Project Risk Management

Risk Identification

2

Identify Risks

• Process of • Determining which risks may affect the project • Documenting their characteristics

• Key participants in the process include project manager, project team members, risk management team, customers, subject matter experts from within and outside project team, end users, other project managers, stakeholders and Risk Management Experts

3

Identify Risks: Remember…• Identify Risks can’t be completed without the project scope

statement and Work Breakdown Structure (WBS)• Identify Risks happens at the onset of the project and

throughout the project• Risks can be identified at any time and during any phase of

the project• Risk management is an iterative process: new risks may

evolve or become known as the project progresses. Project Manager should work to identify risk during any changes to the project, working with resources, and when dealing with issues

• Frequency of iteration varies and participants in the process vary by situation.

Types of Risks • Risks can be broken down into two primary types:

1. Pure Risk (Hazard): Risk with potential loss only. Ex. Fire, theft, personal injury2. Business Risk (Speculative Risk): Risk with potential loss or gain. Ex. Highly skilled

employee becomes available, tax rate reduces, new server costs less, material cost reduces

• Key risks under Business risks: Scope Risk

Scope Creep, Integration issues, Defects, Change in dependencies Scheduling Risk

Unexpected delays at external vendor, Natural factors, errors in estimation, errors in acquisition of parts / materials

Delay in start of testing due to dependency on completion of build Resource Risk

Attrition, leaving of key personnel Outsourcing related issues Skill related Availability of funds (milestone based payment not received in time)

Technology Risk Failure of service platform Inadequate technology support 4

Key Risk Categories

5

Schedule Problems

Budget ProblemsPersonnel Problems

Requirements Problems

Customer Problems

Threaten project plan

Design ProblemsImplementation

Problems

Interface Problems

Verification Problems

Maintenance Problems

Threaten quality and timeline

No demand for product

Lose management support

Lose resource commitment

Lose budget commitment

Change in regulations

Threaten economic success of the project

Project Risk

Technical Risk

Business Risk

Known and Unknown Risks

6

• Known risks are somewhat predictable & proactively managed. ‘Known’ indicates those risks that can be identified, analyzed & planned in advance.

• Unknown risks are those unable to anticipate and describe. Unknown risks cannot be managed proactively. These risks that result from the uniqueness of the work and they are difficult or impossible to anticipate.

• For any project, before starting risk management planning process, ‘Unknown’ risks would be high.

• Generally, the best method for managing unknown risk involves allocating reserves on the basis of the measured consequences of unanticipated problems on similar past projects.

Known and Unknown Risks

7

Known and Unknown Risks

8

• In the beginning of the project, complete details of project requirements are unknown – Too much ambiguity

• Unknown unknown - you don’t know you don’t know• Known unknown – you know you don’t know

something• Unknown Known – you don’t know to what extent you

know• Known known – you know to what extent you know

Known and Unknown Risks - Example

9

• Unknown unknown: Before the requirements are shared, our knowledge of the project or a report the system (to be built by the project) has to generate is not known. For us, the project or the report it has to generate is an `unknown unknown'.

• Known unknown: At the initial stages of the project, we will come to know that there is a report module, but don’t yet know what is there in the module. For us this is an example of `known unknown'.

• Unknown known: In the analysis phase, an analyst goes through the requirement for a report. He or she does not yet understand the report completely. For him or her, it is an `unknown known'. (Please note that the focus of the first `unknown' shifts here from lack of knowledge of the general to lack of knowledge of the specific.)

• Known known: After analyzing the requirements for the report well, it becomes a `known known': It is both known to exist and understood. The known risks then would be related skills / resources / environment etc.

Known and Unknown Risks

10

Known and Unknown Risks

11

Known - Known

Known - Unknown

ActionableAnticipate & Plan

Unknown - known

Quantifiable

Not Quantifiable

Unknown - Unknown

Force majeure or act of god

Can not plan / actionNot possible to predict

Problems / Issues

Risk planning at project level

Risk planning at individual risk

levelRisk Response Planning

Risk not planned at project level, to be

handled at management level

Contingency Reserve

Management Reserve

Known and Unknown Risks

12

• The extent to which we are aware has an obvious impact on how we manage the project and hence on the success or failure of the project.

• The goal of the team should be to drive as much information down into the Known portion as much as possible and explore unknown unknowns.

• Only the information in the known quadrants is actionable.  

