What is Risk? Risk and uncertainty are equivalent
Three Definitions • Risk • A possible future event which if it occurs will lead to an undesirable outcome. • Project Risk • The cumulative effect of the chances of an uncertain occurrence that will adversely affect project objectives. • Risk Management • A systematic and explicit approach for identifying, quantifying, and controlling project risk.
DEFINITION PROJECT RISK MANAGEMENT IS THE ART AND SCIENCE OF IDENTIFYING, ASSESSING, AND RESPONDING TO PROJECT RISK THROUGHOUT THE LIFE OF A PROJECT AND IN THE BEST INTERESTS OF ITS OBJECTIVES PROJECT RISK IS THE CUMULATIVE EFFECT OF THE CHANCES OF UNCERTAINOCCURRENCES ADVERSELY AFFECTING PROJECT OBJECTIVES
RISK MANAGEMENT PURPOSE IDENTIFY FACTORS THAT ARE LIKELY TO IMPACT THE PROJECT OBJECTIVES OF SCOPE, QUALITY, COST AND TIME QUANTIFY THE LIKELY IMPACT OF EACH FACTOR GIVE A BASELINE FOR PROJECT NON-CONTROLLABLES MITIGATE IMPACTS BY EXERCISING INFLUENCE OVER PROJECT CONTROLLABLES THE PMBOK ALSO POINTS OUT THAT RISK MANAGEMENT INCLUDES MAXIMIZING THE RESULTS OF POSITIVE EVENTS AND MINIMIZING THE CONSEQUENCES OF ADVERSE EVENTS.
ISSUES A RISK SHOULD ONLY BE TAKEN WHEN THE POTENTIAL BENEFIT AND CHANCES OF WINNING EXCEED THE REMEDIAL COST OF AN UNSUCCESSFUL DECISION AND CHANCES OF LOSING BY A SATISFACTORY MARGIN WHAT WILL BE GAINED? WHAT COULD BE LOST? WHAT ARE THE CHANCES OF SUCCESS (AND FAILURE)? WHAT CAN BE DONE IF THE DESIRED RESULT IS NOT ACHIEVED? IS THE POTENTIAL REWARD WORTH THE RISK? POTENTIAL FREQUENCY OF LOSS AMOUNT AND RELIABILITY OF INFORMATION AVAILABLE POTENTIAL SEVERITY OF LOSS MANAGEABILITY OF THE RISK VIVIDNESS OF THE CONSEQUENCES POTENTIAL FOR (ADVERSE) PUBLICITY WHOSE MONEY IS IT?
NATURE OF RISK MANAGEMENT WHEN SPEAKING OF RISK, THINK OF ONLY HAZARDOUS ONES EVERYDAY COMMON DAY ONES ARE IGNORED RARELY DO WE SYSTEMATICALLY IDENTIFY ALL RISKS INVOLVED HOWEVER, INCLINED TO CONSIDER RISK DIFFERENTLY RELATIVE TO FAMILY - VERY PRECIOUS AND LOTS OF POTENTIAL EXAMPLES: SMALL CHILDREN - STAY AWAY FROM ROAD - RISK ID & AVOIDANCE HOW DID DAY GO? - DO MORE TO HELP THEM - INFO FEEDBACK THESE ACTIONS ARE ESTABLISHING THE BASIC ELEMENTS OF MANAGING PROJECT RISK INTO OUR CHILDREN
PROJECT RISK MGMT IS PRO-ACTIVE CLASSIC SYSTEMS METHODOLOGY: INPUT PROCESS OUTPUT FEEDBACK LOOP THIS PROCESS VITAL TO EFFECTIVE PROJECT CONTROL, HOWEVER RISK IS DIFFERENT - - HAS TO DO WITH: UNCERTAINTY, PROBABILITY OR UNPREDICTABILITY, AND CONTINGENT PLANNING
REACTIVE vs. PRO-ACTIVE CRISIS MANAGEMENT -- REACTIVE MODE -- SELECT RESPONSE PRO-ACTIVE -- ANTICIPATE AND PLAN TO AVOID RISK & DECISION MAKING: TAKE RISK IF POTENTIAL BENEFIT AND CHANCE OF WINNING EXCEEDS COST OF UNSUCCESSFUL DECISION AND CHANCES OF LOSING BY A SATISFACTORY MARGIN (CLASSIC COST / BENEFIT ANALYSIS)
PMBOK Risk • Opportunities - Positive outcome • Threats - Negative outcome
Benefits of Risk Management • More and better information is available during planning and decision making • Project objectives are verified • Improved communications • Higher probability of project success • Proactive approach • Project might be canceled
Why Organizations don’t doRisk Management • Unwillingness to admit risks exist • Postpone the hard parts of the project until later • Risk management costs money • Up front investment of time • Can’t prove it’s necessary • Think health insurance
Why Organizations don’t doRisk Management • “Can Do” management style severely inhibits risk management • Risk identification can make you look like a whiner
Ways to AvoidRisk Management • “Managing risk is everybody’s business” • “There is only one risk: The project might fail. And we’re managing that by working real hard to assure that doesn’t happen.”
