Inhalt

Introduction

Risk management is an ongoing factor which cannot be ignored through the project life cycle. It is an entirely broad topic to discuss. Management of risks include planning, identifying, executing the decided strategies monitoring and controlling uncertainties. Occurrence of risk is uncertain and new risks can be identified any time during project life cycle, it is the motive of risk management to identify uncertainties and decrease its probability and impact on a project if risks are negative and increasing the probability if risks are positive. As project risks can have both positive and negative impact, they must be treated in the required way, risks having positive impact should be exploited or enhanced depending upon the opportunities whereas risks having negative impact should be avoided or mitigated or accepted or transferred depending upon the risk scenario.

Risk in project management is defined as an uncertain event which has positive or negative effect on the project altogether. Risk can have multiple reasons to occur in which few risks can be categorized before time and few risks can be uncertain. For example, we can assume that Bank of North America (BONA) is partnering with Java Coffee Beans to launch a co-branded loyalty credit card. Where the loyalty portion of Java Coffee Beans (JCB) allows customers 2% of cash back on each purchase. In this scenario we can consider many predefined and uncertain risk, such as faulty credit card supplied by the supplier, other banks launch credit card before Bank of North America or inflation in market. If either of these uncertain events occur, we can have a huge impact on our project scope.

Management of risks is series of steps taken to identify the risks, categorize them, quantification of risks, implementing the decided risk responses, monitoring risks, implementing contingency or fallback plans in case of strategies doesn’t work out and could be major threat to the organization, if not applied with a workaround in such situations. The most common approach in identifying risks is to manage the individually recorded risk and asses them in the project risk register. There are two approaches to risk analysis qualitative and quantitative. Analyzing risk provides a comprehensive method to determine project success. Process of assessing risk and analyzing it can also be a huge part of project success.

Qualitative risk analysis is the process of individually assessing characteristics of project risk and its impact on the project whereas Quantitative risk analysis is numerically analyzing the probability and impact of risks ranked highest in qualitative risk analysis. In this book we will be talking about how to analyze risk by doing its qualitative and quantitative analysis in depth. It is likely that certain things will not go according to the plan in the project lifecycle. To stay in control of the project you need to carry out steps to manage project risks and continuously keep your eye on the risk if it emerges with noticeable impact or not, even after it has been implemented with a strategic risk response. Also, planning the risk responses, keep in mind the secondary risks associated with each risk response is also very important as monitoring the risks are. The book is designed in a way to touch all the important aspects of risk management.

Plan Risk management

Plan risk management is the first process in planning process group which covers the risk management knowledge area. It outlines the approach and tools/techniques, or methods used for risk management in a specific project under consideration. The process is performed at required points in the project life cycle to ensure that an effective approach and methods of risk management are being followed to make the project successful.

Table Plan risk management Inputs, Tools & Techniques, and Outputs

The above table is taken from PMBOK sixth edition, showing the inputs, tools and techniques and outputs of the process being discussed.

Why is the project charter an Input to plan risk management?

Project charter includes high level information of the project i.e. who are the key stakeholders, assumptions, risks identified in the initial phase, project scope statement, issues and other factors those might emerge out to be a risk to other project management knowledge areas

Why is the project management plan an Input to plan risk management?

Project management plan includes other management plans. For example, cost management plan, schedule management plan, scope management plan or any other which might be on the verge of any risk to the project period.

Why are project documents an input to plan risk management?

Project documents include stakeholders register which contains the overview of the roles in the project and helps in identifying their power/interest/influence in the project. Knowing the all-important stakeholders helps in determining the risk management roles and responsibility in the project

Why are enterprise environmental factors included as an Input to plan risk management?

Key stakeholders or the organization set the overall risk thresholds to the project, hence enterprise environmental factors can influence the project

Why is organizational process assets included in Input to plan risk management?

Project risk management can be influenced by Organizations’ approach and methodology to risks, lessons learned data of the organization, roles and responsibility of the key stakeholders in the organization, risk categorization and formatting of risk statements, templates provided by the organization as it requires specific set of data requirements.

