| HOME Software Testing Data Mining and Warehousing |
|
Project Risk Management helps project managers to achieve specified project goals by avoiding, reducing, or eliminating problems that can delay the project or otherwise cause unexpected and unplanned project losses. Some industries and organizations also align project opportunity assessments with the project risk management effort. That is not specifically prescribed by this practice area, simply because we will focus on discovery and management of potential adverse impacts. Project opportunities certainly can be addressed in the preparation of adjunct plans for each project if that is an activity desired by the relevant organization. The Project Work Plan is often not considered finalized until it undergoes a risk assessment and until risk response strategies have been developed for each risk event identified in the work plan. To that end, any other project guiding plans and documents might warrant a similar risk examination. In addition, business risk is also examined and man aged throughout the project, particularly during the Profile Phase, and that type of risk management will be briefly covered in this practice area. The extent and frequency of risk management throughout the project is normally addressed in a project risk management plan. There are three practices associated with Project Risk Management:
Each of these practices is presented in the following sections of this section. Risk AssessmentThe risk assessment activity involves looking at business activities and project work elements to identify any conditions or potential events that could hinder or otherwise adversely impact project performance and the successful outcome of the project. Project risk assessment should be performed initially during planning and then at relevant intervals throughout the project to ascertain potential project risk impacts, with the intent to either remove the risk threat or to plan actions that reduce the impact in the event of risk event occurrence. Conceptually ... This practice provides the project manager, project team, and various stakeholders with a method to identify and analyze potential adverse impacts on the project effort. The purpose of this practice is to provide the project manager and risk managers associated with the project team with guidance for conducting an adequate examination of project and business risk within the organization to enable the project to be successfully completed. Risk Assessment activities are normally accomplished during Project Planning (Plan Phase). However, risk is also examined in conjunction with Business Plan Development during Project Initiation (Profile Phase) and throughout the project as risk indicators and triggers are encountered. Risk assessment is characterized by three primary activities:
These activities are described in this practice immediately following the presentation of a few fundamental concepts that are important to the risk assessment process. Risk Components: Risk is characterized by the identification of three fundamental components:
Understanding these components is important for effective risk assessment. In particular, it should be noted that a risk event is a future potential event that has not yet happened and may or may not happen in the future. It’s an uncertain event that warrants the examination of probability of occurrence. If a risk event has a probability of 100% that it will occur, then that event or condition is a certainty, and therefore not a risk. It should likely be treated as a project constraint would, or as some other means available to the project manager. During risk assessment, project team members must also be careful to differentiate between describing a risk event and describing the cause of a risk event. The risk event indicates what will happen to adversely impact the project; the risk cause is the aspect to be managed to reduce or eliminate the occurrence of the risk event. Risk Assessment Perspectives Risk management is often performed by the project team, some risk specialists, or another set of project stakeholders. All participants bring their own perspectives on risk to the examination of project risk. The following risk management perspectives, as may be held by individuals and relevant groups, will influence the project risk assessment: Risks are situational Similar risk events may show some variation in their probability and impact as they are observed across different projects. A seemingly similar risk event may have significantly different causes and impacts on different projects. The experience each team member brings to the table will have influence on his or her perspective of the cause and impact of a risk event. Risks are interdependent Risk events can be related, particularly when the cause of one risk event contributes to creating another on the project. Similarly, action taken in response to a risk event could subsequently create a new one or modify the impact or probability of an existing risk event. Risks are magnitude dependent Project, technical, and business risks can be accepted or rejected based on the consideration of what might be achieved or gained. Therefore, higher levels of risk become more acceptable when a greater benefit can be achieved. This perspective is normally a factor of individual and organizational value systems. Risks are value based Risk assessments are influenced by the organizational culture and the perspectives of individual executives and managers. The risk acceptance level varies from person to person. Both personal values and organizational culture will affect the level of risk that will be accepted. Risks are time based Risk is a future event created by actions that are occurring today. The perception of the risk event, its importance, its probability, and its impact depend on how long into the future the risk event is expected to occur. Risk Assessment Techniques The team responsible can select from among several methods that will facilitate risk