Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Risk Management (PMBOK 6)

No description

Adam Zihar

on 30 August 2018

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Risk Management (PMBOK 6)

Template by Missing Link
Images from Shutterstock.com

Managing Project Risk
with Six Sigma
Opportunity to learn best practices that may help you with current project

Opportunity to learn and leverage available UPMC HP PM templates and tools

Prepare for PMP exam

Meet others in your same position experiencing the same challenges

Predict future, save time and money, go down in history as a Project Rockstar
What is the difference between a risk and an issue?
What are four responses to risk?
How can I monitor and control risk?
Egg on the table
Egg on the floor
Risk vs. Issue
The objective is to increase the probability and consequences of positive events and decrease the probability and consequences of negative events.


Increase the odds of project success…reduce the odds of project failure.
Risk Management Objective
A risk is something that may happen and if it does, will have a positive or negative impact on a project

Risk implies uncertainty … If something is certain to happen, then it is a fact, and can be deemed and ‘Issue’.

When you are identifying Risk, you are identifying what could happen
What is a Project Risk?
Who: Risk Management Practitioners (ie. everyone)

What: Risk Management Function

When: The next 60 - 120 min

End state: To be familiar with the Risk Management processes and to apply Risk Management Best Practice to your daily job.
Risk Management Training Objective
Preemptive – Looking in advance for the good and bad over the horizon and planning accordingly

Strategic – Advanced planning to guide strategic activities.
Risk Management Goal
Start to identify project risks in the “Pre-Project” Phase

Develop and implement the Risk Management Plan

Incorporate risk management into all project planning processes and project phases

Use the correct risk management tools in all situations
The Project Managers Role
Plan Risk Management
Identify Risks
Perform Qualitative Risk Analysis
Perform Quantitative Risk Analysis
Plan Risk Responses
Control Risks
Risk - PMBOK
Defining how to conduct risk management for a project.
Degree, type and visibility of risk management should align with risks and importance of project.

The risk management plan is vital to communicate with and obtain agreement and support from all stakeholders to ensure the risk management process is supported and performed effectively over the project life cycle.
Plan Risk Management
Considerations for Planning the Approach:

Methodology – Approaches, tools, data sources to be used

Roles and Responsibilities – Who is responsible for what

Timing – How often the Risk processes are to be performed

Risk Categories – The systematic identification of risks

Risk Probability & Impact Method – Relative or numeric

Stakeholder Tolerances – How much risk are they willing take

Reporting – How will the Risk reporting be communicated

Tracking – How will identified Risks be tracked
Plan the Approach
Project Management Plan - Part of the project management plan. Provides baseline or current state of risk-affected areas including scope, schedule, and cost.

Project Charter - Provides various inputs such as high level risks, high-level project descriptions, and high-level requirements.

Stakeholder Register - Contains all details related to the project's stakeholders, provides an overview of their roles.

Enterprise Environmental Factors – Factors that can affect risk planning, such as risk attitudes and tolerances that describe the degree of risk that an organization will withstand.

Organizational Process Assets – Assets that can influence risk planning, such as risk categories, common definitions of concepts and terms, risk statement formats, standard templates, roles and responsibilities, authority levels for decision-making, and lessons learned.
Plan Risk Management - Inputs
Analytical Techniques - used to understand and define the overall risk management context of the project

Expert Judgment - Consider senior management, PM's who have worked on similar projects, business owners, industry best practice, professional associations.

Meetings - how to conduct risk management activities, risk cost and schedule elements, risk contingency reserve, roles and responsibilities, and templates.
Plan Risk Management - Tools & Techniques
Risk Management Plan: How risk management will be structured and performed on the project. Includes:

Methodology – approach to be used for risk management
Roles and responsibilities – for risk management team members
Budgeting – assigns resources, estimates, contingency process
Timing – when the risk management process will be performed
Risk categories – risk list or Risk Breakdown Structure, ensures consistency in identifying risks
Definitions of risk probability and impact (positive and negative)
Probability & impact matrix – rates risks as high/med/low priority
Revised stakeholder tolerances
Reporting formats – how risk activities will be documented
Tracking – how risk activities will be tracked
Plan Risk Management - Outputs
Risk Breakdown Structure - Example
Impact Matrix - Example
Probability & Impact Matrix - Example
Plan Risk Management
Determining which risks may affect the project and documenting their characteristics .
Identify Risks
Use and agreed upon template for gathering and categorizing risk data
Develop as complete a list of risks as possible

