PROJECT RISK MANAGEMENT Ammar Bukhari  RISK:  Threat / Uncertainty of Outcome  probability that an action or event, will adversely or beneficially affect an organization's ability to achieve its objectives  Risk   Future event May impact triple constraint  (Budget, scope and schedule).  Issue   Present problem Influencing triple constraints.  Risk can become an issue  Issue is not risk  it already happened. ISSUE TODAY RISK FUTURE Project Risk Management: - An uncertain event or condition that, if it occurs, has a positive or negative effect on the Project Objectives (Scope, Schedule, Cost, Quality) - one of knowledge areas including the processes required to ensure timely completion of the project Initiating Planning 1. Plan Risk Management 2. Identify Risks 3. Perform Qualitative Risk Analysis 4. Perform Quantities Risk Analysis 5. Plan Risk Responses Executing Controlling 6. Monitor & Control Risks Closing Plan Risk Management -Defining how to conduct risk management activities. Inputs 1. Project Scope Statement 2. Cost Management Plan 3. Schedule Management Plan 4. Communications Mgmt Plan 5. Enterprise Environ. Factors 6. Organizational Process Assets Tools & Techniques Outputs 1. Planning Meetings and Analysis 1. Risk Management Plan  Documents the procedures for managing risk throughout the project  Includes: Methodology  R&R  Budget  Schedule  Risk Categories  Using risk breakdown structure (RBS)  Probability and Impact Matrix  Stake Holders Tolerance  Reporting Formats  Risk Documentation   Methodology:  Define the tools, approaches, and data sources used within the project performing risk management.  Roles  and Responsibility Who lead, support, and be a member and What activities are they responsible for within Risk Management Plan  Budget:  Risk management cost in terms of resources, buffers for baseline and contingency reserve  Schedule  Risk schedule within the project defining when risk management process will be followed throughout the project life cycle  Risk  Categories Using RBS to identify and categorize risks  Probability  and Impact Matrix ranking between low, moderate, high related to the risk effect on project’s objectives IT Project Business Technical Organizational Project Management Competitors Hardware Executive support Estimates Suppliers Software User support Communication Cash flow Network Team support Resources  Stake  Holders Tolerance Expectation of stakeholders tolerance level, in terms of cost, resources, budget, and schedule  Reporting  Risk reports formats / documents  Risk   Formats Documentation how risk activities tracked/documented for future audits, and lesson learned  Contingency  predefined identifying risk event occurs  Fallback  plans for high impact risks on project objectives  Contingency  plans reserves provisions held to reduce the risk cost or schedule overruns to an acceptable level  Flight Operation Information System (FOIS)  AirCrew System - Determining which risks may affect the project and documenting their characteristics. Inputs Tools & Techniques Outputs 1. Risk Management Plan 2. Activity Cost Estimates 3. Activity Duration Estimates 4. Scope Baseline 5. Stakeholder Register 6. Cost Management Plan 7. Schedule Management Plan 8. Quality Management Plan 9. Project Documents 10.Enterprise Environ. Factors 11.Organizational Process Assets 1. Documentation Reviews 1. Risk Registers 2. Information Gathering Techniques: (Brainstorming / Delphi / Interviewing / Root cause analysis) 3. Checklist Analysis 4. Assumption Analysis 5. Diagramming Techniques: (Cause & Effect / Process flow chart / Influence Diagrams) 6. SWOT Analysis 7. Expert Judgment  Brainstorming  Expectation of stakeholders tolerance level, in terms of cost, resources, budget, and schedule  Delphi  Technique Risk reports formats / documents  Interviewing   how risk activities tracked/documented for future audits, and lesson learned  Root  Cause Analysis Checklist / Assumption / Diagramming / SOWT  Checklist    Analysis Using historical records / learned lessons from previous projects and other sources RBS Leafs in can be considered as items in the list At project end, list can be reviewed and updated to be used in future projects  Assumption  Upon assumptions, some risks were identified and listed  Diagramming  Technique diagrams can help to identify additional risks:  Cause and Effect  Process flow charts  Influence diagrams  SOWT  Analysis Helps identify the broad negative and positive risks that apply to a project Document contains results of various risk management processes  Often displayed in a table or spreadsheet  Tool for documenting potential risk events and related information  No. Rank R44 1 R21 2 R7 3 Risk Description Category Root Cause Triggers Potential Responses Risk Owner Probability Impact Status - Prioritizing risks for