Mr. Wissam Yaccoub delivered a talk to PMI Lebanon Chapter about The Known Unknown - Importance of Project Risk Management in March 2019.
Among the Talking Points & Agenda:
Risk tolerance and uncertainty
Risk assessment game
Risk culture in life and organizations
Project risk management processes
How to plan, identify, and analyze risk
Uplifted risk register template
Group risk exercise
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
The Known Unknown - Importance of Project Risk Management by Mr Wissam Yaacoub
1.
2. Wissam Yaacoub, PMP, PMI-RMP
The Know Unknowns: Importance
of Project Risk Management (PRM)
3. Because risks have the potential to cause deviations from the project plan and
from pre-defined objectives.
PRM encourages PROACTIVE management practices that help
deliver projects successfully.
Why PRM?
4. Risk Tolerance
There are:
1. Risks we tolerate
2. Risks we cannot tolerate
Risk tolerance is a measure of willingness to accept higher risk in exchange for higher
potential returns.
Risk appetite is the amount and type of risk that an organization is willing to take in order to meet
their strategic objectives.
5. Risk: The Known Unknown
Unknown
Unknowns
Known
Unknowns
Known
Knowns
No information Partial information Complete information
Uncertainty Risk Certainty
Spectrum of Risk
time
Adapted from Burke (2003) “Project Management Planning and Control Techniques”
Risk is about information
7. 1. Based on
your
experience,
please
identify the
top travel
risks!
2. Which of
these have been
previously
foreseen and
controlled by
you?
Based on your most recent leisure trip experience
8.
9. CONCERN RISK ISSUE
Uneasy feeling that an
issue may arise which
could affect the
project’s success.
No root cause or firm
basis for concern yet
identified.
Likelihood that an issue
may arise which could
affect the project’s
success.
Root cause(s) i.e. firm
basis/ justification of risk
is identified.
Occurrence of risk
event which will
affect the project’s
success.
Risk is not
adequately
addressed
Concern is
analyzed to
identify root
cause(s)
12. According to PMI, a risk management plan includes some or all of the following elements:
Planning Risk Management
Risk Strategy
Methodology:
Tools and data
sources
Roles and
responsibilities
(RACI matrix)
Timing: When
and how often
Risk
Breakdown
Structure (RBS)
Stakeholders’
Risk Appetite
Definition of the
Probability and
Impacts
Risk register
and risk report
formats
Tracking and
auditing
13. Risk Identification Tools & Techniques
1. Expert judgment
2. Data gathering
• Brainstorming
• Checklists
• Interviews
3. Data analysis
• Root cause analysis
• Assumption and constraint analysis
• SWOT analysis
• Document or contract analysis
4. Interpersonal and team skills
5. Prompt lists of categories: PESTLE, VUCA,…
6. Risk workshops
14. Root Cause Analysis:
- The main and true cause of the risk event.
- Without the root cause the risk wouldn’t have occurred.
- Controlling the root cause could eliminate the problem.
Identify Risk Output:
Risk Register, Risk Report,
Document Updates
Cause-Effect Diagram
15. Risk Register Template
Risk
Code
Risk Event Root Causes Effects RBS
Impact Analysis Qualitative Rating
Confidenc
e Level %
Risk
Score
Risk
Level
Response
StrategyTime Cost ScopeQuality Impact Likelihood
PD01
Failure to meet the 'Wild Air'
date specified in the Contract.
1. The process of obtaining the approvals from the
relevant governmental authorities is delayed. (our input
is not mentioned)
2. 3rd party contractor laying cables from 132KV
substation falls behind schedule; Nesma has to
interface and coordinate as required with the third party
contractor to ensure timely preparation
and connection of the permanent power.
Having to rent power or
use temporary
generators
PD 7 5 3 1 4.7 5 60% 30 MEDIUM
Mitigate
Risk
FN01
Loss of profit on omitted ,
altered, or value engineered.
1.Contractual Obligation
2. Design is still under progressive development
3. All savings in their entirety will be passed directly to
the Client.
Loss of highly profitable
items
FN 3 7 3 3 4.3 5 50% 26 MEDIUM Avoid Risk
LE01
Employer's Site data
inaccurate/insufficient or wrong
1. The Employer shall be discharged from all liability in
connection with any claims on the grounds of lack of
sufficient or probative data or information.
Unclaimable and costly
works in included in
budget
LE 5 5 3 3 4.3 7 75% 40 HIGH
Mitigate
Risk
17. Every Risk is
analyzed in
terms of its
IMPACT on:
Cost (Budget, Expenses, Reserves,…)
Time (Schedule, Milestones, Deadlines,…)
Scope (Contract, Agreement, Variations,…)
Quality (Specifications, Regulations, Satisfaction,…)
The second
element in the
risk analysis is
its
PROBABILITY
of occurrence.
Impact
Minor (1) Low (3) Moderate (5) High (7) Major (9)
Probability
Very High (9) 9 27 45 63 81
High (7) 7 21 35 49 63
Moderate (5) 5 15 25 35 45
Low (3) 3 9 15 21 27
Remote (1) 1 3 5 7 9
Risk Analysis
The Risk Matrix tool is established based on the company’s risk appetite. It defines the level of risk by considering its
probability or likelihood against its impact or severity.
Risk Assessment Indices
Minor (10%) 1
Low (30%) 3
Moderate (50%) 5
High (70%) 7
Major (90%) 9
18. Risk Register Template
Risk
Code
Risk Event Root Causes Effects RBS
Impact Analysis Qualitative Rating
Confidence
Level %
Risk
Score
Risk Level
Response
StrategyTimeCost Scope Quality Impact Likelihood
PD01
Failure to meet the 'Wild Air'
date specified in the
Contract.