The Project Plan (project schedule / work plan)
Project log list of constraints, assumptions, issues, etc.
Project Scope (baseline/finalized)
Requirements and Design Documents
Historical Data (Lessons learned or documents from similar project)
Expert Opinion
Cost Estimates
Time Estimates
Customer Management
Quality Management (expectations and /or mandates)
Procurement Needs
Vendor Management
Market State and /or Outlook
Identifying Project Risk
Risk Causes…

A risk must have one or more causes, which are project facts that exist and lead to possible risk events

Identifying the cause is of paramount importance during the subsequent Risk Response Process.

Example: If you can eliminate or alter the cause the risk may also be eliminated, or altered for easier handling.
Identifying Project Risk
Risk Impact…

If a Risk becomes reality it will have an effect on one or more of a project’s deliverables.

Customer Satisfaction
Identifying Project Risk
Describing Risk

Need to maintain a clear separation between Cause, Risk (Event), Impact (Result)

Make it a complete description of what the risk is.

Due to (Cause)_______this (Risk Event)________ could occur, which will result in this (Impact Result) _______.

Tip: it is sometimes easier to think of the ‘risk’ event first, and then determine the cause, or causes, etc.
Identifying Project Risk
Risk Examples
Risk Management plan – Includes roles/responsibilities, budget and schedule, risk categories.
Activity Cost/Duration Estimates – Costs & durations expressed as ranges may indicate the degree of risk associated with an activity.
Scope Baseline – Project assumptions & WBS critical to identifying risks.
Stakeholder Register – Soliciting inputs for risk identification.
Cost, Schedule & Quality Management Plans – Project specific approach to cost, schedule, and quality management may generate or alleviate risk.
Project Documents – Any existing project documentation that would be helpful in identifying risks.
Human Resource Management Plan - how project human resources should be defined, staffed, managed, and eventually released.
Stakeholder Register - Information about stakeholders
Procurement Documents
Enterprise Environmental Factors – Industry best practices or benchmarks, risk attitudes, checklists.
Organizational Process Assets – Existing project risks, lessons learned, risk statement templates

Identify Risks - Inputs
Documentation Reviews – Review plans, assumptions, contracts, etc. to identify risks.
Information Gathering Techniques:
Brainstorming – Gathering many possible risks through meeting(s)
Delphi Technique – Polling experts via questionnaire, summarizing responses and re-polling experts with summarized results, attempting to reach consensus after a few rounds.
Interviewing – Project participants, stakeholders, or SMEs
Root Cause Analysis – Discover underlying causes of risk
Checklist Analysis – Based on historical information / knowledge
Assumptions Analysis – Explore validity of assumptions
Diagramming Techniques - Cause and effect diagrams, system or process flow charts, influence diagrams
SWOT Analysis – Strengths may indicate opportunities, while weakness may indicate threats, all to be identified as risks.
Expert Judgment – Risk identified by SMEs leveraging relevant project or business experience
Identify Risks – Tools & Tech.
Risk Register – List of identified risks and potential responses
Identify Risks - Outputs
ID Initial Risk - Perform Qualitative Risk Analysis –
Plan Risk Responses
Perform Qualitative Risk Analysis – Residual Risk
The process of subjectively prioritizing risks for further analysis by assessing and combining their probability of occurrence and impact
Allows project team to focus on high priority risks by assessing the likelihood of occurrence and potential impact
Can lead to Perform Quantitative Risk Analysis (if performed) or to Plan Risk Responses.
Perform Qualitative Risk Analysis
Risk Register – Provides list of risks to be analyzed.

Risk Management Plan:
Roles and responsibilities for risk management
Budgets and schedule activities for risk management
Risk categories and definitions of probability and impact
Probability and impact matrix
Revised stakeholder risk tolerances

Scope Baseline – Indicates whether project is routine and thus less risky, or large, complex, state-of-the-art, new technology, factors that would increase project risk.

Organizational Process Assets:
Information on prior, similar completed projects
Studies of similar projects by risk specialists
Resources that may be available from industry or proprietary sources.

