Railway Project Management (REGM 6007)

Project Risk Management

Tesfaye Gashaw (PhD)

1
What is Uncertainty?

• Risk and uncertainty are often used in the same context.

• But is risk the same as uncertainty?

• All risks are uncertain, but not all uncertainties are risks.

2
3
What is Risk?

▪ Risk: effect of uncertainty on objectives (ISO 31000)

▪ Uncertainty that matters

▪ Risk exists at two levels within every project (PMI 2017)

✓ Individual project risk

• an uncertain event or condition that, if it occurs, has a positive or negative effect

on one or more project objectives.

✓ Overall project risk

• the effect of uncertainty on the project as a whole.

▪ The probability of the event occurring must be greater than 0% but less than 100%.

▪ Future events that have a zero or 100% chance of occurrence are not risks
4
What is Issue?

• A known or real problem that can affect the ability to complete a task

• an unexpected event or problem that has already occurred.

• Certainties that matter

5
There are different risk types, i.e.:

A. As per the “nature” of the risk:

✓ Financial Risks: Financial risk is usually linked to insurance.

✓ Technological Risks, related to data security and the security of records.

✓ Physical and environmental risks within areas such as

✓ the construction of assets, their maintenance and operation (the railway

infrastructure and the operation of trains )

B. As per the “scope” of risk management:

✓ Enterprise Risk Management

✓ Project Risk Management, that refers to managing the risks of a project.

Project
Management
6
Project Risk Management
• the processes of conducting risk management planning, identification,
analysis, response planning, response implementation, and monitoring
risk on a project.

• Objective:

✓ to increase the Prob/Impact of positive risks and

✓ to decrease the P/I of negative risks for Project success

7
Figure: Risk Management Principles (ISO 31000)
8
a) Integrated: Integral to all organizational activities.

b) Structured and Comprehensive: A systematic approach for consistent and comparable results.

c) Customized: Tailored to the organization's external and internal context and objectives.

d) Inclusive: Involves stakeholders for diverse perspectives, enhancing awareness and informed
decision-making.

e) Dynamic: Adapts to changing external and internal contexts, anticipating and responding to emerging
risks.

f) Best Available Information: Relies on historical, current, and future expectations, considering
limitations and uncertainties. Information should be timely, clear, and accessible to stakeholders.

g) Human and Cultural Factors: the significant influence of human behavior and culture on risk
management. Acknowledges

h) Continual Improvement: Evolves through ongoing learning and experience for enhanced effectiveness.

9
Risk Management Process (ISO 31000)

• Communication and consultation

• Scope, context and criteria
• Risk assessment
• Risk treatment
• Monitoring and review,
• Recording and reporting
Project Risk Management Process

PMI (2017)

Planning Identification Analysis Response Monitoring

Plan Risk Management

• the process of defining how to conduct risk management activities for a

project
Plan Risk Management

• The risk management plan may include some or all of the following
elements:
• Risk strategy,
• methodology,
• Roles and responsibilities,
• funding,
• Timing
• risk categories
• Definitions of risk probability and impacts
• Probability and impact matrix
Risk Identification
• the process of finding individual project risks as well as sources of overall
project risk, and documenting their characteristics.
• Relevant, appropriate and up-to-date information is important in
identifying risks.
• Tools and techniques:
▪ Brainstorming,
▪ Checklists,
▪ Interviews
▪ Root Cause Analysis (RCA)
▪ SWOT analysis,
▪ Assumption and constraint analysis SWOT analysis
▪ Document review
Assumptions and Constraints Analysis
Assumption:
• The chosen railway technology will meet the project requirements.
• Skilled labor will be available throughout the project
Constraint:
• The project must be completed within a specific timeframe.
• Budget constraints limit the procurement of specialized equipment.

Logic sequence:
• List the assumption or constraint.
• Test the assumptions or constraint by asking two questions:
✓ Could the assumption/constraint be false?
✓ If it were false, would one or more objectives be affected
(positively or negatively)?
• Where both questions are answered “Yes,” generate a risk, for
example, in the form: <Assumption/constraint> may prove false,
leading to <effect on objective(s)>
Cause and Effect (Ishikawa) Diagrams

• to display root causes of risk visually, allowing deeper understanding of the

source and likelihood of potential problems.
• to visually represent potential causes across different categories(People,
Process, Equipment, Environment, and Management).
Prompt Lists
• a predetermined list of risk categories that might give rise to individual project

risks

✓ PESTLE (political, economic, social, technological, legal, environmental),

✓ TECOP (technical, environmental, commercial, operational, political),

✓ VUCA (volatility, uncertainty, complexity, ambiguity)

✓ SPECTRUM (Socio-cultural, Political, Economic, Competitive, Technology,

Regulatory/Legal, Uncertainty, Market)

