Professional Documents
Culture Documents
Risk Management
Chapter 11
Risk Management
Processes required to effectively identify, analyze,
and respond to project risks
Risk
RiskManagement
ManagementPlanning
Planning
Risk
RiskIdentification
Identification
Qualitative
QualitativeRisk
RiskAnalysis
Analysis
Quantification
QuantificationRisk
RiskAnalysis
Analysis
Risk
RiskResponse
ResponsePlanning
Planning
Risk
RiskMonitoring
Monitoring& &Control
Control
Components
Risk event
Risk event probability
Risk outcome or consequence (Amount at stake)
Risk event status (Probability x amount at stake)
Processes
Processesfor foridentifying,
identifying,analyzing,
analyzing,and
andresponding
respondingtotoproject
project
risk.
risk. ItItincludes
includesmaximizing
maximizingthetheprobability
probabilityand
andthe
theresults
results
of
ofpositive
positiveevents
events(opportunities)
(opportunities)and
and minimizing
minimizingthethe
probability
probabilityandandconsequences
consequencesof ofadverse
adverseevents
events(risks).
(risks).
Inputs
• Project Charter
• Risk Management Policies Outputs
• Defined Roles & Responsibilities • Risk Management Plan
• Stakeholder Risk Tolerance
• Risk Management Plan Template
• WBS
Inputs
■ Project Charter
■ Organization’s risk management policies – predefined
approaches to risk analysis and response
■ Defined roles, responsibilities, and authority levels for
decision-making
■ Stakeholder risk tolerances – expressed in policy
statements or action
■ Template for risk management plan
■ WBS
Outputs
■ Risk Management Plan
■ Methodology – defines approaches, tools, and data sources that might be used to
perform risk management on the project
■ Roles & Responsibilities – defines the lead, support, and risk management team
membership for each type of action in the plan
■ Budget - $
■ Timing – Describes how often the risk management process will be performed
throughout the project life cycle.
■ Scoring and interpretation – methods used for performing qualitative and
quantitative risk analysis
■ Thresholds – the target against which the project team measures the effectiveness of
the the risk response plan execution
■ Reporting formats - defines how the results of the risk management processes will be
documented, analyzed, and communicated to the project team and stakeholders
■ Tracking – Documents all facets of risk activities and how the risk process will be
audited
• Categories
– External, unpredictable Regulatory, etc.
– External, predictable Market risks
– Internal, non-technical Management
– Technical Design
– Legal Contractual
Outputs
Inputs • Risks
• Risk Management Plan • Triggers
• Project Planning Outputs • Inputs to other process
• Risk Categories
• Historical information
Source: PMBOK Guide 2000 Version © 2002 Robbins-Gioia, Inc. 11-14
Risk Identification
Inputs
■ Risk Management Plan
■ Project Planning Outputs
■ Project charter
■ WBS
■ Product description
■ Schedule & cost estimates
■ Resource plan
■ Procurement Plan
■ Assumptions and constraint lists
Inputs
■ Risk Categories (See Note Pages)
■ Technical, quality, or performance risks
■ Project Management risks
■ Organization risks
■ External risks
■ Historical Information
■ Project files
■ Published information
Inputs (cont.)
■ Historical information – Available from the Following
sources
■ Project files – Records of previous projects
Commercial databases – Historical information available
commercially
Project team knowledge
Information-gathering techniques
Brainstorming
Delphi technique
Interviewing
SWOT
Strengths Weaknesses
Internal
Build On Eliminate or Reduce
Opportunities Threats
External
Exploit Mitigate
Outputs
Potential Risk Event – Identify discrete occurrences that
might affect the project
Triggers – Risk symptoms or warning signs that indicate a
risk even has occurred or is about to occur
Inputs to other processes – may identify a need for
further activity in another area
Inputs
• Risk Management Plan Outputs
• Identified risks • Overall risk ranking
• Project status • List of prioritized tasks
• Project type • List of risks for additional
• Data Precision Management & Analysis
• Scales of probability & impact • Trends in results
• Assumptions
Inputs
■ Risk management plan
■ Identified Risks – evaluation of risks identified during the risk
identification process and their potential impacts on the project
■ Project Status – identification of risks as the project progresses
through its life cycle
■ Project Type – determines the amount of risk
■ Common or recurrent type have less risk
■ State-of-the-art, first time technology, or highly complex projects
have more risk
Inputs (cont.)
■ Data Precision – measures the extent of data available, as
well as the reliability of the data and source of the data
■ Scales of Probability and Impact – assess the two key
dimensions of risk (probability of occurring and impact on
project)
■ Assumptions
Outputs
■ Overall Risk Ranking – indicates the overall risk position of a
project relative to other projects by comparing risk scores
■ List of Prioritized Risks – Grouped by:
■ Rank (high, moderate,low)
■ Those requiring immediate response and those that can be handled at a
later date
■ Those that affect cost, schedule, functionality, and quality.
■ Significant risks should have a description of the basis for the
assessed probability and impact
Outputs (cont.)
