Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

Projectriskmanagement pmbok5

Wird geladen in …3

Hier ansehen

1 von 115 Anzeige

Weitere Verwandte Inhalte

Diashows für Sie (20)

Andere mochten auch (20)


Ähnlich wie Projectriskmanagement pmbok5 (20)


Aktuellste (20)

Projectriskmanagement pmbok5

  1. 1. Project Risk Management Compiled by Muhammad Aleem Habib June 25, 2013 Information derived from PMBOK & Rita Mulcahy
  2. 2. What is Project Risk Management? • Project risk management is actively managing the risks on your project • The goal of risk management is to be more proactive and less reactive
  3. 3. Why Risk Management • A project manager’s work should not focus on dealing with problems; it should focus on preventing them. • How would it feel to say, “No problem; we anticipated this, and we have a plan in place that will resolve it”. • Performing risk management helps prevent many problems and helps make other problems less likely
  4. 4. What is a Risk? • A risk is an uncertain event that could have a positive or negative effect on your project • * This means there is a probability between 1-99% that the event could occur • If there is a 0% chance of an event occurring, there is no risk • (example; there is a 0% chance your project will be adequately funded, this is not a risk, it is a reality).
  5. 5. What is a Risk? • If there is a 100% chance of an event occurring, this would be an issue, not a risk • Risks with negative consequences are called threats • Risks with positive consequences are called opportunities (Yes, risk can be good! Stop thinking of risk as bad, and start thinking of it in terms of probabilities!)
  6. 6. Risk Event Graph
  7. 7. Types of Risk Risks can be broken out into two primary types 1. Pure Risk (hazard)– risk with potential loss only – ex. Fire, theft, personal injury 2. Business Risk (speculative risk) – risk with potential loss or gain – ex. A highly skilled employee becomes available to work on your project, reducing your schedule time, the tax rate changes, a new server costs less (or more) than you budgeted for!
  8. 8. Risk Management Process Threats Opportunities
  9. 9. Project Risk Management Knowledge Area Process Initiating Planning Executing Monitoring & Contol Closing Risk Plan Risk Management Identify Risk Perform Qualitative Risk Analysis Perform Quantitative Risk Analysis Plan Risk Response Monitor and Control Risks Enter phase/ Start project Exit phase/ End project Initiating Processes Closing Processes Planning Processes Executing Processes Monitoring & Controlling Processes
  10. 10. 5 Overall Project Management Processes with Risk Management
  11. 11. • Risk Planning – this is how you plan on conducting risk management. You wouldn’t start managing your project without a plan, so why would you approach risk management that way? • Identify Risks – this is the phase where you attempt to identify most of your risks • Qualitative analysis – this is a subjective analysis of your risks that produces a risk ranking, usually in the order of high, medium, low, or on an ordinal scale. Rankings are by agreement of your project team, sponsors and key stakeholders Risk Management Processes
  12. 12. Risk Management Processes • Quantitative Analysis – a numerical analysis of the probability and impact of the risk on your project • Plan Risk Response– a course of action you will take to deal with your risks should they go from risk to issue • Monitor & Control Risks – monitoring your lists (there are two lists which I will discuss later) of risks to enact a risk response plan, to move a risk from one list to the other, or to remove a risk because it is no longer a risk.
  13. 13. • Uncertainty: a lack of knowledge about an event that reduces confidence • Risk averse: someone who does not want to take risks. • Risk Prone – Someone who is willing to take big risk • Risk tolerances: area of risk that are acceptable / unacceptable. • Risk thresholds: the point at which a risk become unacceptable • Risk Areas: Project Constraints (scope, time, cost, etc) Terms & concepts
  14. 14. Risk Factors 1. The probability the risk will occur 2. The range of possible outcomes (impact) 3. When in the project lifecycle the risk is likely to occur (the timing); * once the expected timeframe of the risk has passed and it is no longer a risk, it can be removed from the risk list 4. How often the risk is expected to occur on the project (frequency)
  15. 15. 11.1 Plan Risk Management • The process of defining how to conduct risk management activities for a project • Important to provide sufficient resources and time for risk management activities, and to establish an agreed upon basis for evaluating risk.
  16. 16. Plan Risk Management DFD. Figure 11-3
