Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Risk Management (PMBOK 5)

No description

Adam Zihar

on 25 November 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Risk Management (PMBOK 5)

Template by Missing Link
Images from Shutterstock.com

Managing Project Risk
Opportunity to learn best practices that may help you with current project
Opportunity to learn and leverage available UPMC HP PM templates and tools
Prepare for PMP exam
Meet others in your same position experiencing the same challenges
What is the difference between a risk and an issue?
What are four responses to risk?
How can I monitor and control risk?
Egg on the table
Egg on the floor
Risk vs. Issue
The objective is to increase the probability and consequences of positive events and decrease the probability and consequences of negative events.


Increase the odds of project success…reduce the odds of project failure.
Risk Management Objective
A risk is something that may happen and if it does, will have a positive or negative impact on a project

Risk implies uncertainty … If something is certain to happen, then it is a fact, and can be deemed and ‘Issue’.

When you are identifying Risk, you are identifying what could happen
What is a Project Risk?
“Risk management is project management”
Andre Guyer, Zurich Insurance Company Ltd
Who: Project Managers and those with PM responsibilities

What: Project Management and the Risk Management Function

When: The next 50min

End state: To be familiar with the Risk Management processes and to apply Risk Management Best Practice
Risk Management Training Objective
Preemptive – Looking in advance for the good and bad over the horizon and planning accordingly

Strategic – Advanced planning to guide strategic activities.
Risk Management Goal
Start to identify project risks in the “Pre-Project” Phase

Develop and implement the Risk Management Plan

Incorporate risk management into all project planning processes and project phases

Use the correct risk management tools in all situations
The Project Managers Role
Plan Risk Management
Identify Risks
Perform Qualitative Risk Analysis
Perform Quantitative Risk Analysis
Plan Risk Responses
Control Risks
Risk - PMBOK
Defining how to conduct risk management for a project.
Degree, type and visibility of risk management should align with risks and importance of project.

The risk management plan is vital to communicate with and obtain agreement and support from all stakeholders to ensure the risk management process is supported and performed effectively over the project life cycle.
Plan Risk Management
Considerations for Planning the Approach:

Methodology – Approaches, tools, data sources to be used

Roles and Responsibilities – Who is responsible for what

Timing – How often the Risk processes are to be performed

Risk Categories – The systematic identification of risks

Risk Probability & Impact Method – Relative or numeric

Stakeholder Tolerances – How much risk are they willing take

Reporting – How will the Risk reporting be communicated

Tracking – How will identified Risks be tracked
Plan the Approach
Project Management Plan - Part of the project management plan. Provides baseline or current state of risk-affected areas including scope, schedule, and cost.

Project Charter - Provides various inputs such as high level risks, high-level project descriptions, and high-level requirements.

Stakeholder Register - Contains all details related to the project's stakeholders, provides an overview of their roles.

Enterprise Environmental Factors – Factors that can affect risk planning, such as risk attitudes and tolerances that describe the degree of risk that an organization will withstand.

Organizational Process Assets – Assets that can influence risk planning, such as risk categories, common definitions of concepts and terms, risk statement formats, standard templates, roles and responsibilities, authority levels for decision-making, and lessons learned.
Plan Risk Management - Inputs
Analytical Techniques - used to understand and define the overall risk management context of the project

Expert Judgment - Consider senior management, PM's who have worked on similar projects, business owners, industry best practice, professional associations.

Meetings - how to conduct risk management activities, risk cost and schedule elements, risk contingency reserve, roles and responsibilities, and templates.
Plan Risk Management - Tools & Techniques
Risk Management Plan: How risk management will be structured and performed on the project. Includes:

Methodology – approach to be used for risk management
Roles and responsibilities – for risk management team members
Budgeting – assigns resources, estimates, contingency process
Timing – when the risk management process will be performed
Risk categories – risk list or Risk Breakdown Structure, ensures consistency in identifying risks
Definitions of risk probability and impact (positive and negative)
Probability & impact matrix – rates risks as high/med/low priority
Revised stakeholder tolerances
Reporting formats – how risk activities will be documented
Tracking – how risk activities will be tracked
Plan Risk Management - Outputs
Risk Breakdown Structure - Example
Impact Matrix - Example
Probability & Impact Matrix - Example
Plan Risk Management
Determining which risks may affect the project and documenting their characteristics .
Identify Risks
Use and agreed upon template for gathering and categorizing risk data
Develop as complete a list of risks as possible

The Project Plan (project schedule / work plan)
Project log list of constraints, assumptions, issues, etc.
Project Scope (baseline/finalized)
Requirements and Design Documents
Historical Data (Lessons learned or documents from similar project)
Expert Opinion
Cost Estimates
Time Estimates
Customer Management
Quality Management (expectations and /or mandates)
Procurement Needs
Vendor Management
Market State and /or Outlook
Identifying Project Risk
Risk Causes…

A risk must have one or more causes, which are project facts that exist and lead to possible risk events

Identifying the cause is of paramount importance during the subsequent Risk Response Process.

