1. RISK
A risk is an uncertain event that has
the potential to either positively or
negatively impact the project
objectives.
there is always a level of uncertainty
associated with risks, it is
impossible to predict with complete
accuracy whether they will occur.
RISK MANAGEMENT.
It is a critical component of an
organizational culture that
values prudent risk-taking.
It is involved as a systematic
process of identifying,
assessing responding to risks,
and communicating the
outcomes of these processes to
relevant parties on time.
PROBABILITY
probability refers to the likelihood of
an event occurring. it can be very
low, low, medium, high, very high. it
is interesting to note that each
company has its own concept of
what the terms low, medium, and
high mean in this context. this
likelihood may be minimal for one
organization while it may be high for
another with identical objectives.
IMPACT
Risk impact refers to the potential
consequences or effects of a risk
event occurring. it is important
aspect of risk management as it
helps project managers to prioritize
risks and allocate resources
accordingly. One million is an
extremely high-risk number for
some organizations either positive
or negative, for large enterprises
one million is nothing. thus, the
organization management plan
defines what is high, medium, or low
i.e. impact of risk. in high medium or
low it means the impact of the risk
RISK-AVERSE
Risk-averse refers to a preference for
avoiding, minimizing, or transferring
over risk acceptance or exploitation.
An organization’s life and budget
influence how it will approach a
certain risk like government agencies,
it will become more risk averse as it
attempts to avoid risk.
RISK SEEKER
Risk seekers refer to a preference for
taking risks and pursuing
opportunities even if they involve
potential losses. Risk risk-seeking
approach involves prioritizing risk
acceptance or exploitation over risk
avoidance, minimization, or transfer.
When a company or individual is
young, they are more risk takers and
desire to take danger on hand.
RISK NEUTRAL
A risk-neutral approach involves
evaluating risks based on their
expected values and choosing the
highest expected value.
RISK APPETITE
Refers to the degree of uncertainty an
organization is willing to accept in
exchange for potential returns.
RISK THRESHOLD
Tolerance of Organization
Risk threshold or tolerance of
the organization refers to the
measure or upper bound of
acceptance. Variation around
an objective that reflects the
risk appetite of the
organization.
It is a key element of risk
strategy and is established and
monitored at enterprise,
portfolio, program, and project
levels.
RISK EXPOSURE
the overall risk of the company or the
risk that is willing to accept.
IDENTIFYING RISK
Identifying risks to generate a
comprehensive list of all
relevant risks that might have
an impact on the project. it is
important to distinguish
between the origin of the risk
and its objective and its effect.
TOOLS
1. Sponsor
2. Key stakeholders
3. Subject matter expert
4. Business Document
5. Business Management Plan
6. Project Charter
7. Assumptions & Constraints
8. OPA
9. EEF
10.Focus group.
Gathers qualitative data and
diverse perspectives from
participants who have relevant
experience in risk being
examined.
11.Facilitated workshop.
This technique uses focused
sessions to bring cross-
functional stakeholders
together to identify risks
associated with the project.
Documentations.
The process of identifying risk
is iterative. Risk can arise at
any time even after the project
has been completed.
Therefore, documents shall be
reviewed continuously.
2. PRIORITIZING RISK
Prioritizing risk is the process of
evaluating and ranking risks based
on their potential impact and
likelihood of occurrence.
The purpose of risk prioritizing is to
allocate resources and attention to
the most critical risks that could
have a significant negative impact
on objectives or outcomes.
By prioritizing risks, organizations
can focus their efforts on managing
and mitigating the most important
and urgent risks while potentially
accepting or monitoring lower
poverty risks.
Risk=Probability x Impact
Qualitative risk assessment
this method is used to evaluate and
prioritize risks based on their
characteristics rather than assigning
specific numeric values.
In this method, risks are typically
categorized into various levels or
scales such as L, M, and H, or using
a scale like 1-5.
It is particularly useful when there is
limited data or when risks cannot be
easily quantified.
Probability
Impact
1 2 3 4 5
1
2
3
4
5
1 2 3 4 5 Very Low
Low
Medium
High
Very High
2 4 6 8 10
3 6 9 12 15
4 8 12 16 20
5 10 15 20 25
QUANTITATIVE RISK
ANALYSIS
It is a systematic process
used to evaluate and quantify
risks associated with a
particular activity project or
system. It involves the
mathematical and statistical
techniques to assign
numerical values to values
risk factors such as likelihood
and impact.
Quantitative risk assessment
assigns the numerical value
to risk that allows better
comparison and prioritization
of risk.
It is an iterative process that
should be revisited through
our project.
TECHNIQUES
QUANTITATIVE ANALYSIS
1-Influence Diagram is a powerful
tool for quantitative risk analysis that
helps project managers identify and
manage risk effectively.
It provides a clear way of graphically
representing a relationship between
risk and cost and can be evaluated
using simulation techniques to
determine each element’s influence
on key outcomes.
