Project Risk M P j Ri k Management

What is Risk? Risk and uncertainty are equivalent i l

Three Definitions
Risk
A possible future event which if it occurs will p lead to an undesirable outcome.

Project Risk
The cumulative effect of the chances of an uncertain occurrence that will adversely affect project objectives objectives.

Risk Management
A systematic and explicit approach for identifying, quantifying, and controlling project risk.

DEFINITION
PROJECT RISK MANAGEMENT IS THE ART AND SCIENCE OF IDENTIFYING, ASSESSING, AND RESPONDING TO PROJECT RISK THROUGHOUT THE LIFE OF A PROJECT AND IN THE BEST INTERESTS OF ITS OBJECTIVES PROJECT RISK IS THE CUMULATIVE EFFECT OF THE CHANCES OF UNCERTAIN OCCURRENCES ADVERSELY AFFECTING PROJECT OBJECTIVES

RISK MANAGEMENT PURPOSE

IDENTIFY FACTORS THAT ARE LIKELY TO IMPACT THE PROJECT OBJECTIVES OF SCOPE, QUALITY, COST AND TIME SCOPE QUALITY QUANTIFY THE LIKELY IMPACT OF EACH FACTOR GIVE A BASELINE FOR PROJECT NON CONTROLLABLES NON-CONTROLLABLES MITIGATE IMPACTS BY EXERCISING INFLUENCE OVER PROJECT CONTROLLABLES THE PMBOK ALSO POINTS OUT THAT RISK MANAGEMENT INCLUDES MAXIMIZING THE RESULTS OF POSITIVE EVENTS AND MINIMIZING THE CONSEQUENCES OF ADVERSE EVENTS.

ISSUES
A RISK SHOULD ONLY BE TAKEN WHEN THE POTENTIAL BENEFIT AND CHANCES OF WINNING EXCEED THE REMEDIAL COST OF AN UNSUCCESSFUL DECISION AND CHANCES OF LOSING BY A SATISFACTORY MARGIN WHAT WILL BE GAINED? WHAT COULD BE LOST? WHAT ARE THE CHANCES OF SUCCESS (AND FAILURE)? WHAT CAN BE DONE IF THE DESIRED RESULT IS NOT ACHIEVED? IS THE POTENTIAL REWARD WORTH THE RISK? POTENTIAL FREQUENCY OF LOSS AMOUNT AND RELIABILITY OF INFORMATION AVAILABLE POTENTIAL SEVERITY OF LOSS MANAGEABILITY OF THE RISK VIVIDNESS OF THE CONSEQUENCES POTENTIAL FOR (ADVERSE) PUBLICITY WHOSE MONEY IS IT?

NATURE OF RISK MANAGEMENT

WHEN SPEAKING OF RISK, THINK OF ONLY HAZARDOUS ONES EVERYDAY COMMON DAY ONES ARE IGNORED RARELY DO WE SYSTEMATICALLY IDENTIFY ALL RISKS INVOLVED HOWEVER, INCLINED TO CONSIDER RISK DIFFERENTLY RELATIVE TO FAMILY - VERY PRECIOUS AND LOTS OF POTENTIAL EXAMPLES: SMALL CHILDREN - STAY AWAY FROM ROAD HOW DID DAY GO? - DO MORE TO HELP THEM - RISK ID & AVOIDANCE - INFO FEEDBACK

THESE ACTIONS ARE ESTABLISHING THE BASIC ELEMENTS OF MANAGING PROJECT RISK INTO OUR CHILDREN

PROJECT RISK MGMT IS PRO-ACTIVE

CLASSIC SYSTEMS METHODOLOGY: INPUT PROCESS FEEDBACK LOOP THIS PROCESS VITAL TO EFFECTIVE PROJECT CONTROL, HOWEVER , RISK IS DIFFERENT - - HAS TO DO WITH: UNCERTAINTY, PROBABILITY OR UNPREDICTABILITY, AND CONTINGENT PLANNING OUTPUT

