Professional Documents
Culture Documents
in Project Management
Module Guide
Copyright © 2021
MANCOSA
All rights reserved; no part of this book may be reproduced in any form or by any means, including photocopying machines,
without the written permission of the publisher. Please report all errors and omissions to the following email address:
modulefeedback@mancosa.co.za
Project Risk Management
Preface.................................................................................................................................................................... 3
List of Content
List of Figures
Figure 2.1:Plan Risk Management: Inputs, Tools & Techniques, and Outputs ................................................. 27
Figure 3.3: Top 10 South African Country and Industry Level Risks ................................................................ 47
Figure 5.1: Project Risk Strategies to Deal with Negative Risks ....................................................................... 69
List of Tables
Table 1.1: Key Project Risk Management Concepts (PMI, 2017: 310) ............................................................. 15
Table 4.2:Qualitative Analysis for Differentiating Major and Minor Project Risks.............................................. 54
Preface
A. Welcome
Dear Student
It is a great pleasure to welcome you to Project Risk Management (PRM8). To make sure that you share our
passion about this area of study, we encourage you to read this overview thoroughly. Refer to it as often as you
need to, since it will certainly make studying this module a lot easier. The intention of this module is to develop
both your confidence and proficiency in this module.
The field of Project Risk Management is extremely dynamic and challenging. The learning content, activities and
self- study questions contained in this guide will therefore provide you with opportunities to explore the latest
developments in this field and help you to discover the field of Project Risk Management as it is practiced today.
This is a distance-learning module. Since you do not have a tutor standing next to you while you study, you need
to apply self-discipline. You will have the opportunity to collaborate with each other via social media tools. Your
study skills will include self-direction and responsibility. However, you will gain a lot from the experience! These
study skills will contribute to your life skills, which will help you to succeed in all areas of life.
MANCOSA does not own or purport to own, unless explicitly stated otherwise, any intellectual property
rights in or to multimedia used or provided in this module guide. Such multimedia is copyrighted by the
respective creators thereto and used by MANCOSA for educational purposes only. Should you wish to use
copyrighted material from this guide for purposes of your own that extend beyond fair dealing/use, you
must obtain permission from the copyright owner.
B. Module Overview
The module is a 15 credit module at NQF level 8.
Course overview
This module covers the methods that project managers use in risk management which start with identifying as
many risks as possible. Once the risks are identified, each risk is analysed so that the project team can concentrate
their attention on the most critical risks. Analysis always consists of a qualitative or judgmental approach and
sometimes also includes a quantitative approach. In the final risk management process, the project team decides
how to respond to each potential risk. Once all of the risk management planning has initially been accomplished,
the response plans are incorporated into the overall project management plan. Changes may need to be made to
the schedule, budget, scope, or communication plans to account for certain risks. These risk management planning
processes are covered in this chapter.
Demonstrate a systematic and comprehensive Analyse and interrogate each of the process
understanding of the core principles related to groups and knowledge areas in project
managing projects management
Analyse problems and propose strategies to Create and maintain various project management
address complex project management problems plans
drawing on the Project Management Body of
Develop strategies to manage project constraints
Knowledge
within own organisation
Engage in high-level and successful Develop and communicate plans and progress
communication with project stakeholders and the reports
wider project network
Implement and maintain a process of
information sharing and distribution on a project
Utilise Project Management software to solve Use MS Project 2016 to develop a project plan
work-based problems effectively
Develop activity sequencing documentation
Demonstrate the ability to engage in self-directed Display effective research and report writing skills
learning within the field of project management
Display a depth of knowledge of project
management
Demonstrate a critical understanding of the Various processes are analysed to conduct processes
various process areas in project risk involved in project risk management
management
Projects are analysed to determine the risks associated
with a project
Demonstrate a comprehensive and critical Project risk plan is examined to demonstrate how the
understanding of the processes, various processes fit together
methodologies and theories involved in
Various risk management methodologies are identified
planning for project risk management
Various risk management methodologies and theories
are applied to conduct qualitative and quantitative risk
analyses
Critically evaluate and apply theories and various metrics are analysed with associated project
methodologies associated with monitoring performance
and controlling project risks
Variances in project performance are determined to
propose strategies to mitigate risks
Syndicate groups 0
Independent self-study of standard texts and references (study guides, books, journal 70
articles)
Other: Online 16
TOTAL 100
The purpose of the Module Guide is to allow you the opportunity to integrate the theoretical concepts from the
prescribed textbook and recommended readings. We suggest that you briefly skim read through the entire guide
to get an overview of its contents. At the beginning of each Unit, you will find a list of Learning Outcomes and
Associated Assessment Criteria. This outlines the main points that you should understand when you have
completed the Unit/s. Do not attempt to read and study everything at once. Each study session should be 90
minutes without a break
This module should be studied using the prescribed and recommended textbooks/readings and the relevant
sections of this Module Guide. You must read about the topic that you intend to study in the appropriate section
before you start reading the textbook in detail. Ensure that you make your own notes as you work through both the
textbook and this module. In the event that you do not have the prescribed and recommended textbooks/readings,
you must make use of any other source that deals with the sections in this module. If you want to do further reading,
and want to obtain publications that were used as source documents when we wrote this guide, you should look
at the reference list and the bibliography at the end of the Module Guide. In addition, at the end of each Unit there
may be link to the PowerPoint presentation and other useful reading.
H. Study Material
The study material for this module includes tutorial letters, programme handbook, this Module Guide, a list of
prescribed and recommended textbooks/readings which may be supplemented by additional readings.
In addition to the prescribed textbook, the following should be considered for recommended books/readings:
Recommended
Gido, J and Clements, J.P.2015. Successful Project Management. 6th ed. USA: Cengage Learning
Larson, E.W. and Gray, C.F.2017.Project Management: The Managerial Process.7th ed. New York: McGraw-
Hill
PMI. 2017. A Guide to the Project Management Body of Knowledge (PMBOK Guide). 6th ed. Pennsylvania:
Project Management Institute.
Van der Walt, G. and Williams, F.2015.A Guide to Project Management.2nd ed. SA: Juta and Company Ltd.
J. Special Features
In the Module Guide, you will find the following icons together with a description. These are designed to help you
study. It is imperative that you work through them as they also provide guidelines for examination purposes
The Learning Outcomes indicate aspects of the particular Unit you have
LEARNING to master.
OUTCOMES
A Think Point asks you to stop and think about an issue. Sometimes you
THINK POINT are asked to apply a concept to your own experience or to think of an
example.
You may come across Activities that ask you to carry out specific tasks.
In most cases, there are no right or wrong answers to these activities.
ACTIVITY
The purpose of the activities is to give you an opportunity to apply what
you have learned.
At this point, you should read the references supplied. If you are unable
READINGS to acquire the suggested readings, then you are welcome to consult any
current source that deals with the subject.
OR EXAMPLES
KNOWLEDGE You may come across Knowledge Check Questions at the end of each
CHECKS Unit in the form of Knowledge Check Questions (KCQ’s) that will test
QUESTIONS your knowledge. You should refer to the Module Guide or your
textbook(s) for the answers.
You may come across Revision Questions that test your understanding
REVISION
of what you have learned so far. These may be attempted with the aid
QUESTIONS
of your textbooks, journal articles and Module Guide.
CASE STUDY This activity provides students with the opportunity to apply theory to
practice.
Unit
1: Introduction to Project Risk
Management
1.2 Risk Management Concepts. Build an understanding of key concepts in project risk
management
1.3 Risk Management Principles. Integrate the various risk management principles into the
project life cycle
1.5 The Benefits of Project Risk Appreciate the benefits of project risk management
Management.
1.1 Introduction
Projects are enablers of change and change in itself introduces risks. This therefore makes the risk encounter on
projects inevitable. Managing such risks cannot be based on chance but should rather be a systematic process
that proactively identifies, assesses, plans responses and controls the risks that may impact the project. A cost-
effective risk management procedure should be established to “support better decision-making through a good
understanding of risks, their causes, likelihood, impact, timing and the choice of responses to them”, (OGC, 2009:
77)
Project risk management is often overlooked and often results in significant setbacks in the ultimate success of
projects. Risk management can have a positive impact on selecting projects, determining the scope of projects,
and developing realistic schedules and cost estimates. It helps project stakeholders understand the nature of the
project, involves team members in defining strengths and weaknesses, and helps to integrate the other project
management knowledge areas.
Think Point
“Civilization begins with order, grows with liberty and dies with chaos”
Will Durant
The Project Management Institute (PMI, 2017: 395) defines Project Risk Management as “the processes of
conducting risk management planning, identification, analysis, response planning, response implementation, and
monitoring risk on a project. The objectives of project risk management are to increase the probability and/or impact
of positive risks and to decrease the probability and/or impact of negative risks, in order to optimize the chances
of project success”.
This definition of project risk management is similar to the definition presented by the Association for Project
Management (APM, 2006:44): “Project Risk Management is a structured process that allows individual risk events
and overall project risks to be understood and managed proactively, optimising project success by minimising
threats and maximising opportunities”.
A risk is basically an uncertain event that, if it occurs, can jeopardize accomplishing the project objective. Risk
management involves the identification, assessment, control, and response to project risks in order to minimize
the likelihood of occurrence and/or potential impact of adverse events on the accomplishment of the project
objective (PMI, 2017: 395).
The risk management process would therefore include:
• identification - determining which risks may adversely affect the project objective and estimating what the
potential impacts of each risk might be if it occurs.
• Assessment - determining the likelihood that the risk event will occur and the degree of impact the event will
have on the project objective, and then prioritising the risks.
• response – defining a set of actions to prevent or reduce the likelihood of occurrence or the impact of a risk,
or to implement if the risk event occurs.
• Control risks - review and evaluation of risks to determine if there are any changes to the likelihood of
occurrence or the potential impact of any of the risks, or if any new risks have been identified (Gido and
Clements, 2015:).
