Project Risk Management

What is Risk?

Risk and uncertainty are

equivalent
 Three Definitions
Risk
A possible future event which if it occurs will lead
to an undesirable outcome.
Project Risk
The cumulative effect of the chances of an
uncertain occurrence that will adversely affect
project objectives.
Risk Management
A systematic and explicit approach for identifying,
quantifying, and controlling project risk.
 DEFINITION
PROJECT RISK MANAGEMENT IS THE ART AND SCIENCE OF
IDENTIFYING, ASSESSING, AND RESPONDING TO PROJECT
RISK THROUGHOUT THE LIFE OF A PROJECT AND IN THE
BEST INTERESTS OF ITS OBJECTIVES

PROJECT RISK IS THE CUMULATIVE EFFECT OF THE CHANCES OF

UNCERTAIN OCCURRENCES ADVERSELY AFFECTING PROJECT
OBJECTIVES
 RISK MANAGEMENT PURPOSE

IDENTIFY FACTORS THAT ARE LIKELY TO IMPACT THE PROJECT

OBJECTIVES OF SCOPE, QUALITY, COST AND TIME

QUANTIFY THE LIKELY IMPACT OF EACH FACTOR

GIVE A BASELINE FOR PROJECT NON-CONTROLLABLES

MITIGATE IMPACTS BY EXERCISING INFLUENCE OVER PROJECT

CONTROLLABLES
THE PMBOK ALSO POINTS OUT THAT RISK MANAGEMENT INCLUDES
MAXIMIZING THE RESULTS OF POSITIVE EVENTS AND MINIMIZING THE
CONSEQUENCES OF ADVERSE EVENTS.
 ISSUES
A RISK SHOULD ONLY BE TAKEN WHEN THE POTENTIAL BENEFIT AND
CHANCES OF WINNING EXCEED THE REMEDIAL COST OF AN
UNSUCCESSFUL DECISION AND CHANCES OF LOSING BY A
SATISFACTORY MARGIN

WHAT WILL BE GAINED?

WHAT COULD BE LOST?
WHAT ARE THE CHANCES OF SUCCESS (AND FAILURE)?
WHAT CAN BE DONE IF THE DESIRED RESULT IS NOT ACHIEVED?
IS THE POTENTIAL REWARD WORTH THE RISK?

POTENTIAL FREQUENCY OF LOSS

AMOUNT AND RELIABILITY OF INFORMATION AVAILABLE
POTENTIAL SEVERITY OF LOSS
MANAGEABILITY OF THE RISK
VIVIDNESS OF THE CONSEQUENCES
POTENTIAL FOR (ADVERSE) PUBLICITY
WHOSE MONEY IS IT?
NATURE OF RISK MANAGEMENT
WHEN SPEAKING OF RISK, THINK OF ONLY HAZARDOUS ONES

EVERYDAY COMMON DAY ONES ARE IGNORED

RARELY DO WE SYSTEMATICALLY IDENTIFY ALL RISKS INVOLVED

HOWEVER, INCLINED TO CONSIDER RISK DIFFERENTLY RELATIVE TO

FAMILY - VERY PRECIOUS AND LOTS OF POTENTIAL

EXAMPLES:
SMALL CHILDREN - STAY AWAY FROM ROAD - RISK ID & AVOIDANCE
HOW DID DAY GO? - DO MORE TO HELP THEM - INFO FEEDBACK

THESE ACTIONS ARE ESTABLISHING THE BASIC ELEMENTS OF MANAGING

PROJECT RISK INTO OUR CHILDREN
PROJECT RISK MGMT IS PRO-ACTIVE

CLASSIC SYSTEMS METHODOLOGY:

INPUT PROCESS OUTPUT

FEEDBACK LOOP

THIS PROCESS VITAL TO EFFECTIVE PROJECT CONTROL, HOWEVER

RISK IS DIFFERENT - - HAS TO DO WITH:

UNCERTAINTY, PROBABILITY OR UNPREDICTABILITY, AND CONTINGENT

PLANNING
 REACTIVE vs. PRO-ACTIVE

CRISIS MANAGEMENT -- REACTIVE MODE -- SELECT RESPONSE

PRO-ACTIVE -- ANTICIPATE AND PLAN TO AVOID

RISK & DECISION MAKING:

TAKE RISK IF POTENTIAL BENEFIT AND CHANCE OF WINNING EXCEEDS

COST OF UNSUCCESSFUL DECISION AND CHANCES OF LOSING BY A
SATISFACTORY MARGIN (CLASSIC COST / BENEFIT ANALYSIS)
Project Risk Management

P rojec t R is k
M anagem ent
11.0

R is k R is k R is k Response R is k Response
Identific ation Q uantific ation D ev elopm ent C ontrol
11.1 11.2 11.3 11.4
 PMBOK Risk

Opportunities - Positive outcome

Threats - Negative outcome
Benefits of Risk Management

More and better information is available

during planning and decision making
Project objectives are verified
Improved communications
Higher probability of project success
Proactive approach
Project might be canceled
 Why Organizations don’t do
Risk Management
Unwillingness to admit risks exist
Postpone the hard parts of the project until
later
Risk management costs money
Up front investment of time
Can’t prove it’s necessary
Think health insurance
 Why Organizations don’t do
Risk Management
“Can Do” management style severely inhibits
risk management
Risk identification can make you look like a
whiner
 Ways to Avoid
Risk Management
“Managing risk is everybody’s business”
“There is only one risk: The project might fail.
And we’re managing that by working real
hard to assure that doesn’t happen.”
 The Uncertainty Spectrum
NO Partial Complete
Information Information Information

(Unknown (Known
unknowns) unknowns) (Knowns)

TOTAL GENERAL SPECIFIC TOTAL

UNCERTAINTY UNCERTAINTY UNCERTAINTY CERTAINTY

SCOPE OF PROJECT RISK MANAGEMENT*

*Note: in this range the information to be sought is known

Project Risk
Integration
Communication
Scope

Project Risk Cost

Time

Quality
Procurement
Human Resources
 INTEGRATING RISK
PROJECT
MANAGEMENT
INTEGRATION

Life Cycle and INFORMATION /

SCOPE Environment Variables COMMUNICATIONS

Expectations Ideas, Directives,

Feasibility Data Exchange Accuracy

Requirements PROJECT Availability HUMAN

QUALITY Standards RISK Productivity
RESOURCES

Time Objectives, Services, Plant, Materials:

Restraints Performance

Cost Objectives, CONTRACT /

TIME Restraints
PROCUREMENT

COST
Project Risk Management

A subset of project management that

includes the processes concerned with
identifying, analyzing, and responding to
project risk.
 Risk Management Objectives

Reduce the number of surprise events

Minimize consequences of adverse events
Maximize the results of positive events
Risk Classification

Business risks vs. pure (insurable) risks

Classified by uncertainty (business risks)
Classified by impact on project elements
Classified by their nature
Classified by their source
Classified by their probability to occur and
amount at stake
Consequences of Risk Analysis

Positives
greater information is made available during the
course of planning and decision making
project objectives are verified
better communications
better probability that project realization will be
optimal
increased chance of project success
Consequences of Risk Analysis

Negatives
belief that all risks have been accounted for
project could be shut down
Some Considerations

Real information is the key.

The relationship between uncertainty and information
is inverse.
For the project manager, conditions of relative
uncertainty (partial information) are the rule.
There is a natural resistance to formal risk analysis.
Risks should only be taken to achieve a project
objective.
 PMBOK FIGURE 11-1

PROJECT RISK MANAGEMENT OVERVIEW

Risk Identification Risk Quantification Response Development Response Control

Inputs Inputs Inputs Inputs

Product Description Stakeholder risk tolerances Opportunities to pursue, Risk Management Plan
threats to respond to
Other Planning Outputs Sources of Risk Actual Risk Events
Opportunities to ignore,
Historical Information Potential Risk Events threats to accept Additional Risk Identification

Tools & Techniques Cost Estimates Tools & Techniques Tools & Techniques
Checklists Activity Duration Estimates Procurement Workarounds

