Professional Documents
Culture Documents
EPCIOR ERP
ICT Dept.
OSMAN ELHASSAN
www.linkedin.com/in/osmanelhassan
oelhassan@bashayerpl.com
OSMAN ELHASSAN
oelhassan@bashayerpl.com
OSMAN ELHASSAN , MBA, PMP ,PMI-RMP
Consultant Engineer , Risk Management Expert
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Course Objectives
Upon completion of the course, participants will be able to
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Course Outlines
OSMAN ELHASSAN
oelhassan@bashayerpl.com
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Module -1-
Introduction
OSMAN ELHASSAN
oelhassan@bashayerpl.com
What’s Risk
ANSI/ASSE/ISO Guide 73
OSMAN ELHASSAN
oelhassan@bashayerpl.com
What’s Project Risk
and quality.
project as whole
PMBOK® Guide—Six Edition
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Source : https://leadershipchamps.wordpress.com
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk Management
Response Identify
Analyze
PMBOK® Guide—Six Edition
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk Management ISO31000 : 2018
Analyze
OSMAN ELHASSAN
oelhassan@bashayerpl.com
OSMAN ELHASSAN
oelhassan@bashayerpl.com
ISOOSMAN
31000:2009
ELHASSAN
oelhassan@bashayerpl.com
Risk Management Objectives
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Importance of Risk Management
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Module -2-
Risk Attitudes
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk attitudes
Organizations and stakeholders are willing to accept varying
degrees of risk depending on their risk attitude
Appetite
Risk Attitudes
Tolerance
Threshold
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk appetite
Which is the degree of uncertainty an entity is
willing to take on in anticipation of a reward.
Risk Threshold
Measures the level of uncertainty or the level of
impact at which a stakeholder may have a specific
interest. Below that risk threshold, organization will
accept it , above that will not tolerate the risk
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk tolerance
which is the degree, amount, or volume of risk that an
organization or individual will withstand.
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk Averse
Low risk attitude
Risk Prone
Higher risk tolerance and
willingness to invest in high
risk investments
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Hazard Vs Risk
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk Domains
Stakeholder Engagement
Identify Risks Qualitative Analysis
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk Strategy & Planning Tasks
Task 1
Assessment and Criteria
Task
Task
Task
Task
3 2 54 Improve
Develop
Evaluation
Produce
effectiveness
Risk
Risk
Criteria
Strategy
Plan
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Enterprise Risk Management
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk Strategy & Planning
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk Management Processes
Risk management is carried through the following processes
Plan Risk
Managmentt
Identify Risks
Qualitative
RMP Analysis
Quantitative
Analysis
Risk Responses
Control Risks
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Plan Risk Management
Analytical Techniques
Project Mgt Plan
Expert Judgment
Project Charter
Meetings
Stakeholder Register
Enterprise Env. Factor
Org Process Assets
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk Management Continues
Risk management plan describes how activities will be structured and
performed , it includes the following
Methodology.
Approaches, tools, and data sources that will be used to perform RM
Budgeting
Estimates funds needed, based on assigned resources, for inclusion in the cost
baseline and establishes protocols for application of contingency and
management reserves.
Timing
Defines when and how often the risk management processes will be
performed .
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Identify Risks
The process of determining which risk will affect the project or the
organization and document their characteristics
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk Characteristics
Risk is often characterized by reference to potential events (Likelihood ,
Probability) and consequences (Impact), or a combination of these.
Known risks are those that have been identified and analyzed,
making it possible to plan responses for those risks.
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk Trigger Conditions
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Module - 4 -
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Critical Success Factors for the Identify Risks Process
Early Identification
Iterative Identification
Risk identification should be repeated throughout the project life cycle. this
should be done periodically.