A
B C
D
E
F
2-Sensitive Analysis (tornado diagram) It
rates the impact of risk on various
objectives of the project both positive
and negative effects and can be
attributed to it.
It helps to determine which risks have
the most potential impact on project
outcomes.
Tornado Diagram
3-Expected Monetary Value, it is a
concept used in risk management to
assess the potential financial impact
of an uncertain event or risk. It is a
way to quantify the potential losses or
gains associated with different risks.
It is used to calculate the contingency
reserves.
All reasonable alternatives are
identified, and their probability and
values are estimated.
𝐸𝑀𝑉 = 𝑃 × 𝐼 = 100 × 40% = 40
4-Decision Tree Analysis
It is a visual representation of
outcomes and their associated
probabilities used for decision-
making. It is a supervised algorithm
that uses a tree-like structure to
model decisions and the potential
consequences. It is extension of EMV.
Which
Contractor
Low
Bidder
High
Bidder
On
Time
3-Month
Late
1-Month
Late
On Time
-143
-110
-140
-200
-110
-170
-140 5-
Monte Carlo Analysis
It is a computational technique used
to simulate and analyze complex
systems or processes that involve
randomness or uncertainty.
It involves using random sampling
and probability distributions to model
uncertain variables and their potential
impact on desired outcomes.
By running multiple iterations of
simulations, it generates a range of
outcomes and their associated
probabilities.
3. TYPES OF RISK
Positive Risk or Opportunities
Positive risk refers to an
opportunity to improve your
project. Should be sized and built
upon.
Offen gives positive results.
To ensure positive risk must occur,
we attempt to make both
probability and impact 100 % by
following responses.
Escalate, involves identifying and
reporting risks to a higher level of
management for resolution when
an approach for opportunity is
outside of the project scope.
Exploit, this approach aims to
secure the benefits of a specific
opportunity by ensuring its
occurrence with 100 % probability.
Thereby maximizing the chances of
success.
chosen for important
opportunities.
Enhance, this strategy aims to raise
the likelihood and or significance of
an opportunity. Taking early action
to enhance the opportunity is
usually more effective than
attempting to improve its benefits
after it has arisen.
Sharing involves transferring
ownership of an opportunity to a
3rd party.
So, 3rd party shares some of the
benefits if the opportunity happens.
Accept. Accepting an opportunity
acknowledges its existence but no
proactive action
Negative Risk or Threat
It is a threat to project success and
results in a negative outcome or even
failure of the project. It should be
avoided, minimized, or eliminated.
Escalate Escalation is appropriate when
the threat is outside the project scope or
the proposed response exceeds the given
manager’s authority.
Avoid It involves eliminating our threat or
project activity from risk impact by
changing plan or approach.
It may be appropriate high priority threats
with a high probability of occurrence.
Mitigate Risk mitigation involves
implementing measures to decrease the
likelihood of a threat occurring and or
minimize its potential impacts.
Transfer Transfers refer to shifting of
liability to 3rd party through legislation or
insurance.
Accepting Negative Risk It entails waiting
for risk to happen.
We will take action if risk occurs.
There are two types of negative
acceptance.
Active Acceptance It happens when we
plan out activities around the risk.
Contingency Plan refers to a risk
response strategy developed in advance
before things go wrong. It is used when
identified risk becomes reality.
Fall Back Plan refers to alternative set of
actions and tasks available, if primary
plan needs to be abandoned.
Pensive acceptance occurs when identify
the risk and do not do nothing about it.
Management reserves are used when
this risk occurs.
Approval of
Risk Response Plan
Change control board and
sponsor review and approve the
risk register, risk response plan,
and risk mitigation strategy.
Upon approval, it becomes part
of the project management
plans, and a risk register is
established.
RISK REPORT
Weekly risk meetings are held
during which risk reports are
presented.
A risk report is a document that
utilizes information from the
risk register to provide a
forecast of potential risks for a
period of one or two weeks.
It is worth noting that every risk
has a trigger and each trigger is
monitored by the assigned risk
owner.
Other Risks
After implementing the risk
response strategy, there is a
possibility of other new risks
arising.
Residual Risk is the risk that
remains after implementing all
controls. it is the risk that
remains after all efforts have
been made to mitigate the
inherent risk.
Secondary Risk is a new risk
that emerges because of
actions taken to mitigate the
original risk
RISK AUDIT
A risk audit is the examination
and documentation of the
effectiveness of risk responses
in dealing with identified risk
and their root causes.
We continue to watch out for
potential risks throughout the
project. If a risk is identified
before it is materialized. it is
recorded in a risk transistor and
organized operations are
continued as planned.
However, if risk necessitates
modification to the project Plan,
a change request must be
submitted, and contingency
reserves may be used for the
potential Risk.
Issue
When risk is triggered without
being identified, it is called an
issue.
Always be negative.
Documented in the issue log
and response is called a
workaround.