Flowcharting Tools & Techniques Contingency Planning Additional Risk Response

Development
Interviewing Expected Monetary Value Alternative Strategies
Outputs
Outputs Statistical Sums Insurance
Corrective Action
Sources of Risk Simulation Outputs
Updates to Risk Management
Potential Risk Events Decision Trees Risk Management Plan Plan

Risk Symptoms Expert Judgment Inputs to other Processes

Inputs to other Processes Outputs Contingency Plans

Opportunities to pursue, Reserves

threats to respond to
Contractual Agreements
Opportunities to ignore, threats
 Risk Identification

P rojec t R is k
M anagem ent
11.0

R is k R is k R is k Response R is k Response
Identific ation Q uantific ation D ev elopm ent C ontrol
11.1 11.2 11.3 11.4

Risk identification is determining which risks are likely to affect the

project and documenting the characteristics of each.
Typical Life Cycle Profiles
Risk versus Amount at Stake
Total project life cycle
I
N Plan Accomplish
C Phase 1 Phase 2 Phase 3 Phase 4
R
E Conceive Develop Execute Finish
A
S Opportunity & Risk $
I
N
G (period when highest V
risks are incurred) A
R L
I U
S
K
Amount at Stake (period of highest E
risk impact)
TIME
 Inputs to Risk Identification

Product description
Specification
SOW
Contract
Other planning outputs
WBS
OBS
Cost and Schedule estimates
 Inputs to Risk Identification

Historical information
Commercial databases
Corporate memory
Corporate database (lessons learned)
Websites
 Inputs to Risk Identification

Assumptions
Explicit
Implicit
Critical success factors
 PHASE 1: RISK IDENTIFICATION
IDENTIFY ALL POSSIBLE RISKS WHICH MAY SIGNIFICANTLY IMPACT
THE SUCCESS OF THE PROJECT -- CAN DO THIS BY:

CAUSE-AND-EFFECT ANALYSIS (WHAT COULD HAPPEN ➩ WHAT ENSUES)

EFFECT-AND-CAUSE ANALYSIS (WHAT OUTCOMES TO AVOID ➩ HOW
THEY MIGHT OCCUR)
BRING IN THE EXPERTS ON THE PROGRAM AND QUESTION THEM
BRAINSTORM
WBS - INDIVIDUAL WORK PACKAGES PLUS COMBINATIONS THEREOF
WILLOUGHBY TEMPLATES, SEI TAXONOMY AND CHARELLET CHECKLIST

Risk typically examines possibility of suffering harm or loss; however,

Risk Identification is also concerned with opportunities (positive outcomes)
and threats (negative outcomes).
 TYPES OF RISK

Business vs. Insurable Risk

Risk Sources
External Unpredictable
External Predictable
Internal Non-Technical
Technical
Legal
 TYPES OF RISK (2)
Knowns
An item or situation containing no uncertainty
Known Unknowns
Things which we know exist but do not know
how they will affect us. These can be identified
and evaluated.
Unknown Unknowns
Those risks that cannot be identified and
evaluated (unexpected needs). These can be
handled via contingency allowances.
 TYPES OF RISK (3)
Risks can also be classified as:
External Unpredictable
External Predictable
Internal Non-Technical
Technical
Legal
EXTERNAL UNPREDICTABLE
Regulatory
Natural Hazards
Postulated Events
Unexpected Side Effects of the Project
Failure to Complete Project Due to
Uncontrollable External Events
 EXTERNAL PREDICTABLE
Market Risks
Operational
Environmental Impacts
Social Impacts
Currency Risk
Inflation
Taxes
INTERNAL, NON-TECHNICAL

Management
Schedule
Cost
Cash Flow
Loss of Potential Benefit or Profit
 TECHNICAL

Changes in Technology
Performance Uncertainty
Risks Associated with Project’s Technology
Design
Sheer Size or Complexity
 LEGAL
Licensing
Patent Rights
Contractual Difficulties
Outsider Suits
Insider Suits
Force Majeure (PMI’s Word)
 OTHER RISK ID SOURCES
Overly Aggressive Cost Estimates
Overly Aggressive Duration Estimates
Staffing Plan - Personnel With Special Skills
Procurement Management Plan
Historical Project Files & Project Team
Knowledge
Commercial Databases
 KEEP IN MIND

How can you assess risks?