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Emergent Identification
Comprehensive Identification
OSMAN ELHASSAN
oelhassan@bashayerpl.com
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Module - 5 -
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Perform Qualitative Risk Analysis
The process of prioritizing risks and their probability , basically carried
based on risk characteristics
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Other Parameters for Assessment of Risk
Other factors that can be used to prioritize risk during qualitative risk
analysis
Urgency
Proximity
Manageability
Controllability
Detectability
Connectivity
Strategic Impact
Propinquity
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk Categorization
Organization by sources of risk (e.g., project phase) to determine the areas of
the project most exposed to the effects of uncertainty
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Critical Success Factors for the Perform Qualitative Risk
Analysis Process
OSMAN
PRACTICE STANDARD ELHASSAN
FOR PROJECT RISK MANAGEMENT
oelhassan@bashayerpl.com
Risk categories
Risk categories may include the following.
Information systems risk
This includes sensitive and critical information as well as personal data
( Customer , Staff , network services , etc ).
Human resources risk
Telecommunication organizations staff needs to be trained, competent and qualified
in many areas of the business. They need to take charge of roles and responsibilities
that are security-related.
Operational risk
The operational side needs to be efficient, effective and protected against the risk of
being compromise
Recommendation ITU-T X.1055
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Network services risk
Need to be delivered in such away that they are protected against the risk of being
compromised.
IT services risk
The technology deployed by a telecommunication organization for their business and
their customers needs to be reliable, robust and secure.
Physical risk
The physical locations, sites, buildings, computer rooms and switching centers need to be
physically secured against the threats.
Compliance risk
Ensure compliance with the laws and regulations that apply in the jurisdictions in which
they are operating and providing services.
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk assessment techniques
Brainstorming
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Delphi technique
A procedure to obtain a reliable consensus of opinion from a group of experts.
Experts expressed their opinions individually and anonymously while having
access to the other expert’s views as the process progresses
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Check-lists
Check-lists are lists of hazards, risks or control failures that have been
developed usually from experience, either as a result of a previous risk
assessment or as a result of past failures
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Cause-and-effect analysis
Cause-and-effect analysis is a structured method to identify possible causes
of an undesirable event or problem
OSMAN ELHASSAN
oelhassan@bashayerpl.com
SWOT Analysis
SWOT analysis identifies any opportunities for the project that arise from
organizational strengths, and any threats arising from organizational
weaknesses
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Probability and Impact Matrix
OSMAN ELHASSAN
oelhassan@bashayerpl.com
To develop and agree on suitable scale based on the Project or
enterprise potential risks
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Impact Scale Example
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Module - 6 -
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Perform Quantitative Risk Analysis
Numerically analyze the effect of identified risks and their effect on the
project
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Expected Monetary Value (EMV) Analysis.
A statistical technique that calculates the average outcome when the
future includes scenarios that may or may not happen. A common use of
this technique is within decision tree analysis and in Risk quantitative
analysis .
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Osman Elhassan DOOL51@gmail.com
Monte Carlo Analysis
Monte Carlo simulation is a detailed, computer-intensive simulation approach
to determining the value and probability of possible outcomes of a project
objective such as a project schedule (e.g., the completion date) or cost
estimate (e.g., the total cost).
It computes the schedule or cost estimate many times using inputs drawn at
random from ranges specified with probability distribution functions for
schedule activity durations or cost line-items.
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Osman Elhassan DOOL51@gmail.com
Module - 7 –
Stakeholders Engagement
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Promote Common Understanding
T1
Educate Stakeholders
T2
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Stakeholder Engagement Task 1
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Stakeholder Engagement Task 3
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Stakeholder Engagement Task 5
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Stakeholder Engagement Task 7
Provide risk-related recommendations to by
using effective communication techniques in
order to support effective risk-based decision
making.
proactively communicating
Stakeholder Engagement Task 9
roles and responsibilities
Liaise with stakeholders of other projects
order to inform them of implications for
their projects.
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Module - 8 –
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Plan Risk Responses
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Critical Success Factors for Project Risk Management
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Source : PMI PRACTICE STANDARD FOR PROJECT RISK MANAGEMENT
Strategies for Negative Risks or Threats
Avoid
eliminate the threat or protect the project from its impact.
