Accuracy, quality, reliability and integrity of data. â. Risk Categorization: By sources of risk. Where is this risk c
Project Risk Management August 6, 2013 August 6, 2013
1 Copyright Copyright © 2010 Infogain All rights reserved. © 2010 Corporation. Infogain Corporation. All rights reserved.
Project Risk Management
Contents ● Introduction to Project Risk Management ● Plan Risk Management ● Identify Risks ● Perform Qualitative Risk Analysis
● Perform Quantitative Risk Analysis ● Plan Risk Response ● Monitoring and Control Risks
August 6, 2013
2 Copyright © 2010 Infogain Corporation. All rights reserved. 8/6/2013
2
Project Risk Management
Processes –
● Plan Risk Management
● Identify Risks ● Perform Qualitative Risk Analysis ● Perform Quantitative Risk Analysis ● Plan Risk Response
● Monitoring and Control Risks
August 6, 2013
3 Copyright © 2010 Infogain Corporation. All rights reserved. 8/6/2013
3
What is Risk? Project Risk Management –
●
● ●
●
● ●
A risk is an uncertain event or condition that, if occurs, has a positive or negative effect on a project’s objectives “If occurs” implies a probability of less than 100% A Risk must also have a probability above 0%. It must be a chance to happen or it is not a Risk If probability is 100%, it is an issue How is Risk Measured? These effects are measured by their impacts on the project. ■ ■
Positive Impact – Opportunity Negative Impact – Threat
August 6, 2013
4 Copyright © 2010 Infogain Corporation. All rights reserved.
4
Risk Origin, Impact
Risk has its origin in the uncertainty that is present in all projects Risk has a cause & if it occurs, a consequence. There can be more than one cause & more than one consequence For successful project execution, risks should be addressed proactively and consistently throughout the project
August 6, 2013
5 Copyright © 2010 Infogain Corporation. All rights reserved.
5
Question?
Risk Management should be done: A. As soon as you meet the client for discussions on the project B. As the start of the project C. At the start of each project phase D. On a regular basis throughout the project
August 6, 2013
6 Copyright © 2010 Infogain Corporation. All rights reserved.
….
6
Risk Factors
Risk Event
Risk probability
A discrete (distinct) occurrence that may affect the project for better or for worse How likely the event is to occur Chances that the event will occur
Risk Impact
Outcome or consequence or amount at Stake The extent of loss or gain that could result
August 6, 2013
7 Copyright © 2010 Infogain Corporation. All rights reserved.
7
Risk Terms
Risk Urgency
Risk Tolerances and Thresholds
Every organization/ stakeholder/ customer/ project team has tolerance level towards risk. Tolerances are the areas of risk that are acceptable or unacceptable Amount of Risk that is acceptable is called “Threshold” Risk response is based on the accepted threshold levels
Risk Averse
How soon should the risk be responded to
Someone who does not want to take risks
Risk Symptoms
Events which give warning signals that risks are likely to occur
August 6, 2013
8 Copyright © 2010 Infogain Corporation. All rights reserved.
8
Question ?
Risk thresholds: A. Provide a mathematical technique that can be used to create a false impression of precision and reliability B. Are important because different organizations and different individuals have the same thresholds for risks C. Are important because the level of risk that is acceptable to the organization will influence risk response planning D. Are the same for all stakeholders
August 6, 2013
9 Copyright © 2010 Infogain Corporation. All rights reserved.
…
9
Risk Types Business risks vs. Pure (Insurable) risks
Business risks: Risks that carry opportunity for both gain and loss. Ones that are due to the being in business Pure (Insurable) risks: Risks that present only an opportunity for loss. Ex: Theft, Fire, Direct property damage, legal liability etc.
External vs. Internal Risks
External risks – things that are beyond the control or influence of the project team like regulatory, environmental, governmental, market shift etc. Internal risks – things that the project team can control or influence like time, scope, cost changes, poor planning etc.
August 6, 2013
10 Copyright © 2010 Infogain Corporation. All rights reserved.
10
Question ?
Projects are particularly susceptible to risk because: a. Murphy’s law states that “If something can go wrong, it will” b. Each project is unique in some manner c. Project management tools are generally unavailable at the project team level d. There are never enough resources to do the job
August 6, 2013
11 Copyright © 2010 Infogain Corporation. All rights reserved.
..
