Project Risk M P j Ri k Management

What is Risk? Risk and uncertainty are equivalent i l

Three Definitions
• Risk
– A possible future event which if it occurs will p lead to an undesirable outcome.

• Project Risk
– The cumulative effect of the chances of an uncertain occurrence that will adversely affect project objectives objectives.

• Risk Management
– A systematic and explicit approach for identifying, quantifying, and controlling project risk.

DEFINITION
PROJECT RISK MANAGEMENT IS THE ART AND SCIENCE OF IDENTIFYING, ASSESSING, AND RESPONDING TO PROJECT RISK THROUGHOUT THE LIFE OF A PROJECT AND IN THE BEST INTERESTS OF ITS OBJECTIVES PROJECT RISK IS THE CUMULATIVE EFFECT OF THE CHANCES OF UNCERTAIN OCCURRENCES ADVERSELY AFFECTING PROJECT OBJECTIVES

RISK MANAGEMENT PURPOSE
IDENTIFY FACTORS THAT ARE LIKELY TO IMPACT THE PROJECT OBJECTIVES OF SCOPE, QUALITY, COST AND TIME SCOPE QUALITY QUANTIFY THE LIKELY IMPACT OF EACH FACTOR GIVE A BASELINE FOR PROJECT NON CONTROLLABLES NON-CONTROLLABLES MITIGATE IMPACTS BY EXERCISING INFLUENCE OVER PROJECT CONTROLLABLES THE PMBOK ALSO POINTS OUT THAT RISK MANAGEMENT INCLUDES MAXIMIZING THE RESULTS OF POSITIVE EVENTS AND MINIMIZING THE CONSEQUENCES OF ADVERSE EVENTS.

ISSUES
A RISK SHOULD ONLY BE TAKEN WHEN THE POTENTIAL BENEFIT AND CHANCES OF WINNING EXCEED THE REMEDIAL COST OF AN UNSUCCESSFUL DECISION AND CHANCES OF LOSING BY A SATISFACTORY MARGIN WHAT WILL BE GAINED? WHAT COULD BE LOST? WHAT ARE THE CHANCES OF SUCCESS (AND FAILURE)? WHAT CAN BE DONE IF THE DESIRED RESULT IS NOT ACHIEVED? IS THE POTENTIAL REWARD WORTH THE RISK? POTENTIAL FREQUENCY OF LOSS AMOUNT AND RELIABILITY OF INFORMATION AVAILABLE POTENTIAL SEVERITY OF LOSS MANAGEABILITY OF THE RISK VIVIDNESS OF THE CONSEQUENCES POTENTIAL FOR (ADVERSE) PUBLICITY WHOSE MONEY IS IT?

NATURE OF RISK MANAGEMENT
WHEN SPEAKING OF RISK, THINK OF ONLY HAZARDOUS ONES EVERYDAY COMMON DAY ONES ARE IGNORED RARELY DO WE SYSTEMATICALLY IDENTIFY ALL RISKS INVOLVED HOWEVER, INCLINED TO CONSIDER RISK DIFFERENTLY RELATIVE TO FAMILY - VERY PRECIOUS AND LOTS OF POTENTIAL EXAMPLES: SMALL CHILDREN - STAY AWAY FROM ROAD HOW DID DAY GO? - DO MORE TO HELP THEM - RISK ID & AVOIDANCE - INFO FEEDBACK

THESE ACTIONS ARE ESTABLISHING THE BASIC ELEMENTS OF MANAGING PROJECT RISK INTO OUR CHILDREN

PROJECT RISK MGMT IS PRO-ACTIVE
CLASSIC SYSTEMS METHODOLOGY: INPUT PROCESS FEEDBACK LOOP THIS PROCESS VITAL TO EFFECTIVE PROJECT CONTROL, HOWEVER , RISK IS DIFFERENT - - HAS TO DO WITH: UNCERTAINTY, PROBABILITY OR UNPREDICTABILITY, AND CONTINGENT PLANNING OUTPUT

