Fundamentals of Project Risk Management

Similar documents
Project Risk Management

Unit 9: Risk Management (PMBOK Guide, Chapter 11)

LCS International, Inc. PMP Review. Chapter 6 Risk Planning. Presented by David J. Lanners, MBA, PMP

Project Risk Management. Prof. Dr. Daning Hu Department of Informatics University of Zurich

Project Theft Management,

For the PMP Exam using PMBOK Guide 5 th Edition. PMI, PMP, PMBOK Guide are registered trade marks of Project Management Institute, Inc.

Information Technology Project Management, Sixth Edition

Risk Management Plan for the <Project Name> Prepared by: Title: Address: Phone: Last revised:

RISK MANAGEMENT. Budgeting, d) Timing, e) Risk Categories,(RBS) f) 4. EEF. Definitions of risk probability and impact, g) 5. OPA

Project Risk Management

Managing Project Risk DHY

Kidsafe NSW Risk Management Plan. August 2014

Presented to: Eastern Idaho Chapter Project Management Institute. Presented by: Carl Lovell, PMP Contract and Technical Integration.

APPENDIX 1. Transport for the North. Risk Management Strategy

Project Management for the Professional Professional Part 3 - Risk Analysis. Michael Bevis, JD CPPO, CPSM, PMP

Cost Risk Assessment Building Success and Avoiding Surprises Ken L. Smith, PE, CVS

Chapter-8 Risk Management

SECTION II.7 MANAGING PROJECT RISKS

Managing Project Risks. Dr. Eldon R. Larsen, Marshall University Mr. Ryland W. Musick, West Virginia Division of Highways

Risk Management Strategy January NHS Education for Scotland RISK MANAGEMENT STRATEGY

Objectives. What is Risk? But a Plan is not Reality. Positive Risks? What do we mean by Uncertainty?

Every project is risky, meaning there is a chance things won t turn out exactly as planned.

Project Management Certificate Program

INSE 6230 Total Quality Project Management

Master Class: Construction Health and Safety: ISO 31000, Risk and Hazard Management - Standards

M_o_R (2011) Foundation EN exam prep questions

COPYRIGHTED MATERIAL. Index

RISK ANALYSIS GUIDE FOR PRIVATE INITIATIVE PROJECTS

Nagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0

Scouting Ireland Risk Management Framework

Nagement. Revenue Scotland. Risk Management Framework

Cost Risk Assessments Planning for Project or Program Uncertainty with Confidence Brian Bombardier, PE

METHODOLOGY For Risk Assessment and Management of PPP Projects

MINI GUIDE. Project risk analysis and management

Project Management Professional (PMP) Exam Prep Course 11 - Project Risk Management

L U N D S U N I V E R S I T E T. Projektledning och Projektmetodik

Planning Construction Procurement. A guide to risk and value management

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Risk Video #1. Video 1 Recap

Version: th November 2010 RISK MANAGEMENT POLICY

RISK MANAGEMENT PROFESSIONAL. 1 Powered by POeT Solvers Limited

UNIVERSITY OF ABERDEEN RISK MANAGEMENT FRAMEWORK

Achieve PMP Exam Success Five-Day Course Syllabus

Risk Management Made Easy. I. S. Parente 1

Use of the Risk Driver Method in Monte Carlo Simulation of a Project Schedule

Risk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small

Risk Management Process-02. Lecture 06 By: Kanchan Damithendra

Five-Day Schedule and Course Content

Risk Management Strategy

Integrated Cost Schedule Risk Analysis Using the Risk Driver Approach

Risk Management Guidelines

Risk Management Policy

RISK ANALYSIS AND CONTINGENCY DETERMINATION USING EXPECTED VALUE TCM Framework: 7.6 Risk Management

STOCHASTIC COST ESTIMATION AND RISK ANALYSIS IN MANAGING SOFTWARE PROJECTS

Project Management in ICT. Prof. Dr. Harald Wehnes

STOCHASTIC COST ESTIMATION AND RISK ANALYSIS IN MANAGING SOFTWARE PROJECTS

Risk Management Plan PURPOSE: SCOPE:

Risk Management Policy and Framework

Risk Management. Webinar - July 2017

CONSTRUCTION ENGINEERING & TECHNOLOGY: EMV APPROACH AS AN EFFECTIVE TOOL

Procedure: Risk management

PMI - Dallas Chapter. Sample Questions. March 22, 2002

CONTINGENCY. Filed: EB Exhibit D2 Tab 2 Schedule 7 Page 1 of 10

RISK MANAGEMENT STANDARDS FOR P5M

Project Management. Managing Risk. Clifford F. Gray Eric W. Larson Third Edition. Chapter 7

Risk Management Policy Adopted by:

Integrated Cost-Schedule Risk Analysis Improves Cost Contingency Calculation ICEAA 2017 Workshop Portland OR June 6 9, 2017

Risk assessment concept and practical guidance

Meeting of Bristol Clinical Commissioning Group Governing Body

Contents INTRODUCTION...4 THE STEPS IN MANAGING RISKS ESTABLISH GOALS AND CONTEXT IDENTIFY THE RISKS...8

Introduction to Risk for Project Controls

1. Define risk. Which are the various types of risk?

ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework

Risk Management Strategy Highland Council Pension Fund

AACE International 48th Annual Meeting Washington, DC June 2004 DEVELOPING & MANAGING CONTIGENCY ON THE BASIS OF RISK. Robert Tichacek, P.E.

SCOTTISH FUNDING COUNCIL CAPITAL PROJECTS DECISION POINT PROCESS

Programmatic Risk Management in Space Projects

RISK MANAGEMENT POLICY October 2015

Risk Management User Guide. Prepared By: Neville Turbit Version Feb /01/2009 Risk Management User Guide Page 1 of 36

South Lanarkshire College Risk Management Policy and Procedures

EARNED VALUE MANAGEMENT AND RISK MANAGEMENT : A PRACTICAL SYNERGY INTRODUCTION

Applied Risk Assessment into EPC Projects By Pulung Susilo Rahardjo

The Risky Business of. Risk Management

Risk Approach to Prioritising Maintenance Risk Factors for Value Management

Topic RISK MANAGEMENT Procedure Category Risk Management Updated 07/2011

Association for Project Management 2008

Risk Management Policy and Procedures.

Executive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B

SAMPLE. Answer all 60 multiple choice questions sample paper contains 30 questions only Use the proforma answer sheet provided.

Risk Management Framework. Metallica Minerals Ltd

Best Practices in Project Risk Management. Presented by: Jeff Miller, PMP - Director of Project Management Interstates Control Systems, Inc.

Chapter 7: Risk. Incorporating risk management. What is risk and risk management?

Risk Management Made Easy 1, 2

Perpetual s Risk Management Framework

Probabilistic Benefit Cost Ratio A Case Study

Risk PROJstudy.com. All rights reserved

UCISA TOOLKIT. Major Project Governance Assessment. version 1.0

Integrated Risk Management Framework Sept Page 1 of 17

Crowe, Dana, et al "EvaluatingProduct Risks" Design For Reliability Edited by Crowe, Dana et al Boca Raton: CRC Press LLC,2001

Running Head: RISK MANAGEMENT PLAN 1

Transcription:

Fundamentals of Project Risk Management Introduction Change is a reality of projects and their environment. Uncertainty and Risk are two elements of the changing environment and due to their impact on project objectives need to be managed. Project Risk Management has evolved rapidly in the last decade from a mere knowledge area in PMBOK to a centre of focus. Several national and international organisations have developed guidelines and standards for risk management to help better implement risk management strategies within organisations. Some of these organisations and guidelines are as following: The Project Management Institute (PMI) s Practice Standard for Risk Management, Department of Treasury, Finance s Risk Management Framework AS/ANZ 31000 Standard for Risk Management Office of Government Commerce s PRINCE2, UK What is Risk? Different standards and guidelines have different definition of risk. One element is in common among them all: risk is a function of uncertainty. Uncertainty can be inherent (what has or has not happened) or future (what may happen in the future) and can affect a project in a variety of ways through its lifecycle. The PMI defines risk as an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives (PMI-PMBOK, 5th Edition 2012). Risks could be positive or negative. Risks with negative impact on project objectives are classified as threats (e.g. a change in government legislation that endangers meeting project objectives). On the other hand, risks with positive impact on project objectives are considered as opportunities (e.g. using an advanced, still evolving technology that may save a significant amount of money in the project). There is also a fine line between project risks and project issues. Where risks are uncertain events which may or may not happen in the future, issues are those events which have happened and require remedial action and reactive planning. Both risks and issues need to be documented, responses planned and controlled. Risks can occur in three levels. On the first level, there are Strategic Risks, which are more enterprise level risks concerning the existence of the organisation. On the next level, there are Project Risks, short to mid-term risks concerning project success. The lowest level of risk within an organisation is Operational Risks which concern more with the day-to-day running of the business. Dealing with projects, the focus here will be on Project Risks. Project Risk Management PMI defines Project Risk Management as the systematic process of identifying, analysing, and responding to risk. It includes maximising the probability and consequence of positive events and minimising the probability and consequence of adverse events (PMI-PMBOK 5 th Edition 2012). As the PMI s approach is process based. A process of managing project risk has been defined in the Practice Standard for Risk Management, see Figure 1.

CCG Recommends project risk management should focus on responding to risk, actually doing something Figure 1: Risk Management Process Step1: Plan for Risk Management Planning for Risk Management includes documenting the organisation/project manager s approach to managing and controlling project risks. Many large organisations have predefined Risk Management standards and plan templates. The outcome of this process is the Risk Management Plan which needs to be documented as part of the over-arching Project Management Plan. Step 2: Identify Project Risks There are different ways to identify project risks. A good approach is to start with history. Records of past projects are the best source for finding historical information and can be very useful for compiling an initial list of potential risks. Another very common approach is to organise a risk workshop for subject matter experts, the project manager, and key project stakeholders. A facilitator would run the workshop, identifying project risks along the way. Care should be taken not to include operational or strategic level risks in the list of project risks, these would typically be escalated to the organisation s risk management team. The outcome of the identification process is a preliminary Risk Register which lists the identified project risks. The Risk Register must be maintained as the project team goes through the project, adding new risks as they are identified. The realised risks may also be transferred to the issues register, to be dealt with separately. Other techniques for risk identification include: Documentation and assumptions review, Checklists, Diagramming techniques, SWOT analysis, Expert judgment, Similar projects Lessons Learned reports Fundamentals of Project Risk Management? Page 2 of 9

CCG Recommends using If.Then. to describe risks and clearly articulate their consequences. Step 3: Analyse Project Risks Qualitative Analysis The process of analysing project risks includes assessment of two main attributes of risks: likelihood and impact. This could be done through a facilitated workshop, Delphi method, brainstorming sessions or by seeking the opinion of risk owners and/or the sponsor. The aim of this exercise is to achieve consensus among the participants of likelihood and impact of risks. Analysis of risk can be exercised in two stages. Definition of risk could vary depending on the each organisation s risk appetite and compliance obligations. Project Context (environment) is a main factor in determining what the risk likelihood and/or impact is likely to be. The While a particular event could be considered as risky for one particular project/organisation, for others this could be considered as normal. Therefore, understanding the right risk threshold for an organisation is a key to determining risk rating. The following table demonstrates a typical classification of likelihood and impact of risks: Rating Scale Definition Likelihood Very Unlikely 1 Only in exceptional circumstances. Not likely in short to medium term. Unlikely 2 Slight possibility in short to medium term. Possible 3 Reasonable to consider it could occur. Very Likely 4 Will probably occur. Inevitable 5 Is expected to occur in most circumstances. Impact Insignificant 1 Negligible loss. Consequences easily dealt with. Low 2 Noticeable impact. Minimal damage. Medium 3 Moderate damage. Manageable scale of loss. High 4 Large scale damage. Significant loss or restriction. Extreme 5 Widespread damage. Business objectives severely compromised. Huge financial loss. CCG Recommends risk impact should be assessed from the perspective of the sponsor. Risks are then rated using a Likelihood and Impact Matrix. This matrix varies from organisation to organisation, reflecting their risk appetite and tolerance. The risk rating is calculated, typically by multiplying likelihood and impact ratings for each risk to determine an overall score. Figure 2 shows an example Likelihood and Impact Matrix. The result of this process is a revised Risk Register that includes risk rating for each risk. Fundamentals of Project Risk Management? Page 3 of 9