assessment. The following are some techniques that can be used for conducting risk assessments: Checklists--A checklist of prescribed risk examination areas can be created to facilitate risk identification. A simple checklist is contained in the accompanying methodology toolkit for both business and project risk examination, and checklist items are further described later in this practice. Users may wish to expand on these checklists or create their own for greater alignment with business or industry interests. The check list should prompt examination and discussion of the source by participating team members and thereby allow them to identify the cause of potential risk on the project. Delphi Technique--This technique facilitates information gathering as a group process. The effort begins with the preparation of individual input by expert or experienced participants, with limited or no interaction with other members of the group. It then evolves into a finalization of results as follows: A group of people having expertise or experience in risk identification is identified. Individuals are surveyed, and they prepare personal comments (opinions) on specific areas of concern, along with relevant reasons for those opinions. All individuals are shown the aggregated opinions of all the participants surveyed as subsequently reduced to standard or common statements. Participants then reevaluate the aggregated opinions and further substantiate them or change those opinions that cannot be substantiated. This process of participant feedback is iterative and continues until there are no further changes in the aggregate opinion. The participants' final opinions are used to compute a set of median values to represent the expert group opinion. Brainstorming --This technique is an interactive group process as per the following steps: A group (e.g., the project team) is convened to examine risks. Each participant provides a personal perspective on and input into potential risks for the project at hand. Participants are encouraged to generate new ideas or to expand on those of other team members. A member of the team is designated to record all ideas. All ideas are captured; no ideas are evaluated or discarded at this time. When all participant input has been received, the group examines each item on the list and discusses the merits of each idea. Some ideas concerning risks may be eliminated, while the remaining ideas are consolidated and categorized. The resulting categorized risk list represents the group's risk identification list. Nominal Group Technique --This technique is a group risk identification process with the following steps: A group (e.g., the project team) is convened to examine risks. All team members write down what they see as major risks, and this is done without verbal communication among team members. All team members successively read one risk they have identified on their list, and each item is recorded on a board or chart in front for everyone in the group to see. Risk item identification continues until all the individual lists are exhausted. All team members then individually rate and categorize the risks. The individual results are then tabulated as the group's output. Analogy Technique --This technique is based on the assumption that no project represents a totally new system. The project work elements (work packages) that have been done before provide historical data for the current examination. The technique is performed as follows: The type of project activity (e.g., risk assessment) to be accomplished is reviewed. Similar projects or similar work from previous projects are identified. Information from previous projects that the team deems relevant is then collected. The work elements of the current project are examined relative to results and outcomes from similar previous projects, and any potential risks are identified. While the aforementioned methods are specified as risk assessment techniques, it can be seen that these techniques can be used in other areas of group discussion and deliberation as well. The key is to set the frame of reference for participants toward their deliberation objectives. Risk Identification Risk identification is a project team activity that should occur throughout the project management life cycle, but particularly during:
During the project, individual team members also hold inherent responsibility for identifying new risks within their project areas. Business Risk Examinations The risk management process actually begins with an initial risk assessment performed during the project Profile Phase in conjunction with new project opportunity identification. This higher-level risk examination is performed as the project is qualified, and in association with business plan preparation. Often, only limited information is known about specific project work during this initial project management phase, so the assessment is inherently focused on contractual and business risks in addition to a preliminary look at project work performance risks. The results of this assessment contribute to Business Case Development, which is used in the project selection process. To that end, this is called the business risk assessment. Business risk assessment is used to identify and eliminate questionable or marginally valued projects based on risk before incurring extensive proposal, planning, and performance costs. It includes an examination of the following potential areas of risk associated with the project under consideration: Marketplace Risk --Examine the status of the organization in the competitive marketplace, determine how well it’s responding to the pressures and demands of the marketplace, and identify areas of the business that are susceptible to marketplace risk.
Financial Risk --Examine financial indicators relative to the nature of the business and the influence of the project on that business; determine any financial areas that could be affected and that could create a business risk during project performance.
