PROJECT RISK MANAGEMENT Ammar Bukhari RISK Threat Uncertainty

PROJECT RISK MANAGEMENT Ammar Bukhari

RISK: Threat / Uncertainty of Outcome probability that an action or event, will adversely or beneficially affect an organization's ability to achieve its objectives

Risk Future event May impact triple constraint (Budget, scope and schedule). Issue Present problem Influencing triple constraints. Risk can become an issue Issue is not risk it already happened.

ISSUE TODAY RISK FUTURE

WHAT IS PROJECT RISK MANAGEMENT? Project Risk Management: - An uncertain event or condition that, if it occurs, has a positive or negative effect on the Project Objectives (Scope, Schedule, Cost, Quality) - one of knowledge areas including the processes required to ensure timely completion of the project

PROCESS GROUPS & RISK MGMT ACTIVITIES Initiating Planning 1. 2. 3. Plan Risk Management Identify Risks Perform Qualitative Risk Analysis 4. Perform Quantities Risk Analysis 5. Plan Risk Responses Executing Controlling 6. Monitor & Control Risks Closing

1. Plan Risk Management -Defining how to conduct risk management activities. Inputs 1. Project Scope Statement 2. Cost Management Plan 3. Schedule Management Plan 4. Communications Mgmt Plan 5. Enterprise Environ. Factors 6. Organizational Process Assets Tools & Techniques Outputs 1. Planning Meetings and Analysis 1. Risk Management Plan

Documents the procedures for managing risk throughout the project

� Includes: �Methodology �R&R �Budget �Schedule �Risk Categories �Using risk breakdown structure (RBS) �Probability and Impact Matrix �Stake Holders Tolerance �Reporting Formats �Risk Documentation

� Methodology: �Define the tools, approaches, and data sources used within the project performing risk management. � Roles and Responsibility �Who lead, support, and be a member and What activities are they responsible for within Risk Management Plan � Budget: �Risk management cost in terms of resources, buffers for baseline and contingency reserve

� Schedule �Risk schedule within the project defining when risk management process will be followed throughout the project life cycle � Risk Categories �Using RBS to identify and categorize risks � Probability �ranking and Impact Matrix between low, moderate, high related to the risk effect on project’s objectives

IT Project Business Technical Organizational Executive Project Management Competitors Hardware Suppliers Software User support Communication Cash flow Network Team support Resources support Estimates

� Stake Holders Tolerance �Expectation of stakeholders tolerance level, in terms of cost, resources, budget, and schedule � Reporting �Risk � Risk Formats reports formats / documents Documentation �how risk activities tracked/documented �for future audits, and lesson learned

� Contingency �predefined � Fallback �for plans identifying risk event occurs plans high impact risks on project objectives � Contingency �provisions reserves held to reduce the risk cost or schedule overruns to an acceptable level

Flight Operation Information System (FOIS) Air. Crew System

2. IDENTIFY RISKS - Determining which risks may affect the project and documenting their characteristics. Inputs Tools & Techniques Outputs 1. Risk Management Plan 2. Activity Cost Estimates 3. Activity Duration Estimates 4. Scope Baseline 5. Stakeholder Register 6. Cost Management Plan 7. Schedule Management Plan 8. Quality Management Plan 9. Project Documents 10. Enterprise Environ. Factors 11. Organizational Process Assets 1. Documentation Reviews 1. Risk Registers 2. Information Gathering Techniques: (Brainstorming / Delphi / Interviewing / Root cause analysis) 3. Checklist Analysis 4. Assumption Analysis 5. Diagramming Techniques: (Cause & Effect / Process flow chart / Influence Diagrams) 6. SWOT Analysis 7. Expert Judgment

� Brainstorming �Expectation of stakeholders tolerance level, in terms of cost, resources, budget, and schedule � Delphi �Risk Technique reports formats / documents � Interviewing �how risk activities tracked/documented �for future audits, and lesson learned � Root Cause Analysis �Checklist / Assumption / Diagramming / SOWT

� Checklist Analysis �Using historical records / learned lessons from previous projects and other sources �RBS Leafs in can be considered as items in the list �At project end, list can be reviewed and updated to be used in future projects � Assumption �Upon assumptions, some risks were identified and listed

� Diagramming �diagrams Technique can help to identify additional risks: �Cause and Effect �Process flow charts �Influence diagrams

� SOWT �Helps Analysis identify the broad negative and positive risks that apply to a project

�Document contains results of various risk management processes �Often displayed in a table or spreadsheet �Tool for documenting potential risk events and related information No. Rank R 44 1 R 21 2 R 7 3 Risk Description Category Root Cause Triggers Potential Responses Risk Owner Probability Impact Status

3. PERFORM QUALITATIVE RISK ANALYSIS - Prioritizing risks for further analysis / action by assessing their probability of occurrence and impact. Inputs 1. Risk register 2. Risk management plan 3. Project scope statement 4. Organizational process assets Tools & Techniques Outputs 1. Risk probability and impact assessment 2. Probability and impact matrix 3. Risk data quality assessment 4. Risk categorization 5. Risk urgency assessment 6. Expert judgment 1. Risk register updates

� Risk probability and Impact Assessment �This tool will look after: �Likelihood of each risk to happen �Its affect on project objectives �(Schedule, Cost, Quality, or Performance) � Probability �lookup and Impact Matrix table can be used identifying each risk importance and thus its priority

� Risk data quality assessment �It evaluates data quality degree, so it will be useful for risk management �data to be more accurate, understood, and reliable �for more credibility results � Risk categorization �classify risks by: �RBS �Area will be affected �Any other reasonable type

� Risk urgency assessment �Risks that �May happen soon �Response planning will take much time �Will be dealt as urgent to be processed quickly through this process

4. PERFORM QUANTITATIVE RISK ANALYSIS - Numerically estimating the effects of risks on project objectives. Inputs Tools & Techniques Outputs 1. Risk register 2. Risk management plan 3. Cost Management Plan 4. Schedule Management Plan 5. Organizational process assets 1. Data Gathering & Representation Techniques 2. Quantities risk analysis and modeling techniques 3. Expert judgment 1. Risk register updates

Risk � Data Gathering & Representation Techniques �Interviewing �Probability � Quantitative Impact distribution risk analysis and modeling techniques �Sensitivity analysis �Expected monetary value analysis �Modeling and simulation Likelihood

� Interviewing �With concerned project team members, stakeholders, and Subject Matter Experts � Probability distribution �graphically displayed representing both time/cost element and probability �modeling and simulation techniques �Beta, triangular distributions, Discrete distribution

the highest value of each competing option Risk probability * risk monetary value

technique used to show the effects of changing one or more variables on an outcome

Simulation uses a representation or model of a system to analyze the expected behavior or performance of the system. Monte Carlo analysis three estimates (most likely, pessimistic, and optimistic)

5. PLAN RISK RESPONSES - Developing options and actions to enhance opportunities and to reduce threats to project objectives. Inputs 1. Risk register 2. Risk management plan Tools & Techniques 1. Strategic for negative risks or threats (Avoid / Transfer / Mitigate / Accept) 2. Strategies for positive risks or opportunities (Exploit/ Share / Enhance / Accept) 3. 4. Contingent response strategies Expert judgment Outputs 1. 2. 3. 4. Risk register updates Risk-related contract decisions Project management plan updates Project document updates

� Strategic for negative risks or threats �Risk avoidance �Change the plan to eliminate the risk or condition or to protect the project objectives from its impact. �Risk transfer �Shift the consequence of a risk to a third party, through purchasing insurance, warranties, guarantees, or outsourcing the work. �Mitigation �Reduce the probability to an acceptable threshold, thus removing it from top risks. �Acceptance technique �Not to change the project plan to deal �Unable to identify any other suitable response

� Strategic for positive risks or opportunities �Risk exploitation: �make sure the positive risk happens �Risk sharing: �allocating ownership of the risk to a party �Risk enhancement �changing the size of the opportunity by identifying and maximizing key drivers of the positive risk �Risk acceptance �the project team cannot choose �not to take any action toward a risk

� Contingent �Contingency response strategies plans �Specific actions that are to be taken when a potential problem occurs �Should be developed in advance �Helps ensure coordinated, effective, and timely response �Some plans may require backup resources that need to be arranged in advance �Contingency planning should be done only for the high-threat problems that remain after you’ve taken preventive measures

6. MONITOR AND CONTROL RISKS - Implementing risk response plans, tracking identified / new risks, monitor residual risks, and evaluating risk process effectiveness. Inputs 1. Risk register 2. Risk management plan 3. Work performance information 4. Performance Reports Tools & Techniques Outputs 1. Risk reassessment 2. Risk audits 3. Variance and trend analysis 4. Technical performance measurement 5. Reserve analysis 6. Status meetings 1. Risk register updates 2. Organizational process assets updates 3. Change requests 4. Project management plan updates 5. Project document updates PMP Workshop 07 October 2020

� Risk reassessment �to measure where the project stands today on a risk issue. �After risk mitigation, the team can reassess the current risks by identifying new risks, or closing outdated risks. � Risk audits �Indication of the project team ability to identify, measure, and manage risks �Provide independent assessment of the risk management practices of the company �verifies that the company has appropriate risk management control in compliance with approved risk policies and procedures

� Variance and trend analysis �Helping to identify the factors that affect each element �its goal is to determine the causes of a variance �difference between expected result and an actual result �effective way to discover the sum causes of a result � Technical performance measurement � actual performance is tracked compared by project management to the Technical Performance Measurement

� Reserve analysis �Manage the reserve and use them only for risks keeping the project risk on track. �Additional reserve could be requested, or could be reduced if there is opportunity or threats were not happened

SAMPLE PMP CERTIFICATION QUESTIONS

All of the following are factors in the assessment of project risk EXCEPT? A. Risk event B. Risk probability C. Amount at stake D. Insurance premiums Answer D Explanation Insurance premiums come into play when you determine which risk response strategy you will use.

Which of the following risk events is MOST likely to interfere with attaining a project's schedule objective? A. Delays in obtaining required approvals B. Substantial increases in the cost of purchased materials C. Contract disputes that generate claims for increased payments D. Slippage of the planned post-implementation review meeting Answer A Explanation Cost increases (choice B) and contract disputes (choice C) will not necessarily interfere with schedule. Notice the words "post-implementation" in choice D. It will not definitely interfere with the project schedule. Choice A is the only one that deals with a time delay

Risks will be identified during which risk management process(es)? A. Quantitative risk analysis and risk identification B. Risk identification and risk monitoring and control C. Qualitative risk analysis and risk monitoring and control D. Risk identification Answer B Explanation This is a tricky question. Risks are identified during risk identification, naturally, but newly emerging risks are identified in risk monitoring and control

Risk tolerances are determined in order to help: A. the team rank the project risks. B. the project manager estimate the project. C. the team schedule the project. D. management know how other managers will act on the project. Answer A Explanation If you know the tolerances of the stakeholders, you can determine how they might react to different situations and risk events. You use this information to help assign levels of risk on each work package or activity

You are finding it difficult to evaluate the exact cost impact of risks. You should evaluate on a(n): A. quantitative basis. B. numerical basis. C. qualitative basis. D. econometric basis. Answer C Explanation If you cannot determine an exact cost impact to the event, use qualitative estimates such as Low, Medium, High, etc

Purchasing insurance is BEST considered an example of risk: A. mitigation. B. transfer. C. acceptance. D. avoidance. Answer B Explanation To mitigate risk (choice A) we either reduce the probability of the event happening or reduce its impact. Many people think of using insurance as a way of decreasing impact. However, mitigating risk is taking action before a risk event occurs. Buying insurance is not such an action. Acceptance of risk (choice C) does not involve such action as purchasing insurance. Avoidance of risk (choice D) means we change the way we will execute the project so the risk is no longer a factor. Transference is passing the risk off to another party

An output of risk response planning is: A. residual risks. B. risks identified. C. prioritized list of risks. D. impacts identified. Answer A Explanation Risks are identified (choice B) during risk identification and risk monitoring and control. Prioritized risks (choice C) are documented during qualitative and quantitative risk analysis. Impacts (choice D) are generally determined during quantitative risk analysis. The best answer is A

The customer requests a change to the project that would increase the project risk. Which of the following should you do before all the others? A. Include the expected monetary value of the risk in the new cost estimate. B. Talk to the customer about the impact of the change. C. Analyze the impacts of the change with the team. D. Change the risk management plan Answer C Explanation This is a recurring theme. First, you should evaluate the impact of the change. Next, determine options. Then go to management and the customer