Example: If you can eliminate or alter the cause the risk may also be eliminated, or altered for easier handling.
Identifying Project Risk
Risk Impact…

If a Risk becomes reality it will have an effect on one or more of a project’s deliverables.

Customer Satisfaction
Identifying Project Risk
Describing Risk

Need to maintain a clear separation between Cause, Risk (Event), Impact (Result)

Make it a complete description of what the risk is.

Due to (Cause)_______this (Risk Event)________ could occur, which will result in this (Impact Result) _______.

Tip: it is sometimes easier to think of the ‘risk’ event first, and then determine the cause, or causes, etc.
Identifying Project Risk
Risk Examples
Risk Management plan – Includes roles/responsibilities, budget and schedule, risk categories.
Activity Cost/Duration Estimates – Costs & durations expressed as ranges may indicate the degree of risk associated with an activity.
Scope Baseline – Project assumptions & WBS critical to identifying risks.
Stakeholder Register – Soliciting inputs for risk identification.
Cost, Schedule & Quality Management Plans – Project specific approach to cost, schedule, and quality management may generate or alleviate risk.
Project Documents – Any existing project documentation that would be helpful in identifying risks.
Human Resource Management Plan - how project human resources should be defined, staffed, managed, and eventually released.
Stakeholder Register - Information about stakeholders
Procurement Documents
Enterprise Environmental Factors – Industry best practices or benchmarks, risk attitudes, checklists.
Organizational Process Assets – Existing project risks, lessons learned, risk statement templates

Identify Risks - Inputs
Documentation Reviews – Review plans, assumptions, contracts, etc. to identify risks.
Information Gathering Techniques:
Brainstorming – Gathering many possible risks through meeting(s)
Delphi Technique – Polling experts via questionnaire, summarizing responses and re-polling experts with summarized results, attempting to reach consensus after a few rounds.
Interviewing – Project participants, stakeholders, or SMEs
Root Cause Analysis – Discover underlying causes of risk
Checklist Analysis – Based on historical information / knowledge
Assumptions Analysis – Explore validity of assumptions
Diagramming Techniques - Cause and effect diagrams, system or process flow charts, influence diagrams
SWOT Analysis – Strengths may indicate opportunities, while weakness may indicate threats, all to be identified as risks.
Expert Judgment – Risk identified by SMEs leveraging relevant project or business experience
Identify Risks – Tools & Tech.
Risk Register – List of identified risks and potential responses
Identify Risks - Outputs
ID Initial Risk - Perform Qualitative Risk Analysis –
Plan Risk Responses
Perform Qualitative Risk Analysis – Residual Risk
The process of subjectively prioritizing risks for further analysis by assessing and combining their probability of occurrence and impact
Allows project team to focus on high priority risks by assessing the likelihood of occurrence and potential impact
Can lead to Perform Quantitative Risk Analysis (if performed) or to Plan Risk Responses.
Perform Qualitative Risk Analysis
Risk Register – Provides list of risks to be analyzed.

Risk Management Plan:
Roles and responsibilities for risk management
Budgets and schedule activities for risk management
Risk categories and definitions of probability and impact
Probability and impact matrix
Revised stakeholder risk tolerances

Scope Baseline – Indicates whether project is routine and thus less risky, or large, complex, state-of-the-art, new technology, factors that would increase project risk.

Organizational Process Assets:
Information on prior, similar completed projects
Studies of similar projects by risk specialists
Resources that may be available from industry or proprietary sources.

Enterprise Environmental Factors - Industry studies of similar projects by risk specialists, risk databases that may be available.
Perform Qualitative Analysis - Inputs
Risk Probability and Impact Assessment:
Investigates the likelihood that each specific risk will occur.
Investigates the potential pos/neg effect on a project objective
Create a probability and impact matrix (next slide)

Risk Data Quality Assessment – Evaluate the degree to which the data about risks are useful, understood, accurate, reliable, etc

Risk Categorization – Groups risks by source, area of the project affected, common root cause, etc.

Risk Urgency Assessment – Evaluate time to affect a risk response, symptoms & warning signs, and risk rating.