Break things down into individual elements and
determine their relationships
What risks should you assess?
All of them
Concentrate on those with greatest impact and
most likely probability of occurrence
 RISK FACTORS
ALL PROJECT RISKS ARE CHARACTERIZED BY THE FOLLOWING
THREE RISK FACTORS
RISK EVENT: PRECISELY WHAT MIGHT HAPPEN TO THE
DETRIMENT OF THE PROJECT
Write it as an “If - Then” Statement
RISK PROBABILITY: HOW LIKELY THE EVENT IS TO OCCUR
AMOUNT AT STAKE: THE SEVERITY OF THE CONSEQUENCES

WITH THIS DATA, THE RISK EVENT STATUS ("CRITERION VALUE" OR

RANKING) OF A GIVEN RISK EVENT CAN BE DETERMINED BY:

RISK EVENT STATUS = RISK PROBABILITY X AMOUNT AT STAKE

 RISK EVENT vs. RISK SYMPTOM

RISK EVENT ARE DISCRETE OCCURRENCES

RISK SYMPTOM Þ TRIGGERS

THESE ARE INDIRECT MANIFESTATIONS OF ACTUAL RISK EVENTS

EXAMPLES OF RISK SYMPTOMS:

POOR MORALE = EARLY WARNING SIGN OF SCHEDULE DELAY
EARLY PROJECT COST OVERRUN = POTENTIAL POOR PROJECT
OVERALL ESTIMATING
 Risk Identification
Tools and Techniques
Checklists
Project Healthcheck
Flowcharting
Cause & Effect (fishbone or Ishikawa charts
What could happen What ensues
Effect & Cause
Outcomes to avoid How they occur
System or Process flowcharts
 Risk Identification
Tools and Techniques
Interviewing
Brainstorming
 Outputs
Sources of risk (i.e., categories)
Stakeholder actions
Estimates
Staffing plans
Common sources of risk:
Changes in requirements
Design errors, omissions, and misunderstandings
Poorly defined R & R
Insufficiently skilled staff
 Outputs

Potential Risk events

Specific discrete events that might effect the
project
Generally include:
Probability
Alternative outcomes
Timing
Frequency (more than once?)
 Outputs

Risk Symptoms
Triggers, or trip wires, or indicators
Indirect manifestations of risk events
Poor morale
Lack of reported progress
Inputs to other processes
Improved estimating
More training
Risk Quantification

P rojec t R is k
M anagem ent
11.0

R is k R is k R is k Response R is k Response
Identific ation Q uantific ation D ev elopm ent C ontrol
11.1 11.2 11.3 11.4

Risk quantification consists of evaluating the risks and risk

interactions to assess the range of possible project outcomes.
 PHASE 2: RISK QUANTIFICATION

GOALS OF QUANTIFICATION (OR ASSESSMENT)

INCREASE THE UNDERSTANDING OF THE PROJECT

IDENTIFY THE ALTERNATIVES AVAILABLE
ENSURE THAT UNCERTAINTIES AND RISKS ARE ADEQUATELY
CONSIDERED IN A STRUCTURED AND SYSTEMATIC WAY AND
INCORPORATED INTO THE PLANNING AND DEVELOPMENT PROCESS
ESTABLISH THE IMPLICATIONS OF THESE UNCERTAINTIES ON ALL
OTHER ASPECTS OF THE PROJECT
Risk Quantification - Inputs