Tools and techniques used

Expert judgement-

Individuals or group of individuals familiar with organizational risk management framework and policies & procedures help in tailoring the risk management process according to project’s needs

Data analysis-

Stakeholders register contains the list of all the key stakeholders and an analysis is conducted on the stakeholders in order to know about risk appetite of all stakeholders

Meetings –

Meetings are an integral part of the projects and are conducted from the very beginning. In the form of project kick-off meeting and at several points including key stakeholders like project manager, project team, key stakeholders, experts or people outside or external to the organization to help share their knowledge and experience in shaping risk management process according to different risks at that instant

Outputs-

Risk management plan is the output of the process. This document documents important documents those may include but not limited to-

Risk strategy and methodology which tells about the overall risk management approach throughout the project and how much effort for a project is required in an organization respectively

For example- A low priority project requires less effort than a high priority project hence the methodology will define how risk management should be performed to meet the needs of the project

Roles and responsibilities describe who will be responsible for what kind of risk management tasks

Risk categories ensure that an important area in the possible risks is not missed

For example: risks can be internal, external, technical, commercial or any other category

Stakeholders appetite tells about how much risk a stakeholder can accept or bear

Identifying Risks

Managing risks properly is an art, but before managing them the risks needs to be identified. According to the project management book of knowledge (PMBOK) there are many common techniques to identify risk such as experience based, brainstorming making checklists, assumption log, cause and effect diagram and few more.

Experience Based Risk- To be successful in project management as a project manager or project management professional one needs to gain knowledge from past experiences both organizationally and personally. One needs to understand the importance of risk management, unmanaged or unmitigated risk can be a big reason, so noting the past learned risk or remembering the past risk is an asset.

One of the authors experiences as a manager of a software development firm for many years, his experience says that continued relearning is always required to be successful in project management and what can be better than learning from past experiences? Why isn’t this information readily available to the new project managers? He personally feels that many project managers or project management professional do not implement this and avoid writing down their past experiences or trying to learn from someone else’s past experiences as a result of which they fail in managing projects.

Brainstorming- It is a simple session between the team members to generate as many ideas as possible to find a solution to the problem. It is a situation where group together generates ideas to find solution for a specific problem. In a brainstorming session all the ideas are mainly noted to be evaluated later.

Figure :Group of people doing “Brainstorming”

Checklist- It is a list of analyzed risk from past experiences. Most organizations have such checklist if not one has to be created. After the end of every project a post review of project is conducted, and list of significant risks maybe stored which can be used for upcoming projects, although checklist is considered to be great piece of information but they do not contain all the list of risk.

Figure :Checklist

Assumption Log

The risks in a project which are real or certain without any proof of demonstration are called Assumptions. An assumption log is simply a place to store or track all the assumptions related to project. In this case project team manager should discuss the assumptions of risks which will then be further logged in the assumption log. Assumption log is further created by a project manager.

Table : Assumption log

Cause and Effect Diagram- Cause and effect diagrams are powerful and the simplest ways to identify risks. Project managers can use such diagrams to give a rise to… identified risks through which we can either reduce them or eliminate them. An Ishikawa diagram also known as Fishbone diagram can be used as cause and effect diagram.

Figure Ishikawa or Fishbone Diagram

Classification of Risks- In the real-world identifying risks and then classifying is a must as we do not have that much time, money or resources to later deal with them. Management must make sure that they either mitigate or have a contingency plan to reduce or eliminate risks. To implement this first the risks must be classified and then those risks must be prioritized. All the risks then must be examined to find out its category, severity and its impact. For example, risks from the Bank of North America and Java Beans project have been identified, classified and then prioritized in the tables below:

Table List of Risk

Table Risk Categorization

Qualitative Risk Analysis

What is Qualitative Risk Analysis?