Figure 1.1 below outlines the various phases of the risk management process that project teams must engage in
to ensure successful delivery of project outcomes.
The APM (2006) states that risk management within a project should not be conducted in isolation but must
interface with the organisation. The go on to say that risks should be escalated to both programme and portfolio
levels as well as “contribute to business risk assessment and corporate governance requirements”.
Identify Risks
Control Risks
Project Risk An uncertain event or condition that, if it occurs, has a positive or negative effect on
a project objective (PMI, 2017: 310).
Project Risk A structured process that allows individual risk events and overall project risks to
Management be understood and managed proactively, optimising project success by minimising
threats and maximising opportunities (APM, 2006:44).
Risk event driver Something existing in the project environment that leads one to believe that a
particular risk event could occur.
Probability of risk event The likelihood that a risk event will occur
Impact (of a risk) The consequence or potential loss that might result if a risk event occurs.
Impact driver Something existing in the project environment that leads one to believe that a
particular impact could occur.
Probability of impact The likelihood that an impact will occur, given that its risk event occurs.
Total loss The magnitude of the actual loss value accrued when a risk event occurs; it is
measured in days or money.
Risk Appetite An organisation’s unique attitude towards risk taking that in turn dictates the amount
(Organisational) of risk that it considers acceptable.
Risk Tolerance An indication of how sensitive organizations, stakeholders, and people are
towards risks. High tolerance often means that organizations welcome
high risks while tolerance tells otherwise. This element in project management also
describes the willingness of organization and people to avoid or accept risks.
Risk Register Captures and maintains information on all of the identified threats and opportunities
relating to the project.
1.4.2 Scope
Scope is ill defined: The general risk of an error or omission in scope definition.
Scope creep inflates scope: Uncontrolled changes and continuous growth of scope.
Gold plating inflates scope: The project team add their own product features that aren't in requirements or
change requests (Mar, 2018:1).
1.4.3 Cost
Cost forecasts are inaccurate: Inaccurate cost estimates and forecasts.
Exchange rate variability: When costs are incurred in foreign currencies exchange rates can have a dramatic
impact (Mar, 2018:1).
1.4.5 Stakeholders
Stakeholders have inaccurate expectations: Stakeholders develop inaccurate expectations (believe that the
project will achieve something not in the requirements, plan, etc.).
Stakeholder turnover: Stakeholder turnover can lead to project disruptions.
Stakeholders fail to support project: When stakeholders have a negative attitude towards the project and
wish to see it fail.
Stakeholder conflict: Disagreement between stakeholders over project issues (Mar, 2018:1).
1.4.6 Communication
Project team misunderstand requirements: When requirements are misinterpreted by the project team a gap
develops between expectations, requirements and work packages.
Communication overhead: When key project resources spend a high percentage of their time engaging
stakeholders on project issues and change requests their work may fall behind.
Under communication: Communication is a challenge that's not to be underestimated. You may need to
communicate the same idea many times in different ways before people remember it.
Impacted individuals aren't kept informed: A stakeholder is missing in your communication plan. Anyone who
isn't informed but is impacted has an excellent reason to throw up project roadblocks. For example, if you
build a system but fail to consult the operations group that will be responsible for support (Mar, 2018:1).
Activity
Johansen, Sandvin, Torp and Okland [9] identified five specific challenges in uncertainty
analysis indicating that even professional risk managers and their teams do not have the right
competences, adequate planning data or effective procedures to properly identify risks and
uncertainties, quantify and analyse them, communicate them to decision makers or take the
consequences into their project management. This clearly indicates that current practices need
to be challenged. Authors from all over the world responded to the call for papers to this Special
Issue, although not all suggested contributions made it into the final result. The selected papers
challenge current practices on a wide range of aspects of project risk management and in
different ways.
Lichtenberg [10] describes successful research results from almost three decades ago, which
successfully challenge the problems that conventional management has with handling risk in
cost estimation and budgeting. The reported results have led to new and improved practices.
The research involved is an unusual mix from psychology, statistical theory and engineering
economy. This mix tells us about the complex and multidisciplinary nature of uncertainty
management. The resulting experiences are reported, focusing on two recent studies, each of
40 infrastructures, and other major projects. In both datasets, the actual final cost largely
equalled the expected project cost. This result is a marked change from international past and
present experience. The principles that Lichtenberg promotes help researchers better
understand the nature of cost estimation under uncertainty and practitioners can draw help
from useful guidelines in this paper to improve their project risk management.
Johansen, Eik-Andresen, Landmark, Ekambaram, and Rolstadås [11] challenge the clear
tendency in project risk management to focus on the negative aspects of uncertainty. Although
uncertainty management theory has become well established, the authors suggest that it does
not fully address why opportunities often remain unexploited. Despite theory that holds risk and
opportunities to be equally important, empirical studies show a stronger focus on mitigating
risks than exploiting opportunities. Several empirical studies reported in this paper indicate that
even within organizations with seemingly high awareness of best practices in the field of project
risk management, potential is lost. There is an obvious gap between what theory tells us and
what people tend to do in practice. The authors then present a theoretical model that explains
why opportunities remain unexploited. They show that the threshold for pursuing a potential
opportunity is high and identify several fundamental reasons for resistance. This should
potentially be of great help for practitioners in pursuit of an improved success rate and benefits
in investment projects. It also contributes to building theory for designing decision making on
complex projects.
Torp and Klakegg [12] directly tackle the list of challenges previously identified by Johansen,
Sandvin, Torp and Okland [9]. Reporting on a single case study, they describe practical
guidelines and share experience from cost estimation and uncertainty analyses that help
mitigate many of the identified challenges in current project risk management practice. The
single case is a unique insight into an extremely complex project: decommissioning of
Barsebäck Nuclear Power Plant. The paper includes an adequate level of detail to make it
possible for practitioners to actually take up and put into use several of the practical working
procedures used in this case. The authors illustrate the importance of combining project risk
management competence with professional knowledge of the actual contents of the project
itself. Good preparations and planning is vital to the quality of the process that follows. The
analysis involves a group of experts in a structured group process. Professional facilitation and
effective communication are two key enablers for enhancing the ability to identify, evaluate,
analyse and respond adequately to the steering signals found in the uncertainty analysis.
Walker and Lloyd-Walker [13] take an even closer look at team collaboration in their paper on
using risks and an uncertainty based perspective in analysing integrated project delivery forms.
The authors help readers to better understand how complex projects may be understood and
successfully managed. Based on interviews with 50 subject matter experts, they have
developed a relationship-based procurement (RBP) framework and a tool in the form of a visual
map. These results help practitioners cope by using visualization and sense-making
mechanisms. The paper also extends theory by taking RBP to the next step, from pure
procurement into a risk-uncertainty project management domain. Practitioners will find these
ideas helpful in managing risks, uncertainty and ambiguity in their complex projects.
All these contributions have one thing in common: They all illustrate that project risk
management may be led into a dead end if theory and practice keep focusing on models, data
processing, decision making algorithms, procedures and tools. The risk focus needs to be
balanced out with focusing on opportunities, even if it is difficult and requires extra effort. The
real challenges are in the head of the individuals involved. They need help to understand,
analyse and adequately respond. All contributions offer, in their own way, a piece of this puzzle.
My simple conclusion is: It is all about people and competence! The contributors have one
more thing in common—they have all previously collaborated in research or publications
together in different constellations. There is a close relation between the ways in which risk
and uncertainty are understood and presented in these papers. This will hopefully build a
picture that helps the readers to take the next step, be it theoretical or practical guidelines or
simply intriguing examples that are needed.
1. From a project of your choice, discuss 5 potential risks that may negatively impact
the project.
2. Articulate what the benefits of project risk management are using examples from a
project of your choice.
3. What would be the risk of not adhering to the risk management principles when
planning for project risk management?
Unit
2: Plan Risk Management
2.2 Risk Management Planning. Identify the inputs, tools and techniques and the outputs of
risk management process
2.3 Risks in the Project Life Cycle. Explain the progression of risks on the project life cycle
2.4 Golden Rules of Project Risk Interrogate the guidelines and rules for successful risk
Management. management
2.5 Contingency Plans, Fallback Plans, Understand and examine contingency Plans, Fallback
and Contingency Reserves Plans, and Contingency Reserves
2.1 Introduction
The essence of project management is risk management (Larson and Gray, 2017:234). All planning on a project
has its intents on preventing uncertainties, on ensuring that the project objectives are delivered successfully and
ultimately, on increasing stakeholder satisfaction. Larson and Gray (2017:234) support their statement above by
emphasising that:
project selection tries to reduce the likelihood that projects will not contribute to organisational strategy;
project scope statements are designed to avoid costly misunderstandings and to reduce scope creep;
risk breakdown structures reduce the likelihood that important parts of the project will be omitted or that the
budget estimates are unrealistic;
teambuilding reduces the likelihood of dysfunctional conflict and breakdowns in coordination;
All of the above processes try to increase the probability of project success. Project managers therefore need to
plan for risk management in order to mitigate the uncertainty inherent in project management. Risk management
must be proactive and not reactive so that it can reduce the number of surprises and be better prepared to deal
with potential negative as well as positive uncertain events.
Schwalbe (2015:427) states that planning risk management involves deciding how to approach and plan the risk
management activities for the project by reviewing the project scope statement; cost, schedule, and
communications management plans; enterprise environmental factors; and organizational process assets. The
main output of Plan Risk Management process is a risk management plan which is a subset of the project
management plan.
Methodology How will risk management be performed on this project? What tools and
data sources are available and applicable?
Roles and responsibilities? Who are the individuals responsible for implementing specific tasks and
providing deliverables related to risk management
Budget and schedule What are the estimated costs and schedules for performing risk-related
activities?
Risk categories What are the main categories of risks that should be addressed on this
project? Is there a risk breakdown structure for the project?