REACTIVE vs. PRO-ACTIVE

CRISIS MANAGEMENT -- REACTIVE MODE -- SELECT RESPONSE PRO-ACTIVE -- ANTICIPATE AND PLAN TO AVOID RISK & DECISION MAKING: TAKE RISK IF POTENTIAL BENEFIT AND CHANCE OF WINNING EXCEEDS COST OF UNSUCCESSFUL DECISION AND CHANCES OF LOSING BY A SATISFACTORY MARGIN (CLASSIC COST / BENEFIT ANALYSIS)

Project Risk Management

Project Risk Management 11.0

Risk Identification Id tifi ti 11.1

Risk Quantification Q tifi ti 11.2

Risk Response Development D l t 11.3

Risk Response Control C t l 11.4

PMBOK Risk
Opportunities - Positive outcome Threats - Negative outcome

Benefits of Risk Management

More and better information is available g planning and decision making g g during p Project objectives are verified Improved communications Higher probability of project success Proactive approach j g Project might be canceled

Why Organizations don t do dont Risk Management

Unwillingness to admit risks exist Postpone the hard parts of the project until later Risk management costs money
Up front investment of time C prove its necessary Cant i
Think health insurance

Why Organizations don t do dont Risk Management

Can Do management style severely inhibits risk management Risk identification can make you look like a s de c o c e oo e whiner

Ways to Avoid Risk Management

Managing risk is everybodys business There is only one risk: The project might . d were g g wo g fail. And we e managing that by working real hard to assure that doesnt happen.

The Uncertainty Spectrum

NO Information (Unknown k ) unknowns) Partial Information (Known unknowns) k ) SPECIFIC UNCERTAINTY Complete p Information (Knowns)

GENERAL TOTAL UNCERTAINTY UNCERTAINTY

TOTAL CERTAINTY

SCOPE OF PROJECT RISK MANAGEMENT*

*Note: in this range the information to be sought is known

Project Risk
Integration Communication Scope Project Risk

Time

Cost

Quality Human Resources

Procurement

INTEGRATING RISK
PROJECT MANAGEMENT INTEGRATION INFORMATION / COMMUNICATIONS
Life Cycle and Environment Variables

SCOPE

Expectations Feasibility

Ideas, Directives, Data Exchange Accuracy

QUALITY

Requirements Standards S d d

PROJECT RISK

Availability Productivity

HUMAN RESOURCES

Time Objectives, Restraints

Services, Plant, Materials: Performance

TIME

Cost Objectives, Restraints

CONTRACT / PROCUREMENT

COST

Project Risk Management

A subset of project management that includes the processes concerned with identifying, analyzing identifying analyzing, and responding to project risk.

Risk Management Objectives

Reduce the number of surprise events Minimize consequences of adverse events Maximize the results of positive events

Risk Classification
Business risks vs. pure (insurable) risks Classified by uncertainty (business risks) Classified by impact on project elements Classified b h i Cl ifi d by their nature Classified by their source Classified by their probability to occur and amount at stake

Consequences of Risk Analysis

Positives
greater information is made available during the course of planning and decision making project objectives are verified p j j better communications better probability that project realization will be optimal increased chance of project success p j

Consequences of Risk Analysis

Negatives
belief that all risks have been accounted for project could be shut down

Some Considerations
Real information is the key. p y The relationship between uncertainty and information is inverse. For the project manager, conditions of relative uncertainty (partial information) are the rule. There is a natural resistance to formal risk analysis. Risks should only be taken to achieve a project objective.

PMBOK FIGURE 11-1

PROJECT RISK MANAGEMENT OVERVIEW
Risk Identification Inputs
Product Description Other Planning Outputs Historical Information

Risk Quantification Inputs

Stakeholder risk tolerances Sources of Risk Potential Risk Events Cost Estimates Activity Duration Estimates

Response Development Inputs

Opportunities to pursue, threats to respond to Opportunities to ignore, threats to accept

Response Control Inputs

Risk Management Plan Actual Risk Events Additional Risk Identification

Tools & Techniques

Checklists Flowcharting Interviewing

Tools & Techniques

Procurement Contingency Planning Alternative Strategies Insurance

Tools & Techniques

Workarounds Additional Risk Response Development

Tools T h i T l & Techniques

Expected Monetary Value Statistical Sums Simulation Decision Trees Expert Judgment

