gsn notes- 11 risk management.pdf

8/18/2019 GSN Notes- 11 Risk Management.pdf

1/6

Chapter 11 – RISK Management

GSN Notes- 11 Risk Ma nagement Page 1 of 6

Projec t risk - Is an uncertain event or condition that, if it occurs, has a positive or a negativeeffect on a projec t objec tive.A risk has a cause and, if it oc curs, a c onsequenc e. Risk identifica tion is an iterative process. (J ustlike core process)

Risk Types – 1. Business (Gain or Loss) 2. Pure Risk (Only Risk of Loss)

Planning meetings - Attendees - project manager, the project team leaders, anyone in theorganization with responsibility to manage the risk planning and execution activities, keystakeholders,

Qualitative Risk Analysis – Prioritizing risks for subsequent further analysis or action by assessingand combining their probability of occurrence a nd impac t .

Quantitative Risk Analysis – Numerically analyzing the effect on overall project objectives ofidentified risks.

Attitude about Risk – Should be made explicit, Communication about risk should be honest andopen. Risk response reflects organizations perceived balance between risk taking and riskavoidance. Some one who does not want to take risks is said to be Risk Averse.

Tolerance and Threshold – Tolerance are areas of risk that are acceptable or unac ceptable. Athreshold is the amount of risk that is acceptable.

Risk Management Plan – Describes how Risk Management will be structured and performed, itincludes

1. Methodology (Approach, tools and da ta sources)2. Budgeting (Resource and Cost Estimate)3. Timing (When and how o ften)4. Risk Categories (RBS, Good practice is to review risk ca tegories during RMP prior to Risk

Identification Process)5. Definition of Risk Probability and Impact (Used for Qualitative Risk Ana lysis, Quality &

credibility important)6. Probability and Impact Matrix (Look up table, with impact categorized as Low, Moderate

or High)7. Revised Stakeholders tolerances8. Reporting Formats (Describes Risk Register Contents and format)9. Tracking (Auditing a nd Documentation for LL)

Information Gathering Techniques (I/P for Risk Identifica tion) – 1.Brainstorming 2. Delphi Technique 3.Interviewing 4.Root c ause analysis 4. SWOT analysis

Check List Analysis (I/P for Risk Identification) – Can be based on Historical information of

previous similar projec ts, the lowest level of RBS can also be used as Risk Checklist.Quantitative Risk Analysis

1. Data Gathering and Representation Technique1. Interviewing 2.Probability Distributions ( Beta Distribution and Triangular Distribution )

2. Quantitative Risk Analysis and Modeling Techniques• Sensitivity Analysis – Determine which risks have most potential impact, Tornado

Diagram.


2/6



• Expected Monetary Value – Opp ortunity expressed as Positive, Risk expressed asnegative. Modeling and Simulation is rec ommended for Cost & Schedule Riskanalysis because they are more powerful and less subjec t to misuse than EMVanalysis.

• Dec ision tree analysis – Shows available choices and their possibilities• Modeling a nd Simulation – Done using Monte Carlo Technique . Cost Risk Analysis

use C BS or WBS. Schedule Risk analysis use PDM.

Strategy for Positive Risk or Opportunities - SEE – Share, Exploit, Enhance

Strategy for Negative Risk or Threats – ATM – Avoid, Transfer, Mitiga te

Strategy for Both - Acc eptance

Residual Risks – Risks that are expected to remain after planned responses have been taken, aswell as those have been deliberately accepted.

Secondary Risks – Risks that arise as a direc t outcome of implementing a risk response.

Recommended Corrective Actions – For Risk monitor and Control include C ontingency plansand workaround plans. Work around plans are not initially planned but are required to deal withemerging risks that were previously unidentified or accepted.

Risk database - A repository that provides for collection, maintenance, and analysis of dataga thered and used in the risk management proc esses. Use of this database will assist riskmanagement throughout the organization and, over time, form the basis of a risk lessons learnedprogram.

Risk Register – (O/P of Risk Identification)1. List of Identified Risks (including root causes and assumptions)

2. List of Potential Responses3. Root causes of Risks4. Updated Risk Ca tegories (RBS which is developed in RMP is enhanced or amended)

Updates after Qualitative Risk Analysis5. Relative Ranking or Priority list of Project Risks6. Risks grouped by categories7. List of Risk requiring Response in the near term8. Watch list of low priority risks9. Trends in Relative Risk ana lysis results

Updates after Quantitative Risk Analysis10. Probabilistic Analysis of the projec t11. Probability of Ac hieving Cost and Time Objec tive12. Prioritized List of Quantified Risks13. Trends in Quantitative Risk Analysis Results


3/6



Updates after Risk Response Planning14. Identified Risks, their descriptions, areas of the project and how they affect project

objectives15. Risk owners and their responsibilities16. Agreed upon response strategies17. Symptoms and warning signs of risks oc currenc e

18. Budget and Schedule ac tivities required to implement the c hosen responses19. Contingency reserves of Time and Cost. Contingency Triggers.20. Fallback plan21. Residua l and Secondary Risks

Project Risk Management – processes concerned with identifying, analyzing, and responding touncertainty. The most likely cause of poor risk mana gement is lac k of prioritized list of risks.