Risk probability and impact How will the probabilities and impacts of risk items be assessed? What
scoring and interpretation methods will be used for the qualitative and
quantitative analysis of risks? How will the probability and impact matrix be
developed?
Revised stakeholders Have stakeholders’ tolerances for risk changed? How will those changes
tolerances affect the project?
Tracking How will the team track risk management activities? How will lessons
learned be documented and shared? How will risk management processes
be audited?
Risk documentation What reporting formats and processes will be used for risk management
activities?
The Project Management Institute (PMI, 2017:401), defining Plan Risk Management as the process of defining
how to conduct risk management activities for a project, identify the key benefit of Plan Risk Management process
to be the assurance that “that the degree, type, and visibility of risk management are proportionate to both risks
and the importance of the project to the organization and other stakeholders”. The inputs, tools and techniques,
and outputs of the process are illustrated in Figure 2.1.
Project charter
Meetings
Stakeholder register
Figure 3Figure 2.1: Plan Risk Management: Inputs, Tools & Techniques, and Outputs
Source: PMI (2017:401)
Figure 2.2 presents a graphic model of the risk management challenge. The chances of a risk event occurring are
greatest in the concept, planning, and start-up phases of the project (Larson and Gray, 2017:212). A risk occurring
early in the project life cycle has a lower cost than a risk occurring later in the project life cycle. The cost of a risk
event occurring increases rapidly and is at its highest as the project passes halfway through the project life cycle
during implementation.
Larson and Gray (2017:212) quote an example as follows: the risk event of a design flaw occurring after a prototype
has been made has a greater cost or time impact than if the event occurred in the start-up phase of the project. It
is therefore, prudent for the project team to plan for risk events and decide on appropriate responses before the
project begins.
The ten golden rules of project risk management provide a set of guidelines on how to implement risk management
successfully in projects.
(between the lines) will find them. The project plan, business case and resource planning are good starters. Other
categories are old project plans, your company Intranet and specialized websites (Jutte, 2018:1).
Are you able to identify all project risks before they occur? Probably not! However, if you combine a number of
different identification methods, you are likely to find the large majority. If you deal with them properly, you have
enough time left for the unexpected risks that take place (Jutte, 2018:1).
A good approach is to consistently include risk communication in the tasks you carry out. If you have a team
meeting, make project risks part of the default agenda (and not the final item on the list!). This shows risks are
important to the project manager and gives team members a "natural moment" to discuss them and report new
ones (Jutte, 2018:1).
Another important line of communication is that of the project manager and project sponsor or principal. Focus
your communication efforts on the big risks here and make sure you don't surprise the boss or the customer! Also
take care that the sponsor makes decisions on the top risks, because usually some of them exceed the mandate
of the project manager (Jutte, 2018:1).
Unfortunately, lots of project teams struggle to cross the finish line, being overloaded with work that needs to be
done quickly. This creates project dynamics where only negative risks matter (if the team considers any risks at
all). Make sure you create some time to deal with the opportunities in your project, even if it is only half an hour.
Chances are that you see a couple of opportunities with a high pay-off that don't require a big investment in time
or resources (Jutte, 2018:1).
the person in your team that has the responsibility to optimise this risk for the project. The effects are really positive.
At first people usually feel uncomfortable that they are actually responsible for certain risks, but as time passes
they will act and carry out tasks to decrease threats and enhance opportunities (Jutte, 2018:1).
Ownership also exists on another level. If a project threat occurs, someone has to pay the bill. This sounds logical,
but it is an issue you have to address before a risk occurs. Especially if different business units, departments and
suppliers are involved in your project, it becomes important who bears the consequences and has to empty his
wallet. An important side effect of clarifying the ownership of risk effects is that line managers start to pay attention
to a project, especially when a lot of money is at stake. The ownership issue is equally important with project
opportunities. Fights over (unexpected) revenues can become a long-term pastime of management (Jutte, 2018:1).
Risk analysis occurs at different levels. If you want to understand a risk at an individual level it is most fruitful to
think about the effects that it has and the causes that can make it happen. Looking at the effects, you can describe
what effects take place immediately after a risk occurs and what effects happen as a result of the primary effects
or because time elapses. A more detailed analysis may show the order of magnitude effect in a certain effect
category like costs, lead time or product quality. Another angle to look at risks is to focus on the events that precede
a risk occurrence, the risk causes. List the different causes and the circumstances that decrease or increase the
likelihood (Jutte, 2018:1).
Another level of risk analysis is investigating the entire project. Each project manager needs to answer the usual
questions about the total budget needed or the date the project will finish. If you take risks into account, you can
do a simulation to show your project sponsor how likely it is that you finish on a given date or within a certain time
frame. A similar exercise can be done for project costs.
The information you gather in a risk analysis will provide valuable insights in your project and the necessary input
to find effective responses to optimise the risks (Jutte, 2018:1).
If you deal with threats you basically have three options, risk avoidance, risk minimisation and risk acceptance.
Avoiding risks means you organise your project in such a way that you don't encounter a risk anymore. This could
mean changing supplier or adopting a different technology or, if you deal with a fatal risk, terminating a project.
Spending more money on a doomed project is a bad investment (Jutte, 2018:1).
The biggest category of responses is the ones to minimise risks. You can try to prevent a risk occurring by
influencing the causes or decreasing the negative effects that could result. If you have carried out rule 7 properly
(risk analysis) you will have plenty of opportunities to influence it. A final response is to accept a risk. This is a good
choice if the effects on the project are minimal or the possibilities to influence it prove to be very difficult, time
consuming or relatively expensive. Just make sure that it is a conscious choice to accept a certain risk (Jutte,
2018:1).
Responses for risk opportunities are the reverse of the ones for threats. They will focus on seeking risks,
maximising them or ignoring them (if opportunities prove to be too small).
Rule 9: Register Project Risks:
This rule is about bookkeeping (however don't stop reading). Maintaining a risk log enables you to view progress
and make sure that you won't forget a risk or two. It is also a perfect communication tool that informs your team
members and stakeholders what is going on (rule 3).
A good risk log contains risks descriptions, clarifies ownership issues (rule 5) and enables you to carry out some
basic analyses with regard to causes and effects (rule 7). Most project managers aren't really fond of administrative
tasks, but doing your bookkeeping with regards to risks pays off, especially if the number of risks is large. Some
project managers don't want to record risks, because they feel this makes it easier to blame them in case things
go wrong. However, the reverse is true. If you record project risks and the effective responses you have
implemented, you create a track record that no one can deny. Even if a risk happens that derails the project. Doing
projects is taking risks (Jutte, 2018:1).
Tracking risks differs from tracking tasks. It focuses on the current situation of risks. Which risks are more likely to
happen? Has the relative importance of risks changed? Answering these questions will help to pay attention to the
risks that matter most for your project value (Jutte, 2018:1).
These ten golden rules can always be improved upon. Therefore, rule number eleven would be to use the
Japanese Kaizen approach: measure the effects of your risk management efforts and continuously implement
improvements to make it even better.
Contingency Plans:
These are planned actions that the project team will take if an identified risk event occurs.
Example: A project team may have a contingency plan to use the existing, older version of the software if they
know that a new version may not be available in time for them to use in their project (Scwhalbe, 2015:430).
Fallback Plans:
These plans are developed for risks with high impact on meeting project objectives. Such plans take effect
when the project team fails to reduce the risk as originally planned.
Example: If not one of a new college graduate’s main plan and contingency plans on where to live after
graduation pan out then a fallback plan may be to live at home until appropriate accommodation can be sourced
(Scwhalbe, 2015:430).
Sometimes the terms contingency plan and fallback plan are used interchangeably.
Contingency Reserves:
Also known as contingency allowances are provisions held by the project sponsor or organization to reduce
the risk of cost or schedule overruns to an acceptable level.
Example: The project sponsor may provide additional funds from contingency reserves to hire an outside
consultant to train and advise the project staff in using the new technology if a project appears to be off course
because the staff is inexperienced with some new technology and this was not identified as a risk (Scwhalbe,
2015:430).
Case Study:
Feds and Contractor Share Blame for Afghan Plant Delays
Scheduled to be completed in April 2009, the 105-megawatt, dual-fuel Tarakhil Power
Plant near Kabul has experienced many delays and cost overruns. The U.S. Special
Inspector General of Afghanistan Reconstruction blamed federal and contractor
management failures in a January 2010 report. The expected completion date was delayed
for over a year from the April 2009 date.
The original statement of work lacked specific deliverables and deadlines, which resulted in
the project’s being a string of task orders without an established schedule and secured
resources. The initial costs of the project were estimated at $125 million for 18 diesel
generators in an existing plant. Fifteen contract modifications resulted in scope changes and
budget increases. The final plan was estimated to cost $260 million with the construction of
a new facility. The typical cost estimate for diesel plant construction in the Middle East and
Asia has been $105 million, $1 million per megawatt planned. Modifications and issue
resolutions would take months and years, resulting in a six-month delay for site work. To
fast-track the project, turbines were built in Germany at an increased expense and flown to
the site. The total project costs were nearing $300 million, a $40 million overrun of the final
plan. Critics of the project suggest that the power plant may never be used due to the high
costs of operation; this project is expected to cost Afghan taxpayers three times as much as
comparable projects for operation. It has been suggested that the U.S. Agency for
International Development and its contractors made the same mistakes that they had made
in similar projects because they did not apply what they had learned on the other projects.
Planners ignored alternative recommendations from local officials that were less expensive,
selected expensive technologies that may not be sustainable, and hired a complex system
of multiple contractors with unrealistic time expectations for completion and high costs. The
original contract guaranteed a profit for the Kansas-based contractor through cost-plus
contracting. Subcontracts were awarded on fixed price bases to a network of firms.