11
Project Risk Management Project Risk Management includes the processes concerned with conducting risk management planning, identification, analysis, responses, and monitoring and control on a project Objective
To increase the probability and impact of positive events or “Opportunities” & To decrease the probability and impact of negative events or “Threats” to the project
Most of these processes are updated throughout the project Known risks can be identified, analyzed and planned for. Unknown risks cannot be managed
Risks Can never be eliminated
August 6, 2013
12 Copyright © 2010 Infogain Corporation. All rights reserved.
12
Risk Lifecycle
Risks varies throughout the project life cycle Risk probability is high in early phases and decreases as work is accomplished Amount at stake (impact) is low in the early phases and increases as the work is accomplished Risk Management is a continuous process throughout the project lifecycle
August 6, 2013
13 Copyright © 2010 Infogain Corporation. All rights reserved.
13
Risk Management Process Includes the following six sequential processes: Risk Management Planning Risk Identification Qualitative Risk Analysis Quantitative Risk Analysis Risk Response Planning Risk Monitoring and Control
August 6, 2013
14 Copyright © 2010 Infogain Corporation. All rights reserved.
14
Plan Risk Management August 6, 2013
15 Copyright © 2010 Infogain Corporation. All rights reserved. 15
Plan Risk Management
Deciding how to approach, plan, and execute the risk management activities for a project Should involve - Project Manager, Project Team, Customer, other key Stakeholders and Experts as needed Risk Management Efforts should be: appropriate to the size and complexity of the project Experience and skill level of project team The Risk Management Planning process should be completed early during project planning, since it is crucial to successfully performing the other processes PMBOK: Planning of risk management processes is important to ensure that the level, type, and visibility of risk management are commensurate with both the risk and importance of the project to the organization, to provide sufficient resources and time for risk management activities, and to establish an agreed-upon basis for evaluating risks August 6, 2013
16 Copyright © 2010 Infogain Corporation. All rights reserved.
16
Plan Risk Management Inputs
Enterprise Environmental Factors
Organizational Process Assets
Organization Risk tolerance People involved in the project Organizations pre-defined approach for Risk categories, common definitions of concepts & terms, standard templates, roles & responsibilities & authority levels for decision making
Project Scope Statement Cost Management Plan Schedule Management Plan Communications Management Plan
August 6, 2013
17 Copyright © 2010 Infogain Corporation. All rights reserved.
17
Plan Risk Management Tool & Techniques
Planning Meeting and Analysis Brian Storming sessions Attendees are the PM, Leadership Team, Key Stakeholders, Organization level risk management experts Basic plans for conducting the Risk Management activities are defined in these meetings Outputs of the activities are summarized in Risk Management Plan
August 6, 2013
18 Copyright © 2010 Infogain Corporation. All rights reserved.
18
Plan Risk Management Outputs
Risk Management Plan Subset of Project Management Plan Describes how Risk Management will be structured and performed on the project RMP may includes the following: Methodology: How will risk management be performed Roles & Responsibilities: Who will do what? Budgeting: Includes cost for risk management process Timing: When and how often risk management will be performed during project life cycle Risk Categories: External, Internal, Technical, Unforeseeable Organizations can use standard lists of risk categories that projects can use to identify risks Risk Breakdown Structure (RBS) may be prepared Revisit risk categories during risk identification process August 6, 2013
19 Copyright © 2010 Infogain Corporation. All rights reserved.
19
Plan Risk Management
August 6, 2013
20 Copyright © 2010 Infogain Corporation. All rights reserved.
20
Plan Risk Management
Definition of Risk Probability and Impact: To define different levels of risk probability and impact Probability and Impact (PI) Matrix: The objective is to prioritize risks. Standard approach is to use a probability and impact matrix.
August 6, 2013
21 Copyright © 2010 Infogain Corporation. All rights reserved.
21
Plan Risk Management
Revised stakeholders’ tolerances: Stakeholders’ tolerances may be revised in the Risk Management Planning process, as they apply to the specific project Reporting formats: Describes the content and format of the risk register as well as any other risk reports required Defines how the outcomes of the risk management processes will be documented, analyzed, and communicated Tracking: How risk process will be audited Documenting what happens with risk management activities
August 6, 2013
22 Copyright © 2010 Infogain Corporation. All rights reserved.
22
Question ?
