Date post: | 23-Dec-2015 |
Category: |
Documents |
Upload: | liliana-scott |
View: | 213 times |
Download: | 0 times |
Project Risk Management
Presenter: Phil Harman, PMPExecutive Director for ZCS Internal PMO and
Enterprise Project Management (EPM) Practice Manager
September 2007
Page 2
Agenda
Project Risk Management - What the Text Book says– Core Processes, Techniques, and Outputs
Project Risk Management - In Practice– Project Risk Identification > The Questionnaire– Project Risk Management Plan > The Project Risk Log– Risk Monitor and Control > Risk applied to the Project Plan with
assigned ownership
Page 3
Theory and Practice
Text Book Definition: Risk Management is the systematic process of identifying, analyzing, and responding to project risk. It includes maximizing the probability and consequences of positive events and minimizing the probability and consequences of adverse events to project objectives.
Simple Terminology: Risk Management is the identification of an unborn issue (a risk) that will have a negative impact on the project that must be eliminated with proactive planning, monitoring, and activities or tasks.
Page 4
Text Book - Risk Management Processes
Risk Risk
ManagementManagement
Risk AssessmentRisk Assessment
Risk Identification
Risk Analysis
Risk Prioritization
Risk ControlRisk Control
Risk Mgmt Planning
Risk Resolution
Risk Monitoring
Page 5
Text Book - Risk Management Planning
DEFINITION: The process of deciding how to approach and plan the risk management activities for a project.
1. Project Charter2. Organizations Risk Mgmt Policy3. Defined Roles & Responsibilities4. Stakeholder Risk Tolerances5. Template for the Organizations risk
management plan6. Work breakdown structure
Inputs
• Risk Management Plan
Output
• Planning Meetings
Tools & Techniques
• Organizational Risk Management Policy: Predefined approaches to risk analysis and resolution that needs tailoring to a particular project.
• Defined roles and responsibilities: Predefined roles, responsibilities, and authority levels for decision making will influence planning.
• Stakeholder Risk Tolerance: Different organizations and different individuals have different tolerances for risk. Policies or historical actions may communicate this.
• Planning Meetings: Project teams hold risk management planning meetings to develop the plan.
Page 6
Text Book - Risk Management Plan
Risk Management Planning output is the “Risk Management Plan”
The plan describes how risk identification, qualitative and quantitative analysis, resolution planning, monitoring, and control will be structured and performed during the project life cycle.
The plan may include:MethodologyRoles & ResponsibilitiesBudgetingTimingScoring and interpretationThresholdsReporting formatsTracking
Page 7
Text Book - Risk Identification
1. Risk management plan2. Project planning outputs3. Risk categories4. Historical information
Inputs
1. Risks2. Triggers 3. Inputs to other processes
Output
1. Documentation reviews2. Information gathering3. techniques4. Checklists5. Assumption analysis6. Diagramming techniques
Tools & Techniques
DEFINITION: The process of determining which risks might affect the project and document the characteristics.
** Risk identification is an iterative process **
INPUTSRisk Management Plan: See previous slideProject Planning Outputs: Items to be reviewed, but not limited to: project charter, WBS, product description, schedule and cost estimates, resource plan, procurement plan, assumption and constraints.Risk Categories: Risks that may affect a project for better or worse can be identified and organized into risk categories. Categories include:
Technical, quality, and performance risks Project Management risks Organizational Risks – cost, time, and scope External risks – shifting legal or regulatory environment, labor issues, natural events.
Historical Information: Information on prior projects may be available to help leverage lessons learned.
Page 8
Risk Identification- Tools/Techniques and Outputs
Outputs
Risks: Yep! This an output!
Triggers: Sometimes called risk assumptions or warning signs, these are indications that a risk has occurred or is about to occur.
Inputs to other processes: Risk identification may identify a need for a further action in another area or to other projects.