Subcontractors may never be fully reimbursed for changes or delays that the original
contractor caused. The contractor’s failure to properly identify needs, examine and secure
resources, manage risks, and secure a schedule of performance put the project at risk.
These failures lie in the critical components of planning, scheduling, organization, teamwork,
communication, and leadership.
Source: Buckley (2010:16) and Chatterjee (2010:1)
1. Clearly articulate whether each of the 10 golden rules of project risk management
were adhered to on the project in the case study above.
5. Discuss the guidelines for ensuring the successful implementation of project risk
management.
Unit
3: Identify Risks
3.2 Information Gathering. Understand various tools and techniques for information
gathering during risk identification processes
3.3 Risk Identification Techniques. Utilise the various project risks identification methodologies in
a project life cycle
3.1 Introduction
The purpose of undertaking a project is to achieve or establish something new, to venture or to take chances.
However, in today’s markets, with heavy competition, advanced technology and tough economic conditions, risk
has assumed significantly greater proportions. Identifying hazard and risk exposures is probably the most important
step in the risk management process.
Before risks can be identified, mitigated or managed, certain preliminary work must be done to form the foundation
for structured project information. This preliminary work encompasses the identification of work, creating a
schedule, and pinpointing resources, cost elements and performance measures. One of the most effective
methods of defining work is the development of the work break down schedule (WBS). The WBS displays the
products, services and data items that must be developed for a project in hierarchical arrangement. This
arrangement relates the WBS elements to each other and to the end product. It provides an essential definition for
schedule and cost baselines, exchange control mechanisms, cost tracking, contractual actions and the logical
execution of work. These baselines are the foundation for measuring project performance, managing risk and
calculating resource availability and consumption (PMI: 2017).
This step launches the process hence planning and preparation is required at the beginning. A facilitator will be
needed, especially one without a stake in the outcome; an amply supplied meeting room; a solid definition of the
project, specifically any unusual features; and a schedule, development process chart, prompt list, or other means
of eliciting specific project risks.
Risk identification should be performed as part of a project’s initial definition process, along with project planning,
budgeting, and scheduling. Actually these other activities cannot be realistically performed without performing risk
analysis. Sometimes identified risks may lead to abandoning the project altogether. Besides, scan for new risks
throughout the project at team meetings, project updates, and at major milestones and phase completions (PMI:
2017).
A risk event should exactly describe a happening that could occur, together with the associated time component
or condition so that one can tell if the risk event has occurred. The risk description should be specific such as “A
graphical user interface software engineer will not be available to review the system requirements until 15 days
past the scheduled review on August 7” rather than “Engineering may not have enough resources to complete the
project on time”. Each risk should be accompanied by its impact; that is, the loss that the risk event could cause.
An impact could be stated as “since our contract with our customer contains a penalty clause for missed programme
milestones, a 15-day slip in reviewing the system requirements will result in R750 00 penalties!’ The R750 000
would represent the total loss.
Project managers are ultimately responsible for identifying all risks, but often they rely upon subject matter experts
to take a lead in identifying certain technical risks (Kloppenborg, 2015: 275). The objective of this risk identification
step is to get any identified risks on the table for discussion. Chances are high that you might identify more risks
than you can pursue.
Think Point
Identifying hazard and risk exposures is probably the most important step in
the PROJECT MANAGEMENT process.
(PMI: 2017).
The success of these techniques depends on how the risk management team have been selected and brought
together.
3.3.1 Brainstorming
Figure 3.1 illustrates the most common approach to identifying the sources of risks, brainstorming. The project
manager should involve key project team members in identifying potential sources of risk. In this step you identify
risk events and their consequences that could prevent the project from meeting its defined goals of scope,
schedule, cost, resource consumption, or quality. This is a brainstorming activity. Even though we have to keep in
mind the fact that a manageable risk involves uncertainty, the possibility of loss and a time element, this should be
a freewheeling activity rather than one that judge’s contributions at this time (PMI: 2017).
One way to identify risk is via posting a large copy of the project schedule on the wall and having the whole team
place stickers in areas of the schedule where they see risks. To get a broad view of the project, be sure to involve
a cross-functional team.
Schedule
Steps
• Develop a problem statement.
• Identify potential causes of the problem.
• Gather data and verify the most likely causes.
• Identify possible solutions.
• Evaluate the alternative solutions.
• Determine the best solution.
• Revise the project plan.
• Implement the solution.
• Determine whether the problem has been solved (PMI: 2017).
Think Point
Activity
Regulatory requirements
Osha Compliance
Constraints How does each constraint make the project more difficult?
WBS What risks can you find going through the WBS item by item?
Touchpoints What difficulties may arise when some project work is handed off from one
person to another?
Literature What problems and opportunities have been published concerning similar
projects?
Previous projects What projects & opportunities have similar projects in your own
organisation?
Peers Can your peers identify any additional risks?
Asking why a certain risk event may happen is a second method of understanding risk relationships. Root-cause-
analysis is used to determine the basic underlying reason that causes a variance or defect or risk. A root cause
may underlie more than one variance or defect or risk.” A simple approach to root-cause-analysis is to simply
consider each risk one at a time and ask, “Why might this happen?” The risks designated as major risks during
risk are the ones that the project team should perform more detailed root cause analysis of.
Another relationship that project teams need to understand is trigger conditions that indicates whether a risk is
about to occur. “A trigger can be specific to an individual risk, such as when a key supplier stops returning phone
calls, which may jeopardize their delivery of materials” (Kloppenborg, 2015:276).
Schedule:
o Vendor delay in delivery of critical equipment
Cost:
o Material costs escalate more than anticipated
Human Resources:
o May not have people available when required to staff the project
External:
o Inclement weather
o Change in consumer preference
o Local community protests
o Changes in government regulations
Sponsor/Customer:
o Delays in approval
o Security of sponsor funding (Gido and Clements, 2015:287).
Triggers:
Signals or precursors that help in determining I a risk event I about to occur (Schwalbe: 2015).
The risk register is a living document. As a risk is identified, it is added. More information regarding a risk can
be added as it is discovered. As risks are handled, they can be removed because they are no longer of the
same level of concern. On smaller projects, a spreadsheet works fine for a risk register. On larger, more
complex projects, some organizations use databases (Schwalbe: 2015).
Think Point
Figure 3.3 below illustrates the Top 10 South African country and industry level
risks as identified by the Institute of Risk Management South Africa (IRMSA,
2017:3). All ranked risks negatively impact the successful achievement of project
objectives.
Figure 7
Figure 3.3: Top 10 South African Country and Industry Level Risks
Source: Institute of Risk Management (2017:3)
1. Generate a list of all possible risks that can occur during the project tenure in a project
of your choice using the brainstorming risk identification method.
2. Categorise the identified risks into the different risk classification areas.
3. Google what a Risk Breakdown Structure is and compile one for the project chosen in
question one.
4. Expert judgement techniques have the potential for bias in risk identification. What are
the various factors affecting the bias?
Unit
4: Perform Risk Analysis
4.1 Introduction
Having identified the various possible risks inherent in the project, the next step is to assess these risks. Not all
risks deserve attention and some risk(s) may be ignored. There are those risks, however, that pose serious threats
to the welfare of the project. According to Kloppenborg (2015:277), the project team now needs to decide which
risks are major and need to be managed carefully, as opposed to those minor risks that can be handled more
casually. Kloppenborg (2015:277) states further that the project team should determine how well they understand
each risk and whether they have the necessary reliable data. They must ultimately be able to report the major
risks to decision makers.
Risk assessment involves determining the likelihood that the risk event will occur and the degree of impact the
event will have on the project objective. Risks can then be prioritized based on the likelihood of occurrence and
degree of impact. Assign high priority to managing risks that have a high likelihood of occurrence and a high
potential impact on the project outcome. Risks on the critical path should be given higher priority because, if the
risk occurs, it would have a greater impact on the schedule than if it was associated with activities on a path that
has a large positive value of total slack (Larson & Gray, 2014).
Scenario analysis is the most commonly used technique for analysing risk. In this technique, every risk is assessed
in terms of (1) probability of the risk occurring, and (2) the impact of the risk should it occur. Using this technique,
a quantification of the various risks can be determined. Thereafter the different risks are ranked in terms of
importance (and attention). This allows the project manager to derive a typical risk assessment form (Larson &
Gray, 2014).
Hardware
1 5 5 Installation
Malfunctioning
Table 4.1: Risk Assessment for an IT Installation Project
Table 4.1 above is an example of a risk assessment form for an IT Installation Project. It basically captures the
risk event, the likelihood, the impact, detection difficulty and when during the project life cycle the risk may occur.
The risk assessment process may be summarised as follows:
• Determine the likelihood the risk event will occur
• Evaluate degree of impact on the project objective. Involve the project team or experts in assessing risks.
• Prioritize
• Likelihood of occurrence and degree of impact
• Position relative to the critical path
Think Point
All risks, even the ones with the smallest likelihood of occurring, are important
to project success.
Quantitative risk analysis often follows qualitative risk analysis, yet both processes can be done together or
separately. On some projects, the team may only perform qualitative risk analysis. The nature of the project
and availability of time and money affect the type of risk analysis techniques used.
Tools for qualitative risk analysis include a probability/impact matrix and the Top Ten Risk Item Tracking
technique. Tools for quantitative risk analysis include decision trees and Monte Carlo simulation. Expected
monetary value (EMV) uses decision trees to evaluate potential projects based on their expected value.
Simulations are a more sophisticated method for creating estimates to help you determine the likelihood of
meeting specific project schedule or cost goals. Sensitivity analysis is used to show the effects of changing
one or more variables on an outcome (Schwalbe, 2015:452).
Each of the risk analysis techniques will be discussed under the separate headings of Qualitative Risk
Analysis and Quantitative Risk Analysis.