The major processes of risk management are: a. Planning, Identification, documentation and assessment b. Identification, planning, evaluation, response, development, mitigation and documentation c. Identification response development, assessment and documentation d. Planning, Identification, qualitative analysis, quantitative analysis, response planning and monitoring & control
August 6, 2013
23 Copyright © 2010 Infogain Corporation. All rights reserved.
.…
23
Identify Risk August 6, 2013
24 Copyright © 2010 Infogain Corporation. All rights reserved. 24
Identify Risks
•
Determination of risk events that are likely to affect the project and documenting their characteristics Involves Project Manager, Project team, Stakeholders, SME’s, Organization risk management experts as needed Process involves: Identifying potential sources of risk (or risk categories) Possible risk events Risk symptoms PMI: Risk Identification should be accomplished at the outset/onset of the project and then updated regularly throughout the project life cycle Risk Identification is an Iterative process
August 6, 2013
25 Copyright © 2010 Infogain Corporation. All rights reserved.
25
Identify Risks
Inputs
Risk Management Plan Activity Cost Estimates Activity Duration Estimates Scope Baseline Stakeholder Register Cost Management Plan Schedule Management Plan Quality management Plan Project Documents Enterprise Environmental Factors Organizational Process Assets
August 6, 2013
26 Copyright © 2010 Infogain Corporation. All rights reserved.
26
Risk Identification
Tools and Techniques
Documentation Reviews
Structured review of project documentation, including plans, assumptions, prior project files, and other information. The quality of the plans, as well as consistency between those plans and with the project requirements and assumptions, can be indicators of risk in the project (PMBOK)
Information Gathering Techniques
Brainstorming: Most frequently used; to obtain a comprehensive list of project risks. Usually done in a meeting Delphi Method: Gathering opinions and building a consensus of experts who participate anonymously. Request for information is sent to experts, their responses are compiled and results sent back for further review unless consensus is reached.
August 6, 2013
27 Copyright © 2010 Infogain Corporation. All rights reserved.
27
Risk Identification
Tools and Techniques
Information gathering techniques: Main sources of risk identification data gathering. Interviewing experienced project participants, stakeholders, and subject matter experts can identify risks. Documentation reviews SWOT analysis: To increase the breadth of risks considered by examining the project from each of the SWOT perspective Strengths – Build On Weakness – Eliminate or Reduce Opportunities – Exploit Threats - Mitigate Checklists: Risk identification checklists can be developed based on historical information and knowledge that has been accumulated from previous similar projects
August 6, 2013
28 Copyright © 2010 Infogain Corporation. All rights reserved.
28
Risk Identification
Tools and Techniques
Assumption Analysis: Explores the validity of assumptions as they apply to the project. It identifies risks to project because of inaccuracy, inconsistency and incompleteness of assumptions. Expert Judgments. Diagramming Techniques (details covered in the quality chapter) Cause-and-effect (fishbone/Ishikawa) diagrams: Used in identifying risk cause. System or Process flowcharts: Allows one to examine and understand relationships/dependencies in a process or the project which in turn helps in additional risks identification. Influence diagrams: These are graphical representations of situations showing causal influences, time ordering of events, and other relationships among variables and outcomes (PMBOK).W August 6, 2013
29 Copyright © 2010 Infogain Corporation. All rights reserved.
29
Identify Risks
Output
Risk Register: Most of the risk information is detailed in risk register. Includes: 1. List of risks, 2. List of potential responses, 3. Root causes of risk, 4. Updated risk categories
Project / Engagement / Function Name:
XXX
Responsible Person for tracking and addressing the risk:
Project Manager
R i s k I D
Risk Taxono my
Probab ility
Imp act
Risk Expos ure
Rank
1
Quality
1%
Low
1.0
1
Risk Statement
Development and test roles have been combined in this project, therefore, as a result we may ship with more bugs
Last updated on : XX-XX-XX
Risk Handling Approach
Mitigate
Actions
1.Peer reviews will be planned and scheduled. These will be monitored regularly. 2.Unit test plans will be used as an input for coding. 3.The development and testing environments will be separated. 4.Independent SQA will be mandated before delivery.