  17. 17. Plan Risk Management •How much time should we spend? •Who will be involved? •How should we perform risk management?
  18. 18. Plan Risk Management: Tools & Techniques • Planning Meetings and Analysis – Project teams meet with stakeholders – High level plans for risk management are define in these meetings
  19. 19. Plan Risk Management: Outputs • Methodology Defines the tools, approaches, and data sources that may be used to perform risk management on the project. • Budgeting A budget for project risk management should be established and included in the risk management plan. • Role & Responsibility Defines the lead, support, and risk management team membership for each type of action in the risk management plan.
  20. 20. Plan Risk Management: Outputs • Timing Defines how often the risk management activities will be performed throughout the project life cycle. • Risk categories Documentation such as risk breakdown structures (RBSes) or categories from previous projects will help identify and organize risks. • Definitions of risk Risks and their probabilities are probability & impact defined for use in Qualitative Risk Analysis using a scale of ―very Unlikely to ―almost certain.
  21. 21. Risk Breakdown Structure • A risk breakdown structure (RBS) organizes potential sources of risk to the project. • Functioning much like a work breakdown structure, an RBS arranges categories into a hierarchy. • This approach allows the project team to define risk at very detailed levels.
  22. 22. Risk Breakdown Structure for a Software Development Project Software Dev Project Business Competitors Suppliers Cash Flow Technical Hardware Software Network Organizational Executive Support User Support Team Support Project Management Estimates Communication Resources
  23. 23. RBS Example
  24. 24. Risk Profile • A risk profile is a list of questions that address traditional areas of uncertainty on a project. • These questions has been designed and developed from the experience of past projects.
  25. 25. Risk Profile Questions
  26. 26. No Category Description of Risk IMPACT PROBA BILITY RISK LEVEL 1 Resource Testing environment not available 4 B ORANGE 2 Schedule Documentation approval took longer time 4 A RED Probability Impact Matrix
  27. 27. Risk Management Plan(Contd.) • Stakeholder tolerances – Stakeholders have a low risk tolerance than impact is high. That information should be taken into account to rank cost impacts higher than if the low tolerance was in another area. Tolerances should not be implied, but uncovered in project initiating and clarified or refined continually. • Reporting – Describes reports related to RM and how they will be used and what they will include. • Tracking – Auditing, documentation regarding RM
  28. 28. Q: “ An uncommon state of nature, characterized by the absence of any information related to a desired outcome” , is a common definition for: A. An act of God B. An amount at stake C. Uncertainty D. Risk aversion
  29. 29. 11.2 Identify Risks • This is the phase where you work with your team to identify as many risks as possible.
  30. 30. Identify Risks: Things to remember • Identify Risks can’t be completed without the project scope statement and Work Breakdown Structure (WBS) • Identify Risks happens at the onset of the project and throughout the project • Risks can be identified at any time and during any phase of the project • Risk management is an iterative process, you should work to identify risk during any changes to the project, working with resources, and when dealing with issues
  31. 31. Question ? • Who should be involved in Risk Identification?
  32. 32. Identify Risk: Tools & Tech • Documentation Reviews – including charter, contracts, and planning documentation, can help identify risks. • Those involved in risk identification might look at this documentation, as well as lessons learned, articles, and other documents, to help uncover risks.
  33. 33. Identify Risk: tools & tech • Brainstorming: One idea generates another • Delphi technique: Expert participate anonymously; facilitator use questionnaire; consensus may be reached in a few rounds; Help reduce bias in the data and prevent influence each others. • Interviewing: interviewing experts, stakeholders, experienced PM • Root cause analysis: Reorganizing the identified risk by their root cause may help identify more risks
  34. 34. Identify Risk: Tools & Tech • Checklist analysis: checklist developed based on accumulated historical information from previous similar project • Assumption analysis: identify risk from inaccuracy, instability, inconsistency, incompleteness. • SWOT analysis – Strengths, Weaknesses, Opportunities, Threats
  35. 35. Identify Risk: tools & tech • Influence diagrams – show the casual influences among project variables, the timing or time ordering of events, and the relationships among other project variables and their outcomes. • Cause and Effect Diagrams • Flowcharts