Outputs
Sources of Risk Potential Risk Events Risk Symptoms Inputs to other Processes

Outputs
Corrective Action Updates to Risk Management Plan Pl

Outputs
Risk Management Pl Ri k M t Plan Inputs to other Processes Contingency Plans Reserves Contractual Agreements

Outputs
Opportunities to pursue, threats to respond to Opportunities to ignore, ignore threats to accept

Risk Identification
Project Risk Management 11.0 11 0

Risk Identification 11.1

Risk Quantification 11.2

Risk Response Development 11.3

Risk Response Control 11.4

Risk identification is determining which risks are likely to affect the project and documenting the characteristics of each.

Typical Life Cycle Profiles Risk versus Amount at Stake

I N C R E A S I N G R I S K

Total project life cycle Plan Accomplish Phase 1 Conceive Phase 2 Develop Phase 3 Execute Phase 4 Finish $ (period when highest risks are incurred) (period of highest risk impact) TIME V A L U E

Inputs to Risk Identification

Product description
Specification SOW Contract

Other planning outputs

WBS OBS C and Schedule estimates Cost d S h d l i

Inputs to Risk Identification

Historical information
Commercial databases Corporate memory Corporate database (lessons learned) Websites

Inputs to Risk Identification

Assumptions
Explicit Implicit

Critical success factors

PHASE 1: RISK IDENTIFICATION

IDENTIFY ALL POSSIBLE RISKS WHICH MAY SIGNIFICANTLY IMPACT THE SUCCESS OF THE PROJECT -- CAN DO THIS BY: CAUSE-AND-EFFECT ANALYSIS (WHAT COULD HAPPEN WHAT ENSUES) HOW

EFFECT-AND-CAUSE ANALYSIS (WHAT OUTCOMES TO AVOID THEY MIGHT OCCUR)

BRING IN THE EXPERTS ON THE PROGRAM AND QUESTION THEM BRAINSTORM WBS - INDIVIDUAL WORK PACKAGES PLUS COMBINATIONS THEREOF WILLOUGHBY TEMPLATES, SEI TAXONOMY AND CHARELLET CHECKLIST Risk typically examines possibility of suffering harm or loss; however, Risk Identification is also concerned with opportunities (positive outcomes) and threats (negative outcomes). outcomes)

TYPES OF RISK

Business vs. Insurable Risk Risk Sources

External Unpredictable External Predictable Internal Non Technical Non-Technical Technical Legal L l

TYPES OF RISK (2)

Knowns
An item or situation containing no uncertainty

Known Unknowns
Things which we know exist but do not know how h h they will affect us. These can be ill ff h b identified and evaluated.

Unknown Unknowns
Those risks that cannot be identified and evaluated (unexpected needs). These can be handled via contingency allowances.

TYPES OF RISK (3)

Risks can also be classified as:
External Unpredictable External Predictable Internal Non-Technical Technical h i l Legal

EXTERNAL UNPREDICTABLE
Regulatory Natural Hazards Postulated Events Unexpected Side Effects of the Project Failure to Complete Project Due to Uncontrollable External Events

EXTERNAL PREDICTABLE
Market Risks Operational Environmental Impacts Social Impacts Currency Ri k C Risk Inflation Taxes

INTERNAL, NON-TECHNICAL
Management Schedule Cost Cash Flow C h Fl Loss of Potential Benefit or Profit

TECHNICAL
Changes in Technology Performance Uncertainty Risks Associated with Projects Technology Design Sheer Size or Complexity

LEGAL
Licensing Patent Rights Contractual Difficulties Outsider Suits Insider S it I id Suits Force Majeure (PMIs Word)

OTHER RISK ID SOURCES

Overly Aggressive Cost Estimates y gg Overly Aggressive Duration Estimates Staffing Plan - Personnel With Special Skills Procurement Management Plan l Historical Project Files & Project Team Knowledge Commercial Databases

KEEP IN MIND
How can you assess risks?

Break things down into individual elements and determine their relationships All of them Concentrate on those with greatest impact and most likely probability of occurrence

What risks should you assess?