Status
Active
2 August 6, 2013
30 Copyright © 2010 Infogain Corporation. All rights reserved.
30
Question ?
The Delphi technique has all of following characteristics except: a. It is a way to reach a consensus of experts on a subject such as project risk b. It is a technique in which project risk experts are identified but are often not present in the same location c. It helps reduce bias in the data and keeps any person from having undue influence on the outcome d. It is a technique to ensure that thinking of the organization risk managers is aligned with the vision of the selected risk experts
August 6, 2013
31 Copyright © 2010 Infogain Corporation. All rights reserved.
.…
31
Question ?
When should we first do risk identification: a. At the time of meeting the client b. At the concept phase or at the very beginning of the project c. Constantly throughout the project d. At the start of each project phase
August 6, 2013
32 Copyright © 2010 Infogain Corporation. All rights reserved.
..
32
Perform Qualitative Risk Analysis August 6, 2013
33 Copyright © 2010 Infogain Corporation. All rights reserved. 33
Perform Qualitative Risk Analysis
Includes methods for prioritizing identified risks for further action Rapid & cost-effective means of establishing priorities for Risk response planning Focus on high-priority risks to improve project performance Lays foundation for quantitative risk analysis Prioritization is subjective analysis of the identified risks The probability of each risk occurring (Low, Medium, High or 1 to 10) Impact on project objectives (Low, Medium …. or 1 to 10) Amount at stake Opportunity or threat Considers time-frame and risk tolerance for the project Should be performed throughout the project
August 6, 2013
34 Copyright © 2010 Infogain Corporation. All rights reserved.
34
Perform Qualitative Risk Analysis
Inputs
Organizational Process Assets Data about risks on past projects and the lessons learned knowledge base Project Scope Statement Risk Management Plan Risk Register
August 6, 2013
35 Copyright © 2010 Infogain Corporation. All rights reserved.
35
Perform Qualitative Risk Analysis
Tools and Techniques
Risk Probability and Impact assessment: Risk Probability – is the likelihood that risk will occur Risk Impact – is the effect on project objective if risk occurs These are applied to each of the risk events individually and assigned a a qualitative term such as very high, high, moderate, low and very low Help rate risks in order to determine which ones warrant a response
August 6, 2013
36 Copyright © 2010 Infogain Corporation. All rights reserved.
36
Perform Qualitative Risk Analysis Evaluation of Risk Impact by Project objectives
August 6, 2013
37 Copyright © 2010 Infogain Corporation. All rights reserved.
37
Perform Qualitative Risk Analysis
Tools and Techniques
Probability and Impact Matrix: Is a common way to combine two dimensions to determine whether a risk is low, moderate or high Matrix is prepared that assign risk ratings to risks based on the combination of their assessed probability and impact The matrix may be standardized within the organization making the risk rating process more repeatable between the projects Different matrix may be used for cost time and scope if the project’s thresholds for each types of risks are different *
August 6, 2013
38 Copyright © 2010 Infogain Corporation. All rights reserved.
38
Perform Qualitative Risk Analysis
Tools and Techniques
Probability & Impact Scales can be: Ordinal scale – ranked-order scale, such as very low, low, moderate, high, and very high Cardinal scale – assign values to impacts. These values are usually linear (.1/ .3/ .5/ .7/ .9) or nonlinear (.05/ .1/ .2/ .4/ .8/) Scaled descriptors of relative impact should be prepared by organization before project begins
Probability 0.9 0.7 0.5 0.3 0.1
Risk Score = P x I 0.045 0.09 0.18 0.36 0.72 0.035 0.07 0.14 0.28 0.56 0.025 0.05 0.1 0.2 0.4 0.015 0.03 0.06 0.12 0.24 0.005 0.01 0.02 0.04 0.08 0.05 0.1 0.2 0.4 0.8 Impact on an objective ( eg. Cost, schedule, quality etc.
