Chapter 7: Risk Management

Introduction

• Risk management is major step in project

planning.
• It is a complex process since the variables are
dynamic and dependent on variety of
conditions such as: project size, project
complexity, location, season of the year, …etc.
• As such, upon analyzing risks, a Time and/or
Cost contingency should be added to cover
unforeseen occurrences.
• Terms and Definitions

❖ Hazard

✓ Each time we smoke, we might get cancer.

✓ Smoking is a Hazard , it is hazardous.

✓ The likelihood/Probability we get cancer is RISK.

✓ Each time you go up the stairs we might fall.

✓ The stairs are a “Hazard”.

✓ The probability/likelihood we would fall is

the
• RISK.
 ❖ Risk - Risk may be defined as:

✓ Any event which is likely to affect the ability of project to

achieve the defined objectives

✓ Undesirable extra cost or delay due to factors having

• uncertain future outcome

✓ Risk can be characterized in terms of its Severity where:

• Severity = Likelihood of Occurrence x Magnitude of the

Impact
 Risk Vs Uncertanity

Basis for Risk Uncertainty

Comparison

The probability of winning Uncertainty implies a

or situation where the
Meaning
losing something
future events are not
worthy is known as
known.
risk.
Ascertainment It can be measured It cannot be measured.
Chances of outcomes are
Outcome The outcome is
known. unknown.
Control Controllable Uncontrollable
Minimization Yes No
Probabilities Assigned Not assigned
 Cont..

• Generally, risk is defined as the exposure to

the chance of occurrence of events adversely or
favorably affecting project objectives as a
consequence of uncertainty”.
• However, most definitions of risk have focused
only on the downside effects associated with
risk.
• Therefore, risk may be defined a: “Undesirable
extra cost or delay due to factors having
uncertain future outcome”.
 Cont..

• Risk management is “A formal ordering

process for systematically identifying,
analyzing, and responding to risk events
throughout the life of a project to obtain the
optimum or acceptable degree of risk
elimination or control
 cont
The Major Steps of Risk Management
includes:
• Risk management plan.
• Risk Identification
• Qualitative risk analysis.
• Quantitative risk analysis.
• Development of responses to avoid, reduce,
or transfer risk.
• Risk monitoring and control.
 Cont..
• Risk event is a discrete occurrence that may
affect the project for better or worse is a
risk event.
• A risk event will have an impact on one or
several of the objectives of the project
 Cont…
• Effective risk management is guided by a
set of principles that represent current “best
practices.” Irrespective of the size or
complexity of a project
 cont
• Risk Management Process

It is important to note that the process itself is built on a general

approach that :

• Begins with project planning.

• Requires a thorough development of project concept, scope, and
level of effort.
• Identifies key uncertainties and risks associated with the
project.
• Examines the identified risks to mitigate their probability and
impact, or to build in risk allowances.
• Expects risk monitoring and response to be an ongoing part of
the project.
Cont……
Cont..
 Cont..
Risk Identification
• Purpose: Search for and locate sources of
risks before they become a problem and
provide a preliminary assessment of their
consequences.
• Discussion: It is normal to identify a large
number of potential risks. It is not necessary
to examine all of them in detail.
 Cont..
Tools:

• Affinity diagram
• Checklist of possible sources of risk
• Fishbone diagram
Main categories of sources of risks are listed with
examples in the following Table
Cont..
Cont…
 Cont…
Risk Analysis
• Purpose: To transform risk data into
decision-making information.
• A process which incorporates uncertainty in
a quantitative manner, using probability
theory, to evaluate the potential impact of
risk.
Basic Steps of Risk Analysis Cont…
Basic Steps of Risk Analysis

• The general approach is to identify the nature of the risk, the probability of its
occurrence, and the likely impact of its occurrence. Estimate range of risk
variables.
• Not all risks need attention.
• Begin with a qualitative analysis to decide which potential risks are worth
further consideration. For most areas of potential risk, this qualitative analysis
will be sufficient to determine the type of required response.
• When it is necessary to fully understand the extent of impact of a potential risk
event, use a quantitative analysis. For example, a quantitative analysis that
yields a total dollar impact of a particular risk event can be a powerful way to
gain senior management support for adding project staff to manage the risk
area.
• Choose the appropriate probability distribution which best fit risk variables,
• Define the affected activities by these risk variables, and
• Use a simulation model to evaluate the impact of risks (PERT, Monte Carlo
Simulation).
 Cont..
• Steps including in the risk analysis