Types of RiskBusiness Normal risks that offer gain and loss

Pure / Insurable Only loss: property damage, indirec t consequential loss, legal liability,personnel. For risk we can outsource, we have c ontrac t. For pure risks,we obtain insurance.

Risk FactorsRisk event ; Risk probability; Amount at Stake

Statistical

IndependenceData Precision RankingSecondary Risk

Occurrence of one event is not related to occurrence of the other

Purpose is to test the value of data (input to Qualitative Analysis)(part of Risk Response Planning)

Path Convergence Tendenc y of parallel pa ths of equal duration to delay the completionof the milestone where they meet

Contingency Plan

Uncertainty

Planned action steps to be taken if an identified risk occurs. (e.g.developing alternative ac tivity sequences)

An uncommon state of nature, characterized by the absence of any

information related to a desired outcome.

Workaround Unplanned response to negative risk events (requires to be impactedby the risk first)

Expected MonetaryValue

= Probability * Monetary Impact (used in Dec ision Tree Analysis)


4/6



Risk Event A discrete occurrence that may affec t the projec t for better orworse. After a risk event, the project manager’s role is toreassess the risk ranking. The risk owner is responsible to takeaction when an identified risk occurs.

Risk Trigger A symptom of risk; indirect manifestation of ac tual risk event;output of risk identification; example is poor morale

Risk Portfolio Risk data a ssembled for the management of the projec t

Utility Theory Technique that charac terizes an individual’s willingness to takerisk

Sensitivity Analysis

Risk Auditor

Risk Tolerance

Places a value on the impact to the project plan by adjustinga single projec t variable; simplest form of analysis

Role is to investigate the effectiveness of the risk owner (whichcan cause potential c onflict with risk owner)

Risk Taker, Risk Adverse, Risk Neutral; if you know the toleranc eof the stakeholders, you can determine how they might reactto different situation and risk events. You use this information tohelp assign levels of risk on each work package.

Responses to RiskAvoidance(elimination/abatement)

Eliminating cause eliminates risk. Can be done by changing theProjec t Plan or protec ting projec t ob jectives from its impact.

Mitigation (reduction) Reduce the Expected Monetary Value. Float can be use tomitigate potential risks

Transfer Deflec t or share (eg. Insurance, wa rranties)Acceptance Accept or retain consequences. 2 types: A c t iv e Acceptance

(develop a contingency plan) or Pa ssive Acceptance (no ac tion).Numbers to Know

Cost Estimates:Order of Magnitude(Ballpark estimate)

-25% +75%

Budget estimate -10% +25%Definitive estimate -5% +10%

1 sigma 68.3%2 sigma 95.5%3 sigma 99.7%6 sigma 99.99%


5/6



The range of an estimate with the smallest range is the least risky.

DocumentationRisk Management Plan – would most likely be developed during scope planning phase of thescope management process.

Decision Tree Analysis - 1. Takes into account future events in trying to make decision today2. It calculates EMV in more c omplex situations 3. Involves mutual exclusivity

Fall back Plan – Specific actions that will be taken if the contingency plan is not effec tive.

Risk Qu est ions Generally speaking, in what projectphase are risk and opportunity greaterthan the amount at stake by the widestmargin?

Initiation

Describe the difference between aninternal risk and an external risk.

An internal risk is under the control or influenc e of theproject team; external is beyond control or influenc e.

What is purpose of a risk managementplan? What should it include?

To document the procedures that should be used tomanage risk throughout the project. It should includethe risk identification and risk quantifica tion; howcontingency plans will be implemented; how reserveswill be allocated.

What is a reserve? A provision in the project plan to mitigate cost and/orschedule risk. Management reserves are for “unknown

unknowns” and contingency reserves are for “knownunknowns”.

What are the two most common typesof management reserves? How arethey used?

Cost and Schedule, used to reduce the chance ofoverruns in either area

When is the highest risk i m p a c t generally oc cur?

During Implementation and C lose-out - the Amount atStake is high though risk has decrea sed . Risk is highestduring Initiation and Planning.

Who is ultimately responsible foridentifying and managing risk?

Project manager

You are finding it difficult to evaluatethe exact cost consequences of risks.

Evaluate them on a qualitative basis.


6/6

gsn notes- 11 risk management.pdf

Documents