13

Identify Risks

Identify Risks: Inputs, Tools & Techniques, ands output

Project Documents

Enterprise Environmental FactorsOrganizational Process

Assets

Procurement Documents

Risk Register

• Documentation Reviews

• Information Gathering Techniques

• Checklist Analysis

• Assumption analysis

• Diagramming techniques

Inputs

Outputs

Tools & Techniques

Risk Management Planning

Risk Identification

Qualitative Risk Analysis

Quantitative Risk Analysis

Risk Response Planning

Risk Monitoring and Control

Risk Management PlanCost Management PlanSchedule Management

PlanQuality Management PlanHuman Resource Management PlanScope Baseline

Activity Cost EstimatesActivity Duration Estimates

Stakeholder Register

14

Identify Risks: PMBOK

Identify Risks: Inputs, Tools & Techniques, ands output

15

16

Identify Risks: Inputs1. Risk Management Plan

Assignment of roles & Responsibilities Provision of risk management activities in budget and schedule Categories of Risk (can be from RBS)

2. Activity Cost Estimates Useful in quantitative assessment Review of activity cost estimates, which usually are expressed as a range Width of range may indicate degree of risk Cost projections indicate whether estimates are sufficient or not

3. Activity Duration Estimates Review of activity schedule estimate ranges Width of ranges indicate degree of risk

4. Scope Baseline Review uncertainties in Project Assumptions WBS – is the key input for identification of risks at different levels of details.

17

Identify Risks: Inputs5. Stakeholder Register

Solicit inputs from stakeholders

6. Cost Management Plan Approach to cost management may generate or reduce risk

7. Schedule Management Plan Approach to schedule management plan may generate or reduce risk

8. Quality Management Plan Approach to schedule management plan may generate or reduce risk

9. Project Documents Include

Assumptions Log Work Performance Reports Earned Value Reports Network Diagrams Baselines Any other valuable project information

18

Identify Risks: Inputs10.Enterprise Environment Factors Include

Published information Academic studies Published checklists Benchmarking Industry studies Risk Attitudes

11.Organizational Process Assets Include

Project files Organizational and project process controls Risk statement templates Lessons Learned

19

Identify Risks: Tools & Techniques1. Documentation Reviews

Objective: Identify indicators of risk Structured review of project documents Plans, assumptions, contracts, charter & any other information Indicators of risk => Quality of plans, consistency between documents, project

requirements, assumptions

2. Information Gathering Techniques Objective: Maintain straightforward and clear statements describing project risks. Brainstorming: Obtain comprehensive list of project risks Participants: Set of experts who may not be part of project team, performed by project

team, lead by a facilitator Method: Structured / Free Form RBS can be used as framework Delphi Technique Experts participate anonymously Facilitator uses questionnaire Responses summarized and recirculated for further comment Consensus reached in few rounds Reduces bias and prevents influence of each other / one person

20

Identify Risks: Tools & Techniques Interviewing Interviewing expert project participants, stakeholders, experienced

project managers Root Cause Analysis Technique for identifying problem, discover underlying cause, and

develop preventive action

3. Checklist Analysis Checklists developed based on historical information of similar projects

& other source of information Team should explore additional items not in checklist Should incorporate lessons learnt into the checklist at the end of project

4. Assumptions Analysis Explore validity of assumptions Identify risks from inaccuracy, instability, inconsistency, incompleteness

of assumptions

21

Identify Risks: Tools & Techniques

5. Diagraming Techniques Cause & Effect Diagrams: Ishikawa / Fishbone diagrams Useful in identifying causes of risks

Product Delivered Late

Bad Specs

Insufficient Resources

Inadequate Time

Project Prioritization

Testing

Materials Personnel

22

Identify Risks: Tools & Techniques

5. Diagraming Techniques System / Process Flow Charts Useful in identifying loopholes / risk prone areas

23

Identify Risks: Tools & Techniques

5. Diagraming Techniques Influence Diagrams: Graphical representations of situations showing causal

influences, time ordering of events, other relationships

Decision node

Uncertainty node

Value node

24

Influence diagram - Example

Decision node

Uncertainty node

Value node

Function Arcs

Condition Arcs

Information Arcs

25

Identify Risks: Tools & Techniques

6. SWOT Analysis Strength, Weakness, Opportunities, Threat analysis Analyze at organization, business, project level Identify opportunities and threats Identify strengths identified may offset threats, opportunities

may overcome weaknesses

Four square grid:

Strengths Weaknesses

Opportunities

Threats

26

SWOT Analysis - Example

27

Identify Risks: Tools & Techniques

7. Expert Judgment Risk identification by experts with experience in similar

projects or relevant areas Project Manager identifies such experts and solicits their

expertise in identification of risks

28

Identify Risks: Outputs

6. Risk Register List of Risks (Causes, events, effects) List of potential responses (Useful during risk response

planning) Root causes Updated risk categories (if applicable)

29

Sample Risk Register

30

WBS Example

31

WBS Example