  36. 36. Output: Risk Register • Output is initial entries into the risk register. It includes: – List of risk – List of POTENTIAL responses – Root causes of risks – Updated risk categories
  37. 37. Risk Register Example
  38. 38. • Q: Risk tolerances are determined in order to help: A. The team rank the project risks B. The project manager estimate the project C. The team schedule the project D. Management know how other managers will act to the project
  39. 39. 11.2 Perform Qualitative Risk Analysis • This is the phase where you rank the risks you’ve identified from Identify Risks to come up with a list of risks you will create plans for dealing with
  40. 40. Perform Qualitative Risk Analysis • Things to remember – Perform Qualitative Risk Analysis is subjective – What is the probability of the risk occurring? High, medium, low? 1-10? – What is the impact if the risk does occur? High, medium, low? 1-10?
  41. 41. Tools and Techniques of Qualitative Analysis • Probability & Impact Matrix – a matrix that creates a consistent evaluation of high, medium, or low for your projects. This helps to make the risk rating process more repeatable between projects. • Risk Data Quality Assessment – What is the quality of the data used to determine or assess the risk? Think about the following – Extent of the understanding of the risk – Data available about the risk – Quality of the data – Reliability & Integrity of the data
  42. 42. Tools and Techniques of Qualitative Analysis • Risk Categorization – Which of your categories has more risk than others? Which of your work packages could be most affected by risk? • Risk Urgency Assessment – Which of your risks could occur soon, or require a longer planning time? Risk urgency assessment helps move these risks more quickly through the rest of the project management process
  43. 43. Output: Risk Register Updates • Risk ranking for the project compared to other projects • List of prioritized risks and their probability and impact ratings • Risks grouped by categories • List of risks for additional analysis and response • Watchlist (non-critical risks) • Trends
  44. 44. Perform Quantitative Risk Analysis • A numerical analysis of the probability and impact of the risks with the highest risk rating score determined from qualitative analysis • Is a numerical evaluation (more objective) • This process may be skipped.
  45. 45. Perform Quantitative Risk Analysis Purpose of this process • Determine which risk events warrant a response. • Determine overall project risk (risk exposure). • Determine the quantified probability of meeting project objectives. • Determine cost and schedule reserves. • Identify risks requiring the most attention. • Create realistic and achievable cost, schedule, or scope targets.
  46. 46. Tools and Techniques of Quantitative Analysis • EMV – Expected Monetary Value – What is the probability of the risk occurring multiplied by the impact if the risk does occur? If the risk occurs, what could the financial or time loss be to your project? • In the example below, this project has an EMV of ($58,250), this means that you need to put aside $58,250 in your risk reserve account for potential risks Risk Probability Impact EMV A 20% $ (100,000.00) $(20,000.00) B 90% $ 10,000.00 $ 9,000.00 C 5% $ 30,000.00 $ 1,500.00 D 65% $ (75,000.00) $(48,750.00) Total $(58,250.00)
  47. 47. Q: If a project has a 60% chance of a US $ 100,000 profit and a 40% chance of a US $ 100,000 loss, the expected monetary value for the project is : A. $ 100,000 profit B. $ 60,000 loss C. $ 20,000 profit D. $ 40,000 loss
  48. 48. Tools and Techniques of Quantitative Analysis • Decision Tree – used for planning on individual risks instead of planning for the whole project – Takes into account future events to make a decision today – Can calculate the EMV in more complex situations – Involves mutual exclusivity
  49. 49. Airline A has a 90% chance to reach at time and Airline B has a 60% chance to reach at time. If you don’t reach at time, it will cost you 100,000. Use EMV to find which airline you should choose?
  50. 50. Decision tree /EMV example Airline A EMV: 10,000 + (10% * 100,000) = 20,000 Airline B EMV: 8000 + (40%*100,000) = 48,000
  51. 51. Tools and Techniques of Quantitative Analysis • Monte Carlo Analysis – A technique that uses simulation to show the probability of completing your project on time and within budget. – Determines the overall risk of the project, not the task – Determines the probability of completing the project on a specific day and for a specific cost – Takes into account path convergence (places in the network diagram where many paths converge into one activity) – Used to evaluate the impact to your schedule and budget – Due to the complicated mathematical computations used, Monte Carlo analysis is usually done with a computer program – Creates a probability distribution – triangular, normal, beta, uniform or lognormal (learn these)