Stakeholder risk tolerances

Sources of risk
Potential risk events
Cost estimates
Activity duration estimates
Risk Quantification
Tools and Techniques
Expected monetary value
Statistical sums
Simulation
Decision trees
Expert judgment
 RISK ANALYSIS TECHNIQUES
BRAINSTORMING - SPONTANEOUS CONTRIBUTION OF IDEAS FROM TEAM
DELPHI METHOD - METHOD TO DERIVE CONSENSUS USING EXPERT OPINION
MONTE CARLO - ITERATIVE SIMULATION USING RANDOM NUMBERS TO
INCORPORATE PROBABILISTIC DATA AND DERIVE A
PROBABILITY DISTRIBUTION OF THE FINAL RESULT
SENSITIVITY ANALYSIS - EVALUATE EFFECT OF A CHANGE IN A SINGLE
VARIABLE ON THE ENTIRE PROJECT
DECISION TREE ANALYSIS - GRAPHICAL "EITHER / OR" CHOICES
UTILITY THEORY - TAKES ATTITUDE OF DECISION MAKER INTO ACCOUNT
DECISION THEORY - TECHNIQUE TO REACH DECISION UNDER UNCERTAINTY
AND RISK. POINTS TO BEST POSSIBLE COURSE NO MATTER
THE FORECAST ACCURACY
PROBABILITY ANALYSIS - NEXT PAGE
 SIMPLE PROBABILITY
SIMPLE PROBABILITY EQUATION:

Pr (Event #1) x Pr (Event #2) = Pr (Both Events)

P(t) = P(A) * P(B)

OR

0.70 X 0.80 = 0.56 OR 56%

NOTE: THIS APPLIES TO INDEPENDENT EVENTS ONLY

 PROBABILITY EXAMPLE
DATA:

Probability of Scope = 0.70

Probability of No Scope = 0.30

Probability of Approval = 0.80

Probability of No Approval = 0.20

EXAMPLE:

Pr(Scope) x Pr(Approval) = 0.70 x 0.80 = 0.56

Pr(Scope) x Pr(No Approval) = 0.70 x 0.20 = 0.14
Pr(No Scope) x Pr(Approval) = 0.30 x 0.80 = 0.24
Pr(No Scope) x Pr(No Approval) = 0.30 x 0.20 = 0.06
Total= 1.00

PRACTICAL APPLICATION -- DECISION TREE ANALYSIS

Expected Monetary Value (EMV)

Product of two values

Risk event probability
Risk event value
Valuation of the risk event is key
Must include tangible as well as intangible value
1 week slippage with minor client impact
6 week slippage with major client impact
 Expected Monitary Value Example
Given the following:
Cost Probability
Optimistic $100,000 0.20
Most likely $130,000 0.60
Pessimistic $180,000 0.20
Expected Value Calculation:
Optimistic$100,000 x 0.20 = 20,000
Most likely $130,000 x 0.60 = 78,000
Pessimistic $180,000 x 0.20 = 36,000
Expected Monitary Value $134,000

(*EMV = Opt imistic + 4(most likely) + Pessimistic)

6
* formula if probability is not known
 EMV Example

If no probabilities are given, use

EMV=(Opt + 4*ML + Pes)/6
EMV= ($100 +4*$130+$180)*1000/6
= $133,333
Descriptive Statistics

Mean
Mode
Median
Variance
Standard Deviation
Range
Descriptive Statistics Example

Test scores are 10, 20, 25, 40, 45, 45, 50, 55, 55, 60, 60, 60, 65, 65, 65, 70, 70, 70, 70,
70, 75, 80, 80, 85, 90, 90, 90, 95, 100
Mean: number obtained by dividing the sum of a set of quantities by the number of
quantities in the set. (answer is 1855 / 29=64)
Mode: value or item occurring most frequently in a series of observations. (answer is 70 -
it occurs 5 times)
Median: middle value in a distribution, above and below which lie an equal number of
values (answer is 65)
Variance: average of the squares of the variations from the mean of a frequency
distribution. (answer is 486.4)

Standard deviation: square root of the variance. (answer is 22)

Range: measure of the dispersion equal to the difference or interval between the
smallest and the largest of the set of quantities. (answer is 90 or 100-10)
 Approximations

Mean = (Opt + 4*ML + Pes)/6

SD = (Max - Min)/6
 Exercise

Opt ML Pess EMV SDev Vari

Proj. A 100,000 125,000 180,000 130,000 13,000 169,000,000

Proj.B 80,000 100,000 125,000 100,833 7,500 5,625,000

Proj.C 75,000 130,000 180,000 129,167 17,500 306,250,000

 So What?
Normal Distribution
Mean is expected value
Mean = Mode = Median
Standard deviation is a measure of dispersion
about the mean
68.27% of cases occur between Mean + SD and Mean
- SD
95.45% of cases occur between Mean+2SD and Mean-
2SD
99.73% of cases occur between Mean+3sd and Mean-
3SD
 Mean
Blue = 68%
Blue + Green = 95%
Blue + Green
+ Red = 99.7%

