risk _________ involes accepting the consequences should a risk occur
Planning Risk Responses
After identifying and quantifying risks, you must decide how to respond to them Four response strategies for negative risks: 1. Risk Avoidance 2. Risk Acceptance 3. Risk Transference 4. Risk Mitigation Four response strategies for positive risks: 1. Risk Exploitation 2. Risk Sharing 3. Risk Enhancement 4. Risk Acceptance
Risk Sharing
Allocating ownership of a risk to another party Risk ______ involves allocating ownership of the risk to another party
Risk Utility
Amount of satisfaction or pleasure received from a potential payoff Risk _______ is the amount of satisfaction or pleasure received from a potential payoff
Project Risk Management
minimize potential negative risks while maximizing potential positive risks 1. Planning risk management: deciding how to approach and plan the risk management activities Output: Risk management plan 2. Identifying risks: determining which risks are likely to affect a project and documenting the characteristics of each Output: Risk register 3. Performing qualitative risk analysis: prioritizing risks based on their probability and impact of occurrence Output: Project documents updates 4. Performing quantitative risk analysis: numerically estimating the effects of risks on project objectives Output: Project documents updates 5. Planning risk responses: taking steps to enhance opportunities and reduce threats to meeting project objectives Output: Project management plan and documents updates 6. Controlling risk: monitoring identified and residual risks, identifying new risks, carrying out risk response plans, and evaluating the effectiveness of risk strategies throughout life of the project Output: work performance information, change requests, project management plan, organizational process assets and documents updates