BUSS 5070 - Project Risk Management

Week 3:Risk management standards

and theories

Dr Udara Ranasinghe
COMMONWEALTH OF AUSTRALIA: COPYRIGHT REGULATIONS 1969

WARNING

This material has been produced and communicated to you by or on

behalf of the University of South Australia pursuant to Part VB of the
Copyright Act 1968 (the Act).
The material in this communication may be subject to copyright under
the Act. Any further reproduction or communication of this material by
you may be the subject of copyright protection under the Act.

Do not remove this notice

BUSS 5070 – Project Risk Management
Course Content:

Week 1: Introduction to risk

Week 2: Introduction to project risk management
Week 3:Risk management standards and theories
Learning outcome
At the completion of this week, you should be able to:
 Assess the general motivation and application of the ISO 31000
 Critique the PMBOK® Guide approach to managing risk in projects
 Demonstrate an understanding of other methodologies used to manage risk in
projects
 Interpret & recognise our imperfect ability to predict, including Black Swans,
Disruptive Innovation & Perfect Storms
Standards related to Risk and
Risk management
Risk Standards
Currently, the ISO 31000 family include
Access to risk standards

Please see this link: Techstreet Use your student

login and
password
You have access to AS ISO 31000:2018 and AS/NZS IEC
31010:2020. Techstreet
Some other Risk Standards
 ISO 31000:2018 Risk
Management — Guidelines

ISO 31000 helps organizations develop a risk

management strategy to effectively identify and
mitigate risks, thereby enhancing the likelihood of
achieving their objectives and increasing the
protection of their assets. Its overarching goal is to
develop a risk management culture where
employees and stakeholders are aware of the
importance of monitoring and managing risk.
ISO 31000:2018 Risk Management — Guidelines
Risk Management Through the Project Life Cycle

Project Initiation Project Planning Implementation Project Closure

Strategic risk to the Operational Risk Managing risk Closing off risks
Organisation planning: treatment Pass on responsibility for
ISO • Context Identifying new remaining project risks
Understanding the risk
31000:201 risks
8 tolerance of your • Identify Review and lessons learnt
organisation • Analyse
Risk policy /framework/ • Evaluate
context • Treat
Practical Application of ISO 31000

Application of ISO 31000 standard on tailings da

m safety
 IEC 31010 Risk Management –
Risk assessment techniques
Establish context

Communication & Consultation

Monitor and Review

Supporting standard for ISO 31000 and provides Risk Identification
guidance on the selection and application of

Risk Assessment
systematic techniques for risk assessment. Risk Analysis

This standard is not intended for certification, Risk Evaluation

regulatory or contractual use.
Risk Treatment
IEC 31010 Risk Management – Risk assessment
techniques

Decision tree analysis

Brainstorming Cost/benefit analysis
Monte Carlo simulation Consequence/likelihood matrix
Bayesian analysis Checklists
Fault tree analysis
Cost/benefit analysis Delphi technique
Event tree analysis Bow tie analysis
Selecting techniques for risk assessment
Activity 1.

 Discuss in pairs
 What factors should we consider in selecting a technique for risk assessment
Applicability of techniques to the ISO 31000 risk
assessment process
 ISO Guide 73:2009

Provides the definitions of generic terms related to risk

management.
It aims to encourage a mutual and consistent
understanding of, and a coherent approach to, the
description of activities relating to the management of risk,
and the use of uniform risk management terminology in
processes and frameworks dealing with the management
of risk
PMBOK: Project Management Body of Knowledge
PMBOK – 6th edition

The Project Risk

Management processes

i. Plan Risk Management

ii. Identify Risks
iii. Perform Qualitative Risk
Analysis
iv. Perform Quantitative Risk
Analysis
v. Plan Risk Responses
vi. Implement Risk Responses
vii. Monitor Risks
PMBOK – 7th edition

OPTIMIZE RISK
RESPONSES
ISO 31000:2018 and PMBOK®Guide
Activity 2
Get into groups of 4 people
Discuss and identify the differences and similarities between ISO 31000 and PMBOK
guides (6th edition).
Other Risk Management standards/ Methodologies
PRINCE2

Risk Analysis and Management of Projects (RAMP)

Shape, Harness, And Manage Project Uncertainty (SHAMPU)

Risk Factor Analysis (RFA)

