Project Risk Planning

Lesson 9
After completing this chapter…
⚫ Describe risk management planning,
risk identification, risk analysis, and
risk response planning.
⚫ Identify and classify risks for a
project.
⚫ Populate a risk register.
⚫ Describe various risk assessment
techniques and tell when each is
appropriate to use.

2
After completing this chapter…
⚫ Prioritizeeach risk on a project using
an appropriate assessment
technique.
⚫ Compare and contrast the various
strategies for dealing with risks

3
1. Plan Risk Management
⚫ Understand the project’s objectives
⚫ Realize what project success is

Plan risk management – “the process of defining how

To conduct risk management activities for a project.”
PMBOK® Guide

4
Plan Risk Management

5
Specific Project Stakeholder
Priorities

6
Risk Management Planning and
Stakeholder Priorities
⚫ Understand what the project plan calls
for
⚫ Understand area the most important
stakeholders like to improve
⚫ Understand where stakeholders are
willing to sacrifice to enable
improvements

7
 Understanding the Project Risk
⚫ Anything that may impact the project
team’s ability to achieve project
success measures and the specific
project stakeholder priorities.
⚫ Eliminate/reduce the impact of threats
and capitalize on opportunities
threat – “a risk that would have a negative effect on
one or more project objectives” PMBOK® Guide

opportunity – “a risk that would have a positive effect on one or

more project objectives.” PMBOK® Guide
8
Risk Management Planning
Risk management plan– “a component of the project
management plan that describes how risk management
activities will be structured and performed.”
PMBOK® Guide

⚫ Used for communicating with project

stakeholders and for follow up
analysis

9
Risk Management Plan Template
for an IT Consulting Company

10
A. Roles and Responsibilities
⚫ Encourage wide participation in risk
management activities
⚫ More perspectives considered →
more risks uncovered
⚫ Participation encourages buy-in to a
risk management approach
⚫ Plan defines responsibility for each
risk management activity

11
B. Categories and Definitions
⚫ Consider risk by association with a
specific project life cycle stage
⚫ More project risks are uncovered early
in the life of a project
⚫ The cost per risk discovered early is
less
⚫ Risks discovered late in a project can
be expensive

12
Risks Over the Project Life
Cycle

13
Categories and Definitions
⚫ Consider risks by their impact on a
project objective (cost, schedule,
scope, quality)
⚫ Consider risks as external/internal to
the organization
⚫ Risks may be classified by what is
known about each

14
International Construction
Project Risk Factors

15
Top Risks for International
Projects

16
Top Risks for Software
Projects

17
 Categories and Definitions

Cement will Bad weather 100-year

harden will happen flood

⚫ A “known known” can be planned

and managed with certainty
⚫ “Known unknowns” can be identified
and may or may not happen
⚫ “Unknown unknowns” are true
uncertainties
18
 2. Identify Risks
⚫ Information gathering
⚫ Reviews
⚫ Understanding Relationships
⚫ Risk register

Identify risks – “the process of determining which risks might

affect the project and documenting their characteristics.”
PMBOK® Guide

19
 A. Information Gathering
⚫ A brainstorming activity considering
“what could go wrong”
⚫ Use classic rules for brainstorming
⚫ Variations and extensions of possible
risks can help to identify additional
risks
⚫ Interview stakeholders

20
 Information Gathering
SWOT analysis – “analysis of strengths, weaknesses,
opportunities, and threats to a project.” PMBOK® Guide

⚫ Use a SWOT analysis

⚫ Use the Delphi technique
⚫ Use a structured review

Delphi technique– “an information gathering

Technique used as a way to reach a consensus of
experts on a subject … Responses are summarized
and recirculated for further comment.”
PMBOK® Guide
21
B. Reviews

22
 C. Understanding
Relationships
⚫ Learn the cause-and-effect
relationships of risk events
◦ Use a flow chart
⚫ Consider why a certain risk event may
happen through root cause analysis
◦ “Why might this happen?”
Root cause analysis – “an analytical technique used to
determine the basic underlying reason that causes a variance
or defect or risk. A root cause may underlie more than one
variance or defect or risk PMBOK® Guide
23
Understanding Relationships
⚫ Understand trigger conditions
⚫ A trigger may be specific to an
individual risk

Trigger condition – “an event or situation that

indicates a risk is about to occur.” PMBOK® Guide

24
 D. Risk Register
⚫ Primary output of risk identification
Risk register – “a document in which the results of risk
analysis and risk response planning are recorded.”
PMBOK® Guide
⚫ The risk register is a living
document
Identified
risks
Risk Potential
categories causes
Potential
responses
25
Partial Risk Register

26
3. Risk Analysis
⚫ Perform Qualitative Risk Analysis
⚫ Perform Quantitative Risk Analysis
⚫ Risk Register Updates

27
 A. Qualitative Risk Analysis

⚫ How likely is this risk to happen?

