I am Continuously seeking to improve my competencies and skills to provide first class professional Project Management training courses; and develop my scope experience in Project Management functions. I am confident that my innovative and results-focused approach would make significant contribution to the continued success of your organization.
this is the first presentations uploaded to Slide Share,
For more information do not hesitate to contact me.
CHAPTER 11PROJECT RISK MANAGEMENT Ahmad H. Maharma PMP®
PM Knowledge Areas & Process GroupsPM Process Initiating Process Planning Process Group Executing Process Monitoring & Controlling ClosingGroups / Group Group Process Group ProcessKnowledge GroupArea ProcessesProject Develop Project Charter Develop Project Management Direct and Manage Project Monitor and Control Project Work Close ProjectManagement Plan Execution Integrated Change ControlIntegrationProject Scope Collect requirements Verify ScopeManagement Define Scope Control Scope Create WBSProject Time Define Activity Schedule ControlManagement Sequence Activity Estimating Resource Estimating Duration Develop ScheduleProject Cost Estimating Cost Control CostManagement Budgeting CostProject Quality Quality Planning Perform Quality Assurance Perform Quality ControlManagementProject HR Human Resources Planning Acquire Project TeamManagement Develop Project Team Manage Project TeamProject Identify Stakeholders Plan Communications Distribute Information Performance ReportingCommunications Manage stakeholdersManagement expectationsProject Risk Plan Risk Management Risk Monitoring and ControlManagement Risk Identification Qualitative / Quantitative Risk Analysis y Risk Response PlanningProject Plan procurement Conduct procurement Administer Contract CloseProcurement procurementManagement
Project Risk Management Monitoring & Controlling Processes Planning Processes Enter phase/ Initiating Closing Exit phase/ Start project Processes Processes End project Executing ProcessesKnowledge Process Area Initiating Planning Executing Monitoring & Contol Closing Plan Risk Management Identify Risk Risk Perform Qualitative Risk Analysis Monitor and Control Risks Perform Quantitative Risk Analysis Plan Risk Response
Project Risk Management• Risk is an uncertain event or condition that, if occurs, has an effect on at least one project objective.• Risk Ri k management objectives: t bj ti – increase the probability and impact of positive events (opportunities). – decrease the probability and impact of negative events (threat).• Terms & concepts: – Uncertainty: a lack of knowledge about an event that reduces confidence – Risk averse: someone who does not want to take risks. – Risk tolerances: area of risk that are acceptable/unacceptable. – Risk thresholds: the point at which a risk become unacceptable • Remember that in this area there is no activity in executing process group
Project Risk Management Risk factors 2. 3. 4. 1. The range of Expected The anticipatedThe probability possible timing (when) frequency ofthat it will occur outcome in the project risk event (impact) life cycle (how often)
Plan Risk Management• Importance of Risk Management Planning – Ensure that the degree, type, and visibility of risk management are commensurate g , yp , y g – Provide sufficient resource and time for risk management activities – Establish an agreed-upon basis for evaluating risk• Risk Categories – A standard list of risk categories can help to make sure areas of risk are not forgotten. – Companies and PMO should have standard list of risk categories to help identify riskrisk.• 2 Main type of Risk – B i Business – Ri k of gain or lloss Risk f i – Pure (insurable) risk – Only a risk of loss (i.e. fire, theft, personal injury, etc) • Sources of risk = risk categories g • Risk categories may be structured into Risk Breakdown Structure (RBS)
Project Risk Management Project Risk ManagementProject Risk Management includes the processes of conducting risk management Project Risk Management includes the processes of conducting risk managementplanning, identiﬁcation, analysis, response planning, and monitoring and control on a project. The objectives of Project Risk Management are to increase the probability and impact of positive events, and decrease the probability and impact of negative events in the project.