RISK FACTORS
ALL PROJECT RISKS ARE CHARACTERIZED BY THE FOLLOWING THREE RISK FACTORS RISK EVENT: PRECISELY WHAT MIGHT HAPPEN TO THE DETRIMENT OF THE PROJECT Write it as an If - Then Statement RISK PROBABILITY: HOW LIKELY THE EVENT IS TO OCCUR AMOUNT AT STAKE: THE SEVERITY OF THE CONSEQUENCES

WITH THIS DATA, THE RISK EVENT STATUS ( CRITERION VALUE" OR ("CRITERION VALUE RANKING) OF A GIVEN RISK EVENT CAN BE DETERMINED BY: RISK EVENT STATUS = RISK PROBABILITY X AMOUNT AT STAKE

RISK EVENT vs. RISK SYMPTOM

RISK EVENT ARE DISCRETE OCCURRENCES RISK SYMPTOM TRIGGERS THESE ARE INDIRECT MANIFESTATIONS OF ACTUAL RISK EVENTS

EXAMPLES OF RISK SYMPTOMS: POOR MORALE = EARLY WARNING SIGN OF SCHEDULE DELAY EARLY PROJECT COST OVERRUN = POTENTIAL POOR PROJECT OVERALL ESTIMATING

Risk Identification Tools d T h i T l and Techniques

Checklists
Project Healthcheck

Flowcharting
Cause & Effect (fishbone or Ishikawa charts
What could happen What ensues How they occur

Effect & Cause

Outcomes to avoid

System or Process flowcharts

Risk Identification Tools and Techniques

Interviewing Brainstorming

Outputs
Sources of risk (i.e., categories)
Stakeholder actions Estimates Staffing plans Common sources of risk:
Changes in requirements Design errors, omissions, and misunderstandings Poorly defined R & R Insufficiently skilled staff

Outputs
Potential Risk events
Specific discrete events that might effect the project Generally include: y
Probability Alternative outcomes Timing Frequency (more than once?)

Outputs
Risk Symptoms
Triggers, or trip wires, or indicators Indirect manifestations of risk events
Poor morale Lack of reported progress

Inputs to other processes

Improved estimating More training

Risk Quantification
Project Risk Management 11.0

Risk Identification 11.1

Risk Quantification 11.2

Risk Response Development 11.3

Risk Response Control 11.4

Risk quantification consists of evaluating the risks and risk interactions to assess the range of possible project outcomes.

PHASE 2: RISK QUANTIFICATION

GOALS OF QUANTIFICATION (OR ASSESSMENT)
INCREASE THE UNDERSTANDING OF THE PROJECT IDENTIFY THE ALTERNATIVES AVAILABLE ENSURE THAT UNCERTAINTIES AND RISKS ARE ADEQUATELY CONSIDERED IN A STRUCTURED AND SYSTEMATIC WAY AND INCORPORATED INTO THE PLANNING AND DEVELOPMENT PROCESS ESTABLISH THE IMPLICATIONS OF THESE UNCERTAINTIES ON ALL OTHER ASPECTS OF THE PROJECT

Risk Quantification - Inputs

Stakeholder risk tolerances Sources of risk Potential risk events Cost i C estimates Activity duration estimates

Risk Quantification Tools and Techniques

Expected monetary value Statistical sums Simulation Decision D i i trees Expert judgment

RISK ANALYSIS TECHNIQUES

BRAINSTORMING - SPONTANEOUS CONTRIBUTION OF IDEAS FROM TEAM DELPHI METHOD - METHOD TO DERIVE CONSENSUS USING EXPERT OPINION MONTE CARLO - ITERATIVE SIMULATION USING RANDOM NUMBERS TO INCORPORATE PROBABILISTIC DATA AND DERIVE A PROBABILITY DISTRIBUTION OF THE FINAL RESULT SENSITIVITY ANALYSIS - EVALUATE EFFECT OF A CHANGE IN A SINGLE VARIABLE ON THE ENTIRE PROJECT DECISION TREE ANALYSIS - GRAPHICAL "EITHER / OR" CHOICES UTILITY THEORY - TAKES ATTITUDE OF DECISION MAKER INTO ACCOUNT DECISION THEORY - TECHNIQUE TO REACH DECISION UNDER UNCERTAINTY AND RISK. POINTS TO BEST POSSIBLE COURSE NO MATTER THE FORECAST ACCURACY PROBABILITY ANALYSIS - NEXT PAGE