Table 5Table 4.2: Qualitative Analysis for Differentiating Major and Minor Project Risks
Source: Kloppenborg (2015:279)
The dark line in Table 4.2 above separates the major and catastrophic risks that need either further analysis and/or
specific contingency plans from minor and moderate risks that can just be listed and informally monitored. This
distinction between major and minor risks is required as project teams may be tempted to either ignore all risks -
which almost guarantees the project has problems or to make contingency plans for all risks - which may be a
terrible waste of time drawing focus away from the really big risks.
It is also prudent for project teams to ask when each risk is likely to occur in the project. The usefulness of this
exercise is seen in the fact that those risks that are likely to occur earlier often need to be assigned a higher priority.
Think Point
Schwalbe (2015:438) states that qualitative risk analysis involves assessing the likelihood and impact of identified
risks, to determine their magnitude and priority. The two major techniques under this section include the
Probability/Impact Matrix to produce a prioritized list of risks, as well as the Top Ten Risk Item Tracking technique
to produce an overall ranking for project risks and to track trends in qualitative risk analysis.
a) Probability/Impact Matrix
A risk probability or consequence is often described as being, low, medium or high.
Example: a meteorologist might predict that there is a high probability/likelihood, of severe rain showers on a
certain day. If that day happens to be your wedding day and you are planning a large outdoor
wedding, the consequences or impact of severe showers might also be high.
The probability and impact of risks can be charted by a project manager on a probability/impact matrix or chart. A
probability/impact matrix or chart lists the relative probability of a risk occurring on one side of a matrix or axis on
a chart and the relative impact of the risk occurring on the other (Schwalbe, 2015:438). To use this approach,
project stakeholders list the risks they think might occur on their projects. They then label each risk as being high,
medium, or low in terms of its probability of occurrence and its impact if it did occur.
The results are then summarized by the project manager in a probability/impact matrix or chart, as shown in Figure
4.1. Here, all risks are plotted on a matrix or chart and focus is placed on any risks that fall in the high sections of
the probability/impact matrix or chart. For example, Risks 1 and 4 are listed as high in both categories of probability
and impact. Risk 6 is high in the probability category but low in the impact category. Risk 9 is high in the probability
category and medium in the impact category, and so on. The severity of the risk is then calculated by simply
multiplying a numeric score for probability by a numeric score for impact (Schwalbe: 2015:439).
Risk 1
High Risk 1 Risk 9
Risk 4
PROBABILITY Risk 2
Risk 3
Medium Risk 5
Risk 7
Risk 11
Risk 8
Low Risk 12
Risk 10
IMPACT
Based on the value of the severity of the risks, risks are prioritised for contingency planning. The purpose of this
action is to cull from a long list of risks a short list that will be managed actively. Expected loss is the prime criterion
for conducting this culling, because it measures the damage that you can expect to inflict on the project by each
risk. Other criteria, such as urgency, the cost of mitigation, or the catastrophic nature of a risk, may influence this
short list. The list of prioritised risks are then updated on the risk register. Less severe risks are placed onto a risk
watch list. The next step would be for the team to discuss how they plan to respond to those risks if they occur
(Schwalbe: 2015:439).
The project team has to prioritise because resources are limited to be able to work on all the risks. To minimise
and focus efforts, only risks that make the shortlist will be managed. A catastrophic risk may be added to the list,
even though its probability is quite low. The point is to manage the risks that could cause the greatest damage to
the project. It may be unsettling to know that there are quite real significant project risks that have been identified
but will not be resolved. On the other hand, each risk on the managed list will need significant resources, so the
line needs to be drawn somewhere. By prioritising risk, resources are applied most cost effectively according to
the requirements of the project (Schwalbe: 2015:439).
Activity
Using a project of your choice, identify five potential risks and analyse them
using the probability/impact matrix.
Table 4.1 illustrates the Top Ten Risk Item Tracking chart that could be used at a management review meeting for
a project. Only the top five negative risk events are included here. Each risk event is ranked based on the current
month, previous month, and how many months it has been in the top ten. The last column describes progress on
resolving each risk item.
MONTHLY RANKING
Rank This Number of
Month Rank Last Risk Resolution Progress
Risk Event Months in
Rank Month
Top Ten
4
Poor cost estimates 4 3 Revising cost estimates
Figure 9Figure 4.2: Decision Tree and Expected Monetary Value Analysis
Source: Schwalbe (2015:439)
• Failure mode and effect analysis (FMEA): an analytical procedure in which each potential failure mode in
every component is analysed to determine its effect on reliability and for all ways a failure may occur. For
each potential failure, an estimate is made on its effect on the total system.
• Sensitivity analysis: a quantitative risk analysis and modeling technique used to help determine which
risks have the most powerful impact on the project. It examines the extent to which the uncertainty in each
project element affects the objective. The typical display is in the form of a tornado diagram.
• Simulation: a technique that uses a project model that translates the uncertainties specified as a detailed
level into their potential impact on objectives. Usually uses probability distributions of possible costs or
durations and typically use Monte Carlo analysis (Kloppenborg, 2015:280).
Microsoft Excel is a common tool for performing quantitative risk analysis. Microsoft
provides examples of how to use Excel to perform Monte Carlo simulation from its Web
site, and explains how several companies use Monte Carlo simulation as an important tool
for decision-making:
• General Motors uses simulation for forecasting net income for the corporation,
predicting structural costs and purchasing costs of vehicles, and determining the
company s susceptibility to different kinds of risk, such as interest rate changes and
exchange rate fluctuations.
• Eli Lilly uses simulation to determine the optimal plant capacity that should be built
for each drug.
• Procter & Gamble uses simulation to model and optimally hedge foreign exchange
risk.
Source: Microsoft Corporation (2008:1)
1. Is the Monte Carlo Analysis technique a quantitative or qualitative technique? Justify
your response.
2. Research the process of Monte Carlo Analysis on the internet to investigate how it can
be used to analyse the sources of cost and schedule risks for the project in the case
study.
3. The case study lists a few major organisations who use the Monte Carlo Analysis
technique. Discover for yourself which other major companies use this risk analysis
technique.
Unit
5: Plan Risk Responses
5.3 Strategies for Responding to Risks Differentiate between the negative and positive risk response
strategies
5.6 Risk Response Planning that Don’t Create strategies to avoid risk responses that do not work
Work
5.1 Introduction
Having identified, quantified and prioritised the risk, a risk response plan or a risk handling plan would need to be
developed. Plan Risk Response is the process of devising risk response strategies and establishing contingency
plans to develop actions in order to increase opportunities and to decrease threats. It also includes the
identification and assignment of one or more persons to take responsibility for each agreed to and funded risk
response.
After all risks are assessed, the team needs to decide which of the risks should be considered major risks. That
is, which are important enough to require a formal response plan with someone assigned responsibility? The other,
more minor risks are not formally considered further in the charter, but very well may get more attention in the
planning and executing stages. The project team constructs a table depicting each major risk, with its contingency
plan and “owner.” (Kloppenborg: 2015:96).
Examples of risk assessment and major risk response planning for a hardware upgrade project in an Irish factory
are shown in Table 5.1.
Kloppenborg (2015:281) believes that this is often a creative time for project teams as they decide how they will
respond to each major risk. A team may develop multiple strategies for a single risk because one strategy may not
be sufficient to reduce the threat or exploit the opportunity as much as the stakeholders would like.
Alternatively, the team may decide that it is not worth the effort to completely eliminate a threat and make it their
goal to reduce the threat to a level that the sponsor and other stakeholders deem acceptable.
a) Avoid Risk
Many people prefer to avoid a risk if possible, and sometimes that is the best strategy. Sometimes, a project plan
can be altered to avoid a risk by deleting the risky section. Kloppenborg (2015:282) gives an example of the
organizers of a parade who alter their route when told by the local police that traffic patterns on one section of their
route are very difficult to control.
Project risk response strategy decisions are based on an understanding of the priorities key stakeholders have of
cost, schedule, scope, and quality. The example presented may allow the change to be easily executed if no major
stakeholder had a strong interest in the original route. Project managers need to understand, however, that every
decision regarding risk response strategies may impact something else. Another avoidance strategy especially
concerning risky issues, is to ensure communications are good. “Many risks can be more easily addressed with
prompt and accurate information” (Kloppenborg, 2015:282). The avoidance strategy of not performing the project
at all is a choice sometimes made when the risks far out-weigh the potential benefits. Such a decision is a last
resort decision when all other options have been explored and considered.
b) Transfer Risk
Various risk transfer strategies exist for both the project manager and the owner/developer/supplier.
A common means to transfer a risk is through insurance. A premium is paid to another better equipped
organization to assume a level of risk. A second transfer strategy deals with the type of contract used. For
example, an owner may want to use a fixed-price contract that will transfer the risk to the supplier/developer.
The developer accepting the risk should insist on a higher price to cover the risk.
Alternatively, a developer wanting to transfer risk to the owner would prefer a cost-plus contract under which
includes compensation for cost plus a percentage of profit. In this case the owner should drive for a low cost
in such an arrangement because he is assuming the risk. Other types of contracts can be written so that both
parties share the project risk (Kloppenborg, 2015:282).
Hire an expert to perform the risk and hold that person accountable.
None of the transfer strategies eliminate risk; they just force someone else to assume it (Kloppenborg, 2015:282).
c) Mitigate Risk
Mitigation strategies are those in which an effort is made to lower risk. One can reduce the risk’s probability or its
impact if it occurs. One can generally mitigate a risk by conducting more thorough project planning. Mitigate
involves making alternate choices that can be less than ideal. To reduce the risk’s probability one could develop
prototypes, simulate or conduct model testing (Kloppenborg:2015).
d) Accept Risk
This is often used for the risks deemed to be minor. The project team deals with them if and when they happen.
There may be little that one can do except to let the risk occur. Acceptance is an option for risk with low probability,
low impact or those that have no reasonable action that can be taken (Kloppenborg:2015).
