Project Management

Risk Management Process Uncertain or chance events that planning can not overcome or control.

Risk Management Process A proactive attempt to recognize and manage internal events and external threats that affect the likelihood of a project’s success.

Risk Management Process What can go wrong (risk event). How to minimize the risk event’s impact (consequences).

Risk Management Process What can be done before an event occurs (anticipation). What to do when an event occurs (contingency plans).

The Risk Event Graph

Risk Categorization Known risks Those risks that can be uncovered after careful evaluation of the project plan, the business and technical environment in which the project is being developed, and other reliable information sources (e.g., unrealistic delivery date) Predictable risks Those risks that are extrapolated from past project experience (e.g., past turnover) Unpredictable risks Those risks that can and do occur, but are extremely difficult to identify in advance

Reactive vs. Proactive Risk Strategies Reactive risk strategies "Don't worry, I'll think of something" The majority of software teams and managers rely on this approach Nothing is done about risks until something goes wrong The team then flies into action in an attempt to correct the problem rapidly (fire fighting) Crisis management is the choice of management techniques

Reactive vs. Proactive Risk Strategies Steps for risk management are followed (see next slide) Primary objective is to avoid risk and to have a contingency plan in place to handle unavoidable risks in a controlled and effective manner

Mitigating a risk refers to taking action to either reduce the likelihood that a risk (bad event) will happen and/or reduce the impact the risk has on the project. Contingency planning is developing a response if the risk occurs. Mitigating is preventive while contingency is reactive.

Risk Management’s Benefits A proactive rather than reactive approach. Reduces surprises and negative consequences. Prepares the project manager to take advantage of appropriate risks. Provides better control over the future. Improves chances of reaching project performance objectives within budget and on time.

The Risk Management Process

Managing Risk Step 1: Risk Identification Generate a list of possible risks through brainstorming, problem identification and risk profiling. Macro risks first, then specific events

Managing Risk Step 2: Risk assessment Scenario analysis Risk assessment matrix Probability analysis NPV

Assess Probability & Impact Weighted Value Probability of Occurrence Benefit of Opportunity

Risk Assessment Form

Managing Risk (cont’d) Step 3: Risk Response Development Mitigating Risk (2-strategies) Reducing the likelihood an adverse event will occur. Reducing impact of adverse event. e.g. prototype e.g. two suppliers Transferring Risk Paying a premium to pass the risk to another party. Mitigate means to make less severe

Managing Risk (cont’d) Step 3: Risk Response Development Avoiding Risk Changing the project plan to eliminate some of the risk or condition. e.g. selection of supplier Sharing Risk Allocating risk to different parties e.g. Research and development two institutions Mitigate means to make less severe

Managing Risk (cont’d) Step 3: Risk Response Development Retaining Risk Making a conscious decision to accept the risk. e.g. earthquake Mitigate means to make less severe

Contingency Planning Contingency Plan An alternative plan that will be used if a possible foreseen risk event actually occurs. A plan of actions that will reduce or mitigate the negative impact (consequences) of a risk event.

Contingency Planning Risks of Not Having a Contingency Plan Having no plan may slow managerial response. Decisions made under pressure can be potentially dangerous and costly.

Risk Response Matrix

Exercise

A Risk Monitoring and Control B Risk Identification C Risk Avoidance 1. Project Risk Management includes all of the following processes except: A Risk Monitoring and Control B Risk Identification C Risk Avoidance D Risk Response Planning E Risk Management Planning C

2. A risk response which involves eliminating a threat is called: A Mitigation B Deflection C Avoidance D Transfer E b and d C

3. Deflection or transfer of a risk to another party is part of which of the following risk response categories? A Mitigation B Acceptance C Avoidance D Analysis A

7. The one document that should always be used to help identify risk is the: A Risk Management Plan B WBS C Scope Statement D Project Charter E Contingency Plan B

8. Risks are accepted when: A You develop a contingency plan to execute should the risk event occur B You accept the consequences of the risk C You transfer the risk to another party D You reduce the probability of the risk event occurring E a and b E

9. By using Project Risk Management techniques project managers can develop strategies that do all but which of the following: A Significantly reduce project risks B Eliminate project risks C Provide a rational basis for better decision making D Identifying risks, their impact(s), and any appropriate responses E None of the above B