further analysis / action by assessing their probability of occurrence and impact. Inputs 1. Risk register 2. Risk management plan 3. Project scope statement 4. Organizational process assets Tools & Techniques Outputs 1. Risk probability and impact assessment 2. Probability and impact matrix 3. Risk data quality assessment 4. Risk categorization 5. Risk urgency assessment 6. Expert judgment 1. Risk register updates  Risk    probability and Impact Assessment This tool will look after: Likelihood of each risk to happen Its affect on project objectives  (Schedule, Cost, Quality, or Performance)  Probability  and Impact Matrix lookup table can be used identifying each risk importance and thus its priority  Risk data quality assessment It evaluates data quality degree, so it will be useful for risk management  data to be more accurate, understood, and reliable  for more credibility results   Risk categorization classify risks by:  RBS  Area will be affected  Any other reasonable type   Risk urgency assessment  Risks that  May happen soon  Response planning will take much time  Will be dealt as urgent to be processed quickly through this process - Numerically estimating the effects of risks on project objectives. Inputs Tools & Techniques Outputs 1. Risk register 2. Risk management plan 3. Cost Management Plan 4. Schedule Management Plan 5. Organizational process assets 1. Data Gathering & Representation Techniques 2. Quantities risk analysis and modeling techniques 3. Expert judgment 1. Risk register updates Risk  Data Gathering & Representation Techniques Interviewing  Probability distribution   Quantitative Impact risk analysis and modeling techniques    Sensitivity analysis Expected monetary value analysis Modeling and simulation Likelihood  Interviewing  With concerned project team members, stakeholders, and Subject Matter Experts  Probability    distribution graphically displayed representing both time/cost element and probability modeling and simulation techniques Beta, triangular distributions, Discrete distribution  the highest value of each competing option  Risk probability * risk monetary value  technique used to show the effects of changing one or more variables on an outcome  Simulation uses a representation or model of a system to analyze the expected behavior or performance of the system.  Monte Carlo analysis  three estimates (most likely, pessimistic, and optimistic) - Developing options and actions to enhance opportunities and to reduce threats to project objectives. Inputs 1. Risk register 2. Risk management plan Tools & Techniques 1. Strategic for negative risks or threats (Avoid / Transfer / Mitigate / Accept) 2. Strategies for positive risks or opportunities Outputs 1. 2. 3. (Exploit/ Share / Enhance / Accept) 3. 4. Contingent response strategies Expert judgment 4. Risk register updates Risk-related contract decisions Project management plan updates Project document updates  Strategic for negative risks or threats Risk avoidance  Change the plan to eliminate the risk or condition or to protect the project objectives from its impact.  Risk transfer  Shift the consequence of a risk to a third party, through purchasing insurance, warranties, guarantees, or outsourcing the work.  Mitigation  Reduce the probability to an acceptable threshold, thus removing it from top risks.  Acceptance technique  Not to change the project plan to deal  Unable to identify any other suitable response   Strategic for positive risks or opportunities Risk exploitation:  make sure the positive risk happens  Risk sharing:  allocating ownership of the risk to a party  Risk enhancement  changing the size of the opportunity by identifying and maximizing key drivers of the positive risk  Risk acceptance  the project team cannot choose  not to take any action toward a risk   Contingent  response strategies Contingency plans  Specific actions that are to be taken when a potential problem occurs  Should be developed in advance  Helps ensure coordinated, effective, and timely response  Some plans may require backup resources that need to be arranged in advance  Contingency planning should be done only for the high-threat problems that remain after you’ve taken preventive measures - Implementing risk response plans, tracking identified / new risks, monitor residual risks, and evaluating risk process effectiveness. Inputs 1. Risk register 2. Risk management plan 3. Work performance information 4. Performance Reports Tools & Techniques Outputs 1. Risk reassessment 2. Risk audits 3. Variance and trend analysis 4. Technical performance measurement 5. Reserve analysis 6. Status meetings 1. Risk register updates 2. Organizational process assets updates 3. Change requests 4. Project management plan updates 5. Project document updates PMP Workshop 11 January 2017  Risk   to measure where the project stands today on a risk issue. After risk mitigation, the team can reassess the current risks by identifying new risks, or closing outdated risks.  