August 6, 2013
39 Copyright © 2010 Infogain Corporation. All rights reserved.
39
Qualitative Risk Analysis
Tools and Techniques
Risk data Quality Assessment: Technique to qualify the risk by evaluating the degree to which the data about the risk is useful for risk management. This is also called as “Data Precision Raking” Degree to which risk is understood Accuracy, quality, reliability and integrity of data Risk Categorization: By sources of risk. Where is this risk coming from? (using the RBS) OR By area of the project or the work package that is affected (using the WBS) OR By project phase OR Any other useful category Objective is to determine project areas most exposed to the effect of uncertainty. Risk Urgency Assessment: Risks that may occur soon, should move quickly through the process. Else, risk response plan may take longer time Expert Judgments August 6, 2013
40 Copyright © 2010 Infogain Corporation. All rights reserved.
40
Qualitative Risk Analysis
Outputs Risk Register Updates: Includes Risk Ranking for the project List of prioritized risks, their probability and impact ratings Risks grouped by categories List of risks requiring additional analysis in near term List of risks for additional analysis and response Watch list of low priority or non-critical risks Trends in qualitative risk analysis results Note: Qualitative risk analysis – Allows project risk to be compared with risk of other projects Project may be selected, continued or terminated May lead to quantitative risk analysis or risk response planning
August 6, 2013
41 Copyright © 2010 Infogain Corporation. All rights reserved.
41
Question ?
If customer requests a change in the middle of the project, which is likely to increase the risk, what should be your first action: a) Include EMV of risk in new cost estimate b) Talk to the customer about the impact c) Analyze the impact of change request d) Change RMP
August 6, 2013
42 Copyright © 2010 Infogain Corporation. All rights reserved.
...
42
Quantitative Risk Analysis August 6, 2013
43 Copyright © 2010 Infogain Corporation. All rights reserved. 43
Quantitative Risk Analysis
Performed on risks that have been prioritized by the Qualitative Risk Analysis process as potentially and substantially impacting the project’s competing demands. A numerical analysis of the probability and impact of the highest risks from qualitative risk analysis on the project to: Determine which risks events warrant a response Determine overall project risk called as “risk exposure” Determine the quantified probability of meeting the project objectives Determine the cost and schedule reserves Identify risks requiring most attention Create realistic and achievable cost, schedule or scope targets
August 6, 2013
44 Copyright © 2010 Infogain Corporation. All rights reserved.
44
Quantitative Risk Analysis
Inputs
Organizational Process Assets Information on similar projects completed by the organization, risk databases Risk Register Project Management Plan (Schedule, Cost ,Risk)
August 6, 2013
45 Copyright © 2010 Infogain Corporation. All rights reserved.
45
Quantitative Risk Analysis
Tools and Techniques
Interviewing: To quantify the probability and impact of risks on project objectives. Information would be gathered on the optimistic (low), pessimistic (high), and most likely scenarios
Expert Judgment: Internal or external experts validate data and approach August 6, 2013
46 Copyright © 2010 Infogain Corporation. All rights reserved.
46
Quantitative Risk Analysis
Tools and Techniques
Probability Distribution: Continuous probability distributions represent the uncertainty in values, such as durations of schedule activities and costs of project components. The Beta distribution can be used to model events which are constrained to take place within an interval defined by a minimum and maximum value.
A triangular distribution is used if information is gathered on optimistic (low), pessimistic (high), and most likely scenarios. August 6, 2013
47 Copyright © 2010 Infogain Corporation. All rights reserved.
47
Question ?
You are developing a radio frequency (RF) technology that will improve overnight packaged delivery. If the project is successful, process will be automated and profits will soar. Management has promised everyone a sports car if successful. You grab a copy of PMBOK, blow off the dust and start reading risk management chapter. You first interview 15 stakeholders and ask each one of them to estimate the most optimistic package delivery time, the most pessimistic time and also the most likely time. This shows that next you plan to: A. Use a triangular probability distribution B. Conduct sensitivity analysis C. Structure a decision analysis as a decision tree D. Determine the strategy for risk response Ans: A Interviews often are used to help quantify the probability and consequence of risks on project objectives. The type of information collected during the interviews, depends on the type of probability distribution that is used. A triangular distribution is used if information is gathered on optimistic (low), pessimistic (high), and most likely scenarios.