  52. 52. Sensitivity Analysis • To determine which risks have the most potential impact to the project • Changing one or more elements/variables and set other elements to its baseline then see the impact. • One typical display of sensitivity analysis is the tornado diagram • Tornado diagram is useful in analyzing risk taking scenarios. • They provide the positive and negative impact of each risk on the project and let you decide to choose which risk to take.
  53. 53. Sample Sensitivity Analysis
  54. 54. Outcome of Quantitative RA Risk Register Updates • Prioritized list of quantified risks • Amount needed for contingency reserves for time and cost • Confidence levels of completing the project on a certain date for a certain amount of money • The probability of delivering the project objectives • Trends - risk management is an iterative process; as you repeat the process you can track your overall project risk and determine the trend (if you are decreasing or increasing the level of risk on your project)
  55. 55. Outcome of Quantitative RA: Examples • What are the risks that are most likely to cause trouble? To affect the critical path? That need the most contingency reserve? • “The project requires another 50,000 and two months of time to accommodate the risks on the project?” • “We are 95 percent confident that we can complete this project on May 25th for $989,000 budget?” • “We only have a 75 percent chance of completing the project within the $800,000 budget.”
  56. 56. “What are we going to do now about each top risk?”
  57. 57. Risk Response Planning • Eliminate the threats before they happen • Make sure opportunities happen • Decrease the probability and/or impact of threats • Increase the probability and/or impact of opportunities • For Residual Threats – Contingency Plans – Fallback Plans
  58. 58. Risk Response Strategies Risk Opportunities Exploit Enhance Share Accept Active Contingency Plan Fallback Plan Passive Workaround Threats Avoid Transfer Mitigate
  60. 60. Avoidance • Risk prevention • Changing the plan to eliminate a risk by avoiding the cause/source of risk • Protect project from impact of risk • Examples: – Change the supplier / engineer – Do it ourselves (do not subcontract) – Reduce scope to avoid high risk deliverables – Adopt a familiar technology or product
  61. 61. Mitigation • Seeks to reduce the impact or probability of the risk event to an acceptable threshold • Be proactive: Take early actions to reduce impact/probability and don’t wait until the risk hits your project • Examples: – Staging - More testing - Prototype – Redundancy planning – Use more qualified resources
  62. 62. Transfer • Shift responsibility of risk consequence to another party • Does NOT eliminate risk • Most effective in dealing with financial exposure • Examples: – Buy/subcontract: move liabilities – Selecting type of Procurement contracts: Fixed Price – Insurance: liabilities + bonds + Warranties
  64. 64. Strategies for Opportunities Exploit: Ensure opportunity is realized • Ex: Assigning organization most talented resources to the project to reduce cost lower than originally planned. Enhance: Increase the probability and/or the positive impact of the opportunity • Ex: Adding more resources to finish early
  65. 65. Strategies for Opportunities Share: Allocating some or all of the ownership to third part best able to capture the opportunity • Ex: Joint ventures, special-purpose companies
  66. 66. Acceptance (Both for Threats & opportunities) • Active Acceptance – Develop a contingency plan to execute if the risk occur – Contingency plan = be ready with Plan B – Fall back plan = plan C if B fails • Passive Acceptance – Deal with the risks as they occur = Workarounds – Usually for low ranked risks
  67. 67. Risk Response Matrix Risk Event Response Contingency Plan Trigger Who is responsible Interface Problems Mitigate: Test Prototype Workaround until help comes Not solved within 24 hours Asif System freezing Mitigate: Test Prototype Reinstall OS Still frozen after 1 hour Khalid User backlash Mitigate: Prototype demonstration Increase staff support Cell from top management Javed Equipment malfunction Mitigate: Select reliable vendor Transfer: Warranty Order replacement Equipment fails Aleem
  68. 68. Outputs of Risk Response Planning Updates to Risk Register • Residual Risks – risks that are left over after Plan Risk Response • Contingency Plans – plans of action in case the risk does occur • Risk Response Owners – the person on the team responsible for monitoring the risk, risk triggers, developing a response strategy, and implementing the strategy should the risk occur • Secondary Risks – new risks that result from the implementation of the contingency plans for the primary risks
