Session 18 -2 PMP 4th edition

Project Risk Management

Project Risk Management

Knowledge Area

Process

Initiating Planning Executing Monitoring & Contol Closing

Risk  Plan Risk ManagementIdentify RiskPerform Qualitative Risk AnalysisPerform Quantitative Risk AnalysisPlan Risk Response

Monitor and Control Risks

Enter phase/Start project

Exit phase/End project

InitiatingProcesses

ClosingProcesses

PlanningProcesses

ExecutingProcesses

Monitoring &Controlling Processes

Perform Quantitative Risk Analysis

• The process of numerically analyzing the effect of identified risks on overall project objectives.

Inputs

1. Risk register2. Risk management plan3. Cost management plan4. Project scope statement5. Organizational process assets

Tools & Techniques

1. Data gathering and representation techniques

2. Quantitative risk analysis and modeling techniques

3. Expert judgment

Outputs

1. Risk register updates

If not necessary, this process may be skipped.

Quantitative Risk Analysis

• Is a numerical evaluation (more objective)• This process may be skipped.

• Purpose of this process– Determine which risk events warrant a response.– Determine overall project risk (risk exposure).– Determine the quantified probability of meeting project objectives.

– Determine cost and schedule reserves.– Identify risks requiring the most attention.– Create realistic and achievable cost, schedule, or scope targets.

•Data Gathering and Representation Techniques• • Interviewing. quantify the probability and

impact of risks on project objectives. For instance, information would be gathered on the optimistic (low), pessimistic (high), and most likely scenarios for some commonly used distributions.

Probability distributions. Continuous probability distributions, used in modeling and simulation represent the uncertainty in values such as durations of schedule activities and costs of project components.

Quantitative Risk Analysis and Modeling TechniquesCommonly used techniques include both event-oriented and project-oriented analysis

Sensitivity Analysis

• To determine which risks have the most potential impact to the project• Changing one or more elements/variables and set other elements to its baseline then see the impact.

• One typical display of sensitivity analysis is the tornado diagram

Decision Tree and EMV

• EMV used with Decision Tree to choose between many alternative which take into account the future  events

• Example:

(Impact) ty)(ProbabiliEVM

Expected monetary value

P=0.2

P=0.8

P=0.2

P=0.1P=0.7

outcome

300.000$

- 40.000$

- 50.000$

- 20.000$

60.000$

EMV

300.000x0.2 =60.000

-40.000x0.8 =-32.000

-50.000x0.2 =-10.000

-20.000x0.1=-2.000

60.000x0.7 =42.000

=28.000$

=30.000$

• Modeling and simulation.(Monte Carlo technique)

• A project simulation uses a model that translates the specified detailed uncertainties of the project into their potential impact on project objectives.

• Iterative simulations are typically performed using the Monte Carlo technique.

Risk Register Updates

• Update/add additional information to previous output i.e. Risk Register, which include:

– Prioritize list of quantified risks– Amount of contingency time and cost reserve needed– Possible realistic and achievable completion dates, project cost, with confidence level

– The quantified probability of meeting project objectives– Trends

Plan Risk Response

• The process of developing option and action to enhance opportunities and to reduce threats to project objectives.

Inputs

1. Risk register2. Risk management plan3. Cost management plan4. Project scope statement5. Organizational process assets

Tools & Techniques

1. Strategies for negative risks or threats

2. Strategies for positive risks or opportunities

3. Contingent response strategies

4. Expert judgment

Outputs

1. Risk register updates2. Risk-related contract decisions

3. Project management plan updates

4. Project document updates

Plan Risk Responses

• Do something to eliminate threats  before they happens• Do something to make sure the opportunities happens• Decrease the probability and/or impact of threats• Increase the probability and/or impact of opportunities 

• For the remaining (residual) threats that cannot be eliminated:– Do something if the risk happens (contingency plan).– Do something if contingency plan not effective (fallback plan)– The risks result in applying risk response strategy is called

(secondary risk)– The risk trigger is events that trigger the contingency response– Workaround is unplanned risks

Strategies for Threats

1- Avoid– Eliminate the threat entirely– Example: remove  dangerous test or person or material from project

Strategies for Threats

• 2-Transfer (Deflect, Allocate)

– Shift some or all the negative impact

 of a threat to a third party

Example : insurance or outsource the 

work

Strategies for Threats

• 3-Mitigate– Implies a reduction in the probability    and/or impact of an adverse risk    event to be within acceptable   threshold limits

• Example : provide training for team       members, Wear a helmet head

Strategies for Threats

• 4- Accept– Deal with the risks– Project management plan is      not changed

• Example : Increasing material prices (contingency)

Strategies for Opportunities

• Exploit– Seek to ensure the opportunities definitely happen

– Example: allocate experience manpower  in critical path to complete project early

Strategies for Opportunities

• Share– Allocate some or all of the ownership of the opportunity to a third party who is best able to capture the opportunity for the project benefit.

– Example: buy machine

Strategies for Opportunities

• Enhance– Increase the probability and/or the positive impacts of an opportunity.

– Example: negotiation for the equipment earlier to secure lower price

Strategies for Opportunities

• Accept– Not actively pursuing an opportunity

– Example: decrease material price

Monitor & Control Risk

• The process of ..– implementing risk response plans, – tracking identified risks, – monitoring residual risks, – identifying new risks, and – evaluating risk process effectiveness throughout the project.

Inputs

1. Risk register2. Project management plan

3. Work performance information

4. Performance report

Tools & Techniques

1. Risk reassessment2. Risk audits3. Variance and trend analysis

4. Technical performance measurement

5. Reserve analysis6. Status meetings

Outputs

1. Risk register updates2. Organizational process assets updates

3. Change requests4. Project management plan updates

5. Project document updates

• Risk Reassessment• Monitor and Control Risks often results in

identification of new risks, reassessment of current risks , and the closing of risks that are outdated.

• Project risk reassessments should be regularly scheduled.

.

• Risk Audits• Risk audits examine and document the

effectiveness of risk responses in dealing with identified risks and their root causes, as well as the effectiveness of the risk management process

QUESTIONS?

1- Heba is a Project Manager for software migration at a bank. A major risk that has been identified is attrition of resources. As a strategy to respond to this risk, Heba, with support from Senior Management, provides good increments to his team members. What type of risk response is heba following?

A-Accept

B-Avoid

C-Transfer

D-Mitigate

2-Which of these is not a valid response to positive risks?

A-Exploit

B-Mitigate

C-Enhance

D-Share

3-After conducting a SWOT Analysis, you have determined that a business deal is worth pursuing. You are required to use Agile development practices. In your company, there is no expertise in Agile development. Hence, you partner with another organization that specializes in Agile development. This is an example of:

a) Sharing a Positive Risk

b) Mitigating a Negative Risk

c) Exploiting a Positive Risk

d) Accepting a Negative risk

4-During which stage of Risk planning are modeling

techniques used to determine overall effects of

risks on project objectives for high probability, high

impact risks?

A-Risk identification

B-Risk response planning

C-Qualitative risk analysis

D-Quantitative risk analysis

• 5-if the team cannot identify a suitable

response to an identified risk . Which risk

response would they apply?

A- avoidance

B-acceptance

3- mitigation

4-transference

Thank you