Risk    reassessment audits Indication of the project team ability to identify, measure, and manage risks Provide independent assessment of the risk management practices of the company verifies that the company has appropriate risk management control in compliance with approved risk policies and procedures  Variance and trend analysis Helping to identify the factors that affect each element  its goal is to determine the causes of a variance  difference between expected result and an actual result  effective way to discover the sum causes of a result  Technical performance measurement   actual performance is tracked compared by project management to the Technical Performance Measurement  Reserve analysis  Manage the reserve and use them only for risks keeping the project risk on track.  Additional reserve could be requested, or could be reduced if there is opportunity or threats were not happened All of the following are factors in the assessment of project risk EXCEPT? A. Risk event B. Risk probability C. Amount at stake D. Insurance premiums Answer D Explanation Insurance premiums come into play when you determine which risk response strategy you will use. Which of the following risk events is MOST likely to interfere with attaining a project's schedule objective? A. Delays in obtaining required approvals B. Substantial increases in the cost of purchased materials C. Contract disputes that generate claims for increased payments D. Slippage of the planned post-implementation review meeting Answer A Explanation Cost increases (choice B) and contract disputes (choice C) will not necessarily interfere with schedule. Notice the words "post-implementation" in choice D. It will not definitely interfere with the project schedule. Choice A is the only one that deals with a time delay Risks will be identified during which risk management process(es)? A. Quantitative risk analysis and risk identification B. Risk identification and risk monitoring and control C. Qualitative risk analysis and risk monitoring and control D. Risk identification Answer B Explanation This is a tricky question. Risks are identified during risk identification, naturally, but newly emerging risks are identified in risk monitoring and control Risk tolerances are determined in order to help: A. the team rank the project risks. B. the project manager estimate the project. C. the team schedule the project. D. management know how other managers will act on the project. Answer A Explanation If you know the tolerances of the stakeholders, you can determine how they might react to different situations and risk events. You use this information to help assign levels of risk on each work package or activity You are finding it difficult to evaluate the exact cost impact of risks. You should evaluate on a(n): A. quantitative basis. B. numerical basis. C. qualitative basis. D. econometric basis. Answer C Explanation If you cannot determine an exact cost impact to the event, use qualitative estimates such as Low, Medium, High, etc Purchasing insurance is BEST considered an example of risk: A. mitigation. B. transfer. C. acceptance. D. avoidance. Answer B Explanation To mitigate risk (choice A) we either reduce the probability of the event happening or reduce its impact. Many people think of using insurance as a way of decreasing impact. However, mitigating risk is taking action before a risk event occurs. Buying insurance is not such an action. Acceptance of risk (choice C) does not involve such action as purchasing insurance. Avoidance of risk (choice D) means we change the way we will execute the project so the risk is no longer a factor. Transference is passing the risk off to another party An output of risk response planning is: A. residual risks. B. risks identified. C. prioritized list of risks. D. impacts identified. Answer A Explanation Risks are identified (choice B) during risk identification and risk monitoring and control. Prioritized risks (choice C) are documented during qualitative and quantitative risk analysis. Impacts (choice D) are generally determined during quantitative risk analysis. The best answer is A The customer requests a change to the project that would increase the project risk. Which of the following should you do before all the others? A. Include the expected monetary value of the risk in the new cost estimate. B. Talk to the customer about the impact of the change. C. Analyze the impacts of the change with the team. D. Change the risk management plan Answer C Explanation This is a recurring theme. First, you should evaluate the impact of the change. Next, determine options. Then go to management and the customer