REACTIVE vs. PRO-ACTIVE
CRISIS MANAGEMENT -- REACTIVE MODE -- SELECT RESPONSE PRO-ACTIVE -- ANTICIPATE AND PLAN TO AVOID RISK & DECISION MAKING: TAKE RISK IF POTENTIAL BENEFIT AND CHANCE OF WINNING EXCEEDS COST OF UNSUCCESSFUL DECISION AND CHANCES OF LOSING BY A SATISFACTORY MARGIN (CLASSIC COST / BENEFIT ANALYSIS)

Project Risk Management

Project Risk Management 11.0

Risk Identification Id tifi ti 11.1

Risk Quantification Q tifi ti 11.2

Risk Response Development D l t 11.3

Risk Response Control C t l 11.4

PMBOK Risk
• Opportunities - Positive outcome • Threats - Negative outcome

Benefits of Risk Management
• More and better information is available g planning and decision making g g during p • Project objectives are verified • Improved communications • Higher probability of project success • Proactive approach j g • Project might be canceled

Why Organizations don t do don’t Risk Management
• Unwillingness to admit risks exist • Postpone the hard parts of the project until later • Risk management costs money
– Up front investment of time – C ’ prove it’s necessary Can’t i’
• Think health insurance

Why Organizations don t do don’t Risk Management
• “Can Do” management style severely inhibits risk management • Risk identification can make you look like a s de c o c e oo e whiner

Ways to Avoid Risk Management
• “Managing risk is everybody’s business” • “There is only one risk: The project might . d we’re g g wo g fail. And we e managing that by working real hard to assure that doesn’t happen.”

The Uncertainty Spectrum
NO Information (Unknown k ) unknowns) Partial Information (Known unknowns) k ) SPECIFIC UNCERTAINTY Complete p Information (Knowns)

GENERAL TOTAL UNCERTAINTY UNCERTAINTY

TOTAL CERTAINTY

SCOPE OF PROJECT RISK MANAGEMENT*
*Note: in this range the information to be sought is known

Project Risk
Integration Communication Scope Project Risk

Time

Cost

Quality Human Resources

Procurement

INTEGRATING RISK
PROJECT MANAGEMENT INTEGRATION INFORMATION / COMMUNICATIONS
Life Cycle and Environment Variables

SCOPE

Expectations Feasibility

Ideas, Directives, Data Exchange Accuracy

QUALITY

Requirements Standards S d d

PROJECT RISK

Availability Productivity

HUMAN RESOURCES

Time Objectives, Restraints

Services, Plant, Materials: Performance

TIME

Cost Objectives, Restraints

CONTRACT / PROCUREMENT

COST

Project Risk Management
A subset of project management that includes the processes concerned with identifying, analyzing identifying analyzing, and responding to project risk.

Risk Management Objectives
• Reduce the number of surprise events • Minimize consequences of adverse events • Maximize the results of positive events

Risk Classification
• • • • • • Business risks vs. pure (insurable) risks Classified by uncertainty (business risks) Classified by impact on project elements Classified b h i Cl ifi d by their nature Classified by their source Classified by their probability to occur and amount at stake

Consequences of Risk Analysis
Positives
• greater information is made available during the course of planning and decision making • project objectives are verified p j j • better communications • better probability that project realization will be optimal • increased chance of project success p j

Consequences of Risk Analysis
Negatives
• belief that all risks have been accounted for • project could be shut down

Some Considerations
• Real information is the key. p y • The relationship between uncertainty and information is inverse. • For the project manager, conditions of relative uncertainty (partial information) are the rule. • There is a natural resistance to formal risk analysis. • Risks should only be taken to achieve a project objective.

PMBOK FIGURE 11-1
PROJECT RISK MANAGEMENT OVERVIEW
Risk Identification Inputs
Product Description Other Planning Outputs Historical Information

Risk Quantification Inputs
Stakeholder risk tolerances Sources of Risk Potential Risk Events Cost Estimates Activity Duration Estimates

Response Development Inputs
Opportunities to pursue, threats to respond to Opportunities to ignore, threats to accept

Response Control Inputs
Risk Management Plan Actual Risk Events Additional Risk Identification

Tools & Techniques
Checklists Flowcharting Interviewing

Tools & Techniques
Procurement Contingency Planning Alternative Strategies Insurance

Tools & Techniques
Workarounds Additional Risk Response Development

Tools T h i T l & Techniques
Expected Monetary Value Statistical Sums Simulation Decision Trees Expert Judgment