Enterprise Environmental Factors - Industry studies of similar projects by risk specialists, risk databases that may be available.
Perform Qualitative Analysis - Inputs
Risk Probability and Impact Assessment:
Investigates the likelihood that each specific risk will occur.
Investigates the potential pos/neg effect on a project objective
Create a probability and impact matrix (next slide)

Risk Data Quality Assessment – Evaluate the degree to which the data about risks are useful, understood, accurate, reliable, etc

Risk Categorization – Groups risks by source, area of the project affected, common root cause, etc.

Risk Urgency Assessment – Evaluate time to affect a risk response, symptoms & warning signs, and risk rating.

Expert Judgment:
Experts with experience in similar projects can assist with probability and impact assessment
Note that those planning and managing this specific project are considered experts, particularly about the specifics of that project.
Perform Qualitative Analysis – Tools & Tech.
Risk Register Updates:
Relative ranking or priority list of project risks
Using probability and impact matrix
Can be ranked / prioritized High / Medium / Low
Can be prioritized by project impact (schedule, cost, performance)

Risks grouped by categories

Causes of risks or project areas requiring particular attention

List of risks requiring response in the near-term

List of risks for additional analysis and response

Watchlists of low-priority risks

Trends in qualitative risk analysis results
As time passes, repeated risk analysis may identify trends that can make a particular risk more or less important.
Perform Qualitative Analysis - Outputs
Perform Qualitative Analysis
The process of numerically analyzing the probability and impact of high priority risks on overall project objectives
Performed on risks prioritized in the Perform Qualitative Risk Analysis process.
May not be required to develop effective risk responses.
Perform Quantitative Risk Analysis
Risk Register

Risk Management Plan

Cost Management Plan – Plans for managing project costs may help determine the structure or approach for quantitative analysis of budget or cost plan

Schedule Management Plan – Plans for managing project schedule may help determine the structure or approach for quantitative analysis of schedule

Organizational Process Assets:
Information on prior, similar completed projects
Studies of similar projects by risk specialists
Resources that may be available from industry or proprietary sources.

Enterprise Environmental Factors - Industry studies, risk databases
Perform Quantitative Analysis - Inputs
Data Gathering Techniques – Beta & triangular distributions:
Perform Quantitative Analysis – Tools & Tech.
Decision Tree Analysis - Example
Quantitative Risk Analysis and Modeling Techniques:

Modeling / Simulation – A project simulation uses a model that translates uncertainties of the project into potential impact on project objective

Monte Carlo technique
An iterative simulation that performs the project many times to simulate the cost or schedule results of the project.
Evaluates the probability of completing the project on a specific day or for a specific cost
Cost estimates are used for a cost risk analysis, which predicts the likelihood of achieving specific cost targets.
A schedule network diagram and duration estimates are used in a schedule risk analysis, which predicts the likelihood of achieving schedule targets.

Expert Judgment – Used to identify potential cost and schedule impacts, evaluate probability, define input into the tools, and to interpret the data.
Perform Quantitative Analysis – Tools & Tech.
Project Documents Updates:

Probability analysis of project:
Potential project schedule and cost outcomes with associated confidence levels.
Useful for calculating contingency reserves

Probability of achieving cost and time objectives (see next slide)

Prioritized list of quantified risks – Those that present greatest threat or opportunity

Trends in quantitative risk analysis – May become apparent as risk analysis is repeated.
Perform Quantitative Analysis - Outputs
Perform Quantitative Analysis
The process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness throughout the project.

Also, determines if project assumptions are still valid, if risks can be retired, if risk management procedures are being followed, if contingency reserves of cost or schedule should be modified.
Implement Risk Responses
Control Risks
Risk Register – Inputs include identified risks and risk owners, risk responses, specific implementation actions, symptoms and warning signs of risk, residual and secondary risks, a watchlist of low-priority risks, and the time and cost contingency reserves.

Project Management Plan – Contains the risk management plan, which includes risk tolerances, protocols and the assignment of people (including the risk owners), time, and other resources to project risk management.

Work performance information:
Deliverable status
Schedule progress
Costs incurred

Performance reports – Provides project work performance information including variance analysis, earned value data, and forecasting data.
Control Risks - Inputs
Risk Reassessment – Identifies new risks, reassesses current risks, and closes risks that are outdated.

Risk Audits – Examines and documents the effectiveness of risk responses and the effectiveness of the risk management process

Variance & Trend Analysis – Compares planned results to actual results

Technical Performance Measurement – Compares technical accomplishments during project execution to the project management plan’s schedule of technical achievement

Reserve Analysis – Compares the amount of the contingency reserves remaining to the amount of risk remaining to determine if the remaining reserve is adequate.

