Project Risk Management includes the
processes of conducting risk management planning, identification, analysis,
response planning, and controlling risk on a project.
The objectives of project risk management are
to increase the likelihood and impact of positive events, and decrease the
likelihood and impact of negative events in the project.
Project risk is an uncertain event or
condition that, if it occurs, has a positive or negative effect on one or more
project objectives such as scope, schedule, cost, and quality.
The risk attitudes of both the organization
and the stakeholders may be influenced by a number of factors, which are
broadly classified into three themes:
·
Risk
appetite
·
Risk
tolerance
·
Risk
threshold
Positive and negative risks are commonly
referred to as opportunities and threats.
Risk responses reflect an organization’s
perceived balance between risk taking and risk avoidance.
Known risks are those that have been identified and
analyzed, making it possible to plan responses for those risks.
Known risks that cannot be managed
proactively, should be assigned a contingency reserve.
Unknown risks cannot be managed proactively and
therefore may be assigned a management reserve.
A negative project risk that has occurred is
considered an issue.
The knowledge area of Project Risk Management consists
of the following six processes:
Process Name
|
Project Management Process Group
|
Key Deliverables
|
Plan Risk Management
|
Planning
|
Risk Management Plan
|
Identify Risks
|
Planning
|
Risk Register
|
Perform Qualitative Risk Analysis
|
Planning
|
Project Documents Update (Risk Register)
|
Perform Quantitative Risk Analysis
|
Planning
|
Project Documents Update (Risk Register)
|
Plan Risk Responses
|
Planning
|
Updates
|
Control Risks
|
Monitoring and Controlling
|
Change Requests
|
Plan
Risk Management
is the process of defining how to conduct risk management activities for a
project.
The risk management plan is vital to
communicate with and obtain agreement and support from all stakeholders to
ensure the risk management process is supported and performed effectively over
the project life cycle.
The risk management plan is a component of
the project management plan and describes how risk management activities will
be structured and performed.
The Risk Management Plan includes:
Methodology, Roles & responsibilities, Budgeting, Timing.
Risk categories provide a means for grouping
potential causes of risk.
A risk breakdown structure (RBS) helps the
project team to look at many sources from which project risk may arise in a
risk identification exercise.
The RBS is a hierarchical representation of
risks according to their risk categories.
A probability and impact matrix is a grid for
mapping the probability of each risk occurrence and its impact on project
objectives if that risk occurs.
Types
of Risks:
·
Business
Risk – Risk of gain or loss
·
Pure
(insurable risk) – Only a risk of loss (e.g. fire, theft, personal injury,
etc.)
The Inputs, Tools and Techniques and Output
of Plan Risk
Management process are given below:
Project Management Plan
|
Analytical Techniques
|
Risk Management Plan
|
Project Charter
|
Expert Judgment
|
|
Stakeholder Register
|
Meetings
|
|
Enterprise Environmental Factors
|
||
Organizational Process Assets
|
Identify
Risks
is the process of determining which risks may affect the project and
documenting their characteristics.
Identify risks is an iterative process.
The WBS is a critical input to identifying
risks.
Risks can be identified and subsequently
tracked at:
·
Summary
·
Control account
·
Work package levels
Information about the stakeholders is useful
for soliciting inputs to identify risks.
Identification of risk by impact - Scope
risk, Quality risk, Schedule risk, Cost risk.
Cause-and-effect diagrams (also called
Ishikawa or fishbone diagrams) is a technique used to identify risks.
SWOT technique examines the project from each
of the strengths, weaknesses, opportunities, and threats (SWOT) perspectives to
increase the breadth of identified risks by including internally generated
risks.
Delphi technique - experts take part in an
anonymous questionnaire so as not to influence each other, then their ideas are
shared for more input.
The risk register contains the outcomes of
the other risks management processes as they are conducted.
The preparation of risk register begins with
·
List of identified risks
·
List of potential responses
The Inputs, Tools and Techniques and Output
of Identify
Risk process are given below:
Risk Management Plan
|
Documentation Reviews
|
Risk Register
|
Cost Management Plan
|
Information Gathering Techniques
|
|
Schedule Management Plan
|
Checklist Analysis
|
|
Quality Management Plan
|
Assumptions Analysis
|
|
Human Resource Management Plan
|
Diagramming Techniques
|
|
Scope Baseline
|
SWOT Analysis
|
|
Activity Cost Estimates
|
Expert Judgment
|
|
Activity Duration Estimates
|
||
Stakeholder Register
|
||
Project Documents
|
||
Procurement Documents
|
||
Enterprise Environmental Factors
|
||
Organizational Process Assets
|
Perform
Qualitative Risk Analysis is the process of prioritizing risks for further
analysis or action by assessing and combining their probability of occurrence
and impact.
Perform Qualitative Risk Analysis assesses
the priority of identified risks using their relative probability or likelihood
of occurrence.
Perform Qualitative Risk Analysis is a rapid
and cost-effective means of establishing priorities for Plan Risk Responses.
Perform Qualitative Risk Analysis lay
foundation for Perform Quantitative Risk Analysis.
Risk probability assessment investigates the
likelihood that each specific risk will occur.
