HANDOUT 8

COURSE: PROJECT MANAGEMENT

CHAPTER: RISK MANAGEMENT
PROGRAM: BBA, IIUC

Manjurul Alam Mazumder*

8.1 Concept of Risk Management
Risk management is a proactive process that focuses on identifying risk events and developing
strategies to respond and control risks. It is not a one-time event carried out at the beginning of a
project. It may be defined as an art and science of identifying, assigning, and responding to risk
throughout the life of a project. It can often result in significant improvements in the ultimate
success of projects.

Risk management can be applied to:

 Selecting project
 Determining project scope
 Developing schedules
 Developing cost estimates

Risk management helps stakeholders understand the nature of the project, involves team
members in identifying strengths and weaknesses and helps to integrate the other projects
management knowledge areas. It is a critical process in project management, which is not often
conducted or handled well. It allows the project manager to view the project across the life cycle
to identify, assess, prioritize, respond to and control project risk. Effective risk management
increases the probability of project success by the following efforts:

 Preventing surprises / problems

 Preventing management by crisis
 Improving customer/ stakeholder satisfaction
 Increased profitability and competitive advantage.

Project Management Institute (PMITM) in the ‘Project Management Body of Knowledge’

(PMBOKTM) defines risk management as “the systematic process of identifying, analyzing, and
responding to project risk’. It includes maximizing the probability and consequences of positive
events and minimizing the probability and consequence of adverse events to project objectives.

*
Assistant Professor, Dept. of Business Administration, IIUC

1
A risk management may be shown as under:

Project objectives, goals Requirements definition

Project baseline Risk management WBS development

established & project scope

Estimates & schedule

development

8.2 Classification of Risk:

Usually four categories of risk found in managing project, which are as follows:

Business risk:
Normal risk of doing business that carries opportunities for both gains and losses. It occurs as a
result of business decisions such as the decision to use a new technology in a project to leverage
future business opportunities.

Insurable risk:
Risk that presents and opportunity for loss only. For this type of risk you could purchase
insurance premium. Insurable risk is also known as pure risk.

Known risk:
Risks that were identified for a particular project.

Unknown risk:
Risks that were not identified or managed, unknown risk if they occur on a project and found
positive are called windfalls.

8.3 Sources of Risk in Projects:

A number of studies have shown that projects share some common sources of risk. In 1996 the
Standish Group developed1 the following top ten success criteria for information technology
projects based on interviews with 60 IT professionals (weights indicate relative importance). The
same concept is true across business projects within organizations:

1
The Standish Group, ‘Unfinished Voyages’ (1996) (www.standishgroup.com/voyages.html)

2
 Success criteria / sources of risk Weight (%)
User involvement 19
Executive management support 16
Clear statement of requirements 15
Proper planning 11
Realistic expectations 10
Smaller project milestones 9
Competent staff 8
Ownership 6
Clear visions and objectives 3
Hard-working, focused staff 3
Total 100

Broad categories of risk include:

 Market risk: Will the project product be marketable and competitive?

 Financial risk: Is the project affordable and will it provided the expected ROI? What
about opportunity cost? Could the money be better spent elsewhere?

 Technology risk: Is the project technically feasible? Will the technology meet project
objectives? Will the technology be obsolete before the product is produced?

The PMI has a specific interest group on risk management. You can check out their website at
http://www.risksig.com/

8.4 Risk Management Process

The PMBOKTM provides and overview of the process as follows:

 Risk management planning:

Deciding how to approach and plan the risk management activities for a project.

 Risk identification:
Determining which risks might affect the project and documenting their characteristics.

 Qualitative risk analysis:

Performing a qualitative analysis of risks and conditions to priorities their effects on
project objectives.

 Quantitative risk analysis:

Measuring the probability and consequences of risks and estimating their implications for
project objectives.

 Risk response planning:

3
 Developing procedures and techniques to enhance opportunities and reduce threats to the
project’s objectives.

 Risk monitoring and control:

Monitoring residual risks, identifying new risks, executing risk reduction plans, and
evaluating their effectiveness throughout the project life cycle.

All processes interact with each other and with all knowledge areas within the PMBOK. The
PMBOK also defines inputs, tools & techniques and outputs for each of the process identified
within risk management.