Figure2: A sample Likelihood and Impact Matrix Step 4: Risk Response Planning Risk response planning starts with allocation and acceptance of ownership of the risk and associated response plan. Risk response planning then involves identifying and assessing options for responding to risks. These responses could be in the form of separate action plans or form part of the overall project plan, they should be documented in the Risk Register with responsibilities assigned to the relevant team members/ stakeholders for executing the planned responses. There are several strategies which could be used to minimise the impact of threats and maximise the opportunities. The following are typical risk response strategies: Avoid: remove or reduce trigger events, uncertainties. When uncertainty is caused by lack of knowledge, it has to be eliminated through obtaining clarification and information, defining objectives, improving communication, prototyping and increasing capacities through training or recruitment. Another approach could be targeting the cause of the risk (if known). Examples of this approach could be changing the scope and/or the project approach, to avoid untested and unproved methodologies. Transfer: pass the responsibility, ownership and liability involved with the risk to a third party (e.g. use of insurance and/or fixed price contracts, liquidated damages or penalty incentive payments and seeking partnership). Mitigate: reduce risk exposure to below an acceptable threshold by tackling risk impact. Impact could be reduced in a number of ways depending on the risk, for example additional help desk staff being available for the days after a new system goes live. Accept with Contingency plan(s): Accept the risk but reduce its impact by having one or more contingency plans for it Accept risk but with some reserve to fund impact. To be successful, risk response plans require several prerequisites to be in place: 1) list of identified and assessed risks prioritised by the severity of risks 2) list of potential responses for review and confirmation 3) list of project stakeholders to act as the owners of risk response and 4) agreed risk threshold or the acceptable level of risk as a target. Fundamentals of Project Risk Management? Page 4 of 9

5) Gaining agreement from stakeholders on their responsibility and commitment to the planned response (ownership) is critical. Different sources define a variety of attributes for an effective risk response, but the majority of them agree on the following attributes: Appropriateness: a correct level of response is designed and planned based on the severity of the risk, Affordability: risk response must be cost effective and the amount of time, effort and money spent should match the severity of the risk (e.g. spending $100,000 for a risk with the impact of $10,000 is not affordable), Actionable: the response actions should be determined within a defined time frame, Achievability: the response must be realistic and feasible from both technical and capability point of view Agreed: consensus and commitment of stakeholders has to be gained for each response Allocated and Accepted: a single point of responsibility needs to exist, response actions need to be owned and accepted by the relevant stakeholders Step 5: Analyse Project Risks Quantitative Analysis Quantitative Risk Analysis is the process of numerically analysing the effect of identified risks on overall project objectives. Quantitative Risk Analysis is a complex process and typically is only done for risks that have been prioritised in Qualitative Risk Analysis process as high. Quantitative Risk Analysis is used to determine the overall project risk (risk exposure) and to determine the quantified probability of meeting project objectives, determine cost and schedule reserves and to create realistic and achievable cost and schedule targets. It includes tools and techniques such as: Decision tree Expected monetary value Sensitivity analysis Monte-Carlo simulation Step6: Risk Monitoring and Control Risks need to be monitored throughout the project lifecycle for change in their likelihood and impact. The Risk Register should be regularly (preferably in status meetings) reviewed and risks should be analysed using the same techniques. The Risk Register needs to be updated based on the results of re-assessment and relevant corrective or preventive actions should be taken. Issues are also controlled as part of Risk Monitoring. Contingency Whichever response strategy is adopted for responding to project risks, it will likely have a cost impact on the project. These costs need to be considered as part of the project budget. There are three categories of risk costs required to be included in the project budget. Part of these costs should be added directly to the budget and others should be added as Contingency Reserves. Fundamentals of Project Risk Management? Page 5 of 9