Outputs
Sources of Risk Potential Risk Events Risk Symptoms Inputs to other Processes

Outputs
Corrective Action Updates to Risk Management Plan Pl

Outputs
Risk Management Pl Ri k M t Plan Inputs to other Processes Contingency Plans Reserves Contractual Agreements

Outputs
Opportunities to pursue, threats to respond to Opportunities to ignore, ignore threats to accept

Risk Identification
Project Risk Management 11.0 11 0

Risk Identification 11.1

Risk Quantification 11.2

Risk Response Development 11.3

Risk Response Control 11.4

Risk identification is determining which risks are likely to affect the project and documenting the characteristics of each.

Typical Life Cycle Profiles Risk versus Amount at Stake
I N C R E A S I N G R I S K

Total project life cycle Plan Accomplish Phase 1 Conceive Phase 2 Develop Phase 3 Execute Phase 4 Finish $ (period when highest risks are incurred) (period of highest risk impact) TIME V A L U E

Inputs to Risk Identification
• Product description
– Specification – SOW – Contract

• Other planning outputs
– WBS – OBS – C and Schedule estimates Cost d S h d l i

Inputs to Risk Identification
• Historical information
– – – – Commercial databases Corporate memory Corporate database (lessons learned) Websites

Inputs to Risk Identification
• Assumptions
– Explicit – Implicit

• Critical success factors

PHASE 1: RISK IDENTIFICATION
IDENTIFY ALL POSSIBLE RISKS WHICH MAY SIGNIFICANTLY IMPACT THE SUCCESS OF THE PROJECT -- CAN DO THIS BY: CAUSE-AND-EFFECT ANALYSIS (WHAT COULD HAPPEN WHAT ENSUES) HOW

EFFECT-AND-CAUSE ANALYSIS (WHAT OUTCOMES TO AVOID THEY MIGHT OCCUR)

BRING IN THE EXPERTS ON THE PROGRAM AND QUESTION THEM BRAINSTORM WBS - INDIVIDUAL WORK PACKAGES PLUS COMBINATIONS THEREOF WILLOUGHBY TEMPLATES, SEI TAXONOMY AND CHARELLET CHECKLIST Risk typically examines possibility of suffering harm or loss; however, Risk Identification is also concerned with opportunities (positive outcomes) and threats (negative outcomes). outcomes)

TYPES OF RISK

• Business vs. Insurable Risk • Risk Sources
– – – – – External Unpredictable External Predictable Internal Non Technical Non-Technical Technical Legal L l

TYPES OF RISK (2)
• Knowns
– An item or situation containing no uncertainty

• Known Unknowns
– Things which we know exist but do not know how h h they will affect us. These can be ill ff h b identified and evaluated.

• Unknown Unknowns
– Those risks that cannot be identified and evaluated (unexpected needs). These can be handled via contingency allowances.

TYPES OF RISK (3)
• Risks can also be classified as:
– External Unpredictable – External Predictable – Internal Non-Technical – Technical h i l – Legal

• • • • •

EXTERNAL UNPREDICTABLE
Regulatory Natural Hazards Postulated Events Unexpected Side Effects of the Project Failure to Complete Project Due to Uncontrollable External Events

EXTERNAL PREDICTABLE
• • • • • • • Market Risks Operational Environmental Impacts Social Impacts Currency Ri k C Risk Inflation Taxes

INTERNAL, NON-TECHNICAL
• • • • • Management Schedule Cost Cash Flow C h Fl Loss of Potential Benefit or Profit

TECHNICAL
• Changes in Technology • Performance Uncertainty • Risks Associated with Project’s Technology • Design • Sheer Size or Complexity

LEGAL
• • • • • • Licensing Patent Rights Contractual Difficulties Outsider Suits Insider S it I id Suits Force Majeure (PMI’s Word)

OTHER RISK ID SOURCES
• Overly Aggressive Cost Estimates y gg • Overly Aggressive Duration Estimates • Staffing Plan - Personnel With Special Skills • Procurement Management Plan l • Historical Project Files & Project Team Knowledge • Commercial Databases

KEEP IN MIND
• How can you assess risks?

