Show
Chapter 11 - Project Risk Management True / False 1. Risks can have both negative and positive effects on meeting project objectives. a. True b. Fals e ANSWER: True RATIONALE: Feedback: Project risk management involves understanding potential problems that might occur on the project and how they might impede project success. However, there are also positive risks or opportunities, which can result in good outcomes for a project. POINTS: 1 DIFFICULTY: Difficulty: Easy REFERENCES : p.468 QUESTION TY PE: True / False HAS VARIABL ES: False LEARNING O BJECTIVES: INFO.SCHW.14.77 - LO: 11-1 NATIONAL ST ANDARDS: United States - BUSPROG: - Comprehension TOPICS: The Importance Of Project Risk Management KEYWORDS: Bloom's: Knowledge DATE CREAT ED: 4/27/2018 3:52 PM DATE MODIFI ED: 6/7/2018 1:04 PM 2. One possible response to managing negative risk it to accept the potential effects from the risk. a. True b. Fals e ANSWER: True RATIONALE: Feedback: There are a number of possible actions that project managers can take to avoid, lessen, change or accept the potential effects of risk on their projects. POINTS: 1 DIFFICULTY: Difficulty: Easy REFERENCES : p.468 QUESTION TY PE: True / False HAS VARIABL ES: False LEARNING O BJECTIVES: INFO.SCHW.14.77 - LO: 11-1 Copyright Cengage Learning. Powered by Cognero.Page 1 Risk management is defined as the art and science of identifying, analyzing, prioritization, management and responding to risk factors throughout the life of a project and in the best interests of its objectives. Table of Contents
Broadly speaking, for the project manager the process of risk management includes asking the following questions:
Project Risk DefinitionThe Project Management Institute defines project risk as “an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.” This definition is important because, unlike in the past when project risk was automatically assumed to lead to negative consequences, it is now recognized as the source of either opportunities or threats. Project risk is based on a simple equation: Event Risk = (Probability of Event)(Consequences of Event) Project managers must acknowledge the possibility that the same risk event may bring several outcomes, with either a positive or detrimental effect on the project. Underlying these definitions is the recognition that many events, both within the organization and outside its control, can affect our best efforts to successfully complete projects. Project Risk Management PrinciplesThe key principles to managing project risks include the following:
Risk Management ProcessThe risk management process is a framework or steps that assists project managers in identifying existing and potential problems, the resources and strategies necessary to reduce their probability and impact, and the ability to quickly and effectively communicate risk information up and down the management chain.
Planning Risk ManagementPlanning risk management involves deciding how to approach and plan risk management activities for the project. The main output of this process is a risk management plan.
A risk management plan documents the procedures for managing risk throughout the project. Project teams should hold several planning meetings early in the project’s life cycle to help develop the risk management plan. Like plans for other knowledge areas, it becomes a subset of the project management plan. It is important to clarify roles and responsibilities, prepare budget and schedule estimates for risk-related work, and identify risk categories for consideration. Table 1 below lists the general topics that a risk management plan should address. It is also important to describe how risk management will be done, including assessment of risk probabilities and impacts as well as the creation of risk-related documentation. The level of detail included in the risk management plan can vary with the needs of the project. In addition to a risk management plan, many projects also include contingency plans, fallback plans, contingency reserves, and management reserves.
Topics addressed in a risk management plan
Risk IdentificationIdentifying risks involves determining which risks are likely to affect a project and documenting the characteristics of each. The main outputs of this process are a risk register, risk report, and project documents updates.