The Uncertainty Spectrum Complete Information NO Information Partial Information (Unknown unknowns) (Known unknowns) (Knowns) GENERAL UNCERTAINTY SPECIFIC UNCERTAINTY TOTAL UNCERTAINTY TOTAL CERTAINTY SCOPE OF PROJECT RISK MANAGEMENT* *Note: in this range the information to be sought is known
Project Risk Integration Communication Scope Project Risk Cost Time Quality Procurement Human Resources
INTEGRATING RISK PROJECT MANAGEMENT INTEGRATION INFORMATION / Life Cycle and SCOPE Environment Variables COMMUNICATIONS Ideas, Directives, Expectations Data Exchange Accuracy Feasibility PROJECT RISK HUMAN Availability Productivity Requirements Standards QUALITY RESOURCES Time Objectives, Services, Plant, Materials: Restraints Performance CONTRACT / Cost Objectives, TIME Restraints PROCUREMENT COST
Project Risk Management A subset of project management that includes the processes concerned with identifying, analyzing, and responding to project risk.
Risk Management Objectives • Reduce the number of surprise events • Minimize consequences of adverse events • Maximize the results of positive events
Risk Classification • Business risks vs. pure (insurable) risks • Classified by uncertainty (business risks) • Classified by impact on project elements • Classified by their nature • Classified by their source • Classified by their probability to occur and amount at stake
Consequences of Risk Analysis Positives • greater information is made available during the course of planning and decision making • project objectives are verified • better communications • better probability that project realization will be optimal • increased chance of project success
Consequences of Risk Analysis Negatives • belief that all risks have been accounted for • project could be shut down
Some Considerations • Real information is the key. • The relationship between uncertainty and information is inverse. • For the project manager, conditions of relative uncertainty (partial information) are the rule. • There is a natural resistance to formal risk analysis. • Risks should only be taken to achieve a project objective.
PMBOK FIGURE 11-1 PROJECT RISK MANAGEMENT OVERVIEW • Risk Identification • Inputs • Product Description • Other Planning Outputs • Historical Information • Tools & Techniques • Checklists • Flowcharting • Interviewing • Outputs • Sources of Risk • Potential Risk Events • Risk Symptoms • Inputs to other Processes • Risk Quantification • Inputs • Stakeholder risk tolerances • Sources of Risk • Potential Risk Events • Cost Estimates • Activity Duration Estimates • Tools & Techniques • Expected Monetary Value • Statistical Sums • Simulation • Decision Trees • Expert Judgment • Outputs • Opportunities to pursue, threats to respond to • Opportunities to ignore, threats to accept • Response Development • Inputs • Opportunities to pursue, threats to respond to • Opportunities to ignore, threats to accept • Tools & Techniques • Procurement • Contingency Planning • Alternative Strategies • Insurance • Outputs • Risk Management Plan • Inputs to other Processes • Contingency Plans • Reserves • Contractual Agreements • Response Control • Inputs • Risk Management Plan • Actual Risk Events • Additional Risk Identification • Tools & Techniques • Workarounds • Additional Risk Response Development • Outputs • Corrective Action • Updates to Risk Management Plan
Risk Identification Risk identification is determining which risks are likely to affect the project and documenting the characteristics of each.
Typical Life Cycle ProfilesRisk versus Amount at Stake Total project life cycle I N C R E A S I N G R I S K Plan Accomplish Phase 1 Conceive Phase 2 Develop Phase 3 Execute Phase 4 Finish Opportunity & Risk $ V A L U E (period when highest risks are incurred) Amount at Stake (period of highest risk impact) TIME
Inputs to Risk Identification • Product description • Specification • SOW • Contract • Other planning outputs • WBS • OBS • Cost and Schedule estimates
Inputs to Risk Identification • Historical information • Commercial databases • Corporate memory • Corporate database (lessons learned) • Websites
Inputs to Risk Identification • Assumptions • Explicit • Implicit • Critical success factors
PHASE 1: RISK IDENTIFICATION IDENTIFY ALL POSSIBLE RISKS WHICH MAY SIGNIFICANTLY IMPACT THE SUCCESS OF THE PROJECT -- CAN DO THIS BY: CAUSE-AND-EFFECT ANALYSIS (WHAT COULD HAPPEN é WHAT ENSUES) EFFECT-AND-CAUSE ANALYSIS (WHAT OUTCOMES TO AVOID é HOW THEY MIGHT OCCUR) BRING IN THE EXPERTS ON THE PROGRAM AND QUESTION THEM BRAINSTORM WBS - INDIVIDUAL WORK PACKAGES PLUS COMBINATIONS THEREOF WILLOUGHBY TEMPLATES, SEI TAXONOMY AND CHARELLET CHECKLIST Risk typically examines possibility of suffering harm or loss; however, Risk Identification is also concerned with opportunities (positive outcomes) and threats (negative outcomes).
