Professional Documents
Culture Documents
Lesson 9
After completing this chapter…
⚫ Describe risk management planning,
risk identification, risk analysis, and
risk response planning.
⚫ Identify and classify risks for a
project.
⚫ Populate a risk register.
⚫ Describe various risk assessment
techniques and tell when each is
appropriate to use.
2
After completing this chapter…
⚫ Prioritizeeach risk on a project using
an appropriate assessment
technique.
⚫ Compare and contrast the various
strategies for dealing with risks
3
1. Plan Risk Management
⚫ Understand the project’s objectives
⚫ Realize what project success is
4
Plan Risk Management
5
Specific Project Stakeholder
Priorities
6
Risk Management Planning and
Stakeholder Priorities
⚫ Understand what the project plan calls
for
⚫ Understand area the most important
stakeholders like to improve
⚫ Understand where stakeholders are
willing to sacrifice to enable
improvements
7
Understanding the Project Risk
⚫ Anything that may impact the project
team’s ability to achieve project
success measures and the specific
project stakeholder priorities.
⚫ Eliminate/reduce the impact of threats
and capitalize on opportunities
threat – “a risk that would have a negative effect on
one or more project objectives” PMBOK® Guide
9
Risk Management Plan Template
for an IT Consulting Company
10
A. Roles and Responsibilities
⚫ Encourage wide participation in risk
management activities
⚫ More perspectives considered →
more risks uncovered
⚫ Participation encourages buy-in to a
risk management approach
⚫ Plan defines responsibility for each
risk management activity
11
B. Categories and Definitions
⚫ Consider risk by association with a
specific project life cycle stage
⚫ More project risks are uncovered early
in the life of a project
⚫ The cost per risk discovered early is
less
⚫ Risks discovered late in a project can
be expensive
12
Risks Over the Project Life
Cycle
13
Categories and Definitions
⚫ Consider risks by their impact on a
project objective (cost, schedule,
scope, quality)
⚫ Consider risks as external/internal to
the organization
⚫ Risks may be classified by what is
known about each
14
International Construction
Project Risk Factors
15
Top Risks for International
Projects
16
Top Risks for Software
Projects
17
Categories and Definitions
19
A. Information Gathering
⚫ A brainstorming activity considering
“what could go wrong”
⚫ Use classic rules for brainstorming
⚫ Variations and extensions of possible
risks can help to identify additional
risks
⚫ Interview stakeholders
20
Information Gathering
SWOT analysis – “analysis of strengths, weaknesses,
opportunities, and threats to a project.” PMBOK® Guide
22
C. Understanding
Relationships
⚫ Learn the cause-and-effect
relationships of risk events
◦ Use a flow chart
⚫ Consider why a certain risk event may
happen through root cause analysis
◦ “Why might this happen?”
Root cause analysis – “an analytical technique used to
determine the basic underlying reason that causes a variance
or defect or risk. A root cause may underlie more than one
variance or defect or risk PMBOK® Guide
23
Understanding Relationships
⚫ Understand trigger conditions
⚫ A trigger may be specific to an
individual risk
24
D. Risk Register
⚫ Primary output of risk identification
Risk register – “a document in which the results of risk
analysis and risk response planning are recorded.”
PMBOK® Guide
⚫ The risk register is a living
document
Identified
risks
Risk Potential
categories causes
Potential
responses
25
Partial Risk Register
26
3. Risk Analysis
⚫ Perform Qualitative Risk Analysis
⚫ Perform Quantitative Risk Analysis
⚫ Risk Register Updates
27
A. Qualitative Risk Analysis
28
Qualitative Risk Assessment
29
Qualitative Risk Assessment
30
Qualitative Risk Analysis
⚫ Determine cause and effect
relationships
◦ Part of root cause analysis
◦ Change the effect by changing the
underlying cause
◦ Use a cause and effect diagram
31
Cause and Effect Diagram
32
Cause and Effect Diagram
⚫ Listthe risk as the effect in a box at
the head of the fish
⚫ Name the big “bones”
⚫ Complete the smaller “bones”
Why could Why could
people be a machines
cause? be a cause?
ON- ON-
SCOPE QUALITY
TIME BUDGET
37
Failure Mode Effect Analysis
(FMEA)
⚫ Consider three elements of each activity or path
through the activities:
◦ Likelihood, severity and hideability
◦ Estimate each on a scale of 1–10
◦ Total risk is product of all three: likelihood ×
severity × hideability
38
Sensitivity Analysis
⚫ Use expected, optimistic and pessimistic value of
inputs (e.g. costs)
◦ Shows effect on the outcome of a change in the
variable
◦ Shows where management attention and control is
needed
⚫ Example
◦ Prices on materials and labour likely to fluctuate
◦ Need to see effect of fluctuations on profit
◦ Costs of materials say £0.6m
◦ Costs of direct labour say £0.2m
◦ Costs of overheads say £0.35m
◦ Revenues: fixed at £1.2m
◦ Profit = revenue – material costs – (labour +
overheads) 39
Sensitivity Analysis
41
C. Risk Register Updates
⚫ Add the probability of each risk
occurring and its impact to the register
⚫ Document results of quantitative risk
analysis in the risk register
42
4. Plan Risk Responses
⚫ Strategiesfor Responding to Risks
⚫ Risk Register Updates
43
Common Project Risk
Strategies
44
Risk Register Updates
⚫ Note response strategy for each risk
⚫ Assign a single person as the “owner”
of each risk
⚫ Include any changes to the project
schedule, budget, resource
assignments and communications
plan
45
Summary
⚫ All projects have some risks
⚫ Risk planning should use an
appropriate level of detail to plan for
major risks
⚫ Risk planning begins with an
understanding of project success
⚫ Risk management planning is part of
the overall project management plan
⚫ Risk identification includes gathering
information on potential risks
46
Summary
⚫ Identified risks are documented in a
risk register
⚫ Identified risks are analyzed
⚫ Risk response planning involves
determining response to each of the
major risks
⚫ Risk response strategies include
avoid, transfer, mitigate, accept,
research, exploit, share, enhance
47