Chapter 7: Managing Risk
Risk Response Control (Step 4)
* Implement risk strategy * Monitor and adjust plan for new risks * Change management - Use: Risk Register and Risk Control/management
Risk Response Development (Step 3)
*Develop a strategy to reduce possible damage *Develop contingency plans - Avoid Risk, Mitigate Risk, Transfer Risk, Escalate Risk, Retain Risk
Retain Risk
- -Make a conscious decision to accept the risk of an event occurring
Contingency Plan
- Alternative plan that will be used if an identified risk becomes a reality - Action plan that will reduce the negative impact of the risk - Not a part of the initial implementation plan: only gets executed if risk materializes - answers the questions of what, where, when, and how much action will take place
Time buffers
- Amounts of time used to cushion against potential delays in the project, from activities carrying higher risks (ex. activities prone to delays or requiring scarce resources, non-critical activities, or kept in reserve at project level) - For control purposes, buffers can be allocated to specific activities, or kept in reserve at project level - buffers are added to: Activities with severe risks, Merge activities that are prone to delays due to one or more preceding activities being late, Non critical activities to reduce the likelihood that they will create another critical path, Activities that require scarce resources to ensure that the resources are available when needed
Risk Register
- Captures Risk Severity and Risk Response matrixes info into IT tool - Details all identified risks: Descriptions, category, probability of occuring, impact, responses, contingency plans, owners, and current status
Contingency Funds
- Funds to cover project risks, Identified and/ or unknown - For control purposes, contingency funds are divided into *Contingency reserves *Management reserves
Risk Control/Management involves:
- Monitoring, tracking and reporting risks - Executing the risk response strategy -Monitoring triggering events - initiating contingency plans - Continuously repeating risk identification/ assessment exercises - Updating Risk Register, including adding new risks - Using Change Control Process and System to update project plan with impacts of risk management decisions
Transfer Risk
- Pass risk to another party, this transfer does not change risk -passing the risk to another party almost always results in paying a premium for this exemption. - examples: Fixed-price contracts, insurance, Build-Own-Operate- Transfer (BOOT) provisions
Mitigate Risk
- Reduce the likelihood that the event will occur - Reduce the impact that the adverse event would have on the project - Most risk teams focus first on reducing the likelihood of risk events, since if successful this may eliminate the need to consider the potentially costly second strategy
Impacts of not having contingency plans
- Significantly increases pressure and/or panic, thereby leading to poor decisions (ineffective, costly..) - Causes managers to delay decision to implement a remedy, thereby significantly raising probability of serious impacts on the project
PERT (Program Evaluation and Review Technique)
- Utilizes the critical path Method (CPM) to approximate likely project duration, and /or assess probability of schedule risks - Assumes each activity duration has a range that statistically follows a beta distribution -specific Beta distribution for each activity depends on severity of risks identified for this activity durations *From these 3 time estimates, a weighted average time estimate and a variance are calculated * Knowing the weighted average and variances for each activity allows the computation of the probability of different project durations *The longer the project duration, the higher the probability of meeting that duration
Escalate Risk
- occurs when the project encounters a threat that is outside the scope of the project or authority of the project manager - Notify the appropriate people when project risk is outside scope of the project and/or the authority of the project manager
Risk Severity Matrix
- provides a basis for prioritizing which risks to address. - captures each Risk Value, from the outcomes of scenario analysis, allowing prioritization of risks: - Risk Value = Impact x Probability
Risk Breakdown structure (RBS)
A hierarchical representation of risks according to their risk categories. Helps management teams identify and eventually analyze risks.
Risk
An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.
Risk Identification (Step 1)
Analyze the project to identify sources of risk -Generate list of all possible risks that could affect the project, through brainstorming and other problem identifying techniques. -Engage broad set of experts in various project domains who can bring their diverse experience across the WBS elements - A Risk Breakdown structure (RBS) can help to systematically challenge and identify potential risk areas -A risk Profile (a list of questions) can help address traditional risk areas in various typical project types
Risk Assessment (Step 2)
Assess risks in terms of: *Severity of impact *Likelihood of occurring *Controllability Can use: - Scenario analysis - a risk severity matrix
Scenario analysis
Assesses the significance of each risk in terms of probability and impact: * Probability of the event - Probability analysis uses experience and/or statistical techniques to measure probability that risk will materialize. * Impact of the event - Impact analysis quantifies how key project objectives would be impacted if risk was to materialize
Avoid Risk
Change the project plan to eliminate the risk or condition impossible to eliminate all risk events, some specific risks may be avoided before you launch the project
Management reserves
Cover unidentified risks, and allocated to the total project
Risk Management
Proactive actions to identify risks and attempt to mitigate probability and/or magnitude of consequences: - What can go wrong - How to minimize the probability of occurrence - How to minimize its project impacts if the risk was to materialize - What can be done before a risk materializes (anticipation) - What to do when a risk materializes (contingency plans)
Change Control Management
Sources of Change * Project scope changes *Implementation of contingency plans * Improvement changes Change Control Process: 1. Identify proposed changes 2. List expected effects of proposed change on schedule/budget/scope 3. review, evaluate, and formally approve/ disapprove changes 4. Negotiate and resolve conflicts on the project 5. Communicate changes to parties affected 6. Assign responsibilities for implementing change 7. Adjust master schedule and budget 8. Track all changes to be implemented Change Control Systems- support the change control process
The Risk Management Process
Step 1: Risk Identification Step 2: Risk Assessment Step 3: Risk Response Development Step 4: Risk Response Control
Technical Risks
are problematic; they can often be the kind that cause the project to shut down. Contingency plans are made for those possibilities that are foreseen
Schedule risks
contingency funds are set aside to expedite or "crash" the project to get it back on track.
Contingency reserves
cover identified risks, and allocated to specific activities or deliverables of the project
Failure Mode and Effects Analysis (FMEA)
extends the risk severity matrix by including ease of detection in the equation: - a systematic process for identifying potential design and process failures before they occur, with the intent to eliminate them or minimize the risk associated with them Risk Value= Impact x Probability x Detectio
Risk Profile
is a list of questions that address traditional areas of uncertainty on a project.
Cost Risks
long duration projects need some contingency for price changes - which are usually upward. - avoid the trap of using on lump sum to cover price risks
Crashing
reducing project duration, is accomplished by shortening (compressing) one or more activities on the critical path
Funding Risks
severe budget cuts or lack of adequate funding can have a devastating effect on a project. - when this happens, there is a need to scale back the scope of the project to what is possible. - "All-or-nothing projects"