SIMPLE PROBABILITY
SIMPLE PROBABILITY EQUATION: Pr (Event #1) x Pr (Event #2) = Pr (Both Events) P(t) = P(A) * P(B)
OR 0.70 X 0.80 = 0.56 OR 56%

NOTE: THIS APPLIES TO INDEPENDENT EVENTS ONLY

PROBABILITY EXAMPLE
DATA: Probability of Scope = 0.70 Probability of No Scope = 0.30 Probability of Approval = 0.80 Probability of No Approval = 0.20 EXAMPLE: Pr(Scope) x Pr(Approval) = Pr(Scope) x Pr(No Approval) = Pr(No Scope) x Pr(Approval) = ( p ) ( pp ) Pr(No Scope) x Pr(No Approval) = 0.70 x 0.80 = 0.70 x 0.20 = 0.30 x 0.80 = 0.30 x 0.20 = Total= 0.56 0.14 0.24 0.06 1.00

PRACTICAL APPLICATION -- DECISION TREE ANALYSIS

Expected Monetary Value (EMV)

Product of two values
Risk event probability Risk event value

Valuation of the risk event is key

Must include tangible as well as intangible value 1 week slippage with minor client impact 6 week slippage with major client impact

Expected Monitary Value Example

Given the following:
Cost Probability Optimistic $100,000 0.20 Most likely $130,000 0.60 Pessimistic $180,000 0.20 Expected Value Calculation: Optimistic $100,000 0.20 O ti i ti $100 000 x 0 20 = 20 000 20,000 Most likely $130,000 x 0.60 = 78,000 Pessimistic $180 000 x 0 20 $180,000 0.20 = 36 000 36,000 Expected Monitary Value $134,000
(*EMV = Opt imistic + 4(most likely) + Pessimistic) 6
* formula if probability is not known

EMV Example
If no probabilities are given, use
EMV (Opt 4 ML EMV=(Opt + 4*ML + Pes)/6

EMV= ($100 +4*$130+$180)*1000/6 = $133 333 $133,333

Descriptive Statistics
Mean Mode Median Variance V i Standard Deviation Range

Descriptive Statistics Example

Test scores are 10, 20, 25, 40, 45, 45, 50, 55, 55, 60, 60, 60, 65, 65, 65, 70, 70, 70, 70, 70, 75, 80, 80, 85, 90, 90, 90, 95, 100 Mean: number obtained by dividing the sum of a set of quantities by the number of quantities in the set. (answer is 1855 / 29=64) Mode: value or item occurring most frequently in a series of observations. (answer is 70 -it occurs 5 times) Median: middle value in a distribution, above and below which lie an equal number of values (answer is 65) Variance: average of the squares of the variations from the mean of a frequency distribution. distribution (answer is 486 4) 486.4)

Standard deviation: square root of the variance (answer is 22) variance. Range: measure of the dispersion equal to the difference or interval between the smallest and the largest of the set of quantities. (answer is 90 or 100-10)

Approximations
Mean = (Opt + 4*ML + Pes)/6 SD = (Max - Min)/6

Exercise
Opt ML Pess EMV SDev
13,000 13 000 7,500 7 500 17,500 17 500

Vari i
169,000,000 169 000 000 5,625,000 5 625 000 306,250,000 306 250 000

100,000 125,000 180,000 130,000 Proj. P j A 100 000 125 000 180 000 130 000

Proj.B 80,000 Proj B 80 000 Proj.C 75,000 Proj C 75 000

100,000 125,000 100,833 100 000 125 000 100 833 130,000 180,000 129,167 130 000 180 000 129 167

 Normal Distribution

So What? S Wh t?

