Project Cost and Uncertainty Over Time

Most Likely
Cost

Actual
Most Likely
Cost
Cost

Most Likely
Cost

Cost range

Conceptual Alternatives Preliminary Final

Bid Construction
Planning Analysis Engineering Design
 Identifying a candidate risk

RISK

Loss
Candidate Uncertainty Possible Perpetual?

No No Yes

Weakness/ No impact irresolvable

issue (not interested)
What is Project Risk?

Not all risks are negative

Some events (like finding an easier way to do an activity) or conditions
(like lower prices for certain materials) can help your project! When
this happens,
we call it an opportunity… but it’s still handled just like a risk.
What is Project Risk?
Definition:
An event that, if it occurs, causes either a positive or
negative impact on a project
Risk is a measure of future uncertainties in achieving
program performance goals and objectives within defined
cost, schedule, and performance constraints.
Keys attributes of Risk
Uncertainty
Positive and Negative
Cause and Consequence
Known v Unknown Risks
Risk Reward Analysis
 Risk Management Process
Risk
Uncertain or chance events that planning can
not overcome or control.
Risk Management
A proactive
REAL REASON WEattempt
NEED TOto recognize and manage
DO RISK MANAGEMENT
internal events
IS NOTand externalRISKS
TO AVOID threats that affect
the likelihood of a project’s success.
BUT TO ENABLE
 What AGGRESSIVE
can go wrong RISK TAKING
(risk event/problems).
 What can be done before an event occurs (anticipation of
Project Manager, project Team & all th key
Alternatives)
stakeholders are involved
 How to minimize to determine
the risk event’s the risk
impact (consequences).
management
 What to processes
do when an event occurs (contingency plans).
What is Risk Management (by PMI)?
“The systematic application of management
policies, standards, procedures, and practices to
the tasks of identifying, assessing/analyzing,
responding to, and monitoring to project risk”
A structured, iterative process with defined scope and
objectives
Proactive and anticipatory
Objective is to decrease the probability and/or impact of
negative events OR increase the probability and/or impact of
positive events

Risk Management needs to be integrated into an organization’s decision making process

How can we stay ahead?

Identify and Manage the Risks to the project

 Formal methods
 Determined by Industry, Regulatory, or Corporate
standards
 Templates, processes, audits
 Informal methods
 Use what works for you at the time
 Use “Lessons Learned” in Project Post-Mortems to
learn from past mistakes
 Risk Management Phases

Project Project Project Project

Selection Planning Implementation Evaluation

Incorporating Risk
Risk
Risk in Response Risk
Identification
Selection Control &
Process Mitigation Mgmt.
Risk WBS
Avoidance
Risk based
Certainty Transfer
Estimation
equivalent Share Change control
PERT, GERT
Simulation Retain Mgmt.
Simulation
Real Options Contingencies
Risk Breakdown Structure to
Categorize Project Risks
Technical Risk: Quality risk, new technology risk, part
compatibility etc.

External Risk: Weather Problems, Customer issue,

Government regulation changes, price changes etc..

Organizational Risk: Staff Attrition, Priority project

changes, funding cuts etc…

Project Management Risks: unsuccessful allocation of

time, resources & scheduling, Unacceptable work result i.e.
scope not being met etc..
Identify External Sources of Risks
Identify Internal Sources of Risks
Risk management Steps by PMI
Risk Management Planning: By the time a risk actually occurs
on your project, it’s too late to do anything about it. That’s why you need to
plan for risks from the beginning and keep coming back to do more
planning throughout the project.

Risk Identification

Qualitative/Quantitative Risk Analysis for Risk

Assessment

Risk Response Planning/ Contingency planning

Risk Monitoring & Control

The Risk Management Process
1. Risk Management Planning Process

Cost , Schedule & Communication

Management Plans
1. Risk Management Planning
What should it include?
How you will identify, quantify or qualify risk
Methods and tools
Budget…(including contingency funding)
Who is doing what
How often
When a risk is really a risk
Reporting requirements- Who, when, how often,
what, etc
Monitoring, tracking and documenting strategies
Make sure you are not OVER Planning
 Risk Management Planning
The main output of risk management planning is a
risk management plan—a plan that documents the
procedures for managing risk throughout a project
Do not Focus on consequences: Focus on the events
that produce them
The project team should review project documents
and understand the organization’s and the sponsor’s
approaches to risk
The level of detail will vary with the needs of the
project
2. Risk Identification