1. The process of obtaining the approvals from the
relevant governmental authorities is delayed. (our input
is not mentioned)
2. 3rd party contractor laying cables from 132KV
substation falls behind schedule; Nesma has to interface
and coordinate as required with the third party
contractor to ensure timely preparation
and connection of the permanent power.
Having to rent power or
use temporary
generators
PD 7 5 3 1 4.7 5 60% 30 MEDIUM
Mitigate
Risk
FN01
Loss of profit on omitted ,
altered, or value engineered.
1.Contractual Obligation
2. Design is still under progressive development
3. All savings in their entirety will be passed directly to
the Client.
Loss of highly profitable
items
FN 3 7 3 3 4.3 5 50% 26 MEDIUM Avoid Risk
LE01
Employer's Site data
inaccurate/insufficient or
wrong
1. The Employer shall be discharged from all liability in
connection with any claims on the grounds of lack of
sufficient or probative data or information.
Unclaimable and costly
works in included in
budget
LE 5 5 3 3 4.3 7 75% 40 HIGH
Mitigate
Risk
Risk Assessment Indices
Minor (10%) 1
Low (30%) 3
Moderate (50%) 5
High (70%) 7
Major (90%) 9
19. Risk Breakdown Structure - Types of Risk in Project Management
Type Description and Examples
Financial Risk Typically escalation of project costs due to poor cost estimating accuracy and scope creep,
mistakes in cost estimations, bankruptcy, and insurance costs.
Schedule Risk Risk that activities will take longer than expected. Slippages in schedule typically increase costs
and, also, delay the receipt of project benefits, with a possible loss of competitive advantage.
Quality Risk Risk that the project will fail to produce results consistent with project specifications.
Governance Risk It relates to management performance with regard to ethics, social responsibility, and company
reputation.
Technical Risk Result from errors or incompleteness in design, technological obsolescence, and inefficiency.
Operational Risk It includes risks from poor implementation and process problems such as procurement,
production, and work distribution.
Market Risk It includes competition, foreign exchange, commodity markets, and interest rate risk, as well as
cash flow and credit risks.
Legal Risk
Arise from legal and regulatory obligations, including contract risks and litigation brought against
the organization.
Nature Risk It includes storms, floods, earthquakes, fire, and archaeological discovery.
Political Risk Government policy, public opinion, change in legislation, sabotage, and terrorism; labor strikes;
and civil unrest.
20. 1
2
3
4
5
Risk Response
Strategy
Description Example
1) Avoid
Eliminate the root cause and thus, eliminate
the project risk.
Design change, or shutting down a
construction site in bad weather
2) Transfer Transfer the risk to some other party.
Insurance purchases, warranties,
guarantees, sub-contracting, etc.
3) Mitigate
Reduce the probability and/or impact of the
risk
To reduce risk of injuries,
contractor install temporary
lighting, signs, and handrails.
4) Accept
Passive acceptance leaves action to be
determined as needed, in case of a risk
event. Active acceptance involves allocation
of contingency reserves to the project.
Exchange rate fluctuation for
imported goods
5) Escalate
Risks which cannot be monitored and
handled by the project are escalated to the
upper level, for example to program
management.
Lack of workforce for the project
21. Residual & Secondary Risk
Residual Risk is the remaining level of risk following the development and implementation of
the risk response strategy. The residual risk should always be less than the inherent risk,
otherwise there would be no justification for selecting the risk response.
Secondary Risk is a new risk caused by the response plan. If the risk response was not
taken, the secondary risk would not exist. In some cases, secondary risks can be worse
than primary risks.
The residual or the secondary risk is also evaluated for its
severity and may require a new treatment if it is not within the
risk tolerance; otherwise it will be kept on the watch list.
22. The Case of Boeing 737 MAX Jet
Cause: Engine is placed higher and farther out on the wing than previous models
Risk: Plane could pitch upward in certain conditions
Effect: High likelihood of a plane stall
Response: Mitigate the risk by installing a computer software called MCAS that
automatically brings the nose of the plane down
Secondary Risk 1: Faulty sensors can make the MCAS work when it shouldn’t
Secondary Risk 2: Pilots (Trip PM) are not educated about the new MCAS
Effect: Plane crash / Ruin of company image
23. The Balance of Knowledge
When making a decision in our risky world, we should be
careful not to place too much weight on
what we think we know
because
what we don’t know
may be more important !!!!
24. Identify and analyze at least 5 top risks from any
HOME REMODELING project.
Use the distributed template!
a. Describe each risk event and its root cause
b. Identify the RBS associated with each risk
c. Propose a risk response strategy
Group Risk Exercise
25. Lack of Project Risk Management
= Surprises + Crisis Management
= Failure to meet project objectives
Jal el Dib New Bridge
Planners and estimators tend to underestimate costs
and difficulties during the planning of projects.
Many projects develop baseline programs without
adequately considering risk.
26. Bring up
Lessons
Learned from
previous
projects
Risk Communication
Make project
risks part of
every
meeting
agenda
Let project
leaders make
decisions on
top risks
Communicate
the big risks
Create time
to deal with
opportunities
90% of a project manager’s job is communication. And one of the most important things to communicate
is project risk.
Don’t be fragile in front of Risk!
Talk about it, learn from it, and challenge it.
27. “The process of discovery (or innovation,
or technological progress) itself depends
on antifragile* tinkering, aggressive risk
bearing rather than formal education.”
Nassim N. Taleb
*Antifragile: Things that benefit from shocks, risk, and uncertainty.
28.
29. Risk Management Professional Exam:
Preparation Course is 30 to 40 Contact Hours to
be eligible for the PMI Exam.
The certification exam has 170 multiple-choice
questions and you have 3.5 hours to complete it.
PMI Risk Management Professional (PMI-RMP)®c