Project Risk Management
Prepared by: Atef Hamza
The Importance of Project Risk Management
Project risk management is the art and science of
identifying, assigning, and responding to risk
throughout the life of a project
Risk management is often overlooked on projects
Previous studies shows how risk management is
neglected, especially on IT projects, they found that
55 % of runaway projects did no risk management
at all
Project management maturity: (industry group and knowledge area)
The main benefits from software risk management practices
➢ KLCI Research Group surveyed 260 software organizations worldwide
What is Risk?
A dictionary definition of risk is “the possibility of
loss or injury”
Risk: An uncertain event or condition that, if it
occurs, has a positive or negative effect on a
project’s objectives
What is Project Risk Management?
The goal of project risk management is
to minimize potential risks (negative)
while maximizing potential opportunities
(positive).
Risk utility function and risk preference
Risk utility: is the amount of satisfaction or pleasure received
from a potential payoff.
There are three types of risk preferences:
Risk-averse: person or organization that is risk-averse gains
less satisfaction from the risk, or has lower tolerance for
the risk.
Risk-seeking: have a higher tolerance for risk, and their
satisfaction increases when more payoff is at stake.
risk-neutral person achieves a balance between risk and
payoff.
Risk preferences
Project Risk Management Processes
Risk
management
planning
Risk
Risk
monitoring
identification
and control
Risk response Qualitative risk
planning analysis
Quantitative
risk analysis
Risk management processes
Risk management planning: deciding how to approach
and plan the risk management activities for the project
Risk identification: determining which risks are likely to
affect a project and documenting their characteristics
Qualitative risk analysis: characterizing and analyzing
risks and prioritizing their effects on project objectives
Risk management processes
Quantitative risk analysis: measuring the probability
and consequences of risks
Risk response planning: taking steps to enhance
opportunities and reduce threats to meeting project
objectives
Risk monitoring and control: monitoring known risks,
identifying new risks, reducing risks, and evaluating the
effectiveness of risk reduction
Risk Management Planning
The main output of risk management planning is a risk
management plan
The project team should review project documents and
understand the organization’s and the sponsor’s
approach to risk
The level of detail will vary with the needs of the project
Results from developing the Risk Management Plan
You have a written plan
You know what actions you have to do
You know who is responsible for what
You can track your work
You can learn from your risk activities and help others
with their risk
Other Categories of Risk
Market risk: Will the new product be useful to the
organization or marketable to others? Will users
accept and use the product or service?
Technology risk: Is the project technically
feasible? Will hardware, software, and networks
function properly? Will the technology be
available in time to meet project objectives?
Other Categories of Risk
People risk: Does the organization have or can
find people with appropriate skills to complete
the project successfully? Do they have enough
experience?
Financial risk: Can the organization afford to
undertake the project? Is this project the best
way to use the company’s financial resources?
Risk Identification
Risk identification is the process of understanding
what potential unsatisfactory outcomes are
associated with a particular project.
Several risk identification tools and techniques include
Brainstorming
Interviewing
SWOT analysis
Root cause analysis
SWOT analysis
SWOT of Toyota corporation
Qualitative Risk Analysis
Qualitative risk analysis involves assessing the
likelihood and impact of identified risks to
determine their magnitude and priority.
Tools and techniques include:
Probability/Impact matrixes
The Top 10 Risk Item Tracking technique
Expert judgment
Probability/Impact matrixes
Top 10 Risk Item Tracking
Top 10 Risk Item Tracking is a tool for maintaining an
awareness of risk throughout the life of a project
Establish a periodic review of the top 10 project risk items
List the current ranking, previous ranking, number of times
the risk appears on the list over a period of time, and a
summary of progress made in resolving the risk item
Example of Top 10 Risk Item Tracking
Expert Judgment
Many organizations rely on the intuitive
feelings and past experience of experts to
help identify potential project risks.
Experts can categorize risks as high,
medium, or low with or without more
sophisticated techniques.
Quantitative Risk Analysis
Often follows qualitative risk analysis, but both
can be done together or separately.
Large, complex project involving leading edge
technologies often require extensive
quantitative risk analysis
Main techniques include
Decision tree analysis
simulation (Monte Carlo)
Decision Trees and Expected Monetary Value (EMV)
A decision tree is a diagramming method used to
help you select the best course of action in
situations in which future outcomes are uncertain
EMV is a type of decision tree where you calculate
the expected monetary value of a decision based
on its risk event probability and monetary value
EMV = (Probability) x (Impact)
Example of EMV
Suppose there is a 20 percent probability or chance (P = .20) that
Cliff’s firm will win the contract for Project 1, which is estimated to be
worth $300,000 in profits. There is an 80 percent probability (P = .80)
that it will not win the contract for Project 1, and the outcome is
estimatedto be $-40,000.
Suppose there is a 20 percent probability that Cliff’s firm will lose
$50,000 on Project 2, a 10 percent probability that it will lose $20,000,
and a 70 percent probability that it will earn $60,000.
calculate the expected monetary value (EMV) for each project, which
project should be chosen.
Expected Monetary Value (EMV) Example
Project 2 selected
Expected Monetary Value (EMV) Example
Suppose you are a project manager of a power plant project and there is a
penalty in your contract with the main client for every day you deliver the
project late. You need to decide which sub-contractor is appropriate for your
projects.
Sub-contractor 1 bids $250,000. You estimate that there is a 30%
possibility of completing 60 days late. As per your contract with the client,
you must pay a delay penalty of $5,000 per calendar day for every day
you deliver late.
Sub-contractor 2 bids $320,000. You estimate that there is a 10%
possibility of completing 20 days late. As per your contract with the client,
you must pay a delay penalty of $5,000 per calendar day for every day
you deliver late.
You need to determine which sub-contractor is appropriate for your projects
Answer: we are selecting Contractor 2 because of low cost and low possibility of being late.
Example EMV
You are the general manager of a factory, to increase the profit you have 2 options.
Either build new factory which cost $8000,000 or upgrade the existing factory
costing $3000,000.
If you build new factory there is 75% chance of high profit of $15000,000 and
25% of low profit of $5000,000.
If you upgrade the existing factory there is 60% chance of high profit of
$10000,000 and 40% chance of low profit of $2000,000.
As a general manager which option you should select.
Answer: build a new factory is better and more profit
Risk Response Planning
After identifying and quantifying risk, you must
decide how to respond to them
Four main strategies:
Risk avoidance: eliminating a specific threat or risk,
usually by eliminating its causes
Risk acceptance: accepting the consequences
should a risk occur
Risk transference: shifting the consequence of a risk
and responsibility for its management to a third party
Risk mitigation: reducing the impact of a risk event by
reducing the probability of its occurrence
Risk Monitoring and Control
Monitoring risks involves knowing their status
Controlling risks involves carrying out the risk management
plans as risks occur
Workarounds (temporary fix) are unplanned responses to
risk events that must be done when there are no
contingency plans
The main outputs of risk monitoring and control are
corrective action, project change requests, and updates
to other plans