Figure 11Figure 5.1: Project Risk Strategies to Deal with Negative Risks
Source: Kloppenborg (2015: 281)
e) Research Risk
Kloppenborg (2015:283) maintains that the best way to handle a risk may sometimes be to learn more about it.
The first research strategy - secure better and/or more information so the project team
understands what they are dealing with. Projects often are conducted in a rapidly changing environment
in which decisions need to be made quickly, often based upon imperfect and incomplete information.
Another research strategy - verify assumptions made. Assumptions that prove to be false become risks.
Yet another research strategy - perform project on a small scale first to see if it works. This can include
constructing a prototype, test marketing a new product, running new software in one department first,
piloting and so on.
These research strategies work well for both reducing threats and capitalizing on opportunities.
a) Exploit Risk
Exploitation means to ensure that the risk event definitely occurs so that its benefits can be realised. Trigger
conditions may be identified that, if reached, will allow the project manager to request that the project become a
higher priority. To exploit opportunities, an organization must assign more or better resources to the project, remove
barriers, and give it more visibility in management reviews (Kloppenborg:2015).
Think Point
A major pharmaceutical company discovers the cure for the common flu. Do
they exploit the competitive advantage or shelve the discovery so that the
current line of flu medication continues to generate profits?
b) Share Risk
Sharing is similar to transference but its aim is to share the opportunity with the third party who is best able to
capitalize on it. For example, the project team develops a new product or service so revolutionary that the parent
organization is not capable of fully exploiting it. In such a case, the parent organisation may:
spin off a nimble subsidiary,
form a joint venture with another firm, or
sell the rights to the product (Kloppenborg:2015).
c) Enhance Risk
If actions cannot be taken to guarantee that the opportunity will occur, then responses might be taken to enhance
its probability or its beneficial impact if it does transpire. The project manager should identify key drivers of these
positive impacts and develop strategies to capitalise on them. Adding more or better resources is one way of
enhancing opportunities (Kloppenborg:2015). Figure 5.2 shows how a single project risk may be responded to
using a variety of risk response strategies.
Activity
Determine the name of each risk response strategy described in the table below
The risk response matrix is a tool for assessing and responding to risks. It helps to:
• List the impact of the risk
• Evaluate the likelihood of occurrence
• Determine the degree of impact
• Identify the action trigger
• Name a person responsible
• Create a response plan to avoid, mitigate, or accept the risk (Gido and Clements, 2015: 289).
Business example:
Tony and his team identified some risks during the first month of the Recreation and
Wellness Intranet Project. However, all they did was document them in a list. They never
ranked them or developed any response strategies. Since several problems have been
occurring on the project, such as key team members leaving the company, users being
uncooperative, and team members not providing good status information, Tony has decided
to be more proactive in managing risks. He also wants to address positive as well as
negative risks.
1. Create a risk register for the project, using Table and the data below it as a guide.
Identify six potential risks, including risks related to the problems described above.
Include negative and positive risks.
No.: R44
Rank: 1
Risk: New customer
Description: We have never done a project for this organization before and don t know too
much about them. One of our company s strengths is building good customer
relationships, which often leads to further projects with that customer. We
might have trouble working with this customer since they are new to us.
Category: People risk
Root cause: We won a contract to work on a project without really getting to know the
customer.
Triggers: The project manager and other senior managers realize that we don’t know much
about this customer and could easily misunderstand their needs or expectations.
Risk responses: Make sure the project manager is sensitive to the fact that this is a new
customer and takes the time to understand them. Have the PM set
up a meeting to get to know the customer and clarify their expectations. Have Cliff attend
the meeting, too.
Risk owner: Our project manager
Probability: Medium
Impact: High
Status: PM will set up the meeting within the week.
2. Develop a response strategy for one of the negative risks and one of the positive
risks. Enter the information in the risk register.
1. For a project in which you are planning a campus event with a well-known speaker,
identify and quantify risks and develop contingency plans for the major risks.
2. What is an example of transferring risk?
3. In the risk register, why should only one person be assigned “owner” of a risk?
4. Which three risk strategies are used specifically for dealing with opportunities?
5. You are hosting a large dinner party. What are two possible risks you would
encounter? Identify at least one trigger condition for each.
6. List and briefly explain the eight common risk responses that are used. Describe
how you might use two or three of them together on a project.
7. For the risks identified in question 1, identify trigger conditions that indicate each
risk may be about to happen.
Unit
6: Monitor and Control Risks
6.2 Previously Unidentified Risks. Understand processes to identify previously unidentified risks
6.3 Tools and Techniques for Risk Utilise tools and techniques for risk monitoring and control
Monitoring & Control.
6.4 Common Errors in Project Risk Avoid common errors in project risk management
Management.
6.1 Introduction
All too often, project managers and team members get caught up in the day-to-day tasks of implementing new
projects and forget the critical need to monitor and assess progress. Planned risk responses that are included in
the project management plan are executed during the life cycle of the project, but the project work should be
continuously monitored for new, changing, and outdated risks. Throughout the implementation process (and after
it), managers must periodically assess progress against implementation milestones and project goals. Project risks
do not remain static once the risk planning processes are completed. New risks crop up, responses may not work
as planned and the characteristics of the risk might change. It is therefore imperative to continually monitor and
control the project risks.
Project monitoring and risk control is the process of implementing risk response plans, tracking identified risks,
monitoring residual risks, identifying new risks, and evaluating risk process effectiveness throughout the project
(PMI, 2017). A risk management plan is developed during project planning to guide risk monitoring and controlling
activities. A risk register is also generated to record each identified risk, its priority, potential causes, and potential
responses. Both the risk management plan and the risk register are used to monitor and control project risks, and
to resolve them when they occur (Kloppenborg, 2015:387).
On other projects, however, many unanticipated risks may materialize partly because risk planning was not at the
appropriate level. It could also be as a result of a risk being so improbable that planning for them could not have
been foreseen. In either event, specific contingency plans may not be in place to deal with these risks. Identifying
these new risks is vital—and the sooner the better (Kloppenborg, 2015:387).
Two categories of project management methods can help to deal with previously unidentified risks:
the project team may recognize that unknown risks may surface, and may add contingency reserve of time,
budget, and/or other resources to cover these unknowns. Good project practice suggests a need for this. The
amount of cost and budget reserves that are included can vary extensively. Competitive pressures often
dictate a lower limit on reserves than project managers may prefer.
There are many good practices that project managers often utilise. Classification or these practices are
classified according to whether the team has
o Full control,
o Partial control, or
o no control over the events,
as illustrated in Figure 6.1. The second column deals with risks partially within a project manager’s control -
a project manager cannot completely control many situations, but good leadership and ethics come in handy
in getting the team and stakeholders to take ownership of dealing with the risks.
Figure 6.2: Process Flow Chart for Monitoring and Controlling Project Risks
.
6.3.2 Risk Audits
Risk audits review the overall risk management policies, procedures and processes. Audits review the
effectiveness of the project risk management plan. It also assesses if the risk response actions have been effective
and what impact they had on the project’s overall risk level (Kloppenborg, 2015:285).
Variance analysis reviews the differences (or variance) between planned and actual performance - duration
estimates, cost estimates, resources utilization, resources rates, technical performance, and other metrics. It may
be conducted in each Knowledge Area based on particular variables. Variances are reviewed from an integrated
perspective considering cost, time, technical, and resource variances in relation to each other to get an overall
view of project variance. This allows for the appropriate preventive or corrective actions to be initiated (PMI,
2017:111).
Trend analysis is used to forecast future performance based on past results (PMI, 2017:111). Expected slippages
are identified ahead of time and the project manager is warned that there may be problems later in the schedule if
established trends persist. Any anomalies may be corrected by the project team time if presented to them early
enough in the project life cycle. The results of trend analysis can be used to recommend preventive actions if
necessary (PMI, 2017:111).
Estimates may also be produced for the amount of management reserve - a specified amount of the project budget
withheld for management control purposes and reserved for unforeseen work within the project scope. They are
intended to address the unknown-unknowns that can affect a project. This reserve is not included in the schedule
baseline, but is part of the overall project duration requirements. Use of management reserves may require a
change to the schedule baseline as the contract terms dictate (PMI, 2017:202).
The project team may hold meetings to estimate activity durations. “When using an agile approach, it is necessary
to conduct sprint or iteration planning meetings to discuss prioritized product backlog items (user stories) and
decide which of these items the team will commit to work on in the upcoming iteration. The team breaks down user
stories to low-level tasks, with estimates in hours, and then validates that the estimates are achievable based on
team capacity over the duration (iteration)” (PMI, 2017:203). This meeting is usually held on the first day of the
iteration and is attended by the product owner, the Scrum team, and the project manager. The outcome of the
meeting includes an iteration backlog, as well as assumptions, concerns, risks, dependencies, decisions, and
actions (PMI, 2017:203).
Army, and experts only agreed on the fact that the Russian winter had a major impact on
the war outcome. In the study, we take a risk view of the war conflict.
For 15 torrid days, Napoleon groaned under the weight of his thoughts. By night he tossed
his coat, arising frequently from his biography of Charles XII — he would never . . . He
shouted, ‘I’ll never repeat the folly of Charles.’ “Instead of the glory, misery and death
were awaiting the Grand Army by the time it exited the “sacred soil of Russia”, as the
Russians had the habit of saying in Kovno, December 13, 1812. Segur was a witness:
“Instead of the four hundred thousand soldiers who fought so many successful battles with
them, who had rushed so valiantly into Russia, they saw issuing from the white, ice-bound
desert only one thousand soldiers and troopers still armed and twenty thousand being
clothed in rags, with bowed head, dull eyes, ashy, cadaverous faces, and long ice -
stiffened beards . . . And, this was the Grand Army!” So, 380,000 soldiers of the Grand
Army perished. How was this possible? Do the risk planning practices of Napoleon have
anything to do with this? Let’s review major events and practices in turn.