Terminology differs dramatically from organisation to organisation, terminology used here is CCG s terminology based on industry best practice. Reserves will need to include: 1) Risk Response Costs: Part of planning for risk response was to develop actions to respond to risks and include them in the plan. These actions need to be scheduled, resourced, and the costs involved with them need to be directly added to the project budget, either through individual work package budgets or a central risk budget. 2) Cost of Residual Risk impact: The cost impact of residual risks also needs to be allowed for, either at the organisational level across all projects or added to the project budget. 3) Uncertainty: a dollar value representing uncertainty, particularly if Quantified Risk analysis such as Monte Carlo is not undertaken. CCG Recommends defining and agreeing terminology and policy relating to Contingency. CCG Recommends never using zero as contingency for projects. Adding a percentage of project estimates to the budget/schedule is a better approach. Better still, contingency allowance calculations should be based on risk response plans, level of uncertainty and residual risk impact assessment. Figure 3 shows the process of developing risk related budget in conjunction with project budgeting. Develop WBS Identify & Analyse Risks Estimate Resources Develop Budget for Accepted Risk Plan for Response (Action/Schedule/ Cost) Perform Initial Cost Estimate Analyse Cost Effects of Residual Risk Adjust WBS and Cost Estimates to Include Risk Response Actions Add Residual Risk Cost (True Budget) Add Risk Budget Contingency Reserve Project Budget Figure3: Project Risk Budgeting process Fundamentals of Project Risk Management? Page 6 of 9

More about Monte Carlo Simulation Lack of sufficient historical data and uncertainty are two factors that adversely influence project estimates. In reality, when assumptions, on which the estimates are based change, schedule and budget overruns will likely occur. Single point estimation based on best guess or the average time/cost of previous similar work without considering uncertainty normally leads to an unrealistic project schedule and budget. Having a realistic estimate that considers uncertainty is a key to reduce or eliminate overruns. Monte Carlo simulation is used in project management as a means to improve project estimates and can be used at different stages in a project lifecycle: At Feasibility Study stage as a means to facilitate making investment decision and project selection At Planning and Execution stages as a tool to improve project estimates with uncertainty and to perform cost-risk, schedule-risk and cost-schedule-risk analysis. As part of procurement during supplier bidding Proper planning and scheduling as well as reliable risk assessment outputs are critical to generating better outputs using Monte Carlo simulation. Also, availability of input data as well as willingness and cooperativeness of team members to share their perception of risk and the company s risk culture are other critical success factors. Why Monte-Carlo Simulation? Studies have shown that the project estimators tend to base their estimates on average time/cost of the previous similar tasks assuming a normal distribution for duration and cost over the course of project (Figure 4a). In practice, the majority of projects tend to take longer and cost more than what was initially estimated (Figure 4b). Mean Mean Figure 4a: estimators expecting the project will behave than the in the form of a normal distribution (most likely Finishes around the mean) Figure 4b: in reality, many projects tend to take more average and cost much more to complete Monte Carlo simulation is a mathematical method based on random selection of numbers designed to use the 3-point estimates (optimistic, most likely, pessimistic) to generate a wider range of outputs in which the probability of occurrence determines which estimate is most likely to happen. As an output, Monte-Carlo simulation creates a number of graphs in the form of histograms, scatter diagrams, and S-curves giving the decision makers a clearer view of what is most likely to happen in the future. Figure 5 demonstrates an overview of Monte Carlo simulation. Fundamentals of Project Risk Management? Page 7 of 9

