PROJECT RISK MANAGEMENT Project Risk Contract Management Project

PROJECT RISK MANAGEMENT Project Risk & Contract Management

Project Risks “……. . as we know, there are knowns; there are things we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there also unknowns – the ones we don’t know. ” - Donald Rumsfeld: the former US Defense Secretary

Project Risk Management - Concepts (1) Risk – Definition(1) “…an uncertainty that can have a negative or positive effect on meeting project objectives. ” – Schwalbe (2003) “The possibility of (a project) suffering harm or loss. ” PMI(04) “Uncertainty inherent in plans and the possibility of something happening (i. e. a contingency) that can affect the prospects of achieving business or project goals. ” -(BS 6079) “…a measure of the probability and consequence of not achieving a defined project goal. ” – Kerzner (2003)

Project Risk Management - Concepts (2) Risk – Definition(2) From the definition, it is clear that risk has two primary components: A probability (likelihood) of occurrence of that event Impact of the event occurring (amount at stake) • Conceptually, risk for each event can be defined as a function of likelihood and impact: Risk = f(likelihood, impact)

Project Risk Management -as a knowledge area [PMI(2004)] Risk Identification Quantification Response Development Response Control

Project Risk Management - Concepts (4) Risk management process (Figure 7. 2) The major components of the risk management process are: (1) risk identification (2) risk assessment (3) risk response planning (risk response development & risk response control)

Project Risk Management - Identification (1) The identification of project risks and exposure to loss is perhaps the most important element of the project risk management process Unless the sources of possible losses are recognised, it is impossible to consciously choose appropriate, efficient methods for dealing with those losses should they occur

Project Risk Management - Identification (3) Risk can also be identified according to lifecycle phases (total project risk is high in the early life-cycle phases & in the later life-cycle phases, the financial risk is the greatest) – Figure 7 -1

Project Risk Management - Identification (4) Any source of information that allows recognition of a potential problem can be used for risk identification. These include, but not limited to: Life-cycle cost analysis (√) Plan/WBS decomposition (√) Schedule analysis (√) Baseline cost estimates Assumption analysis Trade studies/analyses Models (influence diagrams) Expert judgment

Project Risk Management – Assessment(1) Risk identification produces a list of potential risks. Not all of these risks deserve attention. Some are trivial and can be ignored, while others pose serious threats to the welfare of the project. • The Lead Manager needs to develop a method for sifting through the list of risks, eliminating inconsequential or redundant ones and stratifying worthy ones in terms of importance and need for attention.

Project Risk Management – Assessment(2) Scenario analysis is the easiest and most commonly used technique for analyzing risks. Team members assess each risk in terms of: • • • The undesirable event All the outcomes of the event’s occurrence The magnitude or severity of the event’s impact Chances/probability of the event happening When the event might occur in the project Interaction with other parts of this or other projects.

Risk Assessment form(1(L)……. 5(H) Risk Event Likelihood Impact Detection When Difficulty A 4 4 4 XXXXX B 2 5 5 XXXXX C 4 3 3 XXXXX D 1 5 5 XXXXX

Risk Severe Matrix (2 e) likelihood 5 G Y Y R R 4 G Y Y R R 3 G G Y Y R 2 G G Y Y R 1 G G G Y Y 1 2 3 4 5 impact

Risk Severe Matrix (2 f) R – Red zone: major risk Y – Yellow zone: moderate risk G – Green zone: minor risk

Risk Severe Matrix The matrix provides a basis for prioritizing which risks to address Red zone (R) receive first priority, followed by yellow (Y) zone risks. Green (G) zone risks are typically considered inconsequential and ignored unless their status changes Failure Mode and Effect Analysis (FMEA) extends the risk severity matrix by including ease of detection in the equation: Impact x Probability x Detection = Risk Value

Project Risk Management – Assessment(3) After performing a risk analysis, it is often necessary to convert the results into risk levels. Risk ratings are an indication of the potential impact of risk on a project. They are typically a measure of the likelihood of an issue occurring and the consequences of the issue, and often expressed as low (Green) , medium (Yellow), and high (Red).

Project Risk Management – Assessment(4) A representative (“strawman”) set of risk rating is normally followed: • High risk (Red): Substantial impact on cost, schedule, or technical. Substantial action required to alleviate issue. High priority management attention is required. • Moderate risk (Yellow): Some impact on cost, schedule, or technical. Special action may be required to alleviate issue. Additional management attention may be needed. • Low risk (Green): Minimal impact on cost, schedule, or technical. Normal management oversight is sufficient.

Project Risk Management – Response Planning(1) Risk response development • When a risk event is identified and assessed, a decision must be made concerning which response is appropriate for the specific event. • Response to risk can be classified as mitigating, avoiding, transferring, sharing, or retaining.

Project Risk Management – Response Planning(11) : Risk Response Matrix (Which Project? ) Risk Event Response Contingency Plan Trigger Who is responsible A Reduce ? ? Manchidi B Reduce ? ? Sthembiso C Reduce ? ? Peter D Transfer ? ? Van Tonder

Project Risk Management – Response Control The last step in the risk management process is risk control – executing the risk response strategy, monitoring triggering events, initiating contingency plans, and watching for new risks. Establishing a change management system to deal with events that require formal changes in the scope, budget, and/or schedule of the project is an essential element of risk control.

Managing Risks Through Contracts Categorization of Risks: Political & social risks (war damage, strike, theft, vandalism, etc. ) Natural risk [climatic conditions, geological conditions, other natural catastrophes, etc. ] Economic & legal risk (inflation, shortages, change in law & taxes etc. ) Behaviours risk (employer’s √ /contractor’s/3 rd party)