Project Risk Management Project Risk Management11.1 Plan Risk Management—The process of deﬁ ning how to conduct risk management activities for a project.11.2 Identify Risks—The process of determining which risks may affect the project and documenting their characteristics.11.3 Perform Qualitative Risk Analysis—The process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and l b d b h b bl f dimpact.11.4 Perform Quantitative Risk Analysis—The process of numerically analyzing the effect of identiﬁed risks on overall project objectives.effect of identiﬁed risks on overall project objectives11.5 Plan Risk Responses—The process of developing options and actions to enhance opportunitiesand to reduce threats to project objectives.and to reduce threats to project objectives11.6 Monitor and Control Risks—The process of implementing risk response plans, tracking identiﬁed risks, monitoring residual risks, identifying new risks, and g p g p jevaluating risk process effectiveness throughout the project.
11.1 Plan Risk Management 11.1 Plan Risk Management• Plan Risk Management is the process of defining how to conduct risk management activities for a project.• Careful and explicit planning enhances the probability of success for the five other risk management processes. • Planning risk management processes is important to ensure that the degree, type, and visibility of risk management are commensurate with both the risks and the importance of the project to the organization.• g p p Planning is also important to provide sufficient resources and time for risk management activities, and to establish an agreed‐upon basis for evaluating risks.• The Plan Risk Management process should begin as a project is conceived and should be completed early during project planning.
11.1 Plan Risk Management11.1 Plan Risk Management
11.1.1Plan Risk Management: Inputs 11.1.1Plan Risk Management: Inputs.1 Project Scope Statement• The project scope statement provides a clear sense of the range of possibilities associated with the project and its deliverables and establishes the framework for how significant the risk management effort may ultimately become. g.2 Cost Management Plan• The project cost management plan defines how risk budgets, contingencies, and management reserves will be reported and accessed. Described in Section 7.0..3 Schedule Management Plan• The schedule management plan defines how schedule contingencies will The schedule management plan defines how schedule contingencies will be reported and assessed. Described in Section 6.0.
11.1.1 Plan Risk Management: Inputs 11.1.1 Plan Risk Management: Inputs.4 Communications Management Plan• The project communications management plan defines the interactions that will occur on the project, and determines who will be available to share information on various risks and responses at different times (and locations). Described in Section 10.2.3.1. p.5 Enterprise Environmental Factors• The enterprise environmental factors that can influence the Plan Risk Management process include, but are not limited to, risk attitudes and tolerances that describe the degree of risk that an organization will g g withstand.
11.1.1 Plan Risk Management: Inputs 11.1.1 Plan Risk Management: Inputs.6 Organizational Process Assets• The organizational process assets that can influence the Plan Risk Management process include, but are not limited to:• Risk categories, g ,• Common definitions of concepts and terms,• Risk statement formats,• Standard templates Standard templates,• Roles and responsibilities,• Authority levels for decision‐making,• Lessons learned, and• Stakeholder registers, which are also critical assets to be reviewed as components of establishing effective risk management plans.
11.1.2 Plan Risk Management: Tools and Techniques g q.1 Planning Meetings and Analysis• Project teams hold planning meetings to develop the risk management plan. • Attendees at these meetings may include the project manager, selected project team members and stakeholders, anyone in the organization with responsibility to manage the risk planning and execution activities, and p y g p g , others, as needed.• High level plans for conducting the risk management activities are High‐level plans for conducting the risk management activities are defined in these meetings.