Management of Risk (M_o_R®) (UK approach: OGC (Office of Government Commerce
and PRINCE2)

Committee of Sponsoring Organizations of the Treadway Commission (COSO)

Project Risk Analysis and Management (PRAM)

Activity 3

 Get into a group of 5

 Research the following methodologies: Compare and contrast following
methodologies/standards
– Risk Analysis and Management of Projects (RAMP)
– Shape, Harness, And Manage Project Uncertainty (SHAMPU)
– Management of Risk (M_o_R®)
– Committee of Sponsoring Organizations of the Treadway Commission (COSO)
– Project Risk Analysis and Management (PRAM)
Theories related to Risk and
Risk management
Black Swan Theory
Definition: An event that has never occurred before would have
an extreme impact if it did occur and is easy to explain after the
event.

History: For hundreds of years, Europeans could not conceive

of a swan that wasn’t white until the seventeenth century when
black swans were found in Australia
Black Swan Theory
A surprising extreme event relative to the expected occurrence rate
An extreme event with a very low probability.
A surprising, extreme event in situations with large uncertainties.
An unknown-unknown.
Black Swan Theory

Activity 4.

Can you give me an example of a black swan?

What are the implications of the Black swan theory for Uncertainty/ risk Management?
Black Swan Theory

Is COVID- 19 a Black swan event ???

Perfect Storm
Definition: A perfect storm is a rare combination of events or Perfect storm is conjunctions of
circumstances creating an unusually bad situation. rare but known events. Black
swan is completely unknow
unknown event
History: The idiom is derived from the 1997 Sebastian Junger
nonfiction book, The Perfect Storm, about a fishing-boat crew
encountering a confluence of several storms at sea. It was the result
of a conjunction of a storm that started over the United States, a
cold front coming from the North, and the tail of a tropical storm
coming from the South. All three types were known before and
occur regularly, but their conjunction is very rare. A fishing boat,
whose crew had decided to take the risk of facing the storm, did not
anticipate its strength, was caught in a huge wave, capsized, and
sank. No one on board survived.
Activity 5.

Can you give me an example of a Perfect Storm?

What are the implications of the Perfect Storm for Risk Management?
 Disruptive Innovation

Definition: “An innovation that changes the performance metrics, or

consumer expectations, of a market by providing radically new
functionality, discontinuous technical standards, or new forms of
ownership.”(Nagy et al, 2016)

History: The disruptive innovation theory was originally proposed by

Christensen (1997) in his famous book “The Innovator’s Dilemma”. When
explaining why dominant incumbents failed in their competitions with new
entrants in the industry of hard disk drive, he initially described a concept
of “disruptive technology”, which mainly referred to the kinds of
technology inferior in the main attributes that consumers of mainstream
technology valued, but focused on some neglected attributes alternatively.
Activity 6.

Can you give me an example of Disruptive Innovation?

What are the implications of Disruptive Innovation for Risk Management?
Assessment 2 – Groups
 Assessment 2 – Groups

Prepare a Project Risk Management plan.

You will have 2 months to work together on this assignment
Groups
Form yourselves into groups of 5 - 6 people
Create a name for your group
A group forum will be created for you.
Start to consider a new project you can use for the Project Risk Plan
Discuss roles, this is a group exercise and needs to be completed as a group. However,
you will need to consider who will document the plan, etc.
Why do group work?

What happens in the workplace?

Why do you think it is important to include others in preparing a risk plan?
What makes a good group?
That criteria do you have for your group members.

“Life is 10% what happens to you,

and 90% how you react to it.”
What projects to choose?
By the end of week 4, your group must agree on a project.
Not commenced
Can you get the information?
Do you understand the project?
Process
Forums for each group (once you have confirmed who is in your group)
Keep minutes and actions plans
Try to give you some time at the end of class
What Project Risk Plan includes?

Table of Contents????
Develop a Project Risk Plan
 Together
 You choose a project and research and understand the context
 You identify risks, qualitatively analyse them
 Write the plan
 Individually
 Take two of the highest-ranking risks and quantitatively analyse
using different methods, develop an action plan and undertake a
cost-benefit
Form your group
Activity 7
 Develop a checklist to assign work to your team, and track that work to monitor
progress
 Find out a project for your assessment and discuss the suitability of the project for
developing risk management plan