Searching for Potential Risk

Risk Identification
Risk Identification
Generate a list of possible risks: Macro risks first, then
specific events
Purpose
Answer the question “WHAT CAN GO WRONG?”
 Looking at current and proposed staffing, process, supplier,
operational, employment, resources, dependencies etc.
 Monitoring test results
 Review potential short falls
 Analyzing negative trends

Use WBS to identify risks at different levels

Risk Identification Techniques/Tools
Brainstorming
Checklists/Risk Profiling- Lists developed to aid
in identifying risks
Examining the assumptions
Interviewing
SWOT Analysis
Delphi Technique
Diagramming Techniques
Cause & effect – Ishikawa or Fishbone
Flow Charts etc.
5W2H
Method for asking about a process or a problem
WHO?
WHAT?
WHEN?
WHERE?
WHY?
HOW?
HOW MUCH?
 5W2H framework
5W2H Typical Questions Improvement Questions
WHO? Who does this? Should someone else do it?
Who should be involved but is Could fewer people do it?
not? Could approvals be eliminated?
Who is involved but shouldn’t be?
Who has to approve?
WHAT? What is done? Does every step have to be done?
What is essential? Are steps omitted?

WHEN? When is this activity started? Can it be done at a different time?

When does it end? Can cycle time be shortened?
When is it repeated? Can it be done less frequently?
WHERE? Where is this activity done? Can it be done elsewhere?
WHY? Why do we do this? Can it be eliminated?
Can another group do it?
Can it be outsourced?
HOW? How is this done? Is there a better way?
How much? How much does it cost? How much less could it cost?
Identifying Risk
Continuous, Iterative Process
What is it and what does it look like- Different for each
project and person consulted.
The sooner it is identified the better it is for project
The more the involvement of stakeholders the better
the process outcome
A fact is not a risk- If you know something is going to occur
then you plan for it not the risk of it. RISK vs PROBLEM
Be specific- identify the risk and a trigger/cause of the risk
Don’t try to do everything at once- qualify, quantify, or
remedy
Risk Assessment

Assessing the impact of Risks

 3. Risk Assessment
This information should be developed for each
risk:
Description of risk
All the possible outcomes of the risk
The magnitude or severity of the outcomes
Likelihood (probability) of the risk occurring,
and likelihood of each possible outcome
When the risk might occur during the project
Interaction of the risk outcomes with other
parts of this project or other projects
Risk Analysis Tools
Scenario analysis
Failure Mode and Effects Analysis (FMEA)
Risk assessment matrix / risk severity matrix
Probability analysis
Decision tree analysis
PERT analysis
Expected value analysis (NPV analysis)
Sensitivity analysis
Monte Carlo simulation analysis
Delphi techniques for consensus etc.
Scenario Analysis
Assess each risk
Undesirable effect
Magnitude & severity
Probability of occurrence
When will it occur?
Interaction with other parts of projects
Detection
Impact
Difficulty

Instance of
Likelihood
Occurrence
FMEA
Failure Mode & Effects Analysis
Compute Risk Value

Likelihood
Impact (I) Risk (probability) p
Value
IxpxD

Detection
Difficulty D
Analyzing Risk - Qualitative
Subjective & Educated Guess
High, Medium, Low
Red, Yellow, Green
1-10
Prioritized/Ranked list of ALL identified
risks
First step in risk analysis!
 Risk Assessment- Heat Map (Risk Map)
Probability of Occurrence
Risk #1 vs Impact (1 to 5 Scale)
Priorities: Red (High); Yellow (Med); Green (Low)
Higher Impact

Review/Present
Risk #4
Chart Periodically
Impact

Risk #3 Risk #2
Lower Impact

Risk #5

Lower Probability Higher Probability

Probability of Occurrance
Risk Assessment Form

In 1-10 scale
Probability/Impact Chart Showing
High-, Medium-, and Low-Risk
Probability/Impact Matrix
A probability/impact matrix or chart lists the relative
probability of a risk occurring on one side of a matrix
or axis on a chart and the relative impact of the risk
occurring on the other
List the risks and then label each one as high, medium,
or low in terms of its probability of occurrence and its
impact if it did occur
Can also calculate risk factors
Numbers that represent the overall risk of specific
events based on their probability of occurring and
the consequences to the project if they do occur
Probability & Impact Analysis