Risk Categorization
• the process of structuring the key elements to examine risks systematically, in
each area of the project to be assessed (Cooper et al., 2005).
• Risks to the project can be categorized by
✓ sources of risk e.g., using the risk breakdown structure (RBS),
✓ nature and magnitude
✓ dynamic/static, corporate/individual, internal/external, positive/negative,
acceptable/unacceptable and insurable/non-insurable
✓ design risks, legal and/or political risks, contractual risks, construction risks,
operation and maintenance risks, labour risks, clients/users/society risks,
financial and/or economic risks and force majeure.
Risk Breakdown Structure
Risk Register
Risk Analysis
• Analysis techniques can be qualitative, quantitative or a combination of these
• Risk analysis should consider :
✓ the likelihood of events and consequences;
✓ the nature and magnitude of consequences;
✓ complexity and connectivity;
✓ time-related factors and volatility;
✓ the effectiveness of existing controls;
✓ sensitivity and confidence levels.
Qualitative Risk Analysis
• assesses the priority of identified individual project risks using their probability
of occurrence, the corresponding impact on project objectives if the risks occur,
and other factors.
Risk probability & impact assessment
✓ assesses the probability that the identified risk events will occur, and
✓ it determines their impacts on the project objectives, including time, scope,
quality, and cost.
✓ The two dimensions of risk are applied to specific risk events, not to the
overall project.
Probability and Impact Matrix
Risk Matrix
Quantitative Risk Analysis
• the process of numerically analyzing the combined effect of identified individual
project risks and other sources of uncertainty on overall project objectives
Benefits of quantitative risk analysis
• Objective assessment
• Detailed information
• Client confidence
• Improved decision making
Quantitative Risk Analysis Methods
• Decision tree risk analysis
• Simulation: Monte Carlo risk analysis
• Sensitivity analysis, etc
Monte Carlo Risk Analysis:
• Creates a range of potential
outcomes.
• Often used for project
duration or cost risks.
• Assigns probabilities, with
highest for expected outcome.
• Combines estimated costs with
probabilities for total expected
cost.
S-curve from a Monte Carlo cost risk
analysis
Sensitivity Analysis:
• helps to determine which project risks or
other sources of uncertainty have the most
potential impact on project outcomes.
• Identifies elements most responsible for
uncertainty.
• It correlates variations in project outcomes
with variations in elements of the model.
• tornado diagram
✓ presents the calculated correlation
coefficient for each element of the
model that can influence the project
outcome
Decision Tree Analysis :
• Uses decision trees to assess risks associated with choices.
• Assigns probabilities and costs to each choice.
• Decision tree is evaluated by calculating the expected monetary value of each
branch.
• The optimal path is then selected based on the calculated expected monetary
values.
Decision Tree
Analysis
Influence Diagrams:
• Helps decision making under uncertainty.
• Graphical depiction of a project or situation with entities, outcomes, and
influences.
• Elements affected by project risks or uncertainty represented with
ranges or probability distributions.
• Typically evaluated using simulation techniques like Monte Carlo analysis.
• Determines which elements exert the greatest influence on key
outcomes.
Risk Response Planning
• the process of developing options, selecting strategies, and agreeing on actions
to treat project risks
• Most risk management guidelines recognize at least four types of strategy in
responding to identified risks. Hillson (1999) defines risk response strategy
types as:
✓ Avoid—seeking to eliminate uncertainty
✓ Transfer—passing ownership and/or liability to a third party
✓ Mitigate—reducing the probability and/or severity of the risk below a
threshold of acceptability
✓ Accept—recognizing residual risks and devising responses to control and
monitor them
Risk Response Planning-threat
Escalate:
• Escalation is suitable when a threat is beyond the project's scope or exceeds the project
manager's authority.
• Risks are managed at higher organizational levels (program, portfolio) after
communication
• Escalated threats are not monitored by the project team but are recorded in the risk
register
Avoid:
• Risk avoidance entails eliminating or protecting the project from a high-priority threat
with a significant negative impact.
• Actions include removing threat causes, extending schedules, altering project strategies,
or reducing scope.
Transfer:
• Transfer shifts threat ownership to a third party, usually involving payment of a risk premium.
• Transfer can be achieved through insurance, performance bonds, warranties, guarantees, or
agreements.
• The third party assumes responsibility for managing the risk and bearing its impact.
Mitigate:
• Mitigation involves reducing the probability and/or impact of a threat.
• Early mitigation is emphasized for greater effectiveness.
• Examples include adopting simpler processes, conducting more tests, or choosing a more stable
seller.
Accept:
• Risk acceptance acknowledges a threat's existence without proactive action.
• Suitable for low-priority threats or when addressing the threat is not cost-effective.
• Active acceptance may involve establishing a contingency reserve, while passive acceptance
involves periodic reviews without proactive action.
Risk Response Planning-opportunity
Implement Risk Responses
• Implement agreed risk response plans to address project risks.
• Ensure adherence to plans for minimizing threats and maximizing
opportunities.
• Manage overall project risk exposure effectively.
Monitor Risks
• Track the execution of agreed risk response plans, analyze new risks,
and evaluate overall risk process effectiveness throughout the project.
• Enables the project decisions to be based on up-to-date information on
overall risk exposure and individual project risks.