  69. 69. Outputs of Risk Response Planning Updates to Risk Register • Risk Triggers – early warning signs that there is a high probability the risk will occur • Fallback Plans – a secondary contingency plan, in case the contingency plan does not work or is not effective • Reserves – Contingency reserves - covers the cost for ‘known unknowns’ discovered during risk management; covers the residual risks. The contingency reserve is calculated and made part of the baseline. – Management reserves – these are estimated and made part of the project budget, not the baseline. Management approval is needed to use the management reserve.
  70. 70. Outputs of Risk Response Planning Project Management Plan Updates • Changes made due to risk management will be changes made to the project and should be updated in the project management plan
  71. 71. Q: Replacing a doubtful supplier with an expensive but reliable one is an example of: A. Mitigation B. Transference C. Acceptance D. Avoidance
  72. 72. Q: A Reserve is generally intended to be used for: A. Rework activities. B. Compensate for inaccurate project cost estimates. C. Reducing the risk of missing the cost or schedule objectives. D. Compensate for inaccurate project schedule estimates.
  73. 73. Some important points: • What do you do with non-critical risks? • Would you choose only one risk response strategy? • What risk management activities are done during execution of the project? • What is the most important item to be discussed in project team meetings? • How would risk be addressed in project meetings?
  74. 74. Some important points: • What do you do with non-critical risks? – Put them in a watch-list and revisit them periodically. • Would you choose only one risk response strategy? – You may select a combination of strategies. – Response of one risk might address another risk as well! • What risk management activities are done during execution of the project? – Watch-out risks on watch-list and looking for new risks.
  75. 75. Some important points: • What is the most important item to be discussed in project team meetings? – Off course, Risk! • How would risk be addressed in project meetings? – Asking, what is the status of risks? Is their any new risk? Is the rank of any risk goes up and down?
  76. 76. Monitor and Control Risk • The process of – implementing risk response plans – tracking identified risks – monitoring residual risks – identifying new risks and – evaluating risk process effectiveness throughout the project – risk audit.
  77. 77. Inputs to Monitor & Control Risk • Risk Management Plan • Risk Register • Approved Change Requests • Work performance information – Deliverable status – Schedule progress – Costs incurred • Performance reports
  78. 78. Monitor & Control Risk: Tools • Workaround – a response to a risk that has occurred when no contingency plan exists. • Risk audit – a team of experienced project team members reviews the risk management process and response strategies to see if you’ve effectively identified the major risks on the project and developed effective strategies for dealing with them.
  79. 79. Monitor & Control Risk: Tools • Risk Reassessment – Risk management is iterative, you should review the risks on your project throughout the project to update their qualitative and quantitative values. • Status meetings – status meetings should be used to identify new risks or changes to existing risks. This is a great opportunity to discuss with your team and stakeholders existing risks and new risks.
  80. 80. Monitor & Control Risk: Tools • Reserve analysis – has the reserve kept up with changes to the risk list? Does the reserve still cover the costs of these risks should they occur? • Closing of risks – Risks are expected to happen during a particular phase of the project. When that phase has passed and the risk is no longer probable, the risk should be removed from the risk list and any reserve associated should be freed up.
  81. 81. Outputs of Monitor & Control Risks • Updates to Risk Register – Outcomes of the risk reassessments and risk audits – Closing of risks that are no longer applicable – Details of what happened when risks occurred – Lessons learned
  82. 82. Outputs of Monitor & Control Risks • Requested Changes • Recommended Corrective & Preventive Actions • Updates to the Project Management Plan • Organizational Process Assets Updates
  83. 83. Practice Exam
  84. 84. Answers
  85. 85. Practice Exam
  86. 86. Answers
  87. 87. Practice Exam
  88. 88. Answers
  89. 89. Practice Exam
  90. 90. Answers
  91. 91. Practice Exam
  92. 92. Answers
  93. 93. Practice Exam
  94. 94. Answers