Project Risk Management

Prepared by: Atef Hamza

The Importance of Project Risk Management

Project risk management is the art and science of

identifying, assigning, and responding to risk
throughout the life of a project
Risk management is often overlooked on projects
Previous studies shows how risk management is
neglected, especially on IT projects, they found that
55 % of runaway projects did no risk management
at all
Project management maturity: (industry group and knowledge area)
The main benefits from software risk management practices

➢ KLCI Research Group surveyed 260 software organizations worldwide

What is Risk?

A dictionary definition of risk is “the possibility of

loss or injury”
Risk: An uncertain event or condition that, if it
occurs, has a positive or negative effect on a
project’s objectives
What is Project Risk Management?

The goal of project risk management is

to minimize potential risks (negative)
while maximizing potential opportunities
(positive).
Risk utility function and risk preference
Risk utility: is the amount of satisfaction or pleasure received
from a potential payoff.
There are three types of risk preferences:
 Risk-averse: person or organization that is risk-averse gains
less satisfaction from the risk, or has lower tolerance for
the risk.
 Risk-seeking: have a higher tolerance for risk, and their
satisfaction increases when more payoff is at stake.
 risk-neutral person achieves a balance between risk and
payoff.
Risk preferences
Project Risk Management Processes
Risk
management
planning

Risk
Risk
monitoring
identification
and control

Risk response Qualitative risk

planning analysis

Quantitative
risk analysis
Risk management processes

 Risk management planning: deciding how to approach

and plan the risk management activities for the project
 Risk identification: determining which risks are likely to
affect a project and documenting their characteristics
 Qualitative risk analysis: characterizing and analyzing
risks and prioritizing their effects on project objectives
Risk management processes

 Quantitative risk analysis: measuring the probability

and consequences of risks
 Risk response planning: taking steps to enhance
opportunities and reduce threats to meeting project
objectives
 Risk monitoring and control: monitoring known risks,
identifying new risks, reducing risks, and evaluating the
effectiveness of risk reduction
Risk Management Planning

 The main output of risk management planning is a risk

management plan
 The project team should review project documents and
understand the organization’s and the sponsor’s
approach to risk
 The level of detail will vary with the needs of the project
Results from developing the Risk Management Plan

 You have a written plan

 You know what actions you have to do
 You know who is responsible for what
 You can track your work
 You can learn from your risk activities and help others
with their risk
Other Categories of Risk

Market risk: Will the new product be useful to the

organization or marketable to others? Will users
accept and use the product or service?
Technology risk: Is the project technically
feasible? Will hardware, software, and networks
function properly? Will the technology be
available in time to meet project objectives?
Other Categories of Risk

People risk: Does the organization have or can

find people with appropriate skills to complete
the project successfully? Do they have enough
experience?
Financial risk: Can the organization afford to
undertake the project? Is this project the best
way to use the company’s financial resources?
Risk Identification

 Risk identification is the process of understanding

what potential unsatisfactory outcomes are
associated with a particular project.
 Several risk identification tools and techniques include
 Brainstorming
 Interviewing
 SWOT analysis
 Root cause analysis
SWOT analysis
SWOT of Toyota corporation
Qualitative Risk Analysis

 Qualitative risk analysis involves assessing the

likelihood and impact of identified risks to
determine their magnitude and priority.
Tools and techniques include:
 Probability/Impact matrixes
 The Top 10 Risk Item Tracking technique
 Expert judgment
Probability/Impact matrixes
Top 10 Risk Item Tracking

 Top 10 Risk Item Tracking is a tool for maintaining an

awareness of risk throughout the life of a project
 Establish a periodic review of the top 10 project risk items
 List the current ranking, previous ranking, number of times
the risk appears on the list over a period of time, and a
summary of progress made in resolving the risk item
Example of Top 10 Risk Item Tracking
Expert Judgment

 Many organizations rely on the intuitive

feelings and past experience of experts to
help identify potential project risks.
 Experts can categorize risks as high,
medium, or low with or without more
sophisticated techniques.
Quantitative Risk Analysis

 Often follows qualitative risk analysis, but both

can be done together or separately.
 Large, complex project involving leading edge
technologies often require extensive
quantitative risk analysis
 Main techniques include
 Decision tree analysis
 simulation (Monte Carlo)
Decision Trees and Expected Monetary Value (EMV)

 A decision tree is a diagramming method used to

help you select the best course of action in
situations in which future outcomes are uncertain
 EMV is a type of decision tree where you calculate
the expected monetary value of a decision based
on its risk event probability and monetary value

 EMV = (Probability) x (Impact)

 Example of EMV

Suppose there is a 20 percent probability or chance (P = .20) that

Cliff’s firm will win the contract for Project 1, which is estimated to be
worth $300,000 in profits. There is an 80 percent probability (P = .80)
that it will not win the contract for Project 1, and the outcome is
estimatedto be $-40,000.
Suppose there is a 20 percent probability that Cliff’s firm will lose
$50,000 on Project 2, a 10 percent probability that it will lose $20,000,
and a 70 percent probability that it will earn $60,000.

calculate the expected monetary value (EMV) for each project, which
project should be chosen.
Expected Monetary Value (EMV) Example

Project 2 selected
 Expected Monetary Value (EMV) Example
Suppose you are a project manager of a power plant project and there is a
penalty in your contract with the main client for every day you deliver the
project late. You need to decide which sub-contractor is appropriate for your
projects.
 Sub-contractor 1 bids $250,000. You estimate that there is a 30%
possibility of completing 60 days late. As per your contract with the client,
you must pay a delay penalty of $5,000 per calendar day for every day
you deliver late.
 Sub-contractor 2 bids $320,000. You estimate that there is a 10%
possibility of completing 20 days late. As per your contract with the client,
you must pay a delay penalty of $5,000 per calendar day for every day
you deliver late.
You need to determine which sub-contractor is appropriate for your projects
Answer: we are selecting Contractor 2 because of low cost and low possibility of being late.
 Example EMV
You are the general manager of a factory, to increase the profit you have 2 options.
Either build new factory which cost $8000,000 or upgrade the existing factory
costing $3000,000.
 If you build new factory there is 75% chance of high profit of $15000,000 and
25% of low profit of $5000,000.
 If you upgrade the existing factory there is 60% chance of high profit of
$10000,000 and 40% chance of low profit of $2000,000.
As a general manager which option you should select.

Answer: build a new factory is better and more profit

Risk Response Planning

 After identifying and quantifying risk, you must

decide how to respond to them
Four main strategies:
 Risk avoidance: eliminating a specific threat or risk,
usually by eliminating its causes
 Risk acceptance: accepting the consequences
should a risk occur
 Risk transference: shifting the consequence of a risk
and responsibility for its management to a third party
 Risk mitigation: reducing the impact of a risk event by
reducing the probability of its occurrence
Risk Monitoring and Control

 Monitoring risks involves knowing their status

 Controlling risks involves carrying out the risk management
plans as risks occur
 Workarounds (temporary fix) are unplanned responses to
risk events that must be done when there are no
contingency plans
 The main outputs of risk monitoring and control are
corrective action, project change requests, and updates
to other plans