11.1.2 Plan Risk Management: Tools and Techniques g qPlanning Meetings and analysis: Holding of Risk Planning meetings comprising of project team members, and stakeholders including ii f j tt b d t k h ld i l disponsors to determine:1. Risk management responsibilities2. Risk categories3. Risk levels4. Probability by type of risks4 Probability by type of risks5. Impact by type of objectivities6. Probability and impact matrix7. Risk contingency reserve application approaches8. Development of risk management cost elements and activities
11.1.3 Risk Management: Outputs 11.1.3 Risk Management: Outputs• Risk Management Plan includes:1. Methodology ‐ Defining the approaches, tools, and data for defining risk management2. Role and responsibilities – Defining the lead, support and risk p g , pp management team members for each type of activities3. Budgeting – Assigning resources, estimate funds needed for risk as part of risk management for inclusion in the cost baseline g4. Timing ‐ Defines when and how often risk management process will be performed during the project life cycle5. Risk Categories – Using risk breakdown structure (RBS) which depicts Risk Categories Using risk breakdown structure (RBS) which depicts risks in hierarchical forms and the subcategories identifies the areas and causes of potential risks
11.1.3 Risk Management: Outputs11.1.3 Risk Management: Outputs6. Definition of risk probability and impact ‐ Defining different levels of risk probabilities and their impacts7. Probability and impact matrix – Combining risk probabilities with their impacts and ranking them as High, Moderate and Low8. Revised Stakeholders’ tolerances 9. Reporting format – Defining how the outcomes of risk management processes will be documented g p10. Tracking – Defining how risk management processes will be audited.
Example of Risk Breakdown StructureExample of Risk Breakdown Structure
Definition of Impact Scales for four Project objectivesDefined Conditions for Impact of a Risk on Major Project ObjectivesDefined Conditions for Impact of a Risk on Major Project Objectives Relative or numerical scales are shownProject Very low /0.05 Low / 0.1 Moderate / High / 0.4 Very High objective 0.2 / 0.8 / 0.8Cost Insignificant cost <10% cost 10 – 20% 20‐40% cost >40% cost increase increase cost increase increase increaseTime Insignificant time <5% Time 5‐10% time 10‐20% time >20% time increase increase increase increase increaseScope Scope increase Scope Major areas Scope Project barely noticeable minor of scope reduction end is affect affected unacceptable effectively useless Quality degradation barely Affected only Quality reduction Quality reduction Project end Quality noticeable very demanding requires sponsors unacceptable to items is application approval sponsor effectively useless This table presents examples of risk impact definitions for four different project objectives. They should be tailored in the risk management planning process to the individual project and to the organization’s risk thresholds. Impact definitions can be developed for opportunities in a similar way.
Definition of Impact Scales for four Project objectives
11.2 Identify Risks: Inputs 11.2 Identify Risks: Inputs• Identify Risks is the process of determining which risks may affect the project y p g y p j and documenting their characteristics. • Participants in risk identification activities can include the following: project manager, project team members, risk management team (if assigned), customers, subject matter experts from outside the project team, end users, other project managers, stakeholders, and risk management experts. • While these personnel are often key participants for risk identification, all project personnel should be encouraged to identify risks.
11.2 Identify Risks: Inputs 11.2 Identify Risks: Inputs• Identify Risks is an iterative process because new risks may evolve or become y p y known as the project progresses through its life cycle.• The frequency of iteration and who participates in each cycle will vary by situation. The format of the risk statements should be consistent to ensure the ability to compare the relative effect of one risk event against others on the project. • The process should involve the project team so they can develop and maintain a sense of ownership and responsibility for the risks and associated risk response actions. Stakeholders outside the project team may provide additional objective information.