Also, remember that you cannot manage risks if you do not identify them first. By understanding common sources of risks and reviewing a project’s project management plan, project documents, agreements, procurement documents, enterprise environmental factors, and organizational process assets project managers and their teams can identify many potential risks. Remember that risk implies the potential for both positive and negative effects on the project. Common Sources of Risk in ProjectRisks commonly fall into one or more of the following classification clusters:
After understanding the broad categories of risk, you want to anticipate some of the more common forms of risk in projects. The following list, though not inclusive, offers a short set of some of the more common types of risk to which most projects may be exposed:
Suggestions for Identifying RisksThere are several tools and techniques for identifying risks. Project teams often begin this process by reviewing project documentation, recent and historical information related to the organization, and assumptions that might affect the project. Project team members and outside experts often hold meetings to discuss this information and ask important questions about it as they relate to risk. Some common risk identification techniques are explained below: Brainstorming meetings Brainstorming is a technique by which a group attempts to generate ideas or find a solution for a specific problem by amassing ideas spontaneously and without judgment. This approach can help the group create a comprehensive list of risks to address later during qualitative and quantitative risk analysis. To be effective, brainstorming meetings must be free of judgments, criticism of others viewpoints, and pressure to conform. Expert opinion This technique can be used in two alternative ways in assessing project risks. The more quantifiable method, commonly referred to as the Delphi approach, collects and consolidates the judgments of isolated anonymous respondents. For Delphi to be used effectively, some preliminary screening of potential contributors is usually necessary. The collective “wisdom” of the set of experts is then used as the basis for decision-making. The simpler, more intuitive method for using expert judgments is based on the principle that “experience counts.” You simply identify and consult people within the organization who have had similar experiences in running projects in the past or who have been with the firm long enough to have a clear grasp of the mechanics of project risk analysis. History In many cases the best source of information on future risks is history. Has a firm encountered a consistent pattern of problems while pursuing projects over time? What “storm signals,” or events that preceded past problems, have been detected? Experience can be used to identify not only risk factors but their leading indicators as well. The problem with experience is that it is no guarantee of future events. Multiple (or team-based) assessments Using single-case sources to identify project risks is itself a risky proposition because of the potential bias in any one person’s viewpoint. A team-based approach to risk factor identification encourages identification of a more comprehensive set of potential project risks. At the same time, a collaborative approach can help persuade the half-convinced or uncommitted members of the team to support project goals. SWOT analysis SWOT analysis can also be used during risk identification by having project teams focus on the broad perspectives of potential risks for particular projects. Risk RegisterOne important output of risk identification is a list of identified risks and other information needed to begin creating a risk register. A risk register is a document that contains results of various risk management processes; it is often displayed in a table or spreadsheet format. A risk register is a tool for documenting potential risk events and related information. Risk events refer to specific, uncertain events that may occur to the detriment or enhancement of the project. Elements of a risk register include the following:
The Risk ReportAnother important output of identifying risks is a creation of a risk report. Overall project risk is the effect of uncertainty on the project as a whole. Contents of a risk report include sources of overall project risk, important drivers of overall project risk exposure, and summary information on risk events, such as a number of risks, total risk exposure, distribution across risk categories, metrics, and trends. The risk report is developed progressively during the entire risk planning processes. After identifying risks, the next step is to understand which risks are most important by performing qualitative risk analysis. Performing Qualitative Risk AnalysisPerforming qualitative risk analysis involves prioritizing risks based on their probability of occurrence and impact. After identifying risks, project teams can use various tools and techniques to rank risks and update information in the risk register. The main outputs are project documents updates.
Qualitative risk analysis involves assessing the likelihood and impact of identified risks to determine their magnitude and priority. Using the methods described below can greatly improve qualitative risk analysis. Using Probability/Impact Matrixes to Calculate Risk FactorsPeople often describe a risk probability or consequence as being high, medium or moderate, or low. A project manager can chart the probability and impact of risks on a probability/ impact matrix or chart, which lists the relative probability of a risk occurring and the relative impact of the risk occurring. Many project teams would benefit from using this simple technique to help them identify risks that need attention. To use this approach, project stakeholders list the risks they think might occur on their projects. They then label a risk as having a high, medium, or low probability of occurrence and a high, medium, or low impact if it does occur.
Top Ten Risk Item TrackingTop Ten Risk Item Tracking is a qualitative risk analysis tool. In addition to identifying risks, it maintains an awareness of risks throughout the life of a project by helping to monitor risks. Using this tool involves establishing a periodic review of the project’s most significant risk items with management; similar reviews can also occur with the customer. The review begins with a summary of the status of the top ten sources of risk on the project. The summary includes each item’s current ranking, previous ranking, the number of times it appears on the list over a period of time, and a summary of progress made in resolving the risk item since the previous review. Table 2 provides an example of a Top Ten Risk Item Tracking chart that could be used at a management review meeting for a project. For sake of example, we have just taken only the 5 risk lists.