The process description for risk management is depicted as under:

 Risk identification
 Risk analysis
o Qualitative
o Quantitative
 Risk response development
 Risk response control
o Implement strategy
 Evaluate results
 Document results

The following diagram depicts a standard risk management process:

Risk Management Process

Identify risks Assess risks Develop risk

response

Document Evaluate Execute risk

results results management plan

The above diagram displays that risk management is conducted as a continuous process
throughout the entire project life cycle. Planning and execution are continuous events.

The major issues of risk management process have been elucidated below:

8.4.1 Risk identification:

Risk identification involves identifying symptoms of risks. Risk Symptoms are the indictors or
triggers for the actual risk event. For example, cost overrun may be symptomatic of poor
estimation, or product defects may be symptomatic of a poor quality supplier. Identification and
documentation of potential risk symptoms provides a diagnostic tool for project teams and
suggests potential corrective action.

4
The most effective way of identifying project risks is by using some form of systematic
approach, whether it be by project management knowledge area, systems development life cycle
phase or developing a customized checklist based on previous project experience.

Risk events are specific things that may occur to the detriment of the project (e.g., significant
changes in project scope, strikes, supply shortages, etc.).

To characterize or define a risk event you need to examine and document the following
parameters:

1. What is the probability of occurrence?

2. What is the impact to the project or the outcome if it does occur (severity)?
3. When it might occur?
4. How often it might occur (frequency)?

8.4.2 Risk qualitative and quantification assessments:

Risk analysis (qualitative or quantitative) is the process of evaluating risk to assess the range of
possible project outcomes. The approach involves estimating probability of occurrence, potential
impact on the project and possible mitigation strategies. By quantifying risks, project managers
and terms can then rank and priorities them and establish acceptable risk thresholds.

Expert judgment
Many firms use the past experience and intuition of experts in lieu of or as a supplement to
quantitative risk analysis. One common approach to gathering expert opinion is the Delphi
method. The Delphi method is an approach used to derive a consensus among a panel of experts
to make predictions about future developments. The method uses repeated rounds of questioning
including feedback of earlier responses to take advantage of group input to refine the response.
The process is continued until the group responses converge to a specific solution. This method
works well in developing probability assessments for risk events.

Expected monetary value:

Expected monetary value is defined as the product of the risk event probability times the risk
event’s monetary value. That is, if the estimated cost of a risk event (e.g., the senior subject
matter expert quitting and having to recruit and hire a new one) is $10,000 and the probability of
it occurring is 20%, the expected monetary value would be 20% X $10,000=$2,000.

PERT estimations:
Program evaluation and review technology (PERT) analysis, discussed in Block 2, is actually a
highly simplified risk analysis method. It involves the provision of there estimates of an
activity’s duration- pessimistic, optimistic and most likely. The technique places four times the
weight on the most likely estimate than on the optimistic or pessimistic ones. A more accurate
and flexible method is something called Monte Carlo simulation.

5
Monte Carlo Simulation for project risk analysis:
Simulation uses a system model to analyze expected behavior or performance. Monte Carlo
analysis is a risk quantification technique that simulates a model’s outcome many times (100-
1000 times) to provide a statistical distribution of the calculated results)

It ties together sensitivity analysis and scenario analysis at a time. This is also a risk analysis
technique which uses a computer to simulate future events and thus to estimate profitability and
riskiness of the project. In simulation analysis, a computer firstly takes at random different
values of each input variables (such as selling price, sales volume, variable cost per unit etc.)
Then the values are combined and NPVs are calculated for each combination and stored in the
computer. The process perhaps repeats for 1000 times to generate 1000 NPVs. Then the mean
and standard deviation is calculated for every set of NPVs. Mean is used as a measure of
project’s profitability and standard deviation or co-variance is used as a measure of project’s
risk.

Monte Carlo analysis also uses pessimistic, optimistic, and most likely estimates and the
probabilities of their occurrence. Simulations such as these are a more sophisticated method for
creating estimates than PERT and can more accurately help determine the likelihood of meeting
project schedule or cost targets. Many organizations globally use Monte Carlo simulation for risk
analysis. PC software programs like @RISK provide Monte Carlo simulation capability to
project management software like MS project and to standard PC spreadsheet.