Meetings – Project risk management should be an agenda item at periodic status meetings.
Control Risks – Tools & Tech.
Follow the Risk Management Plan!

Implement Risk the plans to Avoid, Transfer, Mitigate, or Accept all Risks.

If any plan to Avoid, Transfer, Mitigate, or Accept a Risk is not working, take corrective action.
Monitor Risks
Track Risks and Issues!
SharePoint and other applications help tremendously
Foster a culture of risk identification
Schedule specific meetings to review risks and issues
Risks are an input to Status Reports
Consider risk scales instead of high, medium, low
Lessons Learned
Found within: Organizational Performance Department/ Project Management Office (PMO)
Risk-Issue Register Template
Risk Criteria Picture
PMO Risk Function Description
Status Report Criteria Picture
SharePoint - Exchange Readiness Program Risk and Issue Register
Templates/ Links
Post Test – Check on Learning
1. An egg on the edge of the table is a…..
2. If you pay someone to ensure that the egg will not fall off the table what response have you used?
3. If you move the egg from the edge of the table to the center of the table what response have you used?
4. If you pick the egg off the table and put it in the refrigerator where it belongs what response have you used?
5. There is a chance that someone might turn on the fan causing the egg to fall of the table. You have just identified a….
The egg falls off the table….
Lessons Learned
Plan Risk Responses
Risk Register:
identified risks
root causes of risks
lists of potential responses
risk owners
symptoms and warning signs
the relative rating or priority list of project risks
a list of risks requiring response in the near term
a list of risks for additional analysis and response
trends in qualitative analysis results
a watch list of low-priority risks

Risk Management Plan:
roles and responsibilities
risk analysis definitions
timing for reviews (and for eliminating risks from review)
risk thresholds for low, moderate, and high risks
Plan Risk Responses - Inputs
Risk related contract decisions – To transfer risk or share risks
Project Management Plan updates:
Schedule Management Plan – Changes to resource loading / leveling
Cost Management Plan – Changes to accounting, tracking, reporting
Quality Management Plan – Changes to requirements, QA, QC
Procurement Management Plan – Changes to make-or-buy decisions
Human Resource Management Plan – Changes to staff allocation
Work Breakdown Structure – Added / removed work
Schedule Baseline – To reflect added / removed work
Cost Performance Baseline – To reflect add / removed work
Plan Risk Responses - Outputs
Project Management Plan Updates:
Identified risks, descriptions, causes, area of the project affected
Risk owners and assigned responsibilities
Outputs from risk analysis, including prioritized lists of project risks
Response strategies; specific actions to implement the chosen response strategy
Triggers, symptoms, and warning signs of risks’ occurrence
Budget and schedule activities required to implement the chosen responses
Contingency plans and triggers that call for their execution
Fallback plans for use if primary response proves to be inadequate
Residual risks expected to remain after planned responses have been taken, as well as those that have been deliberately accepted
Secondary risks that arise as a direct outcome of implementing a risk response
Contingency reserves (based on the quantitative risk analysis of the project and the organization’s risk thresholds)
Plan Risk Responses - Outputs
Strategies for negative risks (threats):
Escalate - when a threat is outside the scope of the project or that the proposed response would exceed the PM's authority.
Avoid – change project management plan to eliminate risk entirely
Transfer – shift all or some negative impact with ownership to a 3rd party
Mitigate – reduce the probability or impact of an adverse risk event
Accept – do nothing. Passive acceptance will determine actions if threat occurs. Active acceptance may establish a contingency reserve of time, money, or resources to handle it.
Strategies for positive risks (opportunities)
Escalate - when a threat is outside the scope of the project or that the proposed response would exceed the PM's authority.
Exploit – eliminate uncertainty that the opportunity will occur
Share – allocate some or all of the ownership of the opportunity to a 3rd party who can best capture the opportunity for the benefit of the project
Enhance – increase the probability or impacts of an opportunity
Accept – do not actively pursue an opportunity but remain willing to take advantage if it occurs

Contingent response strategy – Response to be invoked if risk event occurs

Expert Judgment - Provided by any group/person with specialized education, knowledge, skill, experience, or training in establishing risk responses
Plan Risk Responses – Tools & Tech.
Risk Responses must be:
Appropriate to the significance of the risk
Cost effective
Realistic for the project
Agreed upon by all parties
Owned by a risk response owner
Plan Risk Responses Process
The process of developing options and action to enhance opportunities and to reduce threats to project objectives.
Identify risk response owner
Select primary and backup strategy
Insert activities into the budget, schedule, and project management plan as needed.
Plan Risk Responses
Project Document updates:

Assumptions log updates – Assumptions will change with the application of risk responses.

