Risk management involves identifying risks, assessing their potential impact and probability of occurring, and developing strategies to mitigate negative impacts. Key aspects of risk management include identifying risks through techniques like brainstorming and documentation reviews, quantifying risks based on their probability and impact level, developing responses to reduce, transfer or avoid risks, and ongoing monitoring and control through audits, reviews and status reports. The overall goal is to minimize threats to a project's objectives of staying on schedule, within budget and meeting quality and performance goals.

1. Risk Management
For Project Management

2. What is Risk?
• Risk (noun): possibility of loss or injury
• (Merriam-Webster Dictionary)

3. Risk in Project Management
•A risk is something that may happen
and if it does, will have an impact on the
project objectives.
May → possibility
Impact → loss
Objectives → time, cost, performance,
quality, scope, client
satisfaction.

4. Words in Risk Management
• Possibility → probability, likelihood
• Loss → impact
• Weakness → vulnerability
• Threat
• Control → countermeasure
• Residual Risk → the amount of risk that is left
over when appropriate controls are properly
applied to lessen or remove weakness

5. Risk Management Plan
• Risk Identification
• Risk Quantification
• Risk Response
• Risk Monitoring and
Control

6. Risk Identification
Or Risk Assessment
• Threats to the project
• Weaknesses of the project environment
• The possibility that threat will make use of
weakness
• The impact of the exposure (threat to
weakness)
• Available controls

7. Risk Identification and SWOT
Factors affecting an
organization (in this
case, project) can usually
be classified as:
• Internal factors
– Strengths (S)
– Weaknesses (W)
• External factors
– Opportunities (O)
– Threats (T)

8. Risk Identification Tools and
Techniques
• Document Reviews
• Information Gathering
– Brainstorming
– Lessons Learned Database
– Other methods, some common techniques include:
questionnaires and surveys, interviewing, checklists,
and examination of the Work Breakdown Structure
for the project with appropriate specialty groups,
asking “what-if’ questions

9. Risk Identification Output
• Identification # for each risk identified
• Date and phase of project development when risk was
identified
• Name of risk (does the risk pose a threat or present an
opportunity?)
• Detailed description of risk event
• Risk trigger
• Risk type
• Potential responses to identified risk
• Comments about risk identification

10. Risk Identification Sheet Example

11. Risk Quantification
• Set Impact Level of the Project
– Impact Level to Cost
– Impact Level to Schedule
• Set Probability Level of the Project (could be
organization standard)
• Set Risk Matrix (should be organizational
standard)

12. Impact Level Example
• Project Value 10M
• Project Schedule 3 Months
Level Value Time
Very High > 5M > 1Mo
High 2M-5M 2W-1Mo
Medium 0.5M-2M 3d-2W
Low 0.1M-0.5M 1d-3d
Very Low <0.1M < 1d

13. Probability Level Example
Level Probability
Very High >90%
High 70%-90%
Medium 30%-70%
Low 5%-10%
Very Low <5%

14. Probability Risk Matrix Example
•VH
•H
•M
•L
•VL
•VL •L •M •H •VH
Impact

15. Risk Response

Avoid: Do Something to Remove

Transfer: Make Someone Else Responsible

Reduce: Take Action to Lessen the Impact or
Possibility

Accept

16. Risk Response: Rule
Cost of Risk Response (Avoid, Transfer or
Reduce) must be less than the cost of impact.
Probability
Reduce Avoid
Accept Transfer
Severity

17. Risk Monitoring and Control
• Risk Audit
• Risk Reviews
• Risk Status Meetings and Reports