Initial Estimates 3-Point Estimates OP ML PS Iterations Statistical Distribution Monte Carlo Simulation Improved Estimates for Analysis and Decision Making Figure 5: Monte Carlo simulation iterates an introduced statistical distribution using data from the predefined range (3- point estimates) to create outputs for analysis and decision making. CCG Recommends using techniques such as Monte Carlo simulation to help define the level of uncertainty involved with date and cost estimates. Why Integrated Cost-Schedule-Risk Analysis? Using schedule-risk or cost-risk analysis techniques separately does not necessarily generate the correct result. As shown in the right-hand graph (Figure 6), schedule-risk and cost-risk analysis show a shorter and cheaper completion for the project, whereas by integration of these two, a more realistic result will emerge. Also, the graph on the left shows there is a very low likelihood that the project will complete within the deterministic cost/schedule estimates and is more likely to finish at a higher cost and much later than estimated. This will help decision makers to develop a more accurate contingency reserve for both schedule and budget, avoiding unachievable commitments. Sample Scatter Diagram for a Typical Project Time, Cost and Time/Cost/Risk Graphs The most probable area Time Only Initial Estimate Cost Only Time and Cost Figure 6: Outputs of Monte Carlo simulation show using only schedule-risk or cost-risk models may show a much shorter and much cheaper completion whereas in reality, the project tends to take/cost more. Example Project X is initially estimated to take 1100 days and cost $1.8M. The company s Board of Directors only approves projects with 80% chance of success. In order to get approval, the project manager needs to analyse the current level of confidence and to determine how much more is required to comply with the company s policy of 80% confidence. The project manager uses Monte Carlo simulation on 80% level of confidence using 3-point estimates. The results (shown in the table below) show that there is only 45% chance that the project will finish within the current schedule Fundamentals of Project Risk Management? Page 8 of 9

and budget. There is an 80% chance that the project will take 1430 days and will cost $2.3M. Therefore, in order to meet the requirements of the company, the project manager should allow about 30% contingency for both schedule and budget to achieve 80% confidence. Monte Carlo Simulation Results Initial Cost Estimate ($1000) 1800 Level of Confidence P-45 P-80 P-95 Monte Carlo Simulation Results 1800 2300 2650 Contingency ($) 0 500 850 Contingency (%) 0% 30% 47% Initial Duration Estimate (days) 1100 Monte Carlo Simulation Results 1100 1430 1617 Contingency (days) 0 330 517 Contingency (%) 0% 30% 47% Department of Treasury and Finance (Vic Govt.) use a probability table like this as part of their investment review process. More about Lessons Learnt During the project lifecycle, experiences gained through exercising Risk Management need to be documented in the Lessons Learned Log. Later, this log should be used to analyse strengths and weaknesses of Risk Management capability. The general focus in gathering project lessons learnt is to help improve risk management of future projects. More about Tools Managing project risk and issues information could be done in a variety of ways depending on the size and importance of the project. In small, less complex projects, a simple risk and issues log could be sufficient. For larger, more complex projects, or in multi project environments, collaboration tools such as Enterprise Project Management tools supplemented by Excel spread sheets may be used. There are a few tools for Monte Carlo simulation and cost-schedule-risk analysis which vary depending on the size of the project. Where Oracle Primavera Risk Analysis tool is used for running Monte Carlo simulation for large, complex (generally construction) projects, other decision making and financial analysis tools such as @Risk and Oracle Chrystal Ball can be used for smaller projects. @Risk is an add-on to Excel which has the ability of importing data from Microsoft Project to Excel, creating a schematic schedule in Excel and running the simulation. Fundamentals of Project Risk Management? Page 9 of 9

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback