Project Management ch. 7

Is an uncertain event or condition that, if it occurs, has a positive or negative effect on project objectives.

1. Risk Identification 2. Risk Assessment 3. Risk Response Development

The risk management process begins by trying to generate a list of all the possible risks that could affect the project. Typically the project manager pulls together, during the planning phase, a risk management team consisting of core team members and other relevant stakeholders. The team uses brainstorming and other problem identifying techniques to identify potential problems.

Used in conjunction with work breakdown structures to help management teams identify and eventually analyze risks.

Is a list of questions that address traditional areas of uncertainty on a project. These questions have been developed and refined from previous, similar projects.

Input from customers, sponsors, subcontractors, vendors and other stakeholders should be solicited.

Scenario analysis is the easiest and most commonly used technique for analyzing risks. Team members assess the significance of each risk event in terms of: - Probability of the event. - Impact of the event.

Impact * Probability * Detection = Risk Value

There are many statistical techniques available to the project manager that can assist in assessing project risk. Decision trees have been used to assess alternative courses of action using expected values. Statistical variations of NPV have been used to assess cash flow risks in projects. Correlations between past projects' cash flow and S-curves have been used to assess cash flow risks.

Assumes a statistical distribution for each activity duration. It hen simulates the network using a random number generator. The outcome is the relative probability, called criticality index, of an activity becoming critical under the many different, possible activity durations for each activity. PERT simulation also provides a list of potential critical paths and their respective probabilities of occurring.

When a risk event is identified and assessed, a decision must be made concerning which response is appropriate for the specific event. Responses to risk can be classified as mitigating, avoiding, transferring, sharing or retaining.

Reducing risk is usually the first alternative considered. There are basically two strategies for mitigating risk: 1. Reduce the likelihood that the event will occur 2. Reduce the impact that the adverse event would have on the project.

Risk avoidance is changing the project plan to eliminate the risk or condition. Although it is impossible to eliminate all risk events, some specific risks may be avoided before you launch the project.

Passing risk to another party is common. This transfer does not change risk. Passing risk to another party almost always results in paying a premium for this exemption.

In some cases a conscious decision is made to accept the risk of an event occurring. Some risks are so large it is not feasible to consider transferring or reducing the event. The project owner assumes the risk because the chance of such an event occurring is slim. In other cases risks identified in the budget reserve can simply be absorbed if the materialize. The risk is retained by developing a contingency plan to implement if the risk materializes. In a few cases a risk event can be ignored and a cost overrun accepted should the risk event occur.

Is an alternative plan that will be used if a possible foreseen risk event becomes a reality. The contingency plan represents actions that will reduce or mitigate the negative impact of the risk event. A key distinction between a risk response and a contingency plan is that a response is part of the actual implementation plan and action is taken before the risk can materialize, while a contingency plan is not part of the initial implementation plan and only goes into effect after the risk is recognized.

1. Technical Risks 2. Schedule Risks 3. Cost Risks 4. Funding Risks

Technical risks are problematic. They can often be the kind that cause the project to be shut down. What if the system or process does not work? Contingency or backup plans are made for those possibilities that are foreseen.

Often organizations will defer the threat of a project coming in late until it surfaces. Here contingency funds are set aside to expedite or "crash" the project to get it back on track. Crashing, or reducing project duration, is accomplished by shortening one or more activities on the critical path. This comes with additional costs and risk.

Project of long duration need some contingency for price changes - which are usually upward. The important point to remember when reviewing price is to avoid the trap of using one lump some to cover price risks.

What if the funding for the project is cut by 25 percent or completion projections indicate that costs will greatly exceed available funds? What are the chances of the project being canceled before completion? Seasoned project managers recognize that a complete risk assessment must include an evaluation of funding supply.

An opportunity is an event that can have a positive impact on project objectives. Essentially the same process that is used to manage negative risks is applied to positive risks.

Exploit. Share. Enhance. Accept.

This tactic seeks to eliminate the uncertainty associated with an opportunity to ensure that it definitely happens.

This strategy involves allocation some or all of the ownership of an opportunity to another party who is best able to capture the opportunity for the benefit of the project.

Enhance is the opposite of mitigation in that action is taken to increase the probability and the positive impact of an opportunity.