August 6, 2013
48 Copyright © 2010 Infogain Corporation. All rights reserved.
48
Quantitative Risk Analysis Tools and Techniques Quantitative Risk Analysis & Modeling Techniques : Sensitivity Analysis To determine which risks have the most potential impact on the project. Measures the impact of one risk with all other variables at a level plane The risk currently being analyzed is given variable values based upon the possible outcomes This is a great method to ascertain the impact of a single risk, however the method does not yield a combine effect for risk analysis Expected Monetary Value (EMV) analysis Statistically calculates average outcome of the future when future includes scenarios which may or may not happen. EMV of each scenario is calculated by multiplying probability of occurrence with value of outcome Used for quantifying overall risk on the project
August 6, 2013
49 Copyright © 2010 Infogain Corporation. All rights reserved.
49
Quantitative Risk Analysis
Tools and Techniques
Determine what are the chances that Project B is a success
0.6 0.5
0.5
Project A
0.4 0.7
Project B 0.3
Success Failure
Success Failure
Answer: 0.5*0.7 = 0.35 August 6, 2013
50 Copyright © 2010 Infogain Corporation. All rights reserved.
50
Question ?
If a risk event has a 90% chance of occurring, and the consequences will be US $10,000, what does US $9,000 represent? a. Risk Value b. Present Value c. Expected Monetory Value d. Contingency Budget Ans: C Expected value is computed by multiplying the probability times impact. EV = 0.9 X $10,000 = $ 9,000
August 6, 2013
51 Copyright © 2010 Infogain Corporation. All rights reserved.
...
51
Quantitative Risk Analysis
Tools and Techniques
Decision Tree Analysis Primarily used to make decisions regarding individual risks when there is uncertainty Takes into account future events in trying to make a decision today Decision tree is a model of a real situation and could therefore have costs occurring • Use of a diagram that describes a decision under consideration and the implications of choosing one or another of the available alternatives • Incorporates probabilities of risks and the costs or rewards of each logical path of events and future decisions • Solving the decision tree indicates which decision yields the greatest expected value when all the uncertain implications, costs, rewards, and subsequent decisions are quantified August 6, 2013
52 Copyright © 2010 Infogain Corporation. All rights reserved.
52
Question ?
What is the purpose of decision trees ? A. They demonstrate the path of events in a project B. They calculate the probability of an outcome C. They determine what events may take place D. They take into account future events for today's choices
Ans: D A decision tree allows you to make an informed decision today based on the probability and impact analysis. You can decide based on expected value of each of your options
August 6, 2013
53 Copyright © 2010 Infogain Corporation. All rights reserved.
....
53
Question ?
What is the expected value of the decision displayed in figure below ? $4 $ 100 $ 20 $ 200
Ans: A The expected value is probability times impact. In this case you multiply the probabilities together and then multiply the impact. Expected value = 0.20 X 0.10 X 0.20 X $1000 = $ 4
August 6, 2013
54 Copyright © 2010 Infogain Corporation. All rights reserved.
.
54
Quantitative Risk Analysis Tools and Techniques Monte Carlo Analysis (Simulation) • Uses a model or copy of a system to analyze the behavior or performance of the system • Evaluates overall risk in the project • Provides the probability of completing the project on any specific day, or for any specific amount of cost • Provides the probability of any activity actually being on the critical path • Takes into account path convergence (places in the network diagram where may path converge into one activity) • Translates uncertainties into impacts to the total project • Can be used to assess cost and schedule impacts • Normally done with computer based Monte Carlo program because of the intricacies of the calculation • Results in a probability distribution
August 6, 2013
55 Copyright © 2010 Infogain Corporation. All rights reserved.
55
Question ?
A Monte Carlo analysis is used to: A. get an indication of the risk involved in the project B. estimate a task's length C. simulate the order in which tasks occur D. prove to management that extra staff is needed
Ans: A Monte Carlo can be used to prove things to management (d) but its focus is time and not staff. It is a simulation but simulates time and not order of tasks. It can also help to know that an estimate for the task needs to change, but not what the task estimate should be. Risk can be assesses using Monte Carlo.
August 6, 2013
56 Copyright © 2010 Infogain Corporation. All rights reserved.
.