Tools and TechniquesDocumentation Reviews: Performing a structured review of the project plans and assumptions.Information gathering techniques: Examples of information gathering include: Brainstorming – most common Delphi technique – Consensus of experts on a subject area Interviewing – Seek input from project managers or subject matter experts Strengths, Weaknesses, Opportunities, and Threats (SWOT) analysis
Checklist: Using historical information and knowledge is a quick and simple way to identify risk.Assumption analysis: Every project is conceived and developed based on a set of hypotheses, scenarios, or assumptions.Diagram techniques: Cause-and-effect, System or process flow charts, and Influence diagrams
.
Page 9
Text Book - Risk Analysis
Quantitative: The process of measuring the probability and consequences of risks and estimating their implications for project objectives.– Determine the probability of achieving a specific project
objective.– Quantify the risk exposure for the project, and determine the
cost and schedule contingency reserves that may be needed.– Identify risks requiring the most attention by quantifying their
relative contribution to project risks.– Identify realistic and achievable cost, schedule, and scope
targets.
Qualitative: The process of performing a qualitative analysis of risks and conditions to prioritize their effects on project objectives.
Page 10
Qualitative Risk - Tools and Techniques
Risk probability and consequences: This is generally described in qualitative terms such as VERY HIGH, HIGH, MODERATE, LOW, VERY LOW.
• Risk Probability is the likelihood a risk will occur.• Risk Consequences is the effect on the project objectives if the risk event occurs.
Probability/impact risk rating matrix: The use of risk’s probability scale and risk’s impact scale is generally used.
• Risk scale falls between 0.0 (no probability) and 1.0 (certainty) – See next slide
• Risk impact scale reflects the severity of its effect on the project objective.
Page 11
Rating Impacts for a Risk
Evaluating Impact of a Risk during Major Project Milestones
Project Very Low Low Moderate High Very HighObjective .05 .1 .2 .4 .8
Cost Insignificant <5% 5-10% 10 – 20% >20% Cost Increase Increase Increase Increase Increase
Schedule Insignificant Schedule Slip Overall Prj Slip Overall Prj Slip Overall Prj Slip Schedule Slippage <5% 5-10% 10-20% Slips>20%
Scope Scope Reduction Minor areas of Major Areas Scope Reduction Project end item scope affected of scope affected unacceptable to is not meeting client business need
Quality Quality Only very Quality Reduction Quality Reduction Project end item Degradation small demanding Apps requires client unacceptable to is useless affected approval client
Page 12
Qualitative and Quantitative Risk Outputs
QualitativeOverall risk rating for the project: Risk ranking is used to rank the risk of the project under evaluation against other projects.List of prioritized risks: Risk can generally ranked as low, moderate, or high.List of risks for additional analysis and management: Risk categorized as moderate or high would be prime candidates for more analysis, including quantitative risk analysis, and for risk management.Trends in qualitative risk analysis results: As the analysis is repeated, a trend of results may become apparent, and can make risk resolution or further analysis more or less urgent and important.
QuantitativePrioritized list of quantified risks: This list of risks include those that pose the greatest risk threat or present the greatest opportunity to the project together with a measure of their impact.
Probabilistic analysis of the project: Forecasts or potential project schedule and cost results listing the possible completion dates or project duration and costs with their associated confidence levels.
Probability of achieving the cost and time objectives: The probability of achieving the project objectives under the current plan and with the current knowledge of the risks facing the project.
Page 13
Text Book - Risk Resolution
1. Risk Management Plan2. List of prioritized risks3. Risk ranking of the project4. Prioritized list of quantified risks5. Probabilistic analysis of the project6. Probability of achieving the cost and time
objectives7. List of potential resolutions8. Risk thresholds9. Risk owners10.Common risk causes11.Trends in qualitative and quantitative risk
analysis results
Inputs
1. Risk resolution plan2. Residual risks3. Secondary risks4. Contractual agreements5. Contingency reserve
amounts needed6. Inputs to other processes7. Inputs to a revised project
plan
Output
1. Avoidance2. Transference3. Mitigation4. Acceptance
Tools & Techniques
DEFINITION: The process of developing procedures and techniques to reduce threats to the project objectives.