Accepting an opportunity is being willing to take advantage of it if it occurs, but not taking action to pursue it.

Contingency funds are established to cover project risks - identified and unknown.

These reserves are identified for specific work packages or segments of a project found in the baseline budget or work breakdown structure.

These reserve funds are needed to cover major unforeseen risks and, hence, are applied to the total project.

Just as contingency funds are established to absorb unplanned costs, managers use time buffers to cushion against potential delays in the project. And like contingency funds, the amount of time is dependent upon the inherent uncertainty of the project.

A. Activities with severe risks B. Merge activities that are prone to delays due to one or more preceding activities being late. C. Noncritical activities to reduce the likelihood that they will create another critical path. D. Activities that require scarce resources to ensure that the resources are available when needed.

Involves executing the risk response strategy, monitoring triggering events, initiating contingency plans, and watching for new risks.

Details all identified risks including descriptions, category, and probability of occurring, impact, responses, contingency plans, owners, and current status.

Every detail of a project plan will not materialize as expected. Coping with and controlling project changes present a formidable challenge for most project managers. Changes come from many sources such as the project customer, owner, project manager, team members, and occurrence of risk events.

1. Scope changes in the form of design or additions represent big changes. 2. Implementation of contingency plans, when risk events occur, represent changes in baseline costs and schedules. 3. Improvement changes suggested by project team members represent another category.

Involve reporting, controlling and recording changes to the project baseline.

1. Identify proposed changes. 2. List expected effects of proposed changes on schedule and budget. 3. Review, evaluate, and approve or disapprove changes formally. 4. Negotiate and resolve conflicts of change, conditions, and cost. 5. Communicate changes to parties affected. 6. Assign responsibility for implementing change. 7. Adjust master schedule and budget. 8. Track all changes that are to be implemented.

1. Inconsequential changes are discouraged by the formal process. 2. Costs of changes are maintained in a log. 3. Integrity of the WBS and performance measures is maintained. 4. Allocation and use of budget and management reserve funds are tracked. 5. Responsibility for implementation is clarified. 6. Effect of changes is visible to all parties involved. 7. Implementation of change is monitored. 8. Scope changes will be quickly reflected in baseline and performance measures.

To put the processes discussed in this chapter in proper perspective one should recognize that the essence of project management is risk management. Every tech- nique in this book is really a risk management technique. Each in its own way tries to prevent something bad from happening. Project selection systems try to reduce the likelihood that projects will not contribute to the mission of the firm. Project scope statements, among other things, are designed to avoid costly misunderstand- ings and reduce scope creep. Risk breakdown structures reduce the likelihood that some vital part of the project will be omitted or that the budget estimates are un- realistic. Teambuilding reduces the likelihood of dysfunctional conflict and break- downs in coordination. All of the techniques try to increase stakeholder satisfaction and increase the chances of project success. From this perspective managers engage in risk management activities to com- pensate for the uncertainty inherent in project management and that things never go according to plan. Risk management is proactive not reactive. It reduces the number of surprises and leads to a better understanding of the most likely out- comes of negative events. Although many managers believe that in the final analysis, risk assessment and contingency depend on subjective judgment, some standard method for identify- ing, assessing, and responding to risks should be included in all projects. The very process of identifying project risks forces some discipline at all levels of project management and improves project performance. Contingency plans increase the chance that the project can be completed on time and within budget. Contingency plans can be simple "work-arounds" or elaborate detailed plans. Responsibility for risks should be clearly identified and documented. It is desirable and prudent to keep a reserve as a hedge against project risks. Budget reserves are linked to the WBS and should be communi- cated to the project team. Control of management reserves should remain with the owner, project manager, and line person responsible. Use of contingency reserves should be closely monitored, controlled, and reviewed throughout the project life cycle. Experience clearly indicates that using a formal, structured process to handle possible foreseen and unforeseen project risk events minimizes surprises, costs, de- lays, stress, and misunderstandings. Risk management is an iterative process that occurs throughout the lifespan of the project. When risk events occur or changes are necessary, using an effective change control process to quickly approve and record changes will facilitate measuring performance against schedule and cost. Ultimately successful risk management requires a culture in which threats are embraced not denied and problems are identified not hidden.