11.2.1 Identify Risks: Inputs 11.2.1 Identify Risks: Inputs1. Risk Management plan – Using RBS and providing for risks in budget and schedule2. Activity cost Estimates – Using quantitative assessment of TCPI and expressing it as a range. The wider the more risks are involved3. y Activity Duration Estimates4. Scope baseline5. Stakeholder register6. Cost Management Plan7. Schedule Management Plan8. Quality management Plan9. Project Documents – Assumption Log, Work performance reports, Earned value p , g , reports, Network diagrams, Baselines etc.10. EEFS – Benchmarking, industry studies, published checklists, Risk attitudes 11. OPAs ‐ Project files, risk statement templates, Lesson learnt project process control
11.2.2 Identify Risks: Tools & Techniques 11.2.2 Identify Risks: Tools & Techniques1. Documentation Reviews reviewing assumptions, requirements Documentation Reviews – reviewing assumptions, requirements contracts etc.2. Information Gathering Techniques:a) Brainstorming – Obtaining comprehensive listing of all risks by Obtaining comprehensive listing of all risks by categories using RBSb) Delphi Technique – Using anonymous experts by using questionnaires for getting consensus on risks. It keeps bias away questionnaires for getting consensus on risks It keeps bias awayc) Interviewing – Asking subject matter specialists to identify risksd) Root Cause Analysis – Identifying the risk problem, the underlying causes that leads to it and developing preventive actions causes that leads to it and developing preventive actions
11.2.2 Identify Risks: Tools & Techniques 11.2.2 Identify Risks: Tools & Techniques3. Checklist Analysis – Using the lowest level of RBS as checklist based on historic information and knowledge of projects4. Assumptions Analysis – Exploring the validity of assumptions, accuracies, completeness, stability and consistency5. Diagramming Techniques:a) Causes and effects also known as ISHIKAWA – identifying risk causesb) System or process flow charts – identifying system interrelate and mechanism of causationc) Influence diagram graphical representation showing causal, Influence diagram – graphical representation showing causal influences, time ordering of events6. SWOT Analysis – Strength–Weakness‐Opportunities‐Threats7. Expert Judgment – Using experts such as consultants
11.2.3 Identify Risks: Output 11.2.3 Identify Risks: Output• Risk Register Risk Register1. List of Identified risks – The identified lists must be described in details such as CAUSE, EVENT, EFFECTS2. List of potential Responses – List of possible potential i f i l i f ibl i l responses and their impacts
11.3 Perform Qualitative Risk Analysis 11.3 Perform Qualitative Risk Analysis• Perform Qualitative Risk Analysis is the process of Perform Qualitative Risk Analysis is the process of prioritizing risks for further analysis which involves combining their probabilities of occurrence and impacts, the time frame for response should the risk occur and the organization’s risk tolerance associated with the project constraints of cost, schedule, scope ith th j t t i t f t h d l and quality
11.3.1 Perform Qualitative Risk Analysis 11.3.1 Perform Qualitative Risk Analysis ‐ Inputs1. Risk Register g2. Risk Management Plan – Detailing definitions of categories, probability and impact, stakeholder risk tolerance l3. Project Scope Statement – State‐of‐the‐art or first‐ of‐its‐kind technology and complex projects tend of its kind technology and complex projects tend to have more risks4. Organization Process Assets – Risk information on g prior projects
11.3.2 Perform Qualitative Risk Analysis ‐ Tools and Techniques y q1. Risk Probability and Impact Assessment – y p investigates the likelihood of each risk occurring and the assessment of the impacts on project objectives such as on schedule, cost quality or objectives such as on schedule cost quality or performance by interviewing stakeholders2. Probability and Impact Matrix ‐ Rating risks for Probability and Impact Matrix Rating risks for prioritizing as low, moderate or high3. Risk Data Quality Assessment ‐ Examining the degree of accuracy, quality, reliability, and integrity of gathered data regarding the risks
11.3.2 Perform Qualitative Risk Analysis ‐ Tools and Techniques y q4. Risk Categorization –Grouping risks by their Risk Categorization Grouping risks by their root causes5. Risk Urgency Assessment ‐ Establishing Risk Urgency Assessment Establishing indicators as warning signals for risks that should be addresses urgently based on risk severity rating6. Expert Judgment – Using consultants internal and or external
11.3.2 Perform Qualitative Risk Analysis ‐ Tools and Techniques y q