TYPES OF RISK • Business vs. Insurable Risk • Risk Sources • External Unpredictable • External Predictable • Internal Non-Technical • Technical • Legal
TYPES OF RISK (2) • Knowns • An item or situation containing no uncertainty • Known Unknowns • Things which we know exist but do not know how they will affect us. These can be identified and evaluated. • Unknown Unknowns • Those risks that cannot be identified and evaluated (unexpected needs). These can be handled via contingency allowances.
TYPES OF RISK (3) • Risks can also be classified as: • External Unpredictable • External Predictable • Internal Non-Technical • Technical • Legal
EXTERNAL UNPREDICTABLE • Regulatory • Natural Hazards • Postulated Events • Unexpected Side Effects of the Project • Failure to Complete Project Due to Uncontrollable External Events
EXTERNAL PREDICTABLE • Market Risks • Operational • Environmental Impacts • Social Impacts • Currency Risk • Inflation • Taxes
INTERNAL, NON-TECHNICAL • Management • Schedule • Cost • Cash Flow • Loss of Potential Benefit or Profit
TECHNICAL • Changes in Technology • Performance Uncertainty • Risks Associated with Project’s Technology • Design • Sheer Size or Complexity
LEGAL • Licensing • Patent Rights • Contractual Difficulties • Outsider Suits • Insider Suits • Force Majeure (PMI’s Word)
OTHER RISK ID SOURCES • Overly Aggressive Cost Estimates • Overly Aggressive Duration Estimates • Staffing Plan - Personnel With Special Skills • Procurement Management Plan • Historical Project Files & Project Team Knowledge • Commercial Databases
KEEP IN MIND • How can you assess risks? • Break things down into individual elements and determine their relationships • What risks should you assess? • All of them • Concentrate on those with greatest impact and most likely probability of occurrence
RISK FACTORS ALL PROJECT RISKS ARE CHARACTERIZED BY THE FOLLOWING THREE RISK FACTORS RISK EVENT: PRECISELY WHAT MIGHT HAPPEN TO THE DETRIMENT OF THE PROJECT Write it as an “If - Then” Statement RISK PROBABILITY: HOW LIKELY THE EVENT IS TO OCCUR AMOUNT AT STAKE: THE SEVERITY OF THE CONSEQUENCES WITH THIS DATA, THE RISK EVENT STATUS ("CRITERION VALUE" OR RANKING) OF A GIVEN RISK EVENT CAN BE DETERMINED BY: RISK EVENT STATUS = RISK PROBABILITY X AMOUNT AT STAKE
RISK EVENT vs. RISK SYMPTOM • RISK EVENT ARE DISCRETE OCCURRENCES • RISK SYMPTOM ÞTRIGGERS • THESE ARE INDIRECT MANIFESTATIONS OF ACTUAL RISK EVENTS • EXAMPLES OF RISK SYMPTOMS: • POOR MORALE = EARLY WARNING SIGN OF SCHEDULE DELAY • EARLY PROJECT COST OVERRUN = POTENTIAL POOR PROJECT • OVERALL ESTIMATING
Risk IdentificationTools and Techniques • Checklists • Project Healthcheck • Flowcharting • Cause & Effect (fishbone or Ishikawa charts • What could happen What ensues • Effect & Cause • Outcomes to avoid How they occur • System or Process flowcharts
Risk IdentificationTools and Techniques • Interviewing • Brainstorming
Outputs • Sources of risk (i.e., categories) • Stakeholder actions • Estimates • Staffing plans • Common sources of risk: • Changes in requirements • Design errors, omissions, and misunderstandings • Poorly defined R & R • Insufficiently skilled staff
Outputs • Potential Risk events • Specific discrete events that might effect the project • Generally include: • Probability • Alternative outcomes • Timing • Frequency (more than once?)
Outputs • Risk Symptoms • Triggers, or trip wires, or indicators • Indirect manifestations of risk events • Poor morale • Lack of reported progress • Inputs to other processes • Improved estimating • More training
Risk Quantification Risk quantification consists of evaluating the risks and risk interactions to assess the range of possible project outcomes.
PHASE 2: RISK QUANTIFICATION GOALS OF QUANTIFICATION (OR ASSESSMENT) INCREASE THE UNDERSTANDING OF THE PROJECT IDENTIFY THE ALTERNATIVES AVAILABLE ENSURE THAT UNCERTAINTIES AND RISKS ARE ADEQUATELY CONSIDERED IN A STRUCTURED AND SYSTEMATIC WAY AND INCORPORATED INTO THE PLANNING AND DEVELOPMENT PROCESS ESTABLISH THE IMPLICATIONS OF THESE UNCERTAINTIES ON ALL OTHER ASPECTS OF THE PROJECT