Imagine yourself as a project manager working for Bank of North America, creating a new loyalty credit card for Java Coffee Beans company. It is likely that few things will not go according plan during a project. To keep things under control in a project we need to carry out activities which help in managing risks before the project begins. The process of managing risks includes few important steps which are identifying, analyzing, selecting appropriate response to the risks and to monitoring them in the project. As we know that there are two approaches to risk analysis which are quantitative and qualitative risk analysis, in this part of the book we will further learn more about qualitative risk analysis.

Qualitative risk analysis is the process to assess individual characteristics of project risk where probability of its occurrence and its impact on the project are measured on a scale of high, medium, low according to their impact. As we know risks are uncertain. Its impact can also be uncertain which can impact numerous project elements such as scope, schedule, budget deliverables etc. Such risks can be expressed either in percentage or numeric from. The scale can be customized according to the organizational needs or desire to maintain the consistency of the scale.

Prioritizing risk according to their probability and impact is the main process in qualitative risk analysis. A project manager can prioritize risk by evaluating the probability and impact of the risk and then focus on the most significant risk. Improving the understanding of project risk is one of the main purposes of qualitative risk analysis. During the process of analyzing risk the project manager can discover all the affected elements of project also the assumptions related to it. All this information is important to create the risk response.

Qualitative Risk Assessment

Assessing an estimate of the severity of a risk is a very important process. Without completing this project managers any work will turn out to be of little or no importance and will be considered as a waste of time. Qualitative risk assessment is the important process in qualitative risk analysis. This process is also easy and can always be performed. The consequences of risk or its impact is always defined in terms of a scale where 1 is the lowest and 5 is the highest. It is not necessary to use a level 5 scale; any type of scale can be used. The type of scale totally depends on the organization or the project manager, but mainly level 5 scale is used.

The Risk Matrix

It is the combination of likelihood and impact in this risk matrix which helps in providing measurements of severity of risks. A risk matrix may contain 5x5 or 6x6 array of elements depending on the level of risk assessment. All the level represents values of likelihood and impact. The risk matrix is normally divided in multiple zones consisting of color codes of red, yellow, green which represents major moderate and minor risk respectively.

Risk Rankings

A project will always have uncertainties. At times a project can have large number of identified risks. In such situations it can often seem difficult to decide which risk should be dealt first. In such situations risk ranking system is being used which is based on position in the matrix to determine the order of priority due to which a finer line of classification of risk is being used then the simple level 3 method.

Management Priority Order

Deciding on which risk to deal with first or to keep any risks on priority is a continuing problem. It is considered that having ten or more than ten risk is a disaster in the project. It means that the project team is ignoring many severe risks connected to it which can result in project failure. Whereas on the other hand it is said that if we only have one or two risks in the red zone then it is a waste of time to follow the top ten risks method.

Concepts of risk assessments is mainly based on the probability of its impact precision and likelihood. Severity of risk is determined by its impact and likelihood whereas precision defines its level of confidence in estimating its severity. Risk assessment is the simplest task. It simply a matter of comparing what you are aware about the risk or have learned about the risk using the scales. Whereas to measure precision your level of confidence is considered as an estimate of the result.

Quantitative Risk Analysis

It is the “Process of numerically analysing the combined effect of identified individual projects risk and other sources of uncertainty on overall project objective” (PMI, 2017). In simple terms, we prioritize individual risk according to their overall effect on project. As, in the case of BONA where we know that there are many risks, we can discuss a few of them and prioritize them according to there overall effect on the project. But before that we must take some inputs and we use some tools and techniques and the get our output. So, let’s first dig into it.

Input

For performing the Quantitative risk analysis, we need data and that can be extracted from the process we did before, so let’s see what main inputs we are require here: -

Project Management Plan: It’s the most important input in doing any process of project and same applies here. We need input from project management plan, but we don’t need all plan we need most important plans so let’s see which we require,

Risk Management Plan: As we are doing risk, we need to know how our plan is to handle risk hence we take inputs from the risk management plan.
Scope Baseline: scope baseline is minimum scope requirement for project, and we need to keep on comparing it in risk as to know that any risk is not adding the scope in jeopardy.
Schedule Baseline: we also need to follow the schedule as risk may affect the schedule and its effect on schedule may vary our baseline.
Cost Baseline: Cost is important factor of project and maintaining it is of high priority and risk effecting it is always kept in front and monitored.