Transfer
shifts the impact of a threat to a third party, together with ownership of the
response.
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Strategies for Negative Risks or Threats continues
Mitigate
reduce the probability of occurrence or impact of a risk.
Accept
Acknowledge the risk and not take any action unless the risk occurs.
This strategy is adopted where it is not possible or cost-effective to
address a specific risk in any other way.
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Strategies for Positive Risks or Opportunities
Exploit
For risks with positive , to ensure the opportunity definitely happens.
Enhance
The enhance strategy is used to increase the probability and/or the positive
impacts of an opportunity. (key drivers ) .
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Strategies for Positive Risks or Opportunities continue
Share
Sharing a positive risk involves allocating some or all of the ownership
of the opportunity to a third party who is best able to capture the
opportunity for the benefit of the project.
Accept
Being willing to take advantage of the opportunity if it arises, but
not actively pursuing it.
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk Types
Primary risks
Risk that identified and considered initially , risk
responses has been planned
Residual risks
Risk that are expected to remain after planned
responses have been taken, as well as those that have
been deliberately accepted
Secondary Risks
Risk that arises as a direct outcome of
implementing a risk response
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Fallback plans
Workaround
A response to a threat that has occurred, for which a prior
response had not been planned or was not effective
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Budget Risk Reserves
Contingent reserves
Contingency reserves that are calculated based on the
quantitative risk analysis of the project and the
organization’s risk thresholds
Management Reserve
The cost or time reserve that is used to manage the unidentified
risks or “unknown-unknown”
It is not an estimated reserve; it is a random figure, which is
defined according to the organization’s policy.
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Module - 7 –
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Document and Update Risk Info
T1
Risk Monitoring T4
and Reporting Monitor Metrics
T5
Analyze /Measure performance
T6
Update risk plan
T7
Capture lesson learned
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk Report
The risk report presents information on sources of overall project risk,
together with summary information on identified individual project risks in
addition to risk analysis results.
Information in the risk report may include but is not limited to:
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk Report
The risk response owner reports periodically to the project manager on the
effectiveness of the plan, any unanticipated effects, and any correction
needed to handle the risk appropriately.
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk Monitoring and Reporting Task 1
communication techniques
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk Monitoring and Reporting Task 3
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk Monitoring and Reporting Task 5
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Risk Monitoring and Reporting Task 7
OSMAN ELHASSAN
oelhassan@bashayerpl.com
What do you think are the
OSMAN ELHASSAN
oelhassan@bashayerpl.com
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Results of Good Project Risk Management
Unlike crisis management, good project risk management often goes unnoticed.
Well-run projects appear to be almost effortless, but a lot of work goes into
running a project well.
Project managers should strive to make their jobs look easy to reflect the results
of well-run projects.
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Control Risks
The process of implementing risk response plans, tracking identified risks,
monitoring residual risks, identifying new risks, and evaluating risk process
effectiveness throughout the project
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Designed by Osman Elhassan PMP#1405450 DOOL51@gmail.com
The Control Risks process applies techniques, such as variance and trend analysis,
which require the use of performance information generated during project
execution.
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Tracking Trigger Conditions
Trigger conditions and the corresponding metrics are defined during the Plan
Risk Responses process.
Tools are required to evaluate and track these conditions against the project
baseline or specified thresholds, based on actual status.
OSMAN ELHASSAN
oelhassan@bashayerpl.com
Control Risks process are to determine if
Project assumptions are still valid,
Analysis shows an assessed risk has changed or can be retired,
Risk management policies and procedures are being followed, and
Contingency reserves for cost or schedule should be modified in alignment
with the current risk assessment.
OSMAN ELHASSAN
oelhassan@bashayerpl.com
END OF DOCUMENT
OSMAN ELHASSAN
oelhassan@bashayerpl.com