Risk analysis requires accurate &
unbiased data.
The Inputs, Tools and Techniques and Output
of Perform
Qualitative Risk Analysis process are given below:
Risk Management Plan
|
Risk Probability and Impact Assessment
|
Project Documents updates
|
Scope Baseline
|
Probability and Impact Matrix
|
|
Risk Register
|
Risk Data Quality Assessment
|
|
Enterprise Environmental Factors
|
Risk Categorization
|
|
Organizational Process Assets
|
Risk Urgency Assessment
|
|
Expert Judgment
|
Perform
Quantitative Risk Analysis is the process of numerically analyzing the effect of
identified risks on overall project objectives.
Perform Quantitative Risk Analysis is
performed on risks that have been prioritized by the Perform Qualitative
Risk Analysis process.
Perform Quantitative Risk Analysis generally
follows the Perform Qualitative Risk Analysis process.
The project manager should exercise expert
judgment to determine the need for and the viability of quantitative risk
analysis.
The availability of time and budget should be
assessed before performing Quantitative Risk Analysis.
Continuous probability distributions, which
are used extensively in modeling and simulation, represent the uncertainty in
values such as durations of schedule activities and costs of project
components.
Discrete distributions can be used to
represent uncertain events, such as the outcome of a test or a possible
scenario in a decision tree.
Sensitivity analysis helps to determine which
risks have the most potential impact on the project.
One typical display of sensitivity analysis
is the tornado diagram.
Expected monetary value (EMV) analysis is a
statistical concept that calculates the average outcome when the future
includes scenarios that may or may not happen.
The EMV of opportunities are generally
expressed as positive values, while those of threats are expressed as negative
values.
A common use of EMV analysis is a decision
tree analysis.
Simulations are typically performed using the
Monte Carlo technique.
Risk Registers gets update after each process
of Project Risk Management.
The Inputs, Tools and Techniques and Output
of Perform
Quantitative Risk Analysis process are given below:
Risk Management Plan
|
Data Gathering & Representation
Techniques
|
Project Documents updates
|
Cost Management Plan
|
Quantitative Risk
Analysis & Modeling Techniques
|
|
Schedule Management Plan
|
Expert Judgment
|
|
Risk Register
|
||
Enterprise Environmental Factors
|
||
Organizational Process Assets
|
Plan
Risk Responses
is the process of developing options and actions to enhance opportunities and
to reduce threats to project objectives.
Strategies for Negative Risks or Threats:
·
Avoid – Changing the
Project Management Plan to eliminate a potential risk.
·
Transfer – To third party
generally involves payment to the party taking on the risk
·
Mitigate – Reduce impact of
an adverse risk/or reduction in the probability.
·
Accept – Decides to
acknowledge the risk and not take any action unless the risk occurs.
Strategies for Positive Risks or Opportunities:
·
Exploit – Eliminates the
uncertainty associated with a particular upside risk by making the opportunity
will definitely happen.
·
Share – Share
responsibility and accountability to get best chance of seizing an opportunity.
·
Enhance – Modify the
"size“ of an opportunity by increasing probability and/or positive impacts
by identifying & maximizing key drivers.
·
Accept – Accepting an
opportunity is being willing to take advantage of it if it comes along, but not
actively pursuing it.
Passive acceptance requires no action, leaving the
project team to deal with the threats or opportunities as they occur.
Active acceptance establishes a contingency reserve or
strategy.
Residual risks that are expected to remain after
planned responses have been taken, as well as those that have been deliberately
accepted.
A fallback
plan can be developed for implementation if the selected strategy turns out
not to be fully effective or if an accepted risk occurs.
Secondary
risks
are risks that arise as a direct result of implementing a risk response.
Contingency
reserves account for “known unknowns” or simple “knowns”.
Management
reserves account for “unknown unknowns” or simply “unknowns”.
The Inputs, Tools and Techniques and Output
of Plan Risk
Responses process are given below:
Risk Management Plan
|
Strategies for Negative Risks or Threats
|
Project Management Plan Updates
|
Risk Register
|
Strategies for Positive Risks or
Opportunities
|
Project Documents updates
|
Contingent Response Strategies
|
||
Expert Judgment
|
Control
Risks
is the process of implementing risk response plans, tracking identified risks,
monitoring residual risks, identifying new risks, and evaluating risk process
effectiveness throughout the project.
The Control Risks process applies techniques,
such as variance
and trend analysis, which require the use of performance information
generated during project execution.
Risk Monitoring & Control often requires
identification of new risks & reassessment of risks.
Risk audits examine and document the
effectiveness of risk responses in dealing with identified risks and their root
causes, as well as the effectiveness of the risk management process.
The Inputs, Tools and Techniques and Output
of Control
Risks process are given below:
Project Management Plan
|
Risk Reassessment
|
Work Performance Information
|
Risk Register
|
Risk Audits
|
Change Requests
|
Work Performance Data
|
Variance and Trend Analysis
|
Project Management Plan Updates
|
Work Performance Reports
|
Technical Performance Measurements
|
Project Documents updates
|
Reserve Analysis
|
Organizational Process Assets updates
|
|
Meetings
|
No comments:
Post a Comment