Risk management involves identifying risks, assessing their potential impact and probability of occurring, and developing strategies to mitigate negative impacts. Key aspects of risk management include identifying risks through techniques like brainstorming and documentation reviews, quantifying risks based on their probability and impact level, developing responses to reduce, transfer or avoid risks, and ongoing monitoring and control through audits, reviews and status reports. The overall goal is to minimize threats to a project's objectives of staying on schedule, within budget and meeting quality and performance goals.
2. What is Risk?
• Risk (noun): possibility of loss or injury
• (Merriam-Webster Dictionary)
3. Risk in Project Management
•A risk is something that may happen
and if it does, will have an impact on the
project objectives.
May → possibility
Impact → loss
Objectives → time, cost, performance,
quality, scope, client
satisfaction.
4. Words in Risk Management
• Possibility → probability, likelihood
• Loss → impact
• Weakness → vulnerability
• Threat
• Control → countermeasure
• Residual Risk → the amount of risk that is left
over when appropriate controls are properly
applied to lessen or remove weakness
5. Risk Management Plan
• Risk Identification
• Risk Quantification
• Risk Response
• Risk Monitoring and
Control
6. Risk Identification
Or Risk Assessment
• Threats to the project
• Weaknesses of the project environment
• The possibility that threat will make use of
weakness
• The impact of the exposure (threat to
weakness)
• Available controls
7. Risk Identification and SWOT
Factors affecting an
organization (in this
case, project) can usually
be classified as:
• Internal factors
– Strengths (S)
– Weaknesses (W)
• External factors
– Opportunities (O)
– Threats (T)
8. Risk Identification Tools and
Techniques
• Document Reviews
• Information Gathering
– Brainstorming
– Lessons Learned Database
– Other methods, some common techniques include:
questionnaires and surveys, interviewing, checklists,
and examination of the Work Breakdown Structure
for the project with appropriate specialty groups,
asking “what-if’ questions
9. Risk Identification Output
• Identification # for each risk identified
• Date and phase of project development when risk was
identified
• Name of risk (does the risk pose a threat or present an
opportunity?)
• Detailed description of risk event
• Risk trigger
• Risk type
• Potential responses to identified risk
• Comments about risk identification
11. Risk Quantification
• Set Impact Level of the Project
– Impact Level to Cost
– Impact Level to Schedule
• Set Probability Level of the Project (could be
organization standard)
• Set Risk Matrix (should be organizational
standard)
12. Impact Level Example
• Project Value 10M
• Project Schedule 3 Months
Level Value Time
Very High > 5M > 1Mo
High 2M-5M 2W-1Mo
Medium 0.5M-2M 3d-2W
Low 0.1M-0.5M 1d-3d
Very Low <0.1M < 1d
13. Probability Level Example
Level Probability
Very High >90%
High 70%-90%
Medium 30%-70%
Low 5%-10%
Very Low <5%
14. Probability Risk Matrix Example
•VH
•H
•M
•L
•VL
•VL •L •M •H •VH
Impact
15. Risk Response
Avoid: Do Something to Remove
Transfer: Make Someone Else Responsible
Reduce: Take Action to Lessen the Impact or
Possibility
Accept
16. Risk Response: Rule
Cost of Risk Response (Avoid, Transfer or
Reduce) must be less than the cost of impact.
Probability
Reduce Avoid
Accept Transfer
Severity
17. Risk Monitoring and Control
• Risk Audit
• Risk Reviews
• Risk Status Meetings and Reports
Hinweis der Redaktion
Try to identify as many risks as possible that may affect project objectives. Documentation Reviews Peer level reviews of project documentation, studies, reports, preliminary plans, estimates and schedules are a common and early method to help identify risks that may affect project objectives. Information Gathering • Brainstorming Formal and informal brainstorming sessions with project team members and extended project team members such as specialty groups, stakeholders and regulatory agency representatives is a technique for risk identification. • Lessons Learned Database Searching for lessons learned database that are relevant to your project can provide an abundance of information on projects that may have faced similar risks. • Other methods There are many techniques, some common techniques include: questionnaires and surveys, interviewing, checklists, and examination of the Work Breakdown Structure for the project with appropriate specialty groups, asking “what-if’ questions, for example “what-if we miss the fish window?” or “what-if our environmental documentation is challenged and we have to prepare … ?” etc.
There are four things you can do about a risk. The strategies are: Avoid the risk. Do something to remove it. Use another supplier for example. Transfer the risk. Make someone else responsible. Perhaps a Vendor can be made responsible for a particularly risky part of the project. Mitigate the risk. Take actions to lessen the impact or chance of the risk occurring. If the risk relates to availability of resources, draw up an agreement and get sign-off for the resource to be available. Accept the risk. The risk might be so small the effort to do anything is not worth while. A risk response plan should include the strategy and action items to address the strategy. The actions should include what needs to be done, who is doing it, and when it should be completed.
The final step is to continually monitor risks to identify any change in the status, or if they turn into an issue. It is best to hold regular risk reviews to identify actions outstanding, risk probability and impact, remove risks that have passed, and identify new risks.