PROJECT RISK

MANAGEMEN •Ilija Stojanović, Ph.D., PMP

T
 • Planning risk management : Deciding how to approach and
plan the risk management activities for the project

• Identifying risks: Determining which risks are likely to affect a

Project Risk project and documenting the characteristics of each

Managemen
• Performing qualitative risk analysis: Prioritizing risks based on
t Processes their probability and impact of occurrence

• Performing quantitative risk analysis: Numerically estimating

the effects of risks on project objectives

• Planning risk responses: Taking steps to enhance opportunities

and reduce threats to meeting project objectives

• Controlling risk: Monitoring identified and residual risks,

identifying new risks, carrying out risk response plans, and
evaluating the effectiveness of risk strategies throughout the
life of the project
Negative and Postive Risk

• A general definition of project risk is an

uncertainty that can have a negative or
positive effect on meeting project objectives

• Negative risk involves understanding potential

problems that might occur in the project and
how they might impede project success

• Positive risks are risks that result in good

things happening; sometimes called
opportunities

• The goal of project risk management is to

minimize potential negative risks while
maximizing potential positive risks
Risk Utility

• Risk utility or risk tolerance is the amount of satisfaction or pleasure received from a
potential payoff
• Utility rises at a decreasing rate for people who are risk-averse
• Those who are risk-seeking have a higher tolerance for risk and their satisfaction
increases when more payoff is at stake
• The risk-neutral approach achieves a balance between risk and payoff
Contingency Plans, Contingency
Reserves, RBS

CONTINGENCY PLANS ARE
PREDEFINED ACTIONS THAT THE
PROJECT TEAM WILL TAKE IF AN
IDENTIFIED RISK EVENT OCCURS
CONTINGENCY RESERVES OR
ALLOWANCES ARE PROVISIONS
HELD BY THE PROJECT SPONSOR
OR ORGANIZATION TO REDUCE THE
RISK OF COST OR SCHEDULE
OVERRUNS TO AN ACCEPTABLE
LEVEL;
MANAGEMENT RESERVES ARE
FUNDS HELD FOR UNKNOWN RISKS
THAT ARE NOT PART OF THE COST
BASELINE BUT ARE PART OF THE
BUDGET AND FUNDING
REQUIREMENTS
A RISK BREAKDOWN STRUCTURE
IS A HIERARCHY OF POTENTIAL RISK
CATEGORIES FOR A PROJECT USED
TO IDENTIFY AND CATEGORIZE
RISKS
 • Identifying risks is the process of understanding what potential events
might hurt or enhance a particular project

• The main output of the risk identification process is a list of identified

risks and other information needed to begin creating a risk register

• Risk identification tools and techniques include:

• Brainstorming is a technique by which a group attempts to
generate ideas or find a solution for a specific problem by
amassing ideas spontaneously and without judgment
Identifying
Risks • The Delphi Technique is used to derive a consensus among a panel
of experts who make predictions about future developments

• Interviewing is a fact-finding technique for collecting information

in face-to-face, phone, e-mail, or instant-messaging discussions

• SWOT analysis (strengths, weaknesses, opportunities, and

threats) can also be used during risk identification
Performing Qualitative Risk Analysis

• Assess the likelihood and impact of identified risks to determine their magnitude and
priority

• Risk quantification tools and techniques include:

• Probability/impact matrix
• The Top Ten Risk Item Tracking
• Expert judgment

• A probability/impact matrix or chart lists the relative probability of a risk occurring on one
side of a matrix or axis on a chart and the relative impact of the risk occurring on the other

• A watch list is a list of risks that are low priority, but are still identified as potential risks
Probability/impact matrix
Performing Quantitative Risk Analysis

• Often follows qualitative risk analysis, but both can be done together

• Large, complex projects involving leading edge technologies often require extensive
quantitative risk analysis

• Main techniques include:

• Decision tree analysis for Expected Monetary Value

• Simulation, simulates a model’s outcome many times to provide a statistical

distribution of the calculated results

• Sensitivity analysis, determines how different values of an independent variable

affect a particular dependent variable under a given set of assumptions
Expected
monetary
value
•From the table, you might
think that you may need
4,500 USD to manage all risks,
but this is incorrect. Among
all the identified risks, only a
few will occur. The risks that
do not occur will add their
EMV to the pool, and the risks
that do occur will use the
money from the pool.

•So, you will need 1,100 USD

to cover all identified risks in
the above case.
Decision tree
Planning Risk Responses
• After identifying and quantifying risks, you must decide how to respond to them
• Four main response strategies for negative risks:
• Risk avoidance. Risk avoidance is a risk response strategy whereby the project team
acts to eliminate the threat or protect the project from its impact. It usually involves
changing the project management plan to eliminate the threat entirely.

• Risk acceptance. Risk acceptance is a risk response strategy whereby the project team
decides to acknowledge the risk and not take any action unless the risk occurs. This
strategy is adopted where it is not possible or cost-effective to address a specific risk in
any other way.

• Risk transference. Risk transference is a risk response strategy whereby the project
team shifts the impact of a threat to a third party, together with ownership of the
response. Transferring the risk simply gives another party responsibility for its
management—it does not eliminate it.

• Risk mitigation. Risk mitigation is a risk response strategy whereby the project team
acts to reduce the probability of occurrence or impact of a risk. It implies a reduction in
the probability and/or impact
 Negative risks strategies

AVOID
MITIGATE
TRANSFER
ACCEPT
Response Strategies for Positive Risks

• Risk exploitation. The exploit strategy may be selected for risks with positive
impacts where the organization wishes to ensure that the opportunity is realized.
This strategy seeks to eliminate the uncertainty associated with a particular upside
risk by ensuring the opportunity definitely happens.

• Risk sharing. Sharing a positive risk involves allocating some or all of the
ownership of the opportunity to a third party who is best able to capture the
opportunity for the benefit of the project.

• Risk enhancement. The enhance strategy is used to increase the probability

and/or the positive impacts of an opportunity. Identifying and maximizing key
drivers of these positive-impact risks may increase the probability of their
occurrence.

• Risk acceptance. Accepting an opportunity is being willing to take advantage of

the opportunity if it arises, but not actively pursuing it.
 How to plan cost:

COST Baseline = COST Estimates +

Continge
Contingency reserves

nt COST BUDGET = COST Baseline +

Management reserves

response
Contingency reserve – known risks
Management reserve - unknown risks
Residual and Secondary Risks

• It’s also important to identify residual and secondary risks

• Residual risks are risks that remain after all of the response
strategies have been implemented (Contingency Plan and Fallback
Plan)

• Secondary risks are a direct result of implementing a risk response