Sensitivity analysis:
Sensitivity analysis is a project risk analysis technique which indicates how much the net present
value of a project will be changed in response to a given change in a input variable ( such as unit
sales, variable cost per unit), other things remain same. Since the future is uncertain, one may
like to know what will happen to the variability of the project when some variable like sales or
investment deviates from its expect values. In other ward, one may want to do a ‘if what’
analysis or sensitivity analysis. Sensitivity analysis begins with a base case situation in which a
NPV is calculated using expected value for each input. Then, each of the input variables is
changed by several percentage points above & below the expected value and a new NPV is a
calculated using value of input variables. Finally, a set of NPV is plotted in a graph to show how
sensitive the NPV is to change in input variables. The slope of the line in the graph shows how
sensitive the NPV is to change in input variable. Steeper the slope indicates risk or more
sensitivity of the NPV to the given input variable and vice versa.

Scenario analysis:
In sensitivity analysis, only one variable is varies at a time. If the variable are interrelated, as
they are most likely to be, it will be helpful to look at some reasonable scenarios, each scenario
representing a consisting combination of variables.

Scenarios in a project may be:

Best scenario: High demand, high selling price, low variable cost and so on.
Normal scenario: Average demand, average selling price, average variable cost and so on.
Worst case scenario: low demand, low selling price, high variable cost and so on.

6
In scenario analysis the best and worst NPV is compared with normal NPV. Analysis begins with
a normal or base case condition, then, financial analyst asks for information from the respective
departments about the worst case and best case scenarios. Finally, NPVs are calculated for every
scenario. If the project is successful, the combination of high demand, high selling price, low
variable cost, results high NPV and vice versa.

Break-even analysis:
In sensitivity analysis we ask what will happen to the project if basic input variable changes (if
sales increases, cost decline or some thing else happens). As a project manager, one should know
how much should be produced or sold at a minimum to ensure that the project does not lose
money. Such an analysis is called Break-even analysis. And the level of production at which loss
can be avoided is called break-even production. Break-even analysis may be defined in
accounting terms or financial terms. In accounting terms, the focus of Break-even analysis is on
accounting profit. That is, it will identify at sales level or production level the net income will be
zero. In financial terms, the focus of break-even analysis is on NPV. That is, it will identify at
sales level or production level NPV will be zero.

Using software in risk analysis

Software tools are available to assist in various aspects of risk management. Risks can be tracked
in databases or spreadsheets. Spreadsheet software can also assist in simple risk analysis. More
sophisticated risk management software is also available that can help you build models and run
simulations to analyze and respond to project risks. Monte Carlo simulation software is a
particularly useful tool for helping to get a better idea of project risks and risk drivers. The sign
of good risk management is that minimal crisis management is required (i.e., fires to put out)
during the life of the project.

8.4.3 Risk response development:

Risk response development is the process of taking steps to enhance opportunities and
developing responses to risks. The following are the four basic responses to risk.

 Risk avoidance involves eliminating a risk or threat, usually by eliminating its causes
(e.g., using hardware or software that is known to work, even though there may be newer
solutions available)

 Risk acceptance can be either activate or passive:

 Passive acceptance means accepting the consequences should a risk occur.
 Active acceptance means developing a contingency plan should the risk occur-e.g.
work around.

 Risk mitigation involves reducing the probability and /or the impact of a risk event.

 Risk transference involves transferring the risk to a third party e.g. buying insurance in
the event that you have an accident.

7
8.4.3.1 Risk management plans, contingency plans and contingency reserves:
A risk management plan documents the procedures for managing risk throughout the project. It
summarizes the results of risk identification and analysis processes and describes what the
project team’s general approach to risk management will be.

A risk management plan should address the following questions:

o Why is it important to take / not take this risk in relation to the project objectives?
o What is the specific risk and what are the risk mitigation deliverables?
o What risk mitigation approach will be used?
o Who are persons responsible for implementing the risk management plan?
o When will the milestones associated with the mitigation approach occur?
o How much is required in terms of resources to mitigate risk?

Contingency plans are predefined actions that the project team will take if an identified risk
event occurs. Contingency reserves are provisions held in reserve by the project sponsor for
possible changes in scope or quality that can be used to mitigate cost and or schedule risk.

8.4.4 Risk response control:

Risk response control involves responding to risk events over the course of the project by
executing the risk management plan and risk management processes.

This requires on going risk awareness and monitoring. New risk may be identified during the
course of the project and should go through the same assessment process as those identified in
advance. When contingency plans are not in place or an unplanned risk event occurs, a
workaround or temporary fix may need to be found.

