2. Purpose of this document
Learning about project management doesn’t end when you pass the PMP exam. PMP teaches a
methodology that every practitioner must follow.
However, the PMP content is quite detailed and is geared for large projects and many small
projects, typically in IT industry, do not follow all processes described in the PMBOK.
As a result, many PMP certified project managers either forget what their learnt or start thinking
that most of what they studied is not relevant for their roles.
This slide deck is intended for all of us who wish to retain the most important and practice advice
that PMP taught us irrespective of how big or small our projects are.
4. Why Risk Management Matters
Risk Management is the most important activity for a project manager because:
ü It helps prevent problems
ü Reduces potential impact of problems
ü Saves time and money on the project
Risk Management activities are an integral part of a project manager’s daily work.
5. Key Concepts
Uncertainty
Risk Averse
Risk Factors
Threats & Opportunities
RiskTolerance
RiskThreshold
Uncertainty is a lack of knowledge about any event that makes it difficult to predict
the outcome of the event.
Risk Averse is the characteristic of someone who doesn’t want to take risks or
chances.
Risk Factors include things like how likely is the risk occurrence, impact, frequency
and timing.
If the outcome of a risk event is positive, it is an opportunity. If the outcome is
negative, it is a threat.
It is the degree to which a person or an organization is willing to accept risk.
Risk Factors include things like how likely is the risk occurrence, impact, frequency
and timing.
7. Risk Categorization
Risks can be categorized in various ways. Some PMs categorize risks using the source of the risk and some may use
other approaches. One approach that is often used is:
Technical Unforeseeable
Internal External
Risks caused due to technical
factors, software or hardware
issues, patches or changes in
technology.
Risks caused by factors internal
to the project or the
organization such as scope, cost,
staffing, planning etc.
Only a small number of risks
will actually fall under this
category. E.g.Tsunami, Flash
floods, terrorist attacks etc.
Risks caused by regulatory,
government, environmental
factors etc.
8. Risk Management Process Steps
Plan Risk
Management
Identify
Risks
Perform
Risk Analysis
Plan Risk
Response
Monitor and
Control
Risks
Throughout
9. Risk Analysis
Risk Analysis is the process of analyzing risks, their
probability and potential impact to determine which of
the risks warrant a response.
Planning a risk response for every risk, irrespective of
their impact, would be an expensive process.Therefore,
it is important to determine which ones are worth
managing.
Risks to be targeted
Quantitative
Risk Analysis
Qualitative
Risk Analysis
10. Qualitative Risk Analysis
Qualitative Risk Analysis is a subjective analysis of the risks.
• Every risk is assigned a probability like High, Low and Medium (or using a scale of 1 to 3)
• Impact of every risk is assigned a value too.Again, Low, Medium, High or using a scale.
Shortcomings of Qualitative Risk Analysis
Such analysis is highly subjective in nature.What one person considers critical, may not be critical for
somebody else.
Therefore, to ensure consistent risk analysis, organizations need to develop a rating system. Probability and
Impact matrix is one such tool.
11. Quantitative Risk Analysis
Quantitative Risk Analysis is a numerical analysis of the risks. It is also known as risk assessment.
• A quantified probability (80%, 60%) is determined for every risk.
• Impact of every risk is measured in terms of amount at stake.
Expected MonetaryValue Analysis (EMV)
Calculating EMV of every risks helps rank the risks to understand which ones definitely deserve a thorough
response planning.
EMV of a risk = Probability of the risk x Impact (Amount at Stake)
Monte Carlo Simulation
Monte Carlo Analysis uses simulation to simulate the cost and schedule of the project over a high number of
iteration.This calculates the overall risk of the project. It results in a probability distribution and determines
the probability of completing the project on a specific day or for a specific cost.
12. Risk Register
Risk Register is the project artifact where all data about risks is stored and maintained. Please note that risk register
is updated throughout the project.
Risk
ID
Risk
Description
Potential
Responses
Root
Cause
Risk
Category
Risk
Probability
Impact Risk Rank
As the risk management process progresses, more columns are added to the risk register as risk analysis results in
more data being captured.
13. Risk Response Strategies - Opportunities
The risk response strategies for Opportunities include:
Exploit Enhance
Share Accept
Try to make sure that the
opportunity occurs.
Form a partnership or
joint venture that will
increase the chances to
achieve the opportunity.
Increase the likelihood or
the (positive) impact of
the opportunity (risk
event)
Do nothing.Accept the
risk
14. Risk Response Strategies - Threats
The risk response strategies for Threats include:
Avoid Mitigate
Transfer Accept
Eliminate the risk by
removing the cause of the
risk.
Make another party
responsible for the risk by
purchasing insurance or by
outsourcing the work.
Reduce the likelihood or
the (negative) impact of
the threat (risk event)
Do nothing.Accept the
risk
15. Some Terms to know
Residual Risks
Contingency Plans
Secondary Risks
RiskTriggers
Fallback Plans
Reserves
Risks remaining after the risk response planning.These include risks that have been
accepted. Stakeholders must be informed about risks that have been accepted.
These are plans that describe what will be done when the risk event occurs.
These are risks created as a result of implementing any risk response strategy. For
example, risks associated with outsourcing the work.
Risk triggers are events that triggers the contingency response.
These are plans that describe what will be done if the contingency plan is not
effective.Think of these as Plan B.
Reserves are funds for time and cost that are maintained to cover risks and is an
important part of cost management planning. Contingency reserves are for
known risks that have been identified during risk planning process and are used to
address residual risks. Management reserves are for those risks that could not
be identified during risk management process.
16. Risk Management – Errors to avoid
Ø Cost and schedule are finalized without completing identifying all risks and completing risk
management.
Ø Risk management is not given due attention during project execution.
Ø Risks are not discussed in every project meeting.
Ø Procurements are completed before all risks to the project have been discussed.
Ø Project Manager does not involve team members and other stakeholders in the risk
management process.