M Mean i expected value is t d l Mean = Mode = Median S d d d i i is a measure of dispersion Standard deviation i f di i about the mean
68 27% of cases occur between Mean + SD and 68.27% Mean - SD 95.45% of cases occur between Mean+2SD and Mean-2SD 99.73% of cases occur between Mean+3sd and Mean-3SD Mean 3SD

Mean Blue Bl = 68% Blue + Green = 95% Blue + Green + Red = 99.7% 34.1% 34.1%

1.1%
- 3SD - 2SD

13.6%
- SD

13.6%
+ SD + 2SD

1.1%

+ 3SD

Normal Distribution

Mode

Median

Mean Skewed Normal Distribution

BETA vs. TRIANGULAR DISTRIBUTIONS

BETA DISTRIBUTION
EXPECTED VALUE

TRIANGULAR DISTRIBUTION
EXPECTED VALUE

P R O B A B I L I T Y

P R O B A B I L I T Y

COS COST ESTIMATE S

Mean = (a + 4m + b) / 6 2 Variance = [(b - a) / 6]

COS COST ESTIMATE S

Mean = (a + m + b) / 3 Variance = [(b - a) 2 + (m - a) (m - b)] / 18

Simulation
Simulation uses a representation or model of a system to analyze the behavior or performance of the system.
M t C l analysis is best known Monte Carlo l i i b tk results used to quantify risk of various schedule choices

Monte Carlo
Requires Optimistic, Most Likely, and Pessimistic estimates. Uses random number generator to select which value to use Calculates the database multiple times to develop a probability distribution of the data

Decision Trees
Aggressive schedule EMV = $110,000 Conservative schedule EMV = $7,000 Given th following decision tree: Gi the f ll i d i i t Outcome
250 k 60%
aggressive

EMV 150 k

Choice event
conservative

Choice event Choice event

40% 20%

100 k 45 k

40 k 9k

80% 20 k 16 k

UTILITY THEORY
Definition
Endeavors to formalize managements attitude toward risk of the decision maker.

Types
Risk Seeking i k S ki Risk Neutral Risk Averse

Expert Judgment
Expert judgment can often be applied in lieu of or in addition to the mathematical techniques described above.

Derived from:
team members g others in or outside of organization published findings y g industry averages / statistics

Q QUALITY RISK
GOALS OF RISK MANAGEMENT - INCREASE UNDERSTANDING OF PROJECT - IMPROVE PLANS, DELIVERY, AND ID GREATEST RISKS - WHERE TO FOCUS ATTENTION REMAINING MAJOR PROJECT RISK AREA ... WHAT IF PROJECT FAILS TO PERFORM AS EXPECTED DURING OPERATIONAL LIFE / PRODUCT LIFE CYCLE? CONFORMANCE TO QUALITY REQUIREMENT REMEMBERED LONG AFTER COST AND SCHEDULE PERFORMANCE. QUALITY MANAGEMENT HAS MOST IMPACT ON LONG-TERM LONG TERM PERCEIVED & ACTUAL SUCCESS OF PROJECT

SCHEDULE RISK
CAN MANAGE CRITICAL PATH BUT NOT MANAGE DURATION REASON --> SCHEDULE RISK HIGHEST RISK PATH = PATH WITH MOST PROJECT COMPLETION RISK RISK IN ALL ACTIVITY DURATION BECAUSE FUTURE IS UNCERTAIN LONGEST DURATION ACTIVITY RISKIEST THEREFORE, NEED TO ID & MANAGE WHAT COULD CONTRIBUTE TO , PROJECT DELAY -- COULD OVERRIDE MANAGEMENT OF CRITICAL PATH

SCHEDULE RISK (CONT'D) C

B
FINISH START

E A
MOST LIKELY 9 5 0 6 9 2 8 4 0 1 4 1

D
HIGH 10 6 0 7 14 7

MEAN EXPECTED 9 5 0 4.7 9 3.3

ACTIVITY A-B B-C C-E B-E A-D D-E

LOW

SCHEDULEBRISK (CONT'D)
FINISH START

E A
SUM OF MOST LIKELY 14 15 11 A-B-E

SUM OF MEANS 14 13.7 13 7 12.3 A-B-C-E

SUM OF HIGHS 16 17 21 A-D-E

PATH A-B-C-E A-B-E ABE A-D-E MOST RISKY

Risk Quantification- Outputs

Opportunities to pursue, threats to respond to pursue Opportunities to ignore, threats to accept O ii i h

Risk Response Development

Project Risk Management 11.0 11 0

Risk Identification 11.1

Risk Quantification 11.2

Risk Response Development 11.3

Risk Response Control 11.4

Risk response development defines the enhancement steps for opportunities and responses to threats.