34.1% 34.1%

1.1% 13.6% 13.6% 1.1%

- 3SD - 2SD - SD + SD + 2SD + 3SD

Normal Distribution
 Mode Median

Mean

Skewed Normal Distribution

BETA vs. TRIANGULAR DISTRIBUTIONS
BETA TRIANGULAR
DISTRIBUTION DISTRIBUTION

EXPECTED VALUE EXPECTED VALUE

P P
R R
O O
B B
A A
B B
I I
L L
I I
T T
Y Y

COST ESTIMATE COST ESTIMATE

Mean = (a + 4m + b) / 6 Mean = (a + m + b) / 3
2
Variance = [(b - a) / 6] Variance = [(b - a) 2 + (m - a) (m - b)] / 18
Simulation

Simulation uses a representation or model of a

system to analyze the behavior or
performance of the system.
Monte Carlo analysis is best known
results used to quantify risk of various schedule
choices
 Monte Carlo

Requires Optimistic, Most Likely, and

Pessimistic estimates.
Uses random number generator to select which
value to use
Calculates the database multiple times to
develop a probability distribution of the data
Decision Trees
Aggressive schedule EMV = $110,000
Conservative schedule EMV = $7,000
Given the following decision tree: Outcome EMV
250 k 150 k
60%
aggressive Choice
event 40% 100 k 40 k
Choice
event
45 k 9k
Choice 20%
conservative event

80% 20 k 16 k
 UTILITY THEORY
Definition
Endeavors to formalize management’s attitude
toward risk of the decision maker.
Types
Risk Seeking
Risk Neutral
Risk Averse
Expert Judgment

Expert judgment can often be applied in lieu of or in

addition to the mathematical techniques described
above.
Derived from:
team members
others in or outside of organization
published findings
industry averages / statistics
 QUALITY RISK
GOALS OF RISK MANAGEMENT
- INCREASE UNDERSTANDING OF PROJECT
- IMPROVE PLANS, DELIVERY, AND ID GREATEST RISKS
- WHERE TO FOCUS ATTENTION

REMAINING MAJOR PROJECT RISK AREA ...

WHAT IF PROJECT FAILS TO PERFORM AS EXPECTED DURING
OPERATIONAL LIFE / PRODUCT LIFE CYCLE?

CONFORMANCE TO QUALITY REQUIREMENT REMEMBERED LONG

AFTER COST AND SCHEDULE PERFORMANCE.

\ QUALITY MANAGEMENT HAS MOST IMPACT ON LONG-TERM

PERCEIVED & ACTUAL SUCCESS OF PROJECT
 SCHEDULE RISK
CAN MANAGE “CRITICAL PATH” BUT NOT MANAGE DURATION

REASON --> SCHEDULE RISK

HIGHEST RISK PATH = PATH WITH MOST PROJECT COMPLETION RISK

RISK IN ALL ACTIVITY DURATION BECAUSE FUTURE IS UNCERTAIN

LONGEST DURATION ACTIVITY ¹ RISKIEST

THEREFORE, NEED TO ID & MANAGE WHAT COULD CONTRIBUTE TO
PROJECT DELAY -- COULD OVERRIDE MANAGEMENT OF CRITICAL PATH
SCHEDULE RISK (CONT'D)
C
B

FINISH

START
E

A MOST D MEAN
ACTIVITY LOW LIKELY HIGH EXPECTED
A-B 8 9 10 9
B-C 4 5 6 5
C-E 0 0 0 0
B-E 1 6 7 4.7
A-D 4 9 14 9
D-E 1 2 7 3.3
SCHEDULEB RISK (CONT'D)
FINISH