Risk Probability Impact Expected Value

1 25% $45,000 $11,250

2 50% $2,000 $1,000

3 30% $100,000 $30,000

The biggest risk isn’t always the

biggest risk!
 Decision Trees and
Expected Monetary Value (EMV)

A decision tree is a diagramming analysis

technique used to help select the best course of
action in situations in which future outcomes are
uncertain
Estimated monetary value (EMV) is the
product of a risk event probability and the risk
event’s monetary value
You can draw a decision tree to help find the
EMV
 Risk Management Process Model
Risk
Identification
Risk
Tracking

Risk
Analysis
Mitigation- Treat

Avoidance- Terminate
Risk
Mitigation Transfer
Planning
Accept &
Set Strategy and Retaining- Tolerate
Objectives
Risk
Plan
Implementation
4. Risk Response Planning
“What are we going to do about it?”
Techniques/Strategies:
Mitigating Risk
Transferring
Avoiding Risk
Sharing Risk
Accept/Retaining Risk
Strategy should be commensurate with risk
Hint: Don’t spend more money preventing the risk than
the impact of the risk would be if it occurs 
The Risk Response Plan/Risk Response Register
 4. Risk Response Planning

Avoiding Risk: Changing

the project plan to
eliminate the risk or
condition

Mitigating Risk- Conducting more tests, add resources or time to project,

Designing redundancy into a system
• Reducing the likelihood an adverse event will occur.
• Reducing impact of adverse event.
4. Risk Response Planning Techniques

Transferring Risk- Insurance, Accept/ Retaining Risk: Making a

performance bonds, warranties, conscious decision to accept the risk.
guarantees etc. Paying a premium
to pass the risk to another party.
Response Planning Can find More Risks
Secondary risks are risks that come from a
response you have to another risk. If you dig a
trench to stop landslides from taking out your
camp, it’s possible for someone to fall into the
trench and get hurt.
Residual Risks are those that remain after your
risk responses have been implemented. So even
though you reinforce your tent stakes and get
weatherproof gear, there’s still a chance that winds
could destroy your camp if they are strong
enough.
Risk Register
The main output of the risk identification
process is a list of identified risks and other
information needed to begin creating a risk
register
A risk register is:
A document that contains the results of
various risk management processes and
that is often displayed in a table or
spreadsheet format
Risk Register Contents
An identification number for each risk event
A rank for each risk event
The name of each risk event
A description of each risk event
The category under which each risk event falls
The root cause of each risk
Triggers for each risk; triggers are indicators or symptoms of
actual risk events
Potential responses to each risk
The risk owner or person who will own or take responsibility
for each risk
The probability and impact of each risk occurring
The status of each risk
Sample Risk Register
 Contingency Planning

A contingency plan is an alternative plan used if

a risk event or condition occurs.
Examples:
Having a backup supplier for a key material
Carrying a safety stock for a key part
Having an alternate distribution channel to send
products (air instead of boat)
Having hurricane/flood/earthquake/cyclone
evacuation plans
Risk Response Matrix
Risk and Contingency Planning
Technical Risks
Backup strategies if chosen technology fails.
Assessing whether technical uncertainties can be
resolved.
Schedule Risks
Use of slack increases the risk of a late project finish.
Imposed duration dates (absolute project finish date)
Compression of project schedules due to a shortened
project duration date.
Risk and Contingency Planning
Costs Risks
Time/cost dependency links: costs increase when
problems take longer to solve than expected.
Deciding to use the schedule to solve cash flow
problems should be avoided.
Price protection risks (a rise in input costs) increase if
the duration of a project is increased.
Funding Risks
Changes in the supply of funds for the project can
dramatically affect the likelihood of implementation or
successful completion of a project.
(Chaos)
Release Data: The source of risk
(continuously scan the environment)

Refinement: Ways to measure the

identified source of risk

Discover: The source of risk

(continuously scan the environment)
 Project Resilience
Definition References

The ability to restore capacity and continuously adapt to changes, and

Geambasu, 2011
to achieve its objective in the face of disruptive events

The capacity to maintain purpose and integrity under external or

Hillson, 2014
internal shocks

The art of noticing, interpreting, containing and preparing for and Turner and Kutsch,
recovering from disruption 2015

The capacity to overcome unexpected events Giezen et al.,2015

The ability to cope with uncertainty Zhu, 2016

The capability to respond to, prepare for and reduce the impact of
Blay, 2017
disruptions caused by changes in the project environment