Risk Response Development

Defines steps for
enhancing opportunities responding to threats

Types of Responses
Avoidance - eliminate Mitigation
Reduce EMV by reducing probability Reduce Impact - buy insurance

Acceptance
A i develop plan to deal with risk if it Active: d l l d l ih i k i occurs P i A Passive: Accept risk (e.g., lower profit) t i k( l fit)

PLANNING ALTERNATIVES
Project Managers have Several Response p Options

Avoidance Absorption Adjustment Deflection Contingent Planning A Combination of the Above

AVOIDANCE
Defined
Characterized by project manager h i db j statements such as: This alternative is totally unacceptable to me You would take the appropriate steps to avoid this situation.

ABSORPTION
Risk is Recognized-But Not Acted Upon Accept the Risk AS IS Its a Matter of Policy Retained Ab b d R i d & Absorbed (by prudential
allowances)

Unrecognized, Unmanaged, or Ignored (by

default)

ADJUSTMENT
Modification of the Project
Scope Budget Schedule Quality Specification li ifi i Combination of the Above

DEFLECTION
Involves transfer of risk by such means as:
Contracting Out to Another Party Insurance or Bonding By Recognizing it in the Contract

CONTINGENT TO ADDRESS RISKS TO THE PLANNING CONTINGENT PLANNING IS A MEANS

PROJECT THROUGH A FORMAL PROCESS AND PROVIDE RESOURCES TO MEET THE RISK EVENTS. EVENTS IT IS THE ESTABLISHMENT OF MANAGEMENT PLANS TO BE INVOKED IN THE EVENT OF SPECIFIED RISK EVENTS EXAMPLES: THE PROVISION AND PRUDENT MANAGEMENT OF A CONTINGENCY ALLOWANCE IN THE BUDGET THE PREPARATION OF SCHEDULE ALTERNATIVES AND WORK-AROUNDS EMERGENCY RESPONSES TO DEAL WITH MAJOR SPECIFIC AREAS OF RISK AN ASSESSMENT OF LIABILITIES IN THE EVENT OF A COMPLETE PROJECT SHUT-DOWN

Types of Responses
Prevent risk from occurring
Reduce the probability that the event will occur Eliminate means P=0

Reduce the impact (think containment) containment )

Buy insurance (monetary) Alt Alternative strategies (additional supplier to ti t t i ( dditi l li t PDQ)

CONTRACT STRATEGY
To Select the Right Form of Contract q Requires:

Identification of Specific Risks Determination of how they should be shared between the parties, and The insertion of clear, legal language in the , g g g contract documents to put it into effect.

CONTRACT TYPE vs. RISK

SCOPE OF WORK INFORMATION VERY LITTLE PARTIAL COMPLETE

UNCERTAINTY

HIGH

MODERATE

LOW

DEGREE OF RISK

HIGH 100%

MEDIUM

LOW 0% SELLER (CONTRACTOR) 100%

SUGGESTED RISK ALLOCATION OC O 0% CONTRACT TYPES

AGENCY (BUYER)

CPPF

CPIF

CPFF

FPPI

FFP

CONTRACT TYPE vs. RISK (CONT'D)

P R O B A B I L I T Y
Project A Well defined scope and work content. High probability of achieving realistic cost estimate at 100% ti t t

Project B Fairly well defined scope and work content. Fair probability of achieving 100% cost estimate t ti t

Project c Poorly defined scope and content. Low probability of 100% cost estimate

80%

90%

95%

100%

110%

120%

140%

COST ESTIMATE VALUE

+/- 15%: FFP +/- 25%: CPFF +/- 50%: CPIF > 50%: CPPF Suggested types of contract for various spreads