Page 14
Risk Resolution – Outputs
Risk Resolution plan: This is also called “risk register” and should include some or all of the following:
Identify risks, their description, the area(s) of the project effected, their causes, and how they may affect project objectives Risk owners and assigned responsibilities Results from the qualitative and quantitative risk analysis Agreed to response including avoidance, transference, mitigation, acceptance for each risk in the risk resolution plan The level of residual risk expected to be remaining after the strategy is implemented Specific actions to implement the chosen resolution strategy Budget and times for resolution Contingency plans and fallback plans
Residual risk: Residual risk are those that remain after avoidance, transfer, or mitigation resolutions have been taken. They also include minor risks that have been accepted and addresses.Secondary risks: These risks arise as a direct result of implementing a risk resolution.Contractual agreements: Contractual agreements may be used to specify each party’s responsibility for risks.Contingency reserve amounts needed: Probabilistic analysis of the project and risk thresholds help the project manager determine the amount of contingency needed to reduce risk.Inputs to other processes: Most resolutions to risk involve expenditure of additional time, cost, or resources and require changes to project plans.Inputs to a revised project plan: The results of the resolution planning process must be incorporated into the project plan, to ensure that agreed actions are implemented and monitored as part of the ongoing project.
Page 15
Risk Resolution –Tools/Techniques
Tools and TechniquesAvoidance: Risk avoidance is changing the project plan to eliminate the risk or condition or to protect the project objectives from its impact.Transference: Risk transference is seeking to shift the consequences of a risk to a third party together with ownership of the resolution. (Financial risk is most common)Mitigation: Mitigation seeks to reduce the probability and or consequences of an adverse risk event to an acceptable threshold.Acceptance: This technique indicates that a project team has decided not to change the project plan to deal with a risk. Developing a contingency plan is a way to managing known risks. The contingency plan adopt contingency allowance or reserve that includes: Time Money Resources
Page 16
Text Book - Risk Monitoring & Control
1. Risk Management Plan2. Risk resolution plan 3. Project communication4. Additional risk
identification and analysis5. Scope Changes
Inputs
1. Workaround plans2. Corrective action 3. Project change request4. Updates to the task
resolution plan5. Risk database6. Updates to risk
identification checklist
Output
1. Project Risk resolution audits
2. Periodic project risk reviews
3. Earned Value analysis4. Technical performance
measurements5. Additional risk resolution
planning
Tools & Techniques
DEFINITION: The process of monitoring residual risks, identifying new risks, executing risk reduction plans, and evaluating their effectiveness throughout the project life cycle.
The purpose of risk monitoring is to determine if:• Risk resolution have been implemented as planned• Risk resolution actions are as effective as expected, or if new resolutions should be developed• Project assumptions are still valid• Risk exposure has changed from its prior state, with analysis and trends• A risk trigger has occurred• Proper policies and procedures are followed• Risks have occurred or arisen that were not previously identified
Page 17
Project Risk Management (RM) - In Practice
Risk Risk
ManagementManagement
Risk AssessmentRisk Assessment
Identification
Quantification
Prioritization
Risk Monitor and Risk Monitor and ControlControl
Risk Mgmt Plan and Log
Risks tracked in Project WBS
Risk Ownership
Practice = Text Book
Where the rubber hits the road!