Background
The underlying cause of almost each war tends to be of an economic nature. This war, in
Europe from the beginning of the 19th century, is no exception. The three strategic players
to the conflict are the great powers of England, France, and Russia. France and England
are major rivals and contenders for the central place in Europe. One more power is
involved — Russia. The main hero of this conflict who was heavily favoured to win this war
was France. How was the strategic triangle formed? The French wanted to execute their
economic blockade of England, reduce their goods from European markets, and thus stifle
the economy of the country. The French threatened to attack any country that would
violate the blockade. Candidates for such a violation risked war with Napoleon’ s Grand
Army, the most famous army of its time.
To beat Russia was a big feat for each army; a trophy for every general. Napoleon had
already defeated all armies he could dream of. But nobody had beat Russia! To be truthful,
many had famous warriors had tried but the Russian winter proved to be an invincible
opponent and a major ally of Russia. Some lived to send the message about what they
learned to potential invaders. Swedish King Charles XII, known as Charles the Madman,
the warrior with the pedigree, in 1709 attacked Russia in the winter, lost the whole army,
and proclaimed in writing: Don’ t attack Russia in the winter! But future invaders did not
listen.
Napoleon saw Russia as a great trophy. Yes, alleged Russian violation of the blockade
was used for the proxy cause of his attack, but this had not been proven. Some rumours
circulated that said that Napoleon, the second most successful general of all time
(Alexander the Great was considered the first), dreamed of overtaking Alexander the
Great, and becoming number 1. Possible, but such were ambitions of Napoleon, who was
often called the Anti - Christ and the tormentor of Europe. In truth, the Grand Army was
made up of all European nations. There were, for example, 79,000 Bavarian, Italian, and
French soldiers and 34,000 Austrian soldiers. The Grand Army was a microcosm of
European armies. But they did not volunteer in the army; they had to serve because their
country was subdued by France. In case of Napoleon’s serious defeat, his army could face
the rebellion of the foreign soldiers which meant that war carried the potential for freeing
Europe from the domination of Napoleon.
would take his side. He was incorrect, although he hoped to export the revolution and
expand its ideas.
People of Russian nobility and the politically elite used to be frequent guests of these balls
and parties. And they fit very well. Be reminded that that the higher class in Russia had
spoken French as a first language. So, Russians felt at home in Paris. As people with
strong social capital they liked to mingle with the French crowd of high social standing, and
were constantly invited to the balls. Napoleon liked to frequent the balls. He had a specific
question for the high military visitors from Russia who were there: “What would you do if
you commandeered the Russian Army and I attacked you (with the Grand Army)?”
Different visitors gave him different answers, often made up. But some replied extremely
truthfully like general Beniggsen, who happened to be the commanding officer of the
Russian army at the time of Napoleon’s attack. He was asked by Napoleon and his answer
was exactly what he would do a few years later: “I would never fight your army back, it is
too strong; I would retreat and retreat, waiting for the winter to finish you.” It is not clear
how Napoleon processed this information nor whether he believed it. But it is a fact that
Napoleon had a sparrow in his hand, whether consciously knowing it or not.
also enjoyed standing of exceptional fighters, would be defeated more frequently should
their enemies know how many Swedish opponents they faced in the long term.
In the beginning of the 18th century, Charles found himself in the long war with Peter the
Great, the Russian tsar. Charles dominated the Baltics, where Peter wanted to build the
Russian fleet which would become the influential force. After several smaller victories of
Charles’ army, the major battle took place in 1709 near the river Poltava. Charles’ army
was not only defeated but it was destroyed. The ruler Charles managed to flee southward
to Russian arch nemesis Turkey. He published a book (actually his aid authored the book)
whose major message to future invaders of Russia was very simple: “Don’t attack Russia
in the winter . . .” Napoleon not only read the book carefully but liked to be seen reading
it over and over. He tried to serve as an example to his generals and made sure they read
the book and understood the experiences of Charles. In fact, the book had immeasurable
value for the Grand Army. In terms of risk planning processes, Napoleon used the book in
a proper way, at least initially.
Russian Winter
In a simplified manner, first, judging by the campaigns before Russia, e.g., Egypt, as usual,
Napoleon did not have but the slightest of sketches about how to direct the war against
Russia. Troops were told that Napoleon was burning from desire to have the decisive battle
against Russians as soon as possible, defeat them, and make them surrender. Over! And
all of that was to happen before the infamous Russian winter came. The Russian strategy
was diametrically opposed. Exactly like general Beniggsen — German by origin at the time
of the vision — the commander of the Russian army predicted they would retreat, retreat,
and retreat (surprisingly Segur observed that “there was more order in their victory than in
our victory.”) and told his troops to avoid a decisive battle as much as possible, and wait
for the Russian winter to come and help finish off French forces. Well, two strategies look
very mutually exclusive, if one happens, that one excludes the other. Let’s see how the
two strategies unfolded in several risk events.
On June 20, 1812, unknown to the Russians, the multinational Grand Army entered
Russian territory. To their surprise they were able to set foot on Russian soil without
meeting with any resistance. They found peace there: they had left war on their side.
However, a single Russian officer commanding a night patrol soon appeared. He asked
the intruders who they were. ‘Frenchmen,’ they told him. ‘What do you want?’ he
questioned further. ‘And why have you come to Russia?’ One of the sappers answered
bluntly, ‘To make war on you!’ While a stealthy entry was favourable to the Grand Army
from the aspect of having the opposing army surrender, it was not so. Namely, for an army
to surrender, it has to be formed, which the Russian Army was not.
The battle of Borodino lasted one day and was the only battle in the war of greater interest,
but was not the decisive battle. That occurred on September 7, 1812, 79 days after entry
of the Grand Army into Russia. The battle had an enormous number of casualties — 43
generals of the Grand Army were wounded or killed; 20,000 killed or wounded troops —
but failed to produce a clear winner, although the Russians went back to their retreating
strategy and disappeared for a time. In strategy terms, Napoleon’s officers believed that
their army made a big mistake, not keeping in contact, chasing the opponent and trying to
destroy them. Instead, they regrouped allowing the Russians to take off. So Napoleon had
a chance to finish the war early enough to avoid the trouble of winter. Apparently, Napoleon
had no great desire to accelerate his army and force a decisive battle.
So the Russians continued to buy time and kept waiting for winter to do its job, increasing
Napoleon’s war risk.
Napoleon entered a burned and deserted Moscow on September 14, 1812. The Russians
destroyed the city in order to prevent the Grand Army from using Moscow supplies. At this
season of the year, Russia is
fully aware of his advantage. From there they continued to negotiate the Russian
surrender who did not
intend to surrender but again, buy time. As Segur says, “Thus far Napoleon had conquered
only space.” The retreating Russian armies were in front of him and Moscow was but 20
days away. In a situation, when every date meant a lot for survival of the Grand Army, the
Russians outsmarted Napoleon and opened the possibility of winning the war. Again,
Napoleon did not show a willingness to change strategy and catch the Russians, thus
reducing their risk. Amazing was the French lack of attention to details and no contingency
plan.
Risk Treatment
It is interesting to observe how the best of the best, for instance, the Grand Army, follow
the normal risk policy which, in this case, would be among one of the widely accepted
policies such as PMBoK. It has six processes: risk management planning, risk
identification, qualitative risk analysis, quantitative risk analysis,
As for the writings of Charles XII, they had significant influence among the top officers of
the Grand Army. How significant? He did some sort of risk management planning and
identified risks such as those offered in the book and he assessed risks qualitatively by
describing the heavy impact of the season. However, we don’t see that Napoleon did any
risk analysis, let alone response planning or taking any risk monitoring and control steps.
Napoleon didn’t make any adaptation in his military strategy to not be facing the Russians
during winter.
Nor did he quit after studying the message of Charles to not attack Russians during winter.
If we take Napoleon’s approach as insufficient, we conclude that he didn’t really listen to
Charles’ advice. Probably, he saw the quality of his Grand Army as incomparably higher
than the one of the Swedish. The fact is, then, that
the analysts considered the French advantage to be a better army, but the Russians had
familiarity of terrain and climate. Maybe Napoleon was right, maybe not, in leading his
solders to death. Speaking of the Borodino, the battle there had enormous importance.
Technically viewed, it is not known whether any steps in a risk analysis were even
considered.
This means that risk management planning, risk identification, qualitative risk analysis,
quantitative
risk analysis, risk response planning, and risk monitoring and control were not considered
relevant. But wait a minute, Napoleon’s decision at Borodino to allow the Russians to run
away made some of his generals angry and some spoke of treason. Maybe French
nationalism played a role, or maybe Napoleon thought there had to be one more battle to
settle the account, but the mistake to let the Russians go and not make it the central piece
of their risk strategy were blunders.
The French didn’t have the luxury of seeing such a chance again. The importance of an
empty and burned Moscow, aside from public relations, had one more cause of
importance. This was a time for diplomatic
moves, to have a Russian surrender. Napoleon thought that the Russians did not want to
surrender but only pretended to. He believed, and some French generals as well, that at
this point Russians had the advantage. “Napoleon entered Moscow with only 90,000
troops.” Russians played this negotiation game, just for one reason — to buy time and
prolong the French stay on Russian soil until the winter would finish them off. In such
conditions, PMBOK ‘s six risk policies did not have their usual significance. More
accurately, the French ship had already sunk enough by then, and it was time for the
Russians to secure the win.
1. Identify major risk events, perform risk analyses, and develop risk response plans.
2. In your opinion, how did Napoleon control each of the major risk events on your list?
3. Do you think the way in which Napoleon controlled risks related to major risks
influenced the war outcome?
1. From a project of your choice, discuss 5 potential risks that may negatively impact the project.
Responses may vary.