START
E

A D
SUM OF SUM OF SUM OF
PATH MOST LIKELY MEANS HIGHS

A-B-C-E 14 14 16
A-B-E 15 13.7 17
A-D-E 11 12.3 21

MOST RISKY A-B-E A-B-C-E A-D-E

Risk Quantification- Outputs

Opportunities to pursue, threats to respond to

Opportunities to ignore, threats to accept

 Risk Response Development

P rojec t R is k
M anagem ent
11.0

R is k R is k R is k Response R is k Response
Identific ation Q uantific ation D ev elopm ent C ontrol
11.1 11.2 11.3 11.4

Risk response development defines the enhancement steps for

opportunities and responses to threats.
Risk Response Development

Defines steps for

enhancing opportunities
responding to threats
 Types of Responses

Avoidance - eliminate
Mitigation
Reduce EMV by reducing probability
Reduce Impact - buy insurance
Acceptance
Active: develop plan to deal with risk if it occurs
Passive: Accept risk (e.g., lower profit)
 PLANNING ALTERNATIVES

Project Managers have Several Response

Options
Avoidance
Absorption
Adjustment
Deflection
Contingent Planning
A Combination of the Above
 AVOIDANCE

Defined
Characterized by project manager statements
such as: “This alternative is totally
unacceptable to me
You would take the appropriate steps to avoid
this situation.
 ABSORPTION

Risk is Recognized-But Not Acted Upon

Accept the Risk AS IS
It’s a Matter of Policy
Retained & Absorbed (by prudential allowances)
Unrecognized, Unmanaged, or Ignored (by
default)
 ADJUSTMENT
Modification of the Project
Scope
Budget
Schedule
Quality Specification
Combination of the Above
 DEFLECTION

Involves transfer of risk by such means as:

Contracting Out to Another Party
Insurance or Bonding
By Recognizing it in the Contract
 CONTINGENT PLANNING
CONTINGENT PLANNING IS A MEANS TO ADDRESS RISKS TO THE
PROJECT THROUGH A FORMAL PROCESS AND PROVIDE RESOURCES
TO MEET THE RISK EVENTS.
IT IS THE ESTABLISHMENT OF MANAGEMENT PLANS TO BE INVOKED
IN THE EVENT OF SPECIFIED RISK EVENTS

EXAMPLES:
THE PROVISION AND PRUDENT MANAGEMENT OF A
CONTINGENCY ALLOWANCE IN THE BUDGET
THE PREPARATION OF SCHEDULE ALTERNATIVES AND
WORK-AROUNDS
EMERGENCY RESPONSES TO DEAL WITH MAJOR SPECIFIC
AREAS OF RISK
AN ASSESSMENT OF LIABILITIES IN THE EVENT OF A
COMPLETE PROJECT SHUT-DOWN
 Types of Responses

Prevent risk from occurring

Reduce the probability that the event will occur
Eliminate means P=0
Reduce the impact (think “containment”)
Buy insurance (monetary)
Alternative strategies (additional supplier to PDQ)
 CONTRACT STRATEGY

To Select the Right Form of Contract

Requires:
Identification of Specific Risks
Determination of how they should be shared
between the parties, and
The insertion of clear, legal language in the
contract documents to put it into effect.
 CONTRACT TYPE vs. RISK

SCOPE OF WORK
INFORMATION VERY LITTLE PARTIAL COMPLETE

UNCERTAINTY HIGH MODERATE LOW

DEGREE OF
RISK HIGH MEDIUM LOW

100% 0%
SUGGESTED AGENCY (BUYER)
RISK
ALLOCATION
0% SELLER (CONTRACTOR) 100%

CONTRACT CPPF CPIF CPFF FPPI FFP

TYPES
CONTRACT TYPE vs. RISK (CONT'D)
Project A
Well defined scope and work
content. High probability of
P achieving realistic cost
estimate at 100%
R
O
Project B
B Fairly well defined scope
A and work content. Fair
B probability of achieving
100% cost estimate
I
L
Project c
I Poorly defined scope
T and content. Low
Y probability of 100%
cost estimate