A risk management review accomplishes several objectives
The main output of qualitative risk analysis is updating the risk register. The ranking column of the risk register should be filled in, along with a numeric value or rating of high, medium, or low for the probability and impact of the risk event. Performing Quantitative Risk AnalysisPerforming quantitative risk analysis involves numerically estimating the effects of risks on project objectives. The main outputs of this process are project documents updates.
Quantitative risk analysis often follows qualitative risk analysis, yet both processes can be done together or separately. On some projects, the team may only perform qualitative risk analysis. The nature of the project and availability of time and money affect which risk analysis techniques are used. Large, complex projects involving leading-edge technologies often require extensive quantitative risk analysis. Decision Trees and Expected Monetary ValueA decision tree is a diagramming analysis technique used to help select the best course of action when future outcomes are uncertain. A common application of decision tree analysis involves calculating expected monetary value. Expected monetary value (EMV) is the product of a risk event probability and the risk event’s monetary value. To create a decision tree, and to calculate expected monetary value specifically, you must estimate the probabilities or chances of certain events occurring. SimulationA more sophisticated technique for quantitative risk analysis is a simulation, which uses a representation or model of a system to analyze its expected behavior or performance. Most simulations are based on some form of Monte Carlo analysis. Monte Carlo analysis can predict the probability of finishing by a certain date or the probability that the cost will be equal to or less than a certain value. Sensitivity AnalysisMany people are familiar with using sensitivity analysis to see the effects of changing one or more variables on an outcome. For example, many people perform a sensitivity analysis to determine their monthly payments for a loan given different interest rates or periods of the loan. Many professionals use sensitivity analysis to help make several common business decisions, such as determining break-even points based on different assumptions. Planning Risk ResponsesPlanning risk responses involves taking steps to enhance opportunities and reduce threats to meeting project objectives. Using outputs from the preceding risk management processes, project teams can develop risk response strategies that often result in change requests, updates to the project management plan and project documents.
Developing a response to risks involves developing options and defining strategies for reducing negative risks and enhancing positive risks. Response Strategies for Negative RisksThe five basic response strategies for negative risks are as follows:
Response Strategies for Positive RisksThe five basic response strategies for positive risks are as follows:
Implementing Risk ResponsesImplementing risk responses, just as it sounds, involves implementing the risk response plans. Outputs include change requests and project documents updates.
The main executing process performed as part of project risk management is implementing risk responses as defined in the process to plan risk responses. Key outputs include change requests and project documents updates (i.e. issue log, lessons-learned register, project team assignments, risk register, and risk report). Monitoring RiskMonitoring risk involves monitoring identified and residual risks, identifying new risks, carrying out risk response plans, and evaluating the effectiveness of risk strategies throughout the life of the project. The main outputs of this process include work performance information, change requests, and updates to the project management plan, project documents, and organizational process assets.
Carrying out individual risk management plans involves monitoring risks based on defined milestones and making decisions regarding risks and their response strategies. Using Software to Assist in Project Risk Managementyou can use a variety of software tools to enhance various risk management processes. Most organizations use software to create, update, and distribute information in their risk registers. The risk register is often a simple Microsoft Word or Excel file, but it can also be part of a more sophisticated database. Spreadsheets can aid in tracking and quantifying risks, preparing charts and graphs, and performing sensitivity analysis. Software can be used to create decision trees and estimate expected monetary value. More sophisticated risk management software, such as Monte Carlo simulation software, can help you develop models and use simulations to analyze and respond to various risks. Several high-end project management tools include simulation capabilities. Several software packages have also been created specifically for project risk management. Although it has become easier to do sophisticated risk analysis with new software tools, project teams must be careful not to rely too heavily on software when performing project risk management. Which process involves determining what risks are likely to affect a project?Risk identification involves determining which risks might affect the project and documenting their characteristics. Risk identification is an ongoing process and should be performed throughout the project.
Which risks are direct results of implementing risk responses?3 Secondary risks. Risks that arise as a direct result of implementing a risk response are termed secondary risks.
Which diagramming technique is used to help select the best course of action in situations where future outcomes are uncertain?
What process involves deciding how do you approach and plan the risk management?The PMI PMBOK defines risk management planning as the process of deciding how to approach, plan, and execute risk management activities for a project.
|