11.3.2 Perform Qualitative Risk Analysis ‐ Outputs y p• Risk Register Updates g p1. Relative ranking or priority list of project risks2. Risks grouped by categories3. Causes of risk or project areas requiring particular attention4. List of risks requiring response in the near future List of risks requiring response in the near future5. List of risks for additional analysis and response6. Watch lists of low‐priority risks7. Trends in qualitative risk analysis results
11.4 Perform Quantitative Risk Analysis 11.4 Perform Quantitative Risk Analysis• Perform Quantitative Risk Analysis This is the Perform Quantitative Risk Analysis This is the process of analyzing numerically the effects of the analyzed risks on the project objectives. • The analysis could be for individual risks and or for y aggregate effect of all the risks that may affect the project. • It presents a quantitative approach for decision making when risks are involved
11.4.1 Perform Quantitative Risk Analysis: Tools and Techniques T h i1. Data Gathering & Representation Techniques a) Interviewing – documenting risk range & assumptions the output of interviewing b) Probability Distribution – discrete and continuous distributions can be used2. Quantitative Risk Analysis and Modeling Techniques a) Sensitivity Analysis ‐ e.g. tornado diagram use for comparing the relative impacts of variables with high risks with those that are stable l f bl hh h k h h h bl b) Expected monetary value analysis – calculated by multiplying the values of outcomes with their probabilities & adding the products e.g. y in decision tree analysis C) Modeling and simulation – iterative simulation using Monte Carlo techniques3.3 Expert Judgment – using experts with relevant experience J d i ih l i
Example of range of Project cost estimates collected during a risk interview ll dd i i ki i Low Most Likely High WBS Elements Design $ 6m $8m $12m Build $18m $22m $37m Test $12m $12 $17m $17 $25m $25 Total Project cost $36 $47m $74m Interviewing stakeholders often helps to establish the three point estimates for the WBS for both beta and triangular distributions. In this case the likelihood of completing the project with only $47m is rather small as shown in the next Cost Risk simulation
Total Project Cost Cumulative ChartTotal Project Cost Cumulative Chart 100% Mean $52.33m 75% The Cumulative data in slide 23 shows that the project is 25% Probability likely to meet the $47m estimate, 50% if there is a desire to meet 50% of likelihood, a contingency will have to be added which will be 25% calculated as (($52.33- $47m)/$47m) = 11.3% $47m $20m $40m $64m $80m $ $60m Cost 37%
Total Project Cost Cumulative ChartTotal Project Cost Cumulative Chart
Examples of Commonly used distributionsExamples of Commonly used distributions
Decision Tree DiagramDecision Definition Decision Node Chance Node Net Path value Input: Scenario Probability Computed: Input: Cost of each DecisionDecision to be made Output: Decision made Reward if it occurs Payoffs minus Output: Expected Monetary Value (EMV) Costs along Path 60% $80m Strong Demand ($220m) $220m - $140m = $80m Build New Plant (Invest $140m) 40% .60($80m) + .40(-$40) = $32m Weak Demand -$40m EMV (B f (Before C t ) of b ild Costs) f build ($100m) New Plant considering demand $100m - $140m = -$40m Build or Upgrade 60% Strong Demand $80m ($140m) Decision EMV = $72m i.e. the larger of $32m & Upgrade Plant $140m $60m $80 $140 - $60 = $80m $72m (Invest $60m) Decision Node 40% .60($80m) + .40($20m) = $72m Weak Demand $20m EMV (before build costs) of upgrade ($80M) Chance Node Plant considering demand $80m - $60m = $20m Scenarios End of Branch 1. Probability of strong demand is 60% and Probability of Weak demand is 40% 2. Build new plant will cost $140m while strong demand yields $220m and weak demand yields $100m 3. Upgrade Plant will yield $140m while weak demand will yield $80m Decision made upgrade because its EMV is $72m while that of build new plant is $32m
11.4.3 Perform Quantitative Risk Analysis: O t t Outputs1. Risk Register Updates includes ‐Probability Analysis of the project – li i b bili l i f h j listing possible ibl completion dates and cost and their confident levels of achieving and using contingency reserve to bring result to an acceptable level ‐Probability of achieving cost and time objectives – Using cumulative chart ‐Prioritized lists of quantified risks ‐ using tornado diagram to identified most impacting risks and listing them ‐Trends in quantitative risk analysis results – using historical reports of past risks trends on schedule cost , time and quality
11.5 Plan Risk Response 11.5 Plan Risk Response• Plan Risk Response : This is process of developing p p p g options and actions for opportunities and threats.• It includes assigning one person as each risk owner to take responsibility for each agreed to and funded risk response, addressing the risks by priorities and risk response addressing the risks by priorities and putting more resources and activities into the budget, schedule and cost of quality as approved in the Project Management Plan.