80% 90% 95% 100% 110% 120% 140%

COST ESTIMATE VALUE

Suggested types of
+/- 15%: FFP
contract for various
spreads
+/- 25%: CPFF

+/- 50%: CPIF

> 50%: CPPF
 FAST-TRACKING

Awarding contracts before all the information

is complete to reduce the overall time for
the project
Much higher risk category!!
Appropriate contingency allowances must be
increased accordingly.
Risk Response Development -
Inputs

Opportunities to pursue, threats to respond to

Opportunities to ignore, threats to accept

Risk Response Development
Tools and Techniques
Procurement
Buy outside skills
Contingency planning
what to do if the event occurs
containment
Alternative strategies
Prevention
Insurance
Risk Response Development -
Outputs
Risk management plan
Inputs to other processes
Contingency plans
Reserves
Contractual agreements
Risk Response Control

P rojec t R is k
M anagem ent
11.0

R is k R is k R is k Response R is k Response
Identific ation Q uantific ation D ev elopm ent C ontrol
11.1 11.2 11.3 11.4

Risk response control involves responding to changes in risk

over the life of the project.
 PHASE 4:
RISK RESPONSE CONTROL
• EXECUTE THE RISK MANAGEMENT PLAN FROM PHASE #3
-ID, QUANTIFY AND RESPOND TO ANY CHANGES
EXECUTE WORKAROUNDS -- UNPLANNED RESPONSES
TO NEGATIVE EVENTS
-ADDITIONAL RISK RESPONSE DEVELOPMENT
•CURRENT PROJECT DATABASE
-DOCUMENTING ON-GOING RISKS
•BUILD HISTORICAL DATABASES
RELIABLE DATA IS HARD TO FIND! SHOULD CONSIST OF:
-RECORDED RISK EVENTS
-EXPERIENCE ON PAST PROJECTS (SIMILAR IS PREFERRED)

•POST-PROJECT ASSESSMENT AND ARCHIVE UPDATE

 Risk Response Control

Respond to the changes in project risk over the

life of the project
Risk Response Control - Inputs

Risk management plan

Actual risk events
Additional risk identification
Risk Response Control
Tools and Techniques
Workarounds
Unplanned responses to unforeseen risks that
actually occur
Additional risk response development
Revisions to the response, if it proves inadequate
Risk Response Control - Outputs

Corrective action
Implementing the risk management plan when the
risk occurs
Updates to risk management plan
Revisions to the risk management plan as
circumstances require
Risk never materializes
Probability of occurrence is reduced
Risk Documentation
Historical database
Current project database
Post project assessment and archive update
Lessons learned
Plan variances
Actuals
Methods, tools and techniques
Case studies
 SUMMARY
PROJECTS ARE LAUNCHED TO TAKE ADVANTAGE OF OPPORTUNITIES,
BUT OPPORTUNITIES ARE ASSOCIATED WITH UNCERTAINTIES WHICH
HAVE RISKS ATTACHED
RISK CAN NEVER BE 100% ELIMINATED
FOR THE PROJECT TO BE VIABLE, THE EXPECTED VALUE RESULTING
FROM A FAVORABLE PROBABILITY OF GAIN MUST BE HIGHER THAN
THE CONSEQUENCES AND PROBABILITY OF LOSS
THEREFORE, THE RISKS ASSOCIATED WITH A PROJECT MUST RECEIVE
CAREFUL EXAMINATION IN THE CONTEXT OF THE ORGANIZATION'S
WILLINGNESS OR AVERSION TO TAKING RISKS
THIS IS THE DOMAIN OF PROJECT RISK MANAGEMENT, WHICH FORMS
A VITAL AND INTEGRAL PART OF PROJECT MANAGEMENT
When Should Risk Assessments
be Carried Out?

Risk assessments should be carried out

as early as possible and then continuously.
Don’t take the risk if...

the organization cannot afford to lose.

the exposure to the outcome is too great.
the situation (or project) is not worth it.
the odds are not in the project’s favor.
the benefits are not clearly identified.
there appear to be a large number of acceptable
alternatives.
Don’t take the risk if...

the risk does not achieve the project objective.

the expected value from baseline assumptions is
negative.
the data is unorganized, without structure or pattern.
there is not enough data to understand the results.
a contingency plan for recovery is not in place should
the results prove unsatisfactory.