Page 18
Project RM – In Practice
Project Risk Identification > Use a Questionnaire
Risk Monitor and Control– Project Risk Management Plan = The Project Risk Log
• Describes• Quantifies• Probability of Occurrence• Resolution• Prioritizes• Ownership• Status• Risk Ranking
– Project Schedule > Risk Items get put into project WBS (as contingency) and Assigned Ownership
Page 19
Project RM – In PracticeRisk Identification Categories
Project Integration Management
Scope Management
Time Management
Cost Management
Human Resource Management
Communication Management
Procurement Management
Quality Management
Technology
Data Conversions
External Factors
Page 20
Risk Identification using a questionnaire
Risk Assessment QuestionnaireCompleted By:________________________________________ Date:______________________
Project Size
Resource Hours Total estimated resource hours:
<=5,000> 5,000 and <=20,000> 20,000
LowMediumHigh
Notes
Calendar TimeEstimated calendar duration:
<= 4 months> 4 months and <=12 months> 12 months
LowMediumHigh
Notes
Team SizeMaximum team size at any time during the
project:
<= 4 participants> 4 and <= 12 participants> 12 participants
LowMediumHigh
Notes
Page 21
Risk Identification using a questionnaire (cont’d)
Project Structure - Definition
Project ScopeThe boundaries of the project are:
well defined and acceptedconceptually understoodill defined
LowMediumHigh
Notes
Project DeliverablesThe tangible information from the project is:
well defined and acceptednamed but not detailednot identified
LowMediumHigh
Notes
New System BenefitsThe benefit of doing the project is:
well defined and accepted, and/or of strategic importancegenerally understood, but not quantifiedill defined or not identified
LowMediumHigh
Notes
Page 22
Risk Identification using a questionnaire (cont’d)
Project Structure - Sponsorship & Commitment
Project SponsorshipThe project is sponsored by:
respected and enthusiastic business managerpassive business managerunidentified, or I/S manager
LowMediumHigh
Notes
Commitment of Sponsor(s)The sponsor is:
committed to the project (understands value and is supportive)involved, but not committedskeptical or resistant
LowMediumHigh
Notes
Commitment of Sponsoring Business Area(s)The sponsoring business area(s) are:
committed to the project (understands value and is supportive)involved, but not committedskeptical or resistant
LowMediumHigh
Notes
Relation to Information Strategy PlanThe new system is:
included in or approved for additionincluded, but not yet approvednot yet part of the plan
LowMediumHigh
Notes
Page 23
Risk Identification using a questionnaire (cont’d)
Page 24
Project Risk Management Plan and Log
Page 25
Managing the Risk Assessment Results
Risk Monitor and Control
The “No Surprise Approach” to Risk Management is accomplished by:
1. All identified risk items get put into the project work breakdown structure (WBS)
2. All risk items have owners > including the executive sponsors and senior management
3. Risks are reported to the senior and executive leadership in the project dashboard
4. When a RISK EVENT does occur, becomes an issue, then a Project Change Request (PCR) is immediately submitted …. No Surprise PCR
Page 26
Project WBS Example
Page 27
Project Dashboard
Page 28
Risk Summary Dashboard – Example 1
Risk Level – on a scale of 1(low) to 5(high)Examples indicate what would count as a low / med / high to clarify the question and to improve consistency across the projects.
Mitigation Strategy Effectiveness – on a scale of:
A = successfully in place or not applicable
B = in place but needs monitoring
C = challenging or no mitigation strategy defined
Highest Rating in Category: 2A GREENClient Relationship
Highest Rating in Category: 1A GREEN
(Delivery)Solution
Highest Rating in Category: 2A GREEN
(Delivery) Management Process
Highest Rating in Category: 1A GREEN
(Delivery)Work Plan
Highest Rating in Category: 1A GREEN
(Delivery) Staffing
Highest Rating in Category: 3B YELLOW
(Delivery)Engagement Letter
Highest Rating in Category: 5B RED
(Delivery)Partners/3rd Parties
Highest Rating in Category: 1A GREENFinancial
Highest Rating in Category: 2B GREENOverall
A B C
5 0% 4% 0% 4%
4 0% 0% 0% 0%
3 0% 4% 0% 4%
2 11% 11% 0% 21%
1 68% 4% 0% 71%79% 21% 0% 100%
Aggregate Risk Summary
Aggregate Score: 1B GREEN20% of responses were above this risk score.
Page 29
Risk Summary Dashboard – Example 2