FAST-TRACKING
Awarding contracts before all the information is complete to reduce the p overall time for the project Much higher risk category!! Appropriate contingency allowances must be increased accordingly. accordingly

Risk Response Development Inputs

Opportunities to pursue, threats to respond to pursue Opportunities to ignore, threats to accept O ii i h

Risk Response Development Tools and Techniques

Procurement
Buy outside skills

Contingency planning
what to do if the event occurs containment

Alt Alternative strategies ti t t i

Prevention

Insurance

Risk Response Development Outputs

Risk management plan Inputs to other processes Contingency plans Reserves R Contractual agreements

Risk Response Control

Project Risk Management 11.0

Risk Identification 11.1

Risk Quantification 11.2

Risk Response Development 11.3

Risk Response Control 11.4

Risk response control involves responding to changes in risk over the life of the project.

PHASE 4: RISK RESPONSE CONTROL

EXECUTE THE RISK MANAGEMENT PLAN FROM PHASE #3 -ID, QUANTIFY AND RESPOND TO ANY CHANGES ID EXECUTE WORKAROUNDS -- UNPLANNED RESPONSES TO NEGATIVE EVENTS -ADDITIONAL RISK RESPONSE DEVELOPMENT CURRENT PROJECT DATABASE -DOCUMENTING ON-GOING RISKS BUILD HISTORICAL DATABASES RELIABLE DATA IS HARD TO FIND! SHOULD CONSIST OF: -RECORDED RISK EVENTS -EXPERIENCE ON PAST PROJECTS (SIMILAR IS PREFERRED) POST-PROJECT ASSESSMENT AND ARCHIVE UPDATE OS O C SS SS C

Risk Response Control

Respond to the changes in project risk over p j the life of the project

Risk Response Control - Inputs

Risk management plan Actual risk events Additional risk identification

Risk Response Control Tools and Techniques

Workarounds
Unplanned responses to unforeseen risks that actually occur

Additional risk response development

Revisions to the response, if it proves inadequate

Risk Response Control - Outputs

Corrective action
Implementing the risk management plan when the risk occurs

Updates to risk management plan

Revisions to the risk management plan as c cu s a ces equ e circumstances require
Risk never materializes Probability of occurrence is reduced

Risk Documentation
Historical database Current project database Post project assessment and archive update j d hi d
Lessons learned Plan variances Actuals Methods, tools and techniques Case studies

SUMMARY
PROJECTS ARE LAUNCHED TO TAKE ADVANTAGE OF OPPORTUNITIES, BUT O O U U OPPORTUNITIES ARE ASSOCIATED WITH UNCERTAINTIES WHICH S SSOC U C S C HAVE RISKS ATTACHED RISK CAN NEVER BE 100% ELIMINATED FOR THE PROJECT TO BE VIABLE, THE EXPECTED VALUE RESULTING FROM A FAVORABLE PROBABILITY OF GAIN MUST BE HIGHER THAN THE CONSEQUENCES AND PROBABILITY OF LOSS THEREFORE, THEREFORE THE RISKS ASSOCIATED WITH A PROJECT MUST RECEIVE CAREFUL EXAMINATION IN THE CONTEXT OF THE ORGANIZATION'S WILLINGNESS OR AVERSION TO TAKING RISKS THIS IS THE DOMAIN OF PROJECT RISK MANAGEMENT, WHICH FORMS MANAGEMENT A VITAL AND INTEGRAL PART OF PROJECT MANAGEMENT

When Should Risk Assessments be Carried Out?

Risk assessments should be carried out as early as possible and then continuously.

Dont take the risk if...

the organization cannot afford to lose. p great. the exposure to the outcome is too g the situation (or project) is not worth it. p j the odds are not in the projects favor. the benefits are not clearly identified. there appear to be a large number of acceptable alternatives.

Dont take the risk if...

the risk does not achieve the project objective. p p the expected value from baseline assumptions is negative. the data is unorganized, without structure or pattern. there is not enough data to understand the results. a contingency plan for recovery is not in place should the results prove unsatisfactory.