Break things down into individual elements and determine their relationships All of them Concentrate on those with greatest impact and most likely probability of occurrence

• What risks should you assess?
– –

RISK FACTORS
ALL PROJECT RISKS ARE CHARACTERIZED BY THE FOLLOWING THREE RISK FACTORS RISK EVENT: PRECISELY WHAT MIGHT HAPPEN TO THE DETRIMENT OF THE PROJECT Write it as an “If - Then” Statement RISK PROBABILITY: HOW LIKELY THE EVENT IS TO OCCUR AMOUNT AT STAKE: THE SEVERITY OF THE CONSEQUENCES

WITH THIS DATA, THE RISK EVENT STATUS ( CRITERION VALUE" OR ("CRITERION VALUE RANKING) OF A GIVEN RISK EVENT CAN BE DETERMINED BY: RISK EVENT STATUS = RISK PROBABILITY X AMOUNT AT STAKE

RISK EVENT vs. RISK SYMPTOM
RISK EVENT ARE DISCRETE OCCURRENCES RISK SYMPTOM ⇒ TRIGGERS THESE ARE INDIRECT MANIFESTATIONS OF ACTUAL RISK EVENTS

EXAMPLES OF RISK SYMPTOMS: POOR MORALE = EARLY WARNING SIGN OF SCHEDULE DELAY EARLY PROJECT COST OVERRUN = POTENTIAL POOR PROJECT OVERALL ESTIMATING

Risk Identification Tools d T h i T l and Techniques
• Checklists
– Project Healthcheck

• Flowcharting
– Cause & Effect (fishbone or Ishikawa charts
• What could happen What ensues How they occur

– Effect & Cause
• Outcomes to avoid

– System or Process flowcharts

Risk Identification Tools and Techniques
• Interviewing • Brainstorming

Outputs
• Sources of risk (i.e., categories)
– – – – Stakeholder actions Estimates Staffing plans Common sources of risk:
• • • • Changes in requirements Design errors, omissions, and misunderstandings Poorly defined R & R Insufficiently skilled staff

Outputs
• Potential Risk events
– Specific discrete events that might effect the project – Generally include: y
• • • • Probability Alternative outcomes Timing Frequency (more than once?)

Outputs
• Risk Symptoms
– Triggers, or trip wires, or indicators – Indirect manifestations of risk events
• Poor morale • Lack of reported progress

• Inputs to other processes
– Improved estimating – More training

Risk Quantification
Project Risk Management 11.0

Risk Identification 11.1

Risk Quantification 11.2

Risk Response Development 11.3

Risk Response Control 11.4

Risk quantification consists of evaluating the risks and risk interactions to assess the range of possible project outcomes.

PHASE 2: RISK QUANTIFICATION
GOALS OF QUANTIFICATION (OR ASSESSMENT)
INCREASE THE UNDERSTANDING OF THE PROJECT IDENTIFY THE ALTERNATIVES AVAILABLE ENSURE THAT UNCERTAINTIES AND RISKS ARE ADEQUATELY CONSIDERED IN A STRUCTURED AND SYSTEMATIC WAY AND INCORPORATED INTO THE PLANNING AND DEVELOPMENT PROCESS ESTABLISH THE IMPLICATIONS OF THESE UNCERTAINTIES ON ALL OTHER ASPECTS OF THE PROJECT

Risk Quantification - Inputs
• • • • • Stakeholder risk tolerances Sources of risk Potential risk events Cost i C estimates Activity duration estimates

Risk Quantification Tools and Techniques
• • • • • Expected monetary value Statistical sums Simulation Decision D i i trees Expert judgment

RISK ANALYSIS TECHNIQUES
BRAINSTORMING - SPONTANEOUS CONTRIBUTION OF IDEAS FROM TEAM DELPHI METHOD - METHOD TO DERIVE CONSENSUS USING EXPERT OPINION MONTE CARLO - ITERATIVE SIMULATION USING RANDOM NUMBERS TO INCORPORATE PROBABILISTIC DATA AND DERIVE A PROBABILITY DISTRIBUTION OF THE FINAL RESULT SENSITIVITY ANALYSIS - EVALUATE EFFECT OF A CHANGE IN A SINGLE VARIABLE ON THE ENTIRE PROJECT DECISION TREE ANALYSIS - GRAPHICAL "EITHER / OR" CHOICES UTILITY THEORY - TAKES ATTITUDE OF DECISION MAKER INTO ACCOUNT DECISION THEORY - TECHNIQUE TO REACH DECISION UNDER UNCERTAINTY AND RISK. POINTS TO BEST POSSIBLE COURSE NO MATTER THE FORECAST ACCURACY PROBABILITY ANALYSIS - NEXT PAGE

SIMPLE PROBABILITY
SIMPLE PROBABILITY EQUATION: Pr (Event #1) x Pr (Event #2) = Pr (Both Events) P(t) = P(A) * P(B)
OR 0.70 X 0.80 = 0.56 OR 56%

NOTE: THIS APPLIES TO INDEPENDENT EVENTS ONLY

PROBABILITY EXAMPLE
DATA: Probability of Scope = 0.70 Probability of No Scope = 0.30 Probability of Approval = 0.80 Probability of No Approval = 0.20 EXAMPLE: Pr(Scope) x Pr(Approval) = Pr(Scope) x Pr(No Approval) = Pr(No Scope) x Pr(Approval) = ( p ) ( pp ) Pr(No Scope) x Pr(No Approval) = 0.70 x 0.80 = 0.70 x 0.20 = 0.30 x 0.80 = 0.30 x 0.20 = Total= 0.56 0.14 0.24 0.06 1.00

PRACTICAL APPLICATION -- DECISION TREE ANALYSIS

Expected Monetary Value (EMV)
• Product of two values
– Risk event probability – Risk event value

• Valuation of the risk event is key
– Must include tangible as well as intangible value – 1 week slippage with minor client impact – 6 week slippage with major client impact

Expected Monitary Value Example
Given the following:
Cost Probability Optimistic $100,000 0.20 Most likely $130,000 0.60 Pessimistic $180,000 0.20 Expected Value Calculation: Optimistic $100,000 0.20 O ti i ti $100 000 x 0 20 = 20 000 20,000 Most likely $130,000 x 0.60 = 78,000 Pessimistic $180 000 x 0 20 $180,000 0.20 = 36 000 36,000 Expected Monitary Value $134,000
(*EMV = Opt imistic + 4(most likely) + Pessimistic) 6
* formula if probability is not known

EMV Example
• If no probabilities are given, use
EMV (Opt 4 ML EMV=(Opt + 4*ML + Pes)/6

• EMV= ($100 +4*$130+$180)*1000/6 = $133 333 $133,333

Descriptive Statistics
• • • • • • Mean Mode Median Variance V i Standard Deviation Range

Descriptive Statistics Example

Test scores are 10, 20, 25, 40, 45, 45, 50, 55, 55, 60, 60, 60, 65, 65, 65, 70, 70, 70, 70, 70, 75, 80, 80, 85, 90, 90, 90, 95, 100 Mean: number obtained by dividing the sum of a set of quantities by the number of quantities in the set. (answer is 1855 / 29=64) Mode: value or item occurring most frequently in a series of observations. (answer is 70 -it occurs 5 times) Median: middle value in a distribution, above and below which lie an equal number of values (answer is 65) Variance: average of the squares of the variations from the mean of a frequency distribution. distribution (answer is 486 4) 486.4)

Standard deviation: square root of the variance (answer is 22) variance. Range: measure of the dispersion equal to the difference or interval between the smallest and the largest of the set of quantities. (answer is 90 or 100-10)

Approximations
• Mean = (Opt + 4*ML + Pes)/6 • SD = (Max - Min)/6

Exercise
Opt ML Pess EMV SDev
13,000 13 000 7,500 7 500 17,500 17 500

Vari i
169,000,000 169 000 000 5,625,000 5 625 000 306,250,000 306 250 000

100,000 125,000 180,000 130,000 Proj. P j A 100 000 125 000 180 000 130 000

Proj.B 80,000 Proj B 80 000 Proj.C 75,000 Proj C 75 000

100,000 125,000 100,833 100 000 125 000 100 833 130,000 180,000 129,167 130 000 180 000 129 167

• Normal Distribution

So What? S Wh t?

–M Mean i expected value is t d l – Mean = Mode = Median – S d d d i i is a measure of dispersion Standard deviation i f di i about the mean
• 68 27% of cases occur between Mean + SD and 68.27% Mean - SD • 95.45% of cases occur between Mean+2SD and Mean-2SD • 99.73% of cases occur between Mean+3sd and Mean-3SD Mean 3SD

Mean Blue Bl = 68% Blue + Green = 95% Blue + Green + Red = 99.7% 34.1% 34.1%

1.1%
- 3SD - 2SD

13.6%
- SD

13.6%
+ SD + 2SD

1.1%

+ 3SD

Normal Distribution

Mode

Median

Mean Skewed Normal Distribution

BETA vs. TRIANGULAR DISTRIBUTIONS
BETA DISTRIBUTION
EXPECTED VALUE

TRIANGULAR DISTRIBUTION
EXPECTED VALUE

P R O B A B I L I T Y

P R O B A B I L I T Y

COS COST ESTIMATE S
Mean = (a + 4m + b) / 6 2 Variance = [(b - a) / 6]

COS COST ESTIMATE S
Mean = (a + m + b) / 3 Variance = [(b - a) 2 + (m - a) (m - b)] / 18

Simulation
Simulation uses a representation or model of a system to analyze the behavior or performance of the system.
• M t C l analysis is best known Monte Carlo l i i b tk • results used to quantify risk of various schedule choices

Monte Carlo
• Requires Optimistic, Most Likely, and Pessimistic estimates. • Uses random number generator to select which value to use • Calculates the database multiple times to develop a probability distribution of the data

Decision Trees
Aggressive schedule EMV = $110,000 Conservative schedule EMV = $7,000 Given th following decision tree: Gi the f ll i d i i t Outcome
250 k 60%
aggressive

EMV 150 k

Choice event
conservative

Choice event Choice event

40% 20%

100 k 45 k

40 k 9k

80% 20 k 16 k

UTILITY THEORY
• Definition
– Endeavors to formalize management’s attitude toward risk of the decision maker.

• Types
– Risk Seeking i k S ki – Risk Neutral – Risk Averse

Expert Judgment
Expert judgment can often be applied in lieu of or in addition to the mathematical techniques described above.

Derived from:
• • • • team members g others in or outside of organization published findings y g industry averages / statistics

Q QUALITY RISK
GOALS OF RISK MANAGEMENT - INCREASE UNDERSTANDING OF PROJECT - IMPROVE PLANS, DELIVERY, AND ID GREATEST RISKS - WHERE TO FOCUS ATTENTION REMAINING MAJOR PROJECT RISK AREA ... WHAT IF PROJECT FAILS TO PERFORM AS EXPECTED DURING OPERATIONAL LIFE / PRODUCT LIFE CYCLE? CONFORMANCE TO QUALITY REQUIREMENT REMEMBERED LONG AFTER COST AND SCHEDULE PERFORMANCE. ∴ QUALITY MANAGEMENT HAS MOST IMPACT ON LONG-TERM LONG TERM PERCEIVED & ACTUAL SUCCESS OF PROJECT

SCHEDULE RISK
CAN MANAGE “CRITICAL PATH” BUT NOT MANAGE DURATION REASON --> SCHEDULE RISK HIGHEST RISK PATH = PATH WITH MOST PROJECT COMPLETION RISK RISK IN ALL ACTIVITY DURATION BECAUSE FUTURE IS UNCERTAIN LONGEST DURATION ACTIVITY ≠ RISKIEST THEREFORE, NEED TO ID & MANAGE WHAT COULD CONTRIBUTE TO , PROJECT DELAY -- COULD OVERRIDE MANAGEMENT OF CRITICAL PATH

SCHEDULE RISK (CONT'D) C
B
FINISH START

E A
MOST LIKELY 9 5 0 6 9 2 8 4 0 1 4 1

D
HIGH 10 6 0 7 14 7

MEAN EXPECTED 9 5 0 4.7 9 3.3

ACTIVITY A-B B-C C-E B-E A-D D-E

LOW

SCHEDULEBRISK (CONT'D)
FINISH START

E A
SUM OF MOST LIKELY 14 15 11 A-B-E

D

SUM OF MEANS 14 13.7 13 7 12.3 A-B-C-E

SUM OF HIGHS 16 17 21 A-D-E

PATH A-B-C-E A-B-E ABE A-D-E MOST RISKY

Risk Quantification- Outputs
Opportunities to pursue, threats to respond to pursue Opportunities to ignore, threats to accept O ii i h

Risk Response Development
Project Risk Management 11.0 11 0

Risk Identification 11.1

Risk Quantification 11.2

Risk Response Development 11.3

Risk Response Control 11.4

Risk response development defines the enhancement steps for opportunities and responses to threats.