2. Articulate what the benefits of project risk management are using examples from a project of your choice.
There are many benefits to project risk management. A few benefits are listed below:
• Proactive rather than reactive approach
• Reduces surprises & negative consequences
• Prepares project manager to take advantage of appropriate risks (opportunities)
• Provides better control over future events.
• Improves chances of reaching project objectives within budget, on time & to quality standards
3. What would be the risk of not adhering to the risk management principles when planning for project risk
management?
Common errors in risk management will be engaged in resulting either in project delays, increases in costs and
quality defects or project failure.
1. Justify the statement that “The essence of project management is risk management”
All planning on a project has its intents on preventing uncertainties, on ensuring that the project objectives are
delivered successfully and ultimately, on increasing stakeholder satisfaction. Larson and Gray (2017:234) support
their statement above by emphasising that:
o project selection tries to reduce the likelihood that projects will not contribute to organisational strategy;
o project scope statements are designed to avoid costly misunderstandings and to reduce scope creep;
o risk breakdown structures reduce the likelihood that important parts of the project will be omitted or that the
budget estimates are unrealistic;
o teambuilding reduces the likelihood of dysfunctional conflict and breakdowns in coordination;
All of the above processes try to increase the probability of project success. Project managers therefore
need to plan for risk management in order to mitigate the uncertainty inherent in project management.
2. What are the general topics that any project risk management plan should address?
Importance is placed on role clarification and responsibilities, budget preparation and schedule estimates for risk-
related work, and on identifying risk categories for consideration. How risk management will be done should also
be clearly laid out. This should include risk probabilities and impacts assessment as well as developing risk
related documentation. The needs of the project will determine the level of detail to be included in the risk
management plan.
3. Discuss the inputs, tools and techniques, and the outputs of the risk management process as prescribed by
the PMI.
Project charter
Meetings
Stakeholder register
4. Explain the curve on the Risks in the Project Life Cycle graph.
The chances of a risk event occurring are greatest in the concept, planning, and start-up phases of the project
(Larson and Gray, 2017:212). A risk occurring early in the project life cycle has a lower cost than a risk occurring
later in the project life cycle. The cost of a risk event occurring increases rapidly and is at its highest as the project
passes halfway through the project life cycle during implementation.
Larson and Gray (2017:212) quote an example as follows: the risk event of a design flaw occurring after a prototype
has been made has a greater cost or time impact than if the event occurred in the start-up phase of the project. It
is therefore, prudent for the project team to plan for risk events and decide on appropriate responses before the
project begins
5. Discuss the guidelines for ensuring the successful implementation of project risk management.
The ten golden rules of project risk management provide a set of guidelines on how to implement risk management
successfully in projects.
veteran who has been in the trenches for the last two decades. Professional companies make risk management
part of their day to day operations and include it in project meetings and the training of staff.
Are you able to identify all project risks before they occur? Probably not! However, if you combine a number of
different identification methods, you are likely to find the large majority. If you deal with them properly, you have
enough time left for the unexpected risks that take place.
A good approach is to consistently include risk communication in the tasks you carry out. If you have a team
meeting, make project risks part of the default agenda (and not the final item on the list!). This shows risks are
important to the project manager and gives team members a "natural moment" to discuss them and report new
ones.
Another important line of communication is that of the project manager and project sponsor or principal. Focus
your communication efforts on the big risks here and make sure you don't surprise the boss or the customer! Also
take care that the sponsor makes decisions on the top risks, because usually some of them exceed the mandate
of the project manager.
Unfortunately, lots of project teams struggle to cross the finish line, being overloaded with work that needs to be
done quickly. This creates project dynamics where only negative risks matter (if the team considers any risks at
all). Make sure you create some time to deal with the opportunities in your project, even if it is only half an hour.
Chances are that you see a couple of opportunities with a high pay-off that don't require a big investment in time
or resources.
Ownership also exists on another level. If a project threat occurs, someone has to pay the bill. This sounds logical,
but it is an issue you have to address before a risk occurs. Especially if different business units, departments and
suppliers are involved in your project, it becomes important who bears the consequences and has to empty his
wallet. An important side effect of clarifying the ownership of risk effects is that line managers start to pay attention
to a project, especially when a lot of money is at stake. The ownership issue is equally important with project
opportunities. Fights over (unexpected) revenues can become a long-term pastime of management.
Risk analysis occurs at different levels. If you want to understand a risk at an individual level it is most fruitful to
think about the effects that it has and the causes that can make it happen. Looking at the effects, you can describe
what effects take place immediately after a risk occurs and what effects happen as a result of the primary effects
or because time elapses. A more detailed analysis may show the order of magnitude effect in a certain effect
category like costs, lead time or product quality. Another angle to look at risks is to focus on the events that
precede a risk occurrence, the risk causes. List the different causes and the circumstances that decrease or
increase the likelihood.
Another level of risk analysis is investigating the entire project. Each project manager needs to answer the usual
questions about the total budget needed or the date the project will finish. If you take risks into account, you can
do a simulation to show your project sponsor how likely it is that you finish on a given date or within a certain time
frame. A similar exercise can be done for project costs.
The information you gather in a risk analysis will provide valuable insights in your project and the necessary input
to find effective responses to optimise the risks.
If you deal with threats you basically have three options, risk avoidance, risk minimisation and risk acceptance.
Avoiding risks means you organise your project in such a way that you don't encounter a risk anymore. This could
mean changing supplier or adopting a different technology or, if you deal with a fatal risk, terminating a project.
Spending more money on a doomed project is a bad investment.
The biggest category of responses is the ones to minimise risks. You can try to prevent a risk occurring by
influencing the causes or decreasing the negative effects that could result. If you have carried out rule 7 properly
(risk analysis) you will have plenty of opportunities to influence it. A final response is to accept a risk. This is a
good choice if the effects on the project are minimal or the possibilities to influence it prove to be very difficult,
time consuming or relatively expensive. Just make sure that it is a conscious choice to accept a certain risk.
Responses for risk opportunities are the reverse of the ones for threats. They will focus on seeking risks,
maximising them or ignoring them (if opportunities prove to be too small).
A good risk log contains risks descriptions, clarifies ownership issues (rule 5) and enables you to carry out some
basic analyses with regard to causes and effects (rule 7). Most project managers aren't really fond of
administrative tasks, but doing your bookkeeping with regards to risks pays off, especially if the number of risks
is large. Some project managers don't want to record risks, because they feel this makes it easier to blame them
in case things go wrong. However, the reverse is true. If you record project risks and the effective responses you
have implemented, you create a track record that no one can deny. Even if a risk happens that derails the project.
Doing projects is taking risks.
Tracking risks differs from tracking tasks. It focuses on the current situation of risks. Which risks are more likely
to happen? Has the relative importance of risks changed? Answering these questions will help to pay attention to
the risks that matter most for your project value.
These ten golden rules can always be improved upon. Therefore, rule number eleven would be to use the
Japanese Kaizen approach: measure the effects of your risk management efforts and continuously implement
improvements to make it even better.
1. Generate a list of all possible risks that can occur during the project tenure in a project of your choice using
the brainstorming risk identification method.
Responses may vary.
2. Categorise the identified risks into the different risk classification areas.
Responses may vary.
3. Google what a Risk Breakdown Structure is and compile one for the project chosen in question one.
4. Expert judgement techniques have the potential for bias in risk identification. What are the various factors
affecting the bias?
Factors affecting the bias include:
Overconfidence in one’s ability.
Insensitivity to the problem or risk.
Motivation.
Proximity to project.
Recent event recall.
Availability of time.
Relationship with other experts.
1. For a project in which you are planning a campus event with a well-known speaker, identify and quantify
risks and develop contingency plans for the major risks.
Responses may vary but should include the following headings:
2. Discuss the outcomes of the project risk monitoring and control process.
The outcomes of this ongoing process are:
identified, analysed & planned new risks,
identified risks are tracked,
existing risks are reanalysed,
trigger conditions for contingency plans are monitored,
execution of risk responses is reviewed, &
Change is managed (PMBOK 2017: 264).
3. Where will a project team member find the common errors in project risk management?
In a lessons learnt report and in the reports of past projects.
4. Discuss any three tools and techniques used for project risk monitoring and control.
Any three of the following tools and techniques may be discussed:
Bibliography
Bobade, A. 2015. Organisational Influence and Project Life Cycle. Available from:
https://www.slideshare.net/anandbobade/pmp-chap-2-org-influence-and-project-life-cycle [Accessed: 10 February
2018]
Buckley, B. 2010. Feds and Contractor Share Blame for Afghan Delays. Engineering News-Record 264. no.
4(2010):16.
Chatterjee, P. 2010. Iraq Lessons Ignored at Kabul Power Plant. [online]. Available from:
http://ipsnews.net/news.asp?idnews=50219. [Accessed:22 March 2018].
Gido, J and Clements, J.P.2015. Successful Project Management. 6th ed. USA: Cengage Learning
Haughey, D. 2018. Delphi Technique A Step by Step Guide. Available from: https://www.projectsmart.co.uk/delphi-
technique-a-step-by-step-guide.php. [Accessed: 10 February 2018]
Jutte, B 2018. 10 Golden Rules of Project Risk Management. Available from: https://www.projectsmart.co.uk/10-
golden-rules-of-project-risk-management.php [Accessed: 10 February 2018]
Kloppenborg, T.J. 2015. Contemporary Project Management: Organise/Plan/Perform. 3rd ed. Australia: Cengage.
Larson, E.W. and Gray, C.F.2017.Project Management: The Managerial Process.7th ed. New York: McGraw-Hill
PMI. 2017. A Guide to the Project Management Body of Knowledge (PMBOK Guide). 6th ed. Pennsylvania:
Project Management Institute.
Van der Walt, G. and Williams, F.2015.A Guide to Project Management.2nd ed. SA: Juta and Company Ltd.