Project Documents: The project documents include various documents for managing the project and their input for Quantitative risk analysis is important. So, let’s see what documents we are dealing here,

Assumption Log: It is most important document that affects the project as it makes assumptions about risks that may or may not be true but can lead a project into risks.
Basis of Estimates: As we know there are various methods of estimation and that documents are very important while performing risk analysis and prioritize the risks.
Cost Estimates: Cost drives the project and how it is estimated is important as risk effects cost.
Cost Forecast: while planning any project we forecast some cost and in Quantitative risk some time forecast can fail hence we need to take data from there as well.
Duration Estimates: Schedule is one of triple constraints and its estimates must be considered when some risk can delay project.
Milestone List: Its list of key objectives in the project and must be maintained and looked after, most of the time budget is released in this time.
Resource Requirements: The resource requirement is important factor and data from it must be considered.
Risk Register: This is live document for handling risk because we start and note everything about risk over here. So, its input is important.
Risk Report: It shows us sources of overall risk and current risk on overall project hence we update it while performing risk response.

Enterprise Environmental Factors: Enterprise environmental factors can influence the process and such factors are Industry study of similar projects, risk databases or checklists.
Organizational Process Assets: The assets such as previous similar projects are important for performing the project.

Tools and Techniques

We use many tools and techniques to perform this process by taking input we analyze the situation to performing Quantitative risk analysis.

So, let’s see some Tools and techniques we are using:

Expert Judgement
Data gathering

Interviews

Interpersonal and team Skills

Facilitation

Representation of uncertainty
Data Analysis

Simulation
Sensitivity analysis
Decision tree analysis
Influence diagrams

So, with these tools and techniques we implement and prioritize the project risk from its effect on overall project.

Outputs

It is the result after every performance which gets prioritized according to their overall effect on project.

We get the updated risk report which has the risks prioritize according to overall effect on project.

So, the let’s see the example from below table which is our previous case study in which we made risk register according to the overall effect on project which is seriousness of risk in this table and its color graded for quick look.

Risk Register

Table :Risk Register

Plan Risk Response

It is process of Developing options, selecting Strategies, and agreeing upon the actions to address overall project risks exposure as well as to treat individual project risks. The key benefit of this process that it identifies appropriate ways to address overall project risk and individual project risk (PMI, 2017).

This process is most important as knowing risk is not going to solve the problem but effectively handling them will solve the problem and unsuitable risk response can have converse effect.

So now let’s see the risk response strategies which are mostly used and discuss them in brief:

Escalate: Escalation is the appropriate solution when project manager or sponsor things are agreed that the threat from the risks is beyond preparing for so they remove the risks responsibility for consequences to the other party.

Example: when we take house insurance we know if house gets burned, we cannot afford it to repair so we escalate that risk to insurance company.

Avoid: Avoiding is the strategy when the impact of the risks and the probability of it happening is high, so the team decides to change the project plan so that that risks can be avoided and the effect of that risks is low or completely been removed from the project. This strategy can be used when the project team can change that scope from the plan.

Example: when you are buying a used car and its engine is been opened then it means that probability for failure of engine in future is high and cost is high, so you don’t buy that car and instead you go for better option.

Transfer: It is same as escalation only thing is that you can give that work to some other party or pay them the amount for that risk.
Mitigate: In mitigation what do you do here is take actions to reduce the probability of occurrence and or impact of the threat. here you do is you act early on for the risk so that the impact of risk is reduced to applicable amount. Also, you ensure that the probability of risk is also been reduced by large amount it is very important that from the two of the factors probability and impact you should be able to reduce at least one of them.
Accept: Here you do is that you accept the risk and you can afford risk. If it is positive risk or opportunity it is easy to accept.
Exploit: Mainly consider the positive risks and the probability of it happening and try to gain more from that risks.
Share: The positive risk is an opportunity to share the benefit with the vendor or your partner so that in future you get the trust from the vendors. It also involves sharing of payment or the money you get from the positive risk and it is the both ways.