Risk Response Development
• Defines steps for
– enhancing opportunities – responding to threats

Types of Responses
• Avoidance - eliminate • Mitigation
– Reduce EMV by reducing probability – Reduce Impact - buy insurance

• Acceptance
– A i develop plan to deal with risk if it Active: d l l d l ih i k i occurs –P i A Passive: Accept risk (e.g., lower profit) t i k( l fit)

PLANNING ALTERNATIVES
• Project Managers have Several Response p Options
– – – – – –

Avoidance Absorption Adjustment Deflection Contingent Planning A Combination of the Above

AVOIDANCE
• Defined
– Characterized by project manager h i db j statements such as: “This alternative is totally unacceptable to me – You would take the appropriate steps to avoid this situation.

ABSORPTION
• • • • Risk is Recognized-But Not Acted Upon Accept the Risk AS IS It’s a Matter of Policy Retained Ab b d R i d & Absorbed (by prudential
allowances)

• Unrecognized, Unmanaged, or Ignored (by
default)

ADJUSTMENT
• Modification of the Project
– Scope – Budget – Schedule – Quality Specification li ifi i – Combination of the Above

DEFLECTION
• Involves transfer of risk by such means as:
– Contracting Out to Another Party – Insurance or Bonding – By Recognizing it in the Contract

CONTINGENT TO ADDRESS RISKS TO THE PLANNING CONTINGENT PLANNING IS A MEANS
PROJECT THROUGH A FORMAL PROCESS AND PROVIDE RESOURCES TO MEET THE RISK EVENTS. EVENTS IT IS THE ESTABLISHMENT OF MANAGEMENT PLANS TO BE INVOKED IN THE EVENT OF SPECIFIED RISK EVENTS EXAMPLES: THE PROVISION AND PRUDENT MANAGEMENT OF A CONTINGENCY ALLOWANCE IN THE BUDGET THE PREPARATION OF SCHEDULE ALTERNATIVES AND WORK-AROUNDS EMERGENCY RESPONSES TO DEAL WITH MAJOR SPECIFIC AREAS OF RISK AN ASSESSMENT OF LIABILITIES IN THE EVENT OF A COMPLETE PROJECT SHUT-DOWN

Types of Responses
• Prevent risk from occurring
– Reduce the probability that the event will occur – Eliminate means P=0

• Reduce the impact (think “containment”) containment )
– Buy insurance (monetary) – Alt Alternative strategies (additional supplier to ti t t i ( dditi l li t PDQ)

CONTRACT STRATEGY
• To Select the Right Form of Contract q Requires:
– – –

Identification of Specific Risks Determination of how they should be shared between the parties, and The insertion of clear, legal language in the , g g g contract documents to put it into effect.

CONTRACT TYPE vs. RISK
SCOPE OF WORK INFORMATION VERY LITTLE PARTIAL COMPLETE

UNCERTAINTY

HIGH

MODERATE

LOW

DEGREE OF RISK

HIGH 100%

MEDIUM

LOW 0% SELLER (CONTRACTOR) 100%

SUGGESTED RISK ALLOCATION OC O 0% CONTRACT TYPES

AGENCY (BUYER)

CPPF

CPIF

CPFF

FPPI

FFP

CONTRACT TYPE vs. RISK (CONT'D)
P R O B A B I L I T Y
Project A Well defined scope and work content. High probability of achieving realistic cost estimate at 100% ti t t

Project B Fairly well defined scope and work content. Fair probability of achieving 100% cost estimate t ti t

Project c Poorly defined scope and content. Low probability of 100% cost estimate

80%

90%

95%

100%

110%

120%

140%

COST ESTIMATE VALUE
+/- 15%: FFP +/- 25%: CPFF +/- 50%: CPIF > 50%: CPPF Suggested types of contract for various spreads

