Risk Management in Project PM

Objectives:
Distinguish project risk and strategic risks.
Understand the different types/categories of
project risks.
Understand the PRM process.
Understand the different ways of handling
risks on a project.
 Definition
• PRM is a systematic process of identifying & maximizing
the probability &consequences of positive events while
minimizing the probability & consequences of
negative/adverse events.
• PRM aims to identify and manage risks that are not
addressed by the other project management processes.
• When unmanaged, these risks have the potential to
cause the project to deviate from the plan and fail to
achieve the defined project objectives.
• Consequently, the effectiveness of Project Risk
Management is directly related to project success.
 Two levels of Risks
• Risk exists at two levels within every project;
– Individual project risk is an uncertain event or
condition that, if it occurs, has a positive or
negative effect on one or more project objectives.
– Overall project risk is the effect of uncertainty on
the project as a whole, arising from all sources of
uncertainty including individual risks.
• Risk management is concerned with
identifying risks and drawing up plans to
minimise their effect on a project.
• A risk is a probability that some adverse
circumstance will occur
Project risks affect schedule or resources;
Product risks affect the quality or performance of
the software being developed;
Business risks affect the organisation developing
or procuring the software.
 Risk categories/Types
• Technology risks; risks as a result of
technology related failures or
disruptions which negatively affects
the project.

• People risks; refers to the possible

problems that can happen because
of the actions or decisions of
individuals in a project.
• Organisational risks; These are potential
internal or external threats that can impact
the performance, operations and viability of a
project.

• Requirements risks; refer to

uncertainties or problems associated
with defining, gathering, acquiring
and managing project resources.
• Estimation risks. Refer to potential
inaccuracies or uncertainties involved in
predicting or assumptions during project
execution.

• Competition risks; refer to potential threats

and challenges a project faces due to actions
of competitors.
• Financial Risks; refer to the potential financial
losses or instabilities that affect the project
operations.

• Legal and compliance risks; these arise when

a project fails to adhere to legal rules or
regulatory frame works.
• Environmental risks; refer to the potential
adverse effects that can arise from
environmental changes.

• Health and safety risks; refer to the potential

hazards and unsafe conditions that can lead
to illnesses or death at the work place.
 The risk management process
• Risk identification
Identify project, product and business risks.
• Risk analysis
Assess the likelihood and consequences of these
risks.
• Risk planning
Draw up plans to avoid or minimise the effects of
the risk.
• Risk monitoring
Monitor the risks throughout the project.
 Risk identification
• Process of identifying project risks and their
sources.
• Documenting their characteristics
• The purpose of risk identification is to name
and describe the specific risks faced in the
project, to be able to analyse those risks and
decide on an approach to handle them.
• The process is assisted by the use of tools e.g
risk factor tables that capture indicators of
commonly encountered risks,
• Risk register a document that lists identified
risks, their potential impacts and mitigation
strategies.
• Risk matrix a visual representation of risks
based on their probability and impact to
priotise them.
 Methods of risk identification
• Brain storming
• SWOT analysis
• Expert judgement
• Interviews and workshops
• Historical data
• Assumption analysis
• Bench marking
 Risk analysis/assessment
 Process of evaluating the identified risks in order to
understand their potential impact on the project.
 The purpose is to assess the impact of each
identified risk.
 Risk exposure is defined as the product of the
likelihood that the risk will occur and the magnitude
of the consequences of its occurrence.
• Sometime the risk exposure will be so high that the
overall project becomes unviable.
• Assess probability and seriousness of each risk.
• Probability may be very low, low, moderate, high or
very high.
• Qualitative risk assessment; use of subjective
judgement to analyze the impacts of the risk
often using descriptions like high, medium,
low, catastrophic, serious, tolerable or
insignificant.
• Quantitative risk assessment; numerically
analysing the effects of the risk by use of data,
financial values, statistical models, estimates
etc
 Risk planning
 The process of developing strategies and actions to
manage and mitigate risks identified in the project.
 It involves agreeing on actions to address overall
project risk exposure, prepare in advance for
potential risks, ensuring that if they occur their
impact is minimized.
 It involves assigning responsibilities and determining
resources for dealing with the risks effectively.
 Purpose is to establish an affordable set of
actions to minimise the exposure from the
key identified risks and ensure project
success.
 Consider each risk and develop a strategy to
manage that risk.
 Risk response strategies
 These are actions taken to address identified
risks once they have been assessed.
 the objective is mainly to reduce the impact
of a negative risk(threats) or take advantage
of the positive risks(Opportunities).
 These include;
1. Avoidance strategies:
• It involves protecting the project from the
threats of the risk.
• Used when the risk has a high potential for
negative outcomes.
• Its an approach to ensure that the risk does
not occur.
2. Minimisation/mitigation strategies:
• Reducing the impact of the risk on the
project.
• Commonly used when the risk can not be
completely avoided, but its effects can be
minimized.
3. Contingency plans:
 Putting up plans to deal with the risk if it
happens.
 Set of actions prepared in advance to
respond to potential risks that may disrupt
a project.
4. Risk Transference strategy:
• Shifting the impact of a risk to a third party.
• Commonly done through insurance,
outsourcing or contracts.
• Responsibility for the risk consequences is
passed on to the third party though the
organization may still be accountable for
certain aspects.
5. Acceptance Strategy/ignore the risk.
• Acknowledging the risk and taking no
specific action to avoid or minimize it.
• This is appropriate when the cost of
mitigating exceeds the exposure and the
exposure is almost negligible.
 Response Strategies for positive
risks
• Exploitation
• Enhancement
• Sharing
• Acceptance
• Escalate
Class Assignment
 Implement Risk Responses

• The process of executing agreed-upon risk

response plans.
• Essential to ensure that they are effectively
carried out.
• Assign roles and responsibilities
• Allocate resources
• Communicate with stake holders
• Document actions taken etc
 Risk monitoring & Control
• On going process of monitoring , tracking and
adjusting risk responses.
• Helps to ensure that these strategies are
implemented as planned and the project is still on
track to meet its objectives despite the
uncertainties.
• Involves various activities like reporting, tracking,
performance measurement, risk audits, corrective
actions, stake holder engagements etc
 Roles in the process of Risk management

Role Name Role definition

Project • Drives the risk management process at the start
Manager of a project.
• Participates in risk identification, mitigation, and
tracking progress throughout the project.
• Accept or reject the level of risk for the project.
Project team • Performs the risk management process for the
project.
Risk • Provides input to the process for identifying
identification risks.
Team • Includes representatives of all affected groups
involved in the project.
 Roles in the process of Risk
management
Roles Role definition
Risk Mitigation • Performs actions to reduce the exposure
Team. from the risk, focused on either or both of
probability and consequence of the risk.
• May be members of the project team, other
affected groups, user, customer,
management, and others, depending on the
risk item.