Implementing Risk Response

Process of implementing agreed upon risk response plans, we need to apply the plans according to how we are planning it. Most important factor for risk is implementation and that matters a lot for the project. Project risk requires the implementation implemented in correct time. It is also called as mitigation plan. (PMI, 2017)

Process of Implementing Risk Response:

Risk Event Occurred: we only implement the risk response when the risk event occurs. It cannot be implemented without the indications of the event occurred so that we don't waste resources on that and it is very much important to consider it. As soon as the event occurs, we start implementing the response according to the plan.

Follow Plan: As an event starts to occur and we start the implementation we should follow the plan we made for that event or the risk. the plan must include all the ways for mitigation of the risk. Risk plan or response plan is a well-documented plan to match the exact situation of the event.

Review Action: Acting on a plan is an important aspect of any project same goes for the response plan hence the team should review the plan and make the changes accordingly can also document it into the risk register.

Monitor Risk

Reporting and tracking tell about what kind of reporting frequency and format & how risk management process will be audited and documentation of results obtained in risk management process

Moreover, if we talk about risks associated with other project management knowledge areas, the possible sources are cost, schedule, scope, quality, resources and customer satisfaction

The process of planned risk management is highly important and needs to be visited again and again during the change in phases of project life cycle or if there is change in scope as the process is conducted in the very beginning of the project.

Monitor risks-

Monitoring and controlling determines if a triggered event have occurred and appropriate risk plan come into play following the monitoring of changes, if there are any, because changes in project environment can lead to change in probability/impact of an event and also following the viability of risk strategy in a continued fashion.

Monitoring risks involve a list of actions which includes but not limited to-

Looking for occurrence of risk triggers
Determining if the assumptions are still valid
Submitting change requests to change control board
Utilizing the contingency reserves and reshaping the reserves according to changes
Performing various/trend analysis to see the variation from the scope, schedule and cost baselines and predict the future outcomes
Closing out risks

Other important work that cannot be overlooked in the process of monitor risks are the workarounds, risk reassessments, reserve analysis and technical performance analysis

Workarounds are unplanned risk responses which are used when unanticipated events occur in order to put the project back on track matching shoulders with baselines. Project managers who do not spend enough time planning effective risk management, spend a lot of time in performing workarounds.

Risks can be identified during any phase of the project, it is must to continue reviewing risk register and risk management plan to ensure the strategy in case, if it occurs. Every time a new risk is identified the risk register is updated it and readjustments are made to the initial plan if required.

Reserve analysis takes into consideration the both i.e. management reserves and contingency reserves.

Checking reserves is very important in projects to make sure that there are enough funds remaining for the project or not or how much might be needed in order to keep the project safe. Contingency reserves must be used only in response of the expected event in case if it occurs, whereas management reserves are for unforeseen events which were not identified in the beginning during risk identification.

For example, in the case of a website designer leaves the job in BoNA project, the deliverables might be affected in terms of quality and schedule risks. Hence, management will hire an external designer or use third party designer to keep the project on track in terms of schedule and create the good quality deliverable outcomes

Technical performance analysis is conducted to compare planned versus actual completion of technical requirements to determine the variance as any variance might be the originator of a possible threat or an opportunity

The whole monitoring process is logical, and reporting & tracking are performed as per this process

Tracking and reporting on the risk, management process is an integral part to be relied upon in order to make a project successful. It can be conducted by using different kind of matrix which specifies each risk, likelihood of their occurrence, impact if they occur, risk response strategy, trigger event, closure date etc. The use of matrix allows to filter out the risks needed to be looked upon, carefully.

The matrix should be accessible to all the project team members and easy formatted to be understand by all.

