Project Activities:

Risk Management

Lecture 6
Risk and opportunity are opposite
sides of the same coin—
opportunity emerges from
favorable
Project uncertainties, and negative
consequences from unfavorable
events
 An uncertain event or condition that, if it occurs,
has a positive or negative effect on one or more
project objectives.

An estimate of the probability of loss from a large

population of unwanted circumstances.

It operate in an environment composed of

uncertainty.

What is There is uncertainty regarding project funding,

Project Risk? the availability of necessary resources, changing
client expectations, potential technical problems
Risk Management
Risk
identification

risk assessment risk analysis

Risk prioritization
Risk
management
Risk
management
planning

risk control risk monitoring

risk resolution
Risk Management

IT RECOGNIZES THE CAPACITY OF IT CONSISTS OF ANTICIPATING, AT

ANY PROJECT TO RUN INTO THE BEGINNING OF THE PROJECT
TROUBLE, SO IT IS DEFINED AS THE UNEXPECTED SITUATIONS THAT MAY
ART AND SCIENCE OF IDENTIFYING, ARISE THAT ARE BEYOND THE
ANALYZING, AND RESPONDING TO PROJECT MANAGER’S CONTROL.
RISK FACTORS THROUGHOUT THE THESE SITUATIONS HAVE THE
LIFE OF A PROJECT AND IN THE BEST CAPACITY TO SEVERELY UNDERMINE
INTERESTS OF ITS OBJECTIVES. THE SUCCESS OF A PROJECT.
Risk Management

Process of risk • What is likely to • What can be • What cues will • What are the
management happen (the done to minimize signal the need for likely outcomes of
includes asking the probability and the probability or such action (i.E., these problems
following impact)? impact of these What clues should and my anticipated
questions: events? I actively look for)? reactions?

Event Risk = (Probability of Event)(Consequences of Event)

Risk Versus Amount at Stake: The Challenge in
Risk Management
Risk Management – Four Steps

Risk identification—the process of determining the specific risk

factors that can reasonably be expected to affect your project.

Analysis of probability and consequences—the potential impact

of these risk factors, determined by how likely they are to occur
and the effect they would have on the project if they did occur.

Risk mitigation strategies—steps taken to minimize the potential

impact of those risk factors deemed sufficiently threatening to
the project.

Control and documentation—creating a knowledge base for

future projects based on lessons learned.
RISK IDENTIFICATION
Financial risk
• It refers to the financial exposure a firm opens itself to when developing a project.

Technical risk
• When new projects contain unique technical elements or unproven technology, they are being developed
under significant technical risk.

Commercial risk
• What are the specific unknowns related to the execution of the project plan? For example, you may
question whether geographical or physical conditions could play a role,

Execution risk
• What are the specific unknowns related to the execution of the project plan?
• For example, you may question whether geographical or physical conditions could play a role,

Contractual or legal risk

• This form of risk is common with projects in which strict terms and conditions are drawn up in advance.
• Many forms of contracted terms (e.g., cost-plus terms,fixed cost, liquidated damages) result in a
significant degree of project risk
 Common Form of Risk in Project

Staff being pulled Additional

Absenteeism Resignation away by staff/skills not
management available

Work or change
Training not as Initial Enhancements
orders multiplying
effective as specifications poor taking longer than
due to various
desired or incomplete expected
problems
 Brainstorming meetings

Multiple (or
Expert
team-based)
Methods of Risk assessments
opinion

Identification
History
RISK BREAKDOWN STRUCTURES

It is to create a hierarchical representation

of the project’s risks, starting at the higher,
is defined as “a source-oriented grouping
general level and breaking the risks down
of project risks that organizes and defines
to more specific risks at lower levels. For
the total risk exposure of the project
example, at the highest level, youhave
both external and internal risks.

Specifically, “Market risks,”“Technical From this first level, project team breaks
risks,” “Environmental Impact risks,” and out the specific types of risk associated
“Quality risks” as second level categories. with each of these broader concepts
Risk Breakdown Structure
ANALYSIS OF PROBABILITY AND CONSEQUENCES
The matrix reflects all identified
In probability of failure, we are
project risks, each prioritized
interested in identifying any factors
according to the probability of its
that can significantly affect the
occurrence, along with the
probability that the new project can
potential consequences for the
be successfully completed. shows a
project, the project team, or the
risk impact matrix in use by several
sponsoring organization should the
Fortune 500 companies.
worst come to pass.

Note that instead of a high-low

classification, this alternative one This matrix is further refined by
features three levels: high, medium, classifying risk impact as either
and low. serious, moderate, or minor.

The fundamental reason for

employing this more complete
matrix is to develop a sense of
priority in addressing the various
risks.

Classifying project Risk

 Critical Analysis of Failure
Under the dimension of consequences of failure, we are concerned with the issues that will highlight the effects of
project failure.

The consequences of failure require us to critically evaluate the results of a project’s success or failure along several
key dimensions.