Technical documentation updates – Technical approaches and deliverables may change with the application of risk responses.
Plan Risk Responses - Outputs
Plan Risk Management Data Flow Diagram
Identify Risks
Failure Modes & Effects Analysis (FMEA)
The Failure Modes and Effects Analysis (FMEA) is:

Methodology for analyzing potential reliability problem

Originally developed as part of the Apollo Space program at NASA

The FMEA in Healthcare is used to improve patient safety by identifying potential problems before accidents occur

Definition of FMEA
Hospitals certified under The Joint Commission on the Accreditation of Healthcare Organizations (JCAHO) required to conduct one FMEA each year

Thus, interest in the healthcare provider arena for proper application of FMEAs has been raised

Why Conduct an FMEA?
Improve product/process reliability and quality

Increase customer satisfaction

Early identification and elimination of potential process failure modes

Prioritize process deficiencies

Emphasizes problem prevention

Documents risk and actions taken to reduce risk

Provide focus for improved testing and development

Minimizes late changes and associated cost

Catalyst for teamwork and idea exchange between functional work groups

Benefits of FMEA
Step 1 – Define the Process
Create a Block Diagram of the process
Consider intentional and unintentional uses

Step 2 – Identify Failure Modes
Failure mode is: the manner in which a component, subsystem, system, process, etc. could potentially fail

Step 3 – Determine the Effect (severity, occurrence, and detection)

Step 4 – Identify Root Causes

Step 5 – Actions to Mitigate Failure Mode

FMEA Procedure
Define key steps and decisions associated with the process

Stakeholders: Patients, Nurses, Physicians, Pharmacy



Administration of Medication via a Smart Infusion Device

Identify the triggers, outcomes and stakeholders

FMEA Procedure – Step 1: Define the Process
Stakeholder D

Stakeholder C

Stakeholder B

Stakeholder A

FMEA Procedure – Process Key Steps and Decisions Block Diagram

FMEA Procedure – Step 2: Identify Failure Modes

Failure mode: one or more steps in the process fails to produce the desired result

Identify as many failure modes as possible at first

List may be reduced later as some modes are eliminated or scope is adjusted

A failure mode may occur at any step or decision within the process

FMEA Procedure – Identifying Failure Modes

The severity, occurrence & detection are based on a numerical FMEA rating scale

Severity – Based on a 1 to 10 scale representing “No Danger” to “Extremely Dangerous” respectively

Occurrence – Based on a 1 to 10 scale representing “Remote probability of occurrence” to “Certain probability of occurrence” respectively

Detection – Based on a 1 to 10 scale representing “Almost certain chance of detection” to “No chance of detection”

From these numbers a Risk Priority Number (RPN) is calculated (RPN=Severity x Occurrence x Detection)

The Total RPN is the sum of all step and failure mode RPNs

FMEA Procedure – Step 3: Determine the Effect (Severity, Occurrence, and Detection)

FMEA Procedure - Effect Scoring Matrix
Identifying the root cause to the failure
Ask the question “why?” five times
This yields root cause

FMEA Procedure - Step 4: Identify Root Causes
List the actions to mitigate failure mode

Recalculate the severity, occurrence, and detection numbers after new actions are implemented

Recalculate the new RPN according to action taken

Evaluate whether the new RPN is acceptable or whether further action is required to lower the RPN to an acceptable number

FMEA Procedure - Step 5: Actions to Mitigate Failure Mode

Process oriented

Causes closely scrutinized (Root Cause)

Stronger quantitative analysis (Numbers over Colors)

Failure Mode and Effects Analysis more frequently utilized (FMEA) over standard risk methodology

Proactive over Reactive

Risk and the Six Sigma Focus:
To predict the future
To communicate status to stakeholders
To cover your ass
To train your people
To understand the situation and environment
To make recommendations
Why Risk Management?
So leaders can make informed decisions!
Failure Modes & Effects Analysis (FMEA)
Full transcript