8.4.4.1 Top ten-risk item tracking:

Top ten-risk item tracking is a communication tool used for marinating awareness of risk
throughout the life of a project. It consists of a periodic review with management and the
customers of what they fell are the periods most significant risk items. A risk-tracking chart is
developed that shows current and previous months to ten risks.

Risk management reviews:

 Keep key stakeholders aware of factors that could prevent project success;
 Provide opportunities to develop and / r consider alternate risk mitigation strategies; &
 Promote confidence in the project team by demonstrating its ability to proactively
manage risk.

8.5 Measurement of risk:

Risk refers to the variability. It’s a complex and multi-faceted phenomenon. A variety of
measures have been uses to capture different facets of risk. The more important ones are:
1. Range
2. Standard deviation
3. Variance
4. Co-efficient of variation
5. Risk-adjusted rate of discount (RAD) method.

8
 6. Sensitivity Analysis: Optimistic, most likely and pessimistic
7. Scenario Analysis: Tight, Aggressive, Average or worst, Best & Base situations
8. Decision-Three Analysis & Probability Analysis
9. Simulation – Monte Carlo
10. Measuring Beta risk of a project or a port-folio & pure play method

8.6 Why risk and uncertainty is so indispensable in project management?

1. Risk and uncertainty is indispensable in capital budgeting exercise or project

management as it involves long period of time and deals with future which is highly
uncertain.
2. Risk differs due to nature of investments e.g. expansion project, R & D project,
replacement project, etc.
3. It is highly unlikely that project planners can suggest accurate amount of cash inflows or
useful life of the project.
4. Ever-increasing changes in technologies increase further risk and uncertainty
5. Change in market, taste & fashion of the people, income level, etc increase risk.
6. Change in economic conditions, interest and inflation rates as well as exchange rate
further intensify the risk and uncertainty in project management.
7. Informal and unsystematic competition is a great challenge to project management e.g.
smuggling, formation of trade blocs, etc.
8. Degree of Political risk.
9. Degree of Country risk.
10. Chance of nationalization and expropriation.
11. Risk of civil disobedience and war.
12. Uncongenial legal framework.
13. Unfriendly Political environment
14. Cost of prediction error in very high.
15. Irreversibility of project i.e. point of no return.
16. Irregular flows of foreign assistance, donors funds, international funds from international
financing agencies like World Bank, Asian Development Bank, IMF, etc.
17. Shortage of skilled manpower for evaluation of project.
18. Fund utilization & supply position is very poor due to government failure to provide fund
in time as per allocation, and to mobilize domestic resources.
19. Lack of co-ordination between government & donors.
20. Inefficiency of government ministries & machineries

9
Model Problem on Scenario Analysis:
Problem # 1 Grameen Phone is considering a proposed project for its capital budget. The
company estimates that the project’s NPV is $12 million. This estimate assumes that the
economy and market conditions will be average over the next few years. The company’s CFO,
however, forecasts that there is only a 50 percent chance that the economy will be normal.
Recognizing this uncertainty, he also performed the following scenario analysis:

Economic scenario Probability of outcome NPV

Recession 0.05 ($70 million)
Below average 0.20 (25 million)
Average 0.50 12 million
Above average 0.20 20 million
Boom 0.05 30 million
What are the project’s expected NPV, its standard deviation and its coefficient of variation.

Model Problem on Scenario Analysis:

Problem # 2 Electricity generating project with equal annual cash flows assumed as follows
SL No. Items Amount
1. Initial Cost Tk.10,00,000
2. Estimated life 10 years
3. Depriciation Tk.1,00,000/ per year
4. Operating cost Tk. 50,000/ per year
5. Power generated 1 Million K Wh/ per year
6. Market price of electricity Tk. 0.25 K Wh
7. Tax rate 40%
8. Discount rate 9%

Identify major sources of risk by making a sensitivity analysis with the change of 10% of all
factors.

Problem #3 ABC Company has the opportunity to invest in a plant for manufacturing a new
product. The demand for which is estimated to be 5000 units a year for five years. The following
data are related to the decision:
1 Machine cost Tk. 50000(no residual value)
2 Selling price per unit Tk. 10
3 Operating cost per Tk. 7
unit

Overhead cost are not expected to be affected by the depreciation (ignored tax). The firm’s cost
of finance is 10%(assumed all cash flows are occurred at the end of year)

Assess risk of the investment project with break even analysis.

10