Table Form for Risk Identification

Some organizations use more sophisticated format for monitoring and controlling which allows us to see the Risk status and risk response status, compare the initial likelihood and expected likelihood, initial consequences with expected consequences, actual closure date and other comments on closure activity

Conclusion

Risks are the integral part of project life cycle and can introduce itself at various points of project life cycle. Proper risk planning is the key to minimize the negative impacts and enhance/exploit the opportunities. Project manager should invest enough time in planning so that the dependence on the workarounds could be reduced. Monitoring the project risks throughout project life cycle is using appropriate data analysis techniques which involves technical performance analysis and reserve analysis to keep the project on track and readjust the project baselines, if necessary. Timely audits to check the effectiveness of risk management process however; it is project manager’s responsibility to ensure that required frequency of audits as a part of regular project management meetings and risk review meetings, provided that the objectives should be clear before it is conducted. Meetings also, no doubt are the regular tools used throughout the project to discuss the status/ progress, find out solutions if there is any untreated or unresolved issues or risks. The very basic approach a project manager should follow is understanding the nature of organization he/she is working for under a project. It will help him to understand the framework, processes and procedures followed for risk management, utilization of organizational process assets and understanding the risks thresholds of the organization. Once these factors are understood by a project manager, they can tailor the risk management to deal with uncertainties. Communication is the key to success, so it is in risk management. Better communication in terms of appropriate formatting style of reporting in required frequency and tracking the risks throughout the project life cycle using the matrix used in the organization will build and strengthen the trust between higher management and project manager, which will benefit the project team getting more flexibility in using reserves. Outputs obtained in monitoring risks will generate work performance information, updated risk register, change requests to be sent to integrated change control, updated organizational process assets and other project management plans, is an integrated tailoring of the planning process without getting deviated from the project objectives.

Project management is not only an art it is also simultaneously science which requires vast knowledge and take years of experience learn and master.

References

All the Risk assessment matrix templates you need. (n.d). Retrieved from https://www.smartsheet.com/all-risk-assessment-matrix-templates-you-need

Bugajenko,O.(n.d). Qualitative Risk Analysis. Retrieved from https://study.com/academy/lesson/qualitative-risk-analysis-definition-purpose-example.html

Fish cartoon. (n.d). [Image]. Retrieved from https://www.cleanpng.com/png-ishikawa-diagram-root-cause-analysis-six-sigma-tem-1527608/preview.html

Free Project Management Templates. (n.d). Retrieved from www.mypmllc.com/project-management-resources/free-project-management-templates.

Graves,R.(2000, October). Qualtive risk assessment. Retrieved from https://www.pmi.org/learning/library/qualitative-risk-assessment-cheaper-faster-3188

Hall,H. (n.d). 7 ways to identify risks. Retrieved from https://projectriskcoach.com/7-ways-to-identify-risks/

Hall,H. (n.d). How to create a cause. Retrieved from https://projectriskcoach.com/cause-and-effect-diagrams/

Hillson,D.(2014, May 4). Managing overall project risk. Retrieved from https://www.pmi.org/learning/library/overall-project-risk-assessment-models-1386

Kibuuka,R.(2013, November). Project risk management. Retrieved from https://www.researchgate.net/publication/273760220_PROJECT_RISK_MANAGEMENT

Not proper linkhttps://www.slideshare.net/AgathaMaiaDuartedeAs/project-alpha-

Page Not found https://pixabay.com/illustrations/checklist-check-list-clipboard-3944447/

Qualitative Risk Analysis. (n.d). Retrieved from https://project-management-knowledge.com/definitions/q/quantitative-risk-analysis/

Royar,P. (2000, September).Risk Management. Retrieved from https://www.pmi.org/learning/library/risk-management-dimension-project-management-4665

Rudy,L. (2017, Jan 16). What is the definition. Retrieved from https://business.tutsplus.com/tutorials/what-is-the-definition-of-brainstorming--cms-27997

Same link as above https://www.pmi.org/learning/library/overall-project-risk-assessment-models-1386

Simon,K.(2020). Brainstorming Rules. Retrieved from https://www.isixsigma.com/tools-templates/brainstorming/brainstorming-rules/

summary-of-the-project

Impressum

Tag der Veröffentlichung: 15.04.2020

Nächste Seite

Seite 1 /