[Link] Analysis.
2. Probability Analysis
 Cont..
• There are instances when the impact of the
potential risk is easy to evaluate
qualitatively. Other times, it is not so clear.
• In those instances, it helps to use an
analytical tool such as the “Consequences
Wheel” shown in Fig.
• This wheel helps the Project Team
understand the variety of ways that a risk-
related event could affect project
performance
Cont…
 Cont..
• At this point, the Project Team should have
all the risks identified, as well as the
probability and impact each risk carries.
• These risks can be inserted into the
Probability- Impact Risk Analysis Matrix
(Tabel.) to get a global picture of the risks,
and their impact relative to each other.
cont
 Cont….
Sensitivity Analysis
• A quick identification of those variables
which affect mostly a performance criteria
(project time and/or cost).
• The purpose is to eliminate those risk
variables which have minor impact on the
performance criteria and hence reduce
problem size and effort.
 Cont..
Procedure:
• Three values of each risk variables are to be specified: a
most likely, an optimistic, and a pessimistic.
• For each risk variable:
- Set all other risk variables at their most likely value.
- Determine a value for the performance criteria when risk
variable under consideration is set at its optimistic value.
- Determine another value for the performance criteria
when risk variable under consideration is set at its
pessimistic value.
- The difference between the obtained two values of the
performance criteria is checked (subjectively).
 Cont..
Probability Analysis
• The purpose is to determine the effect of
those risk variables which have a significant
impact on the performance criteria.
 Cont..
• Procedure:
• Consider the risk variables as random
variables.
• Specify the suitable probability distribution
for each risk variable.
• Use a suitable simulation technique to
determine the probability distribution of
the performance criteria (PERT, Monte Carlo
Simulation.)
 Cont….
Risk Responses
Purpose: To translate risk information into
decisions and mitigating action plans. To
implement those action plans.
 Cont..
Risk responses can be made at two stages:
First Stage:
• Develop responses to avoid, reduce, or transfer risk
(before risk analysis).
Second stage:
• To deal with residual risks, one of the two following
approaches can be adopted:
• 1. Residual risks can be transferred through
contractual arrangements and/or insurance policies.
• 2. Cover retained risk impact by time and/or cost
contingency
 Cont..
Possible response options include:
• Acceptance: Deciding to not change the project plan to
deal with a risk or are unable to identify any other suitable
response strategy.
• In other words, recognize the risk, but do not take any
action because the impact or probability is small.
- Active Acceptance – Accept the risk, but include a
contingency or contingency plan to execute, should the risk
occur.
- Passive Acceptance – Accept the risk, and plan no action. Deal
with the risks as they occur.
 Cont…
• Avoidance: Changing the project plan to
eliminate the risk or to protect the project
objectives from its impacts.

- Take an alternate approach to delivering the

project.
- Use alternative technology.
 Cont..
• Mitigation: Modifying the probability
and/or consequence of an adverse risk
event to an acceptable threshold.
- Modify the project plan in such a way as to
reduce the probability of the threat or its
impact (or both).
- Modify the technology to reduce probability
or impact
 Cont..
• Transference: Shifting the consequence of a
risk to another party together with the
ownership of the risk. Does not eliminate
the risk, just transfers it.
- Modify the contract or agreement with
contracting parties
- Purchase risk insurance
- Share the risk as in a joint venture
partnership
 Cont..
Risk Control
Purpose: To correct for deviations from the
Risk Mitigation Plans and to provide
information on risk activities, current risks,
and emerging risks.
• Risk control also includes monitoring risk
indicators and the effectiveness of
mitigating actions. :
 Cont…

• Risk control could be done through

-Risk monitoring/reporting
- Should be an ongoing activity
- Could be a standing agenda item for all
project review meetings