⚫ How big will the impact be?
⚫ When is the risk likely to occur?
⚫ How easy is it to notice and
correctly interpret the trigger?
Perform qualitative risk analysis – “the process of prioritizing
risks for further analysis or action by assessing and combining
their probability and impact.” PMBOK® Guide

28
Qualitative Risk Assessment

29
Qualitative Risk Assessment

30
Qualitative Risk Analysis
⚫ Determine cause and effect
relationships
◦ Part of root cause analysis
◦ Change the effect by changing the
underlying cause
◦ Use a cause and effect diagram

31
Cause and Effect Diagram

32
Cause and Effect Diagram
⚫ Listthe risk as the effect in a box at
the head of the fish
⚫ Name the big “bones”
⚫ Complete the smaller “bones”
Why could Why could
people be a machines
cause? be a cause?

Why could Why could

machines methods be
be a cause? a cause?
33
 B. Perform Quantitative Risk
Analysis
⚫ Bigger, more complex, riskier, more
expensive projects → quantitative
structured techniques
⚫ Use to predict the probabilities

ON- ON-
SCOPE QUALITY
TIME BUDGET

Quantitative risk analysis – “the process of numerically

analyzing the effect of identified risks on overall project
objectives.” PMBOK® Guide
34
 Commo Quantitative Risk
n Techniques
Analysis
Decision tree analysis “a diagramming and calculation technique for
evaluating the implications of a chain of
multiple options in the presence of uncertainty.”
Expected monetary “a statistical technique that calculates the
value (EMV) analysis average outcome when the future includes
scenarios that may or may not happen. A
common use of this technique is within
decision tree analysis.”
Failure mode and effect “an analytical procedure in which each
analysis (FMEA) potential failure mode in every component is
analyzed to determine its effect on
reliability … and for all ways a failure may
occur. For each potential failure, an
estimate is made on its effect on the total
Common Quantitative Risk
Analysis Techniques
Sensitivity “a quantitative risk analysis and modeling
analysis technique used to help determine which
risks have the most powerful impact on the
project. It examines the extent to which the
uncertainty in each project element affects
the objective.…The typical display is in the
form of a tornado diagram.”
Simulation “uses a project model that translates the
uncertainties specified as a detailed level
into their potential impact on objectives.…
Usually uses
probability distributions of possible costs or
durations … and typically use Monte
Carlo analysis.” PMBOK® GUIDE
36
Expected Monetary Value (EMV)

37
 Failure Mode Effect Analysis
(FMEA)
⚫ Consider three elements of each activity or path
through the activities:
◦ Likelihood, severity and hideability
◦ Estimate each on a scale of 1–10
◦ Total risk is product of all three: likelihood ×
severity × hideability

38
Sensitivity Analysis
⚫ Use expected, optimistic and pessimistic value of
inputs (e.g. costs)
◦ Shows effect on the outcome of a change in the
variable
◦ Shows where management attention and control is
needed
⚫ Example
◦ Prices on materials and labour likely to fluctuate
◦ Need to see effect of fluctuations on profit
◦ Costs of materials say £0.6m
◦ Costs of direct labour say £0.2m
◦ Costs of overheads say £0.35m
◦ Revenues: fixed at £1.2m
◦ Profit = revenue – material costs – (labour +
overheads) 39
 Sensitivity Analysis

⚫ This shows when the project will make a profit or a loss

⚫ Should materials increase by 10 percent, unless there is a drop in labour
costs, the project will make a loss
40
Criteria for Selecting a Quantitative
Risk Technique Methodology
⚫ Use the explicit knowledge of the
project team members.
⚫ Allow quick response.
⚫ Help determine project cost and
schedule contingency.
⚫ Help foster clear communication.
⚫ Easy to use and understand.

41
C. Risk Register Updates
⚫ Add the probability of each risk
occurring and its impact to the register
⚫ Document results of quantitative risk
analysis in the risk register

42
4. Plan Risk Responses
⚫ Strategiesfor Responding to Risks
⚫ Risk Register Updates

Plan risk responses – “the process of

developing options and actions to enhance
opportunities and reduce threats to project
objectives.” PMBOK® Guide

43
Common Project Risk
Strategies

44
Risk Register Updates
⚫ Note response strategy for each risk
⚫ Assign a single person as the “owner”
of each risk
⚫ Include any changes to the project
schedule, budget, resource
assignments and communications
plan

45
Summary
⚫ All projects have some risks
⚫ Risk planning should use an
appropriate level of detail to plan for
major risks
⚫ Risk planning begins with an
understanding of project success
⚫ Risk management planning is part of
the overall project management plan
⚫ Risk identification includes gathering
information on potential risks
46
Summary
⚫ Identified risks are documented in a
risk register
⚫ Identified risks are analyzed
⚫ Risk response planning involves
determining response to each of the
major risks
⚫ Risk response strategies include
avoid, transfer, mitigate, accept,
research, exploit, share, enhance
47