Legal Risk --Examine project requirements and planned project performance for any legal issues that could create some level of business risk.
Technology-Based Risk --Examine the nature of pending project work for areas in which the use (or lack of use) of certain types of technology or technical capability will present the potential for risk.
Customer-Based Risk --Examine the customer's profile and previous work history, the current state of customer business operations, and the indications of intent to fulfill the project to identify any areas of business risk that could emanate from the customer.
Once these elements have been examined, employ the following procedures for conducting the risk analysis and prioritization, as well as subsequent guidance for developing risk response strategies for identified business risks. Project Risk Examinations Project risk identification relies prominently on an examination of the project's WBS, which ensures that risk events associated with project performance are considered. The process requires an examination of each WBS work element to identify associated risks. If a large number of work packages are found to prohibit such a detailed examination, then the project manager may opt to perform risk identification at a higher level in the WBS. In addition to the WBS, other facets of the project and project management can also be examined. This would include various internal and external risk factors, which can be addressed using the following checklist. During risk examination, as per use of any of the techniques described earlier in this practice, project risks should simply be listed, and no immediate judgments should be made regarding their validity. Risk identification is intended only to compile a preliminary list of project risks. Project risk assessment is used to identify and eliminate potential adverse impacts on project performance. It requires an examination of the following potential areas of risk associated with the project under consideration: Customer --Examine the customer-related factor s that can influence project outcomes or affect project performance.
Project Team --Examine the project-team-related factors (forming, developing, and managing the project team) that can affect project work.
Project Management--Examine the project management factors that will influence project performance.
Vendor Management --Examine the vendor- or con tractor-related factors that will contribute to project performance.
Internal Influences --Examine the internal factors that will affect project performance.
External Influences --Examine the external factors that will affect project performance.
Compile Project Risks: Once the project team identifies all risks, then it can examine the validity of each. Risk conditions are confirmed, risk redundancies are removed, and insignificant risks are eliminated. This review and compilation should help the team construct a risk list of manageable size. Furthermore, risk categorization may be advisable, as it will be helpful later in the assessment process when risk response strategies are developed. Risk Analysis Risk analysis involves examining previously identified risks to determine indicators of possible effects on project performance or project outcome, so this effort is primarily concerned with determining which risk events warrant a response. Specifically, each risk is analyzed to determine the probability of its occurrence, the impact expected if it occurs, and the overall or combined risk of those two factors. Simply stated, the steps for performing a detailed project risk analysis include the following: Establish a risk analysis method. -Determine project risk probability. -Determine project risk impact. -Calculate overall project risk impact. ? These steps are described further in the following subsections. Establish a Risk Analysis Method A standard method for analyzing risk should be established for use by all project team members. The following are three common, albeit simpler, approaches that can be used: Quantitative Method --Quantitative methods are used when each risk event can be assigned a numerical indication of value. E.g., probability would be expressed as a percentage (e.g., a 50% chance of occurrence). Impact is often expressed in monetary or financial terms (e.g., an added cost of $20K, or in terms of days, weeks, or months for schedule impacts). In some cases, organizations or industries will acquire or develop and apply other metrics to such a quantitative analysis. Qualitative Method --Qualitative methods are used when risks become too difficult or too time consuming to quantify. For qualitative analysis, criteria is established for the analysis, and this is often simplified by using terms such as "high," "moderate," and "low" to describe either probability or impact. In qualitative analysis, the specific metrics and measurements needed to make a quantitative determination are not available; therefore, a more subjective scale is used (e.g., a moderate probability that this risk event will happen, and, if it happens, it will have a high impact). This method also provides for easy comprehension by most analysis team members who may have uncertain risk analysis skills. Narrative Method --Narrative methods are more descriptive than analytical. In general, this method is used to simply describe events that may preclude project activities from being fulfilled, or it identifies the risk source or the cause of risk. Quantitative values should be assigned only when there is a reasonable degree of certainty or confidence in the validity of those metrics. Assigning quantitative