56
Quantitative Risk Analysis
Outputs
Risk Register Updates • Prioritized list of quantified risks • Amount of contingency time and cost reserve needed • Probability of achieving time and cost objectives • Possible realistic and achievable completion dates • Trends in quantified risk analysis
August 6, 2013
57 Copyright © 2010 Infogain Corporation. All rights reserved.
57
Plan Risk Response August 6, 2013
58 Copyright © 2010 Infogain Corporation. All rights reserved. 58
Risk Response Planning
Determines “What are we going to do about each top risk ?” Finding ways to make the threat smaller or eliminate Finding ways to make positive risks more likely or greater in impact Addresses risks based on their priorities The effectiveness of response planning shall directly map to the increase or decrease of the risk events The response must be appropriate to: Severity of the risk, cost effective in meeting the challenge Timely to be successful Realistic within project context Agreed upon by all Owned by a responsible person
August 6, 2013
59 Copyright © 2010 Infogain Corporation. All rights reserved.
59
Risk Response Planning
Inputs
Risk Management Plan Risk Register
August 6, 2013
60 Copyright © 2010 Infogain Corporation. All rights reserved.
60
Risk Response Planning
Tools and Techniques
Various strategies are available for the developing the Risk response. Depending upon the risk, most effective strategy or mix of strategies are selected. Sometimes a primary and backup strategies are selected. If primary strategy turns out to be ineffective, Fallback plans can be executed Strategy must be timely Effort selected must be appropriate to the severity of the risk Expert Judgments are also used as Tools .
August 6, 2013
61 Copyright © 2010 Infogain Corporation. All rights reserved.
61
Risk Response Planning
Strategies for Negative Risks or Threats: Avoid Eliminating the threat by eliminating the cause Changing the project plan to eliminate the risk or to isolate the project objectives from its impact Mitigate To reduce the probability and / or consequences of an adverse risk event, to an acceptable threshold Early action is more effective than repairing the damage later Transfer To shift the consequence of the risk to a third party together with ownership of the response. Purchasing of insurance, warranties, guarantees, outsourcing the work Transferring is not eliminating More effective in financial risk exposure
August 6, 2013
62 Copyright © 2010 Infogain Corporation. All rights reserved.
62
Risk Response Planning
Strategies for Positive Risks or Opportunities: Exploit (Reverse of Avoid)
Enhance (Reverse of Mitigate)
Exploitation is chosen where organization is looking for the opportunity realization (Adding more work) Modifies the size of the opportunity by increasing probability or impact, by strengthening the drivers/causes for the opportunity
Share
Allocating the ownership of the opportunity to a third party who is best able to achieve the opportunity
August 6, 2013
63 Copyright © 2010 Infogain Corporation. All rights reserved.
63
Risk Response Planning Tools and Techniques • Strategy for both Threats or Opportunities: Acceptance
Adopted when risk response could not be identified. Passive acceptance – no action Active acceptance – to allocate contingency reserve (should handle known & unknown risks) Decision must to communicated to stakeholders
Contingent Response Strategy
Designed for use only if certain events occur Executed under pre-defined conditions Events that trigger contingency response should be defined and tracks
August 6, 2013
64 Copyright © 2010 Infogain Corporation. All rights reserved.
64
Risk Response Planning
Outputs •
Risk Register Updates. It should contain: •
• •
• •
Residual Risks: • Residual risks which are expected to remain even after planned response is being implemented or those which have been accepted • These should be documented and reviewed throughout the project Contingency Plans: • Describe specific actions that will be taken if risk occurs Risk Response Owner: • Risk owners and their responsibilities Secondary Risks: • These are generated as direct outcome of implementation of risk response Risk Triggers: • Events that trigger the contingency response
August 6, 2013
65 Copyright © 2010 Infogain Corporation. All rights reserved.
65
Risk Response Planning
Outputs •
Risk Register Updates. It should contain (contd.): • •
Fallback Plans: • Fallback plans for use if Primary response (contingency plans) is found ineffective Reserves: • Contingency Reserves: • Account for “known unknown”. Items that were identified in risk management • These cover the residual risk in project • These are calculated and made part of cost baseline • Management Reserves: • Account for “unknown unknown”. Items that were not/could not be identified in risk management • These are estimated and made part of project budget (not the baseline) • Management approval is required to use them
August 6, 2013
66 Copyright © 2010 Infogain Corporation. All rights reserved.
66
Risk Response Planning
Outputs •
Project Management Plan (updates) • Risk Management will result in changes to RMP and therefore to project Management Plan, it also result in taking Contract related decisions & other Project document updates
August 6, 2013
67 Copyright © 2010 Infogain Corporation. All rights reserved.
67
Question ?