FAST-TRACKING
• Awarding contracts before all the information is complete to reduce the p overall time for the project • Much higher risk category!! • Appropriate contingency allowances must be increased accordingly. accordingly

Risk Response Development Inputs
Opportunities to pursue, threats to respond to pursue Opportunities to ignore, threats to accept O ii i h

Risk Response Development Tools and Techniques
• Procurement
– Buy outside skills

• Contingency planning
– what to do if the event occurs – containment

• Alt Alternative strategies ti t t i
– Prevention

• Insurance

Risk Response Development Outputs
• • • • • Risk management plan Inputs to other processes Contingency plans Reserves R Contractual agreements

Risk Response Control
Project Risk Management 11.0

Risk Identification 11.1

Risk Quantification 11.2

Risk Response Development 11.3

Risk Response Control 11.4

Risk response control involves responding to changes in risk over the life of the project.

PHASE 4: RISK RESPONSE CONTROL
• EXECUTE THE RISK MANAGEMENT PLAN FROM PHASE #3 -ID, QUANTIFY AND RESPOND TO ANY CHANGES ID EXECUTE WORKAROUNDS -- UNPLANNED RESPONSES TO NEGATIVE EVENTS -ADDITIONAL RISK RESPONSE DEVELOPMENT •CURRENT PROJECT DATABASE -DOCUMENTING ON-GOING RISKS •BUILD HISTORICAL DATABASES RELIABLE DATA IS HARD TO FIND! SHOULD CONSIST OF: -RECORDED RISK EVENTS -EXPERIENCE ON PAST PROJECTS (SIMILAR IS PREFERRED) •POST-PROJECT ASSESSMENT AND ARCHIVE UPDATE OS O C SS SS C

Risk Response Control
• Respond to the changes in project risk over p j the life of the project

Risk Response Control - Inputs
• Risk management plan • Actual risk events • Additional risk identification

Risk Response Control Tools and Techniques
• Workarounds
– Unplanned responses to unforeseen risks that actually occur

• Additional risk response development
– Revisions to the response, if it proves inadequate

Risk Response Control - Outputs
• Corrective action
– Implementing the risk management plan when the risk occurs

• Updates to risk management plan
– Revisions to the risk management plan as c cu s a ces equ e circumstances require
• Risk never materializes • Probability of occurrence is reduced

Risk Documentation
Historical database Current project database Post project assessment and archive update j d hi d
• • • • • Lessons learned Plan variances Actuals Methods, tools and techniques Case studies

SUMMARY
PROJECTS ARE LAUNCHED TO TAKE ADVANTAGE OF OPPORTUNITIES, BUT O O U U OPPORTUNITIES ARE ASSOCIATED WITH UNCERTAINTIES WHICH S SSOC U C S C HAVE RISKS ATTACHED RISK CAN NEVER BE 100% ELIMINATED FOR THE PROJECT TO BE VIABLE, THE EXPECTED VALUE RESULTING FROM A FAVORABLE PROBABILITY OF GAIN MUST BE HIGHER THAN THE CONSEQUENCES AND PROBABILITY OF LOSS THEREFORE, THEREFORE THE RISKS ASSOCIATED WITH A PROJECT MUST RECEIVE CAREFUL EXAMINATION IN THE CONTEXT OF THE ORGANIZATION'S WILLINGNESS OR AVERSION TO TAKING RISKS THIS IS THE DOMAIN OF PROJECT RISK MANAGEMENT, WHICH FORMS MANAGEMENT A VITAL AND INTEGRAL PART OF PROJECT MANAGEMENT

When Should Risk Assessments be Carried Out?
Risk assessments should be carried out as early as possible and then continuously.

Don’t take the risk if...
• • • • • • the organization cannot afford to lose. p great. the exposure to the outcome is too g the situation (or project) is not worth it. p j the odds are not in the project’s favor. the benefits are not clearly identified. there appear to be a large number of acceptable alternatives.

Don’t take the risk if...
• the risk does not achieve the project objective. p p • the expected value from baseline assumptions is negative. • the data is unorganized, without structure or pattern. • there is not enough data to understand the results. • a contingency plan for recovery is not in place should the results prove unsatisfactory.