11.5.1 Plan risk response: Inputs11.5.1 Plan risk response: Inputs
11.5.1 Plan risk response: Inputs 11.5.1 Plan risk response: Inputs1. Risk Register1 Risk Register2. Risk Management Plan
11.5.2 Plan Risk Response: Tools and Techniques 11.5.2 Plan Risk Response: Tools and Techniques1. Strategies for Negative Risks ‐Avoid e.g. Reducing scope Avoid e g Reducing scope ‐Transfer e.g. Insurance, Performance bond, Warranties, Fixed price transfer risk to the seller, cost‐plus contracts transfer risk to the buyer ‐Mitigate e.g. choosing a more stable supplier, conducting more tests for early detection ‐Accept e.g. providing a contingency reserve to take care of it if it occurs2. Strategies for Positive Risks ‐Exploit e.g. Assigning most talented person to perform the tasks – reduces time to p g g g p p do the job ‐Share e.g. forming joint venture to share the benefits ‐Enhance e.g. Maximizing the key drivers that creates the opportunity ‐Accept e.g. Willingness to take advantage when the opportunity occurs but not actively pursuing it ti l i it3. Contingency Response strategies e.g. identifying events that can trigger the contingency response4.4 Expert Judgment e.g. Using Risk Experts with specialized education Expert Judgment e g Using Risk Experts with specialized education
Strategies for Threats• Avoid – Eliminate the threat entirely – Isolate project objectives from the risk’s impact• Transfer (Deflect, Allocate) (Deflect – Shift some or all the negative impact of a threat to a third party• Mitigate – Implies a reduction in the probability and/or impact of an adverse risk event to be within acceptable threshold limits• Accept – Deal with the risks – Project management plan is not changed
Strategies for Opportunities• Exploit – Seek to ensure the opportunities definitely happen• Share – Allocate some or all of the ownership of the opportunity to a third party who is best able to capture the opportunity for the project benefit.• Enhance – Increase the probability and/or the positive impacts of an opportunity. t it• Accept – Not actively pursuing an opportunity
11.5.3 Plan Risk Responses: Outputs 11.5.3 Plan Risk Responses: Outputs1.1 Risk Register updates Risk Register updates2. Risk related contracts3.3 Project Management Updates j d4. Project Document updates
11.6 Monitor and Control Risks: InputsMonitor and Control Risks is the process of implementing risk response plans, tracking identiﬁed risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness throughout the projectevaluating risk process effectiveness throughout the projectThe Monitor and Control Risks process applies techniques, such as variance and trend analysis, which require the use of performance information and trend analysis, which require the use of performance informationgenerated during project execution. Other purposes of the Monitor and Control Risks process are to determine if:•Project assumptions are still valid•Risk has changed or can be retired•Risk management policy & procedure are being followed•Align contingency reserves with current risk assessment
11.6.1 Monitor and Control Risks: Inputs1.1 Risk Register Risk Register2. Project Management Plan3.3 Work Performance Information k f f i4. Performance Reports
11.6.2 Monitor and Control Risks: Tools and Techniques q1.1 Risk Assessment Risk Assessment2. Risk Audit3.3 Variance and Trend analysis i d d l i4. Technical Performance measurement5. Reserve analysis6.6 Status meetings Status meetings
11.6.3 Monitor and Control Risks: Outputs11.6.3 Monitor and Control Risks: Outputs1.1 Risk Register Updates Risk Register Updates2. OPAs3.3 Change requests h4. Project Management Updates5. Project Document Updates
For more information do not hesitate to contact me. Ahmad H. Maharma ‐ PMP®• Ramallah, Palestine • Phone: + (972) (2) 2968644• Mobile: + (972) (599) 001155 E‐Mail: email@example.com