•
Acceptance means to: a. Agree with project manager b. Eliminate a specific threat c. Accept the consequence d. Purchase Insurance
•
The tools and techniques for risk response planning include all of the following except: a. Interpretation b. Acceptance c. Mitigation d. Avoidance
•
The risk response plan should include some or all of the following except: a. A work breakdown structure b. Risk owners and assigned responsibilities c. Results from qualitative and quantitative risk analysis process d. Contingency plans and fallback plans
August 6, 2013
68 Copyright © 2010 Infogain Corporation. All rights reserved.
… . .
68
Monitor and Control Risk August 6, 2013
69 Copyright © 2010 Infogain Corporation. All rights reserved. 69
Monitor and Control Risk
Process of: Keeping track of the identified risks & those on the watch list Identifying, analyzing & planning for new risks Reanalyzing existing risks Monitoring residual risks Monitoring trigger conditions for contingency plans Ensuring the execution of risk plans Evaluating their effectiveness in reducing the risk Verifying that project assumptions are still valid Making sure that proper risk management policies and procedures are being followed
August 6, 2013
70 Copyright © 2010 Infogain Corporation. All rights reserved.
70
Monitor and Control Risk
Inputs
Risk Management Plan Risk Register Work Performance Information
Work performance information, including project deliverables status, corrective actions, and performance reports, are important inputs to Risk Monitoring and Control
Performance Reports
Performance reports provide information on project work performance, such as an analysis that may influence the risk management processes
August 6, 2013
71 Copyright © 2010 Infogain Corporation. All rights reserved.
71
Monitor and Control Risk
Tools and Techniques
Risk Reassessment:
Risk Audits
This should be regularly scheduled Examines and document the effectiveness of risk responses in dealing with identified risks and their root causes Results in identification of lessons learned
Variance and Trend Analysis
Trends in the project’s execution should be reviewed using performance data Earned value analysis and other methods of project variance may be used for monitoring overall project performance Outcomes from these analyses may forecast potential deviation of the project at completion from cost and schedule targets. Deviation from the baseline plan may indicate the potential impact of threats or opportunities
August 6, 2013
72 Copyright © 2010 Infogain Corporation. All rights reserved.
72
Monitor and Control Risk
Tools and Techniques
Technical Performance Measurement
Reserve Analysis
Compares technical accomplishments during project execution to the project management plan’s schedule of technical achievement Reserve analysis compares the amount of the contingency reserves remaining to the amount of risk remaining at any time in the project, in order to determine if the remaining reserve is adequate
Status Meetings
Risk should be a major agenda item in team meetings
August 6, 2013
73 Copyright © 2010 Infogain Corporation. All rights reserved.
73
Monitor and Control Risk
Outputs
Risk Register Updates Contains outcome of the risk assessments and risk audits Closing risks that are no longer applicable Details of what happened when risks occurred Lessons learned Change Requests Implementing contingency plans or workarounds frequently results in a requirement to change the project management plan to respond to risks. Requested changes are prepared and submitted to the Integrated Change Control process Project Management Plan updates Project Document updates Organizational Process Assets updates
August 6, 2013
74 Copyright © 2010 Infogain Corporation. All rights reserved.
74
Question ?
Once a risk response is created, which of the following statements BEST describes the project manager's role regarding risks while the project work is being completed? A. Take actions when identified risks occur B. After a risk event, reassess risk rankings C. Implement planned workarounds D. Make sure that risk owners are identified to assigned tasks Ans: B There are many thins that the PM must be doing during this step. However the risk owners are the ones to take an action when an identified risk occurs (A), workarounds are not planned (C), and risk owners do not identify tasks (D)
August 6, 2013
75 Copyright © 2010 Infogain Corporation. All rights reserved.
..
75
Question ?
In response to a risk, the project manager meets with the team and management to develop a strategy. After discussions, they decide that it would be best to purchase insurance. This is an example of:? A. B. C. D.
Identification Transference Acceptance Avoidance
Ans: B The situation has moved past risk identification and is asking which risk response strategy is appropriate.
August 6, 2013
76 Copyright © 2010 Infogain Corporation. All rights reserved.
76
Thank You August 6, 2013 August 6, 2013
77 Copyright Copyright © 2010 Infogain All rights reserved. © 2010 Corporation. Infogain Corporation. All rights reserved.