values to risk events whose probability and impact are largely unpredictable could convey a false sense of accuracy and reliability, and that would be misleading. If quantitative analysis is not possible, qualitative or narrative methods should be used. Determine Project Risk Probability Risk probability provides an indication of the likelihood of the occurrence of a risk event. The project team should examine each risk independently to determine the probability of risk occurrence. This step can be performed separately, or concurrently with determining the impact. Whenever possible, the team should try to quantify the probability. Risk events can be examined and their probabilities determined using methods prescribed by the organization or the project manager. This effort can be advanced through a variety of means: Risk analysis/assessment software applications -Risk models that provide quantitative output -Risk experts who lend knowledge and experience to -the analysis Risk metrics that are developed internally or are industry based Risk management experience of the project manager -and project team Risk probability is preferably expressed in quantitative terms, and that would provide for it to be expressed as a percentage value. When there is insufficient information or insufficient means to produce a numeric probability, qualitative methods can be used. Simple qualitative methods provide indications of risk probability in terms of high, moderate, or low likelihood of occurrence, which is based on the subjective assessment of the participating team. Determine Project Risk Impact The impact of a risk event is a value that indicates the gain or loss that will be encountered if the risk event occurs. The project team should review each risk independently to deter mine its impact value. The risk impact could involve cost, schedule, and resource utilization as well as factors affecting project performance and outcomes. Again, the accuracy of quantitative impact analysis methods is preferred if a sufficient means to do so is available. E.g., if a risk event that occurs causes an additional cost of $40K, then $40,000 is the impact of that risk. Similarly, if the risk event causes a schedule delay of one week, then a one-week project delay is the impact of that risk. However, qualitative methods can also be used to simply assess risk impact in terms of high, moderate, or low values, based on a subjective assessment of the participating team. Calculate Overall Project Risk Impact Overall project risk impact is calculated by combining the risk probability and the risk impact of a risk event. The overall risk rating is generally represented by the following formula: Probability × Impact = Overall Risk Impact This calculation is fairly straightforward if the quantitative method is used to determine the risk probability and risk impact. The impact (in dollars or duration) is multiplied by the probability factor (i.e., 1-99%). In addition, the organization may wish to introduce a risk weight factor to show the degree of importance that can be applied for additional quantification of the risk event. This added risk weight factor (e.g., normally a value from 1 to 10) is represented in the following formula: Probability × Impact × Weight Factor = Overall Risk Impact Using this formula, the analysis can include special consideration for types or categories of risk by assigning certain weighted values to the risk event. If the qualitative method of analysis is used, then an additional layer of subjective evaluation is added to the process. However, that still provides value if care is taken when combining the probability and impact values. Here, evaluators will combine risk probability values such as high, moderate, and low with risk impact values of high, moderate, and low to arrive at a relevant overall project risk impact value. Values of "high" and "high" would obviously give an overall impact value of "high," as "low" and "low" combinations would provide an overall impact of "low." Analysts will need to examine each risk event carefully when calculating the overall risk impact for other combinations of high, moderate, and low. Risk Prioritization Project risk identification can result in a long list of risk events even for so-called smaller or medium-size projects. It’s not always possible to track and manage every risk event at the relative expense that could be incurred in terms of cost and time. Therefore, risk prioritization is applied to identify the most significant project and business risks. These would include risks having the potential for the greatest or most severe impact on the project if the risk events were to occur. Risk prioritization means determining which risks should be managed immediately through preparation of a response strategy and inclusion in a formal tracking process. This ensures that risks having the greatest potential impacts are monitored and managed. While most risks should be monitored, those with higher probabilities and impacts will usually require the most concerted attention of the project manager and project team. Also, lower probability and impact risk events should still be tracked and monitored because their probability and impact could change as the project progresses. An initially low probability and impact risk event could ultimately become one with high impact. The result of risk prioritization is a list of identified risk events that can be examined at regular intervals during the project according to the assigned priority. |
| Top of Page | More PM Articles | Prev.: | Next: Prepare a Risk Response Strategy | Info-Source.us |