For this example, the organization has identified four elements that must be considered as critical effects of project
failure:

(4) performance—how
(1)cost—budget (3) reliability—the
(2) schedule—on time well the new software
adherence versus usefulness and quality of
versus severe delays, performs its designed
overruns, the finished product, and
functions.
 RISK MITIGATION STRATEGIES
Risk Acceptance Risk Avoidance. Risk transfer.
• It acknowledges a risk and • This approach completely • transfers the risk to another
accepts its potential avoids the activity that carries party when accepting or
consequences without taking the potential risk. For avoiding the risk yourself is
further actions to mitigate or instance, if a customer has a not feasible – say, purchasing
eliminate it. This approach is history of defaulting on loans, an insurance policy to cover
appropriate when the lending money to that person the costs of a data breach.
likelihood and impact of the poses a serious credit risk. • This approach is suitable for
risk are both low, and the cost • To avoid it, an entity may risks with a high potential
of addressing it outweighs the decide to decline the impact and significant
potential benefits. customer’s loan application. mitigation costs. It can,
This approach is suitable however, result in additional
when the potential impact of costs, and should be
the risk is high and the cost of implemented after thoroughly
mitigating it is significant. evaluating risks and costs.
 Risk sharing
• In this, business partners, stakeholders, or other third parties
share the risk. If the risk then happens, the responsibility or loss
will not fall solely on one party. It’s important to establish clear
agreements and communication channels in advance to assure
effective risk sharing and minimize the potential for disputes.

Risk buffering
Risk • It is the act of adding extra resources, time,
or personnel to mitigate the potential
Mitigation impact of a risk. For example, implementing
redundant servers or backup systems can

Strategies reduce the risk of a critical system failure.

Risk strategizing
• It involves creating a contingency plan or “Plan B”
for certain risks. For example, if the project’s size
makes risk management a challenge, developing
an alternative plan to manage the project in
smaller segments can reduce potential risks.
 RISK MITIGATION STRATEGIES
Risk testing
• Risk testing is the performance of tests (usually many tests) to verify that a project is secure and functions as intended. Make sure you complete the testing
phase to meet deadlines and avoid vulnerabilities that threat actors may exploit. such as vulnerability assessments and code reviews, to identify and
remediate potential security issues.

Risk quantification
• Accurately quantifying risks allows an organization to determine the potential financial implications of a risk even. It is
critical for making informed decisions about risk transfer through insurance purchases or risk sharing among stakeholders.
• Moreover, quantifying risks helps you to prioritize them in the risk register based on their potential impact; that allows you to
allocate resources more effectively.

Risk reduction
• Risk reduction is the implementation of risk controls to mitigate potential hazards or bad outcomes that may arise during a
project or with an enterprise. Reduction helps to enhance the safety and security of the projects and the organization by
identifying and addressing potential risks before they become significant.

Risk digitization
• Risk digitization uses digital tools and technologies to transform how businesses recognize, evaluate, control, and reduce
risks. This involves integrating digital solutions that provide features such as machine learning, data analytics, automation,
and artificial intelligence to enhance the efficacy of risk management systems
USE OF CONTINGENCY RESERVES
Contingency reserves in several forms, including financial and managerial, are among the most common methods used to
mitigate project risks. the goal of creating contingency funds is to ensure against unforeseen risks, the key to their effective use
lies in proactive planning to establish reasonable triggers for their release

It is used to offset budget cutbacks, schedule overruns, or other

TASK CONTINGENCY unforeseen circumstances accruing to individual tasks or project
work packages.

involve the risk associated with the development of individual

work packages or even tasks, managerial contingency is an
MANAGERIAL CONTINGENCY additional safety buffer applied at the project level. Managerial
contingency is budget safety measures that address higher-
level risks.

Insurance can be a useful means for risk mitigation, particularly

in certain types of projects such as construction. Risks in
INSURANCE construction go beyond technical risks or monetary/commercial
risks to include health and safety concerns

The Project Management Institute’s Body of Knowledge defines

a workaround as a response to a threat that has occurred, for
WORKAROUNDS
which a prior response has not been planned or was not
effective
Sensitivity Analysis
Tornado Diagrams are a very common way of displaying results of sensitivity analysis. They compare the importance of
variables that have a higher degree of uncertainty to the more stable variables. As you might remember from the
previous paragraphs, during sensitivity analysis, one variables impact on the project objectives is understood while all
other variables are set at the baseline.

Greater the effect of a variable, the higher up it will feature on the diagram. This means that we should focus on the
elements that are higher up in the image.
Scenario Analysis
 Break Even
Analysis
Simulation Model & Decision Tree analysis
 Change management as part
of risk mitigation strategies
also requires a useful
documentation system that
all partners in the project can
access. Any strategy aimed at
minimizing a project risk
Change factor, along with the
member of the project team
Management responsible for any action,
must be clearly identified
and Risk
Management
 Report must offer a comprehensive analysis of the problem, the plan for
its minimization, a target date, and the expected outcome once the
mitigation strategy has been implemented.

Who—Assign a project team member direct responsibility for following

this issue and maintainingownership regarding its resolution.

When—Establish a clear time frame, including milestones if necessary,

that will determine when the expected mitigation is to occur. If it is
impossible to identify a completion date in advance, then identify
reasonable process goals en route to the final risk reduction point.

Why—Pinpoint the most likely reasons for the risk; that is, identify its
CONTROL AND cause to ensure that efforts toward its minimization will correspond
appropriately with the reason the risk emerged.
DOCUMENTATION
How—Create a detailed plan for how the risk is to be abated. What steps
has the project team member charted as a method for closing this
project risk window? Do they seem reasonable ormfar-fetched? Too
expensive in terms of money or time?