■ List of Risks for Additional Analysis and Management
– moderate and high risks are candidates for more analysis,
including quantitative and risk analysis, and risk
management action
■ Trends in Qualitative Risk Analysis Results – As the
analysis is repeated, a trend of results may become
apparent, and can make risk response more or less urgent
and important
Inputs
• Outputs
Risk Management Plan
• Prioritized List of Quantified Risks
• List of prioritized risks
• Probability Analysis of the project
• List of risks for additional
• Probability of achieving the cost
Management & Analysis
• and time objectives
Historical Information
• Trends in Quantitative Risk Analysis
• Expert Judgment
• Results
Other Planning Outputs
Inputs
Risk Management Plan
Identified Risks
List of Prioritized Risks
List of Risks for Additional Analysis and Management
Historical Information – on prior, similar completed projects, studies
of similar projects by risk specialists, and risk databases available
Expert Judgment – inputs from the project team, other subject matter
experts within the organization, and outside sources
Other Planning Outputs – schedule logic and duration estimates,
WBS list of all cost elements, and models of project technical
objectives
• Statistics
– Mean – Average of the values of events
– Mode – Value which occurs most often
– Median – Value in middle of the range of ordered values
• Variance
– Average of the squared deviations from the mean
– Standard deviation – Square Root of the Variance
– Range – Values between upper & lower limits
-3 -2 -1 0 +1 +2 +3
0.7
0.5 Project B Success
0.3
Failure
What is the probability that Project B will
be selected and will be successful? Answer: 0.35
Source: PMBOK Guide 2000 Version © 2002 Robbins-Gioia, Inc. 11-37
Quantitative Risk Analysis
0.0
0.0
Beta Distribution Triangular Distribution
Using PERT approximations Mean = (a+m+b) / 3
Variance = [(b-a)2 + (m-a)(m-b)] / 18
Mean = (a +4m +b) / 6 Variance = [(b-a) / 6]2
■ Monte Carlo
– “Perform” project many times to provide a statistical distribution of
calculated results
– Uses results to quantify the risk of various schedule alternatives,
different project strategies, different paths through the network, and
individual activities
– Can be used to assess the range of possible cost options
90
Cumulative Probability
80
70
60
50
40
30
20
10
0
110 120 130 140 150 160 170 180 190 200
Outputs
Prioritized List of Quantified Risks – risks that pose greatest threat
or present the greatest opportunity to the project together with a
measure of their impact
Process
Processof
ofdeveloping
developingoptions
optionsand
anddetermining
determiningactions
actionsto
to
enhance
enhanceopportunities
opportunitiesand
andreduce
reducethreats
threatsto
tothe
theproject’s
project’s
objectives
objectives
Outputs
Outputs
•• Risk
Riskmanagement
managementplan
Inputs
Inputs plan
•• Inputs
Inputstotoother
otherprocesses
processes
•• Opportunities
Opportunities •• Contingency
Contingencyplans
plans
•• Threats
Threatsand
andrisks
risks •• Reserves
Reserves(Mitigation)
(Mitigation)
•• Contractual
Contractualagreements
agreements
Mitigation
(Corrective action)
Acceptance
Avoidance
(Accept consequences)
(Prevention)
Transference
(Shift Responsibility)
Source: PMBOK Guide 2000 Version © 2002 Robbins-Gioia, Inc. 11-47
Tools & Techniques (cont.)
■ Avoidance – Change project plan to eliminate the risk or
condition or to protect the project objectives from its
impact
■ Transference – Shift the consequences of a risk to a third
party together with the ownership of the response
■ Mitigation – Reduce the probability and/or consequences
of an adverse risk event to an acceptable threshold
■ Acceptance – Do not change project plan, but develop a
contingency plan should the risk event occur
Inputs
• Opportunities (Ignore or pursue)
Outputs
Risk management plan – Part of the project plan; it is used to
document the procedures that will be used to manage risk throughout
the project
• Should contain:
– Results of the risk identification and risk quantification processes
– Who is responsible for managing various areas of risk
– How the initial identification and quantification outputs will be maintained
– How contingency plans will be implemented
– How reserves will be allocated
Outputs (cont.)
• Contingency Plans – Pre-defined action steps to be taken
if an identified risk event should occur
• Reserves (Mitigation) – Provision in the project plan to
mitigate cost and schedule risk
• Contractual agreements – May be entered into for
insurance, services, and other items, as appropriate, in
order to avoid or mitigate threats
LOW HIGH
Seller Risk
Buyer Risk
HIGH LOW
Cost Plus Cost Plus Fixed Cost Plus Fixed Price Firm Fixed Price
Percentage of Incentive Fee Incentive (FPI)
Fee (CPFF)
Costs (CPPC) (CPIF)
Spectrum of risk
Insurable Risk
• Direct property damage – Insurance of principal assets, e.g.,
equipment, materials, property, auto
• Indirect consequential loss – Indirect loss suffered by third party,
resulting from actions by the contractor
• Legal liability – Design errors, public bodily injury, project-
performance failure
• Personnel – Bodily injury
• Wrap-up insurance – All the above integrated into one
agreement – usually provided by the owner
Inputs
Inputs
• Risk management plan
• Risk management plan
• Actual risk events
• Actual risk events Outputs
• Additional risk identification
• Additional risk identification
Outputs
•• Corrective
Correctiveaction
action
•• Updates
UpdatestotoRMP
RMP
Inputs
• Risk management plan (RMP)
• Actual risk events – Those events which occur and are recognized by
the PM team
Outputs
• Corrective action – Performing the planned risk response
Inputs
■ Risk management plan
■ Risk response plan
■ Project communication – work results and other project
records provide information about project performance and
risks
■ Additional risk identification and analysis – as project
performance is measured and reported, potential risks not
previously identified may surface.
■ Scope changes – often require new risk analysis and
response plans