Expert Judgment:
Experts with experience in similar projects can assist with probability and impact assessment
Note that those planning and managing this specific project are considered experts, particularly about the specifics of that project.
Perform Qualitative Analysis – Tools & Tech.
Risk Register Updates:
Relative ranking or priority list of project risks
Using probability and impact matrix
Can be ranked / prioritized High / Medium / Low
Can be prioritized by project impact (schedule, cost, performance)

Risks grouped by categories

Causes of risks or project areas requiring particular attention

List of risks requiring response in the near-term

List of risks for additional analysis and response

Watchlists of low-priority risks

Trends in qualitative risk analysis results
As time passes, repeated risk analysis may identify trends that can make a particular risk more or less important.
Perform Qualitative Analysis - Outputs
Perform Qualitative Analysis
The process of numerically analyzing the probability and impact of high priority risks on overall project objectives
Performed on risks prioritized in the Perform Qualitative Risk Analysis process.
May not be required to develop effective risk responses.
Perform Quantitative Risk Analysis
Risk Register

Risk Management Plan

Cost Management Plan – Plans for managing project costs may help determine the structure or approach for quantitative analysis of budget or cost plan

Schedule Management Plan – Plans for managing project schedule may help determine the structure or approach for quantitative analysis of schedule

Organizational Process Assets:
Information on prior, similar completed projects
Studies of similar projects by risk specialists
Resources that may be available from industry or proprietary sources.

Enterprise Environmental Factors - Industry studies, risk databases
Perform Quantitative Analysis - Inputs
Data Gathering Techniques:
Interviewing – Draw on experience and historical data to quantify the probably & impact of risks on project objectives.
Should include three-point estimates (optimistic, pessimistic, most likely)
Perform Quantitative Analysis – Tools & Tech.
Data Gathering Techniques:
Probability Distributions – Use data gathered to document probability distribution
Continuous probability distribution – Represent uncertainty in values such as durations of schedule activities and costs of project components
Discrete distributions – Represent uncertain events such as outcome of a test or a possible scenario in a decision tree.
Examples: beta and triangular distribution (next slide)
Uniform distributions – Used only if there is no value likely outside of high and low bounds
Perform Quantitative Analysis – Tools & Tech.
Data Gathering Techniques – Beta & triangular distributions:
Perform Quantitative Analysis – Tools & Tech.
Quantitative Risk Analysis and Modeling Techniques:

Sensitivity Analysis – Used to determine which risks have the most potential impact on the project by evaluating the uncertainty or sensitivity of each project element on the objective being examined when all other uncertain elements are held stable

Expected Monetary Value (EVM) analysis - statistical calculation of the average outcome when the future includes scenarios that may or may not occur.
EMV of project is calculated by multiplying the value of each outcome by its probability of occurrence and adding the products together.
Commonly depicted in decision tree analysis (next slide)
Perform Quantitative Analysis – Tools & Tech.
Decision Tree Analysis - Example
Quantitative Risk Analysis and Modeling Techniques:

Modeling / Simulation – A project simulation uses a model that translates uncertainties of the project into potential impact on project objective

Monte Carlo technique
An iterative simulation that performs the project many times to simulate the cost or schedule results of the project.
Evaluates the probability of completing the project on a specific day or for a specific cost
Cost estimates are used for a cost risk analysis, which predicts the likelihood of achieving specific cost targets.
A schedule network diagram and duration estimates are used in a schedule risk analysis, which predicts the likelihood of achieving schedule targets.

Expert Judgment – Used to identify potential cost and schedule impacts, evaluate probability, define input into the tools, and to interpret the data.
Perform Quantitative Analysis – Tools & Tech.
Cost Risk Simulation - Example
Project Documents Updates:

Probability analysis of project:
Potential project schedule and cost outcomes with associated confidence levels.
Useful for calculating contingency reserves

Probability of achieving cost and time objectives (see next slide)

Prioritized list of quantified risks – Those that present greatest threat or opportunity

Trends in quantitative risk analysis – May become apparent as risk analysis is repeated.
Perform Quantitative Analysis - Outputs
Perform Quantitative Analysis
The process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness throughout the project.

Also, determines if project assumptions are still valid, if risks can be retired, if risk management procedures are being followed, if contingency reserves of cost or schedule should be modified.
Control Risks
Control Risks
Risk Register – Inputs include identified risks and risk owners, risk responses, specific implementation actions, symptoms and warning signs of risk, residual and secondary risks, a watchlist of low-priority risks, and the time and cost contingency reserves.

Project Management Plan – Contains the risk management plan, which includes risk tolerances, protocols and the assignment of people (including the risk owners), time, and other resources to project risk management.

Work performance information:
Deliverable status
Schedule progress
Costs incurred

Performance reports – Provides project work performance information including variance analysis, earned value data, and forecasting data.
Control Risks - Inputs
Risk Reassessment – Identifies new risks, reassesses current risks, and closes risks that are outdated.

Risk Audits – Examines and documents the effectiveness of risk responses and the effectiveness of the risk management process

Variance & Trend Analysis – Compares planned results to actual results

Technical Performance Measurement – Compares technical accomplishments during project execution to the project management plan’s schedule of technical achievement

Reserve Analysis – Compares the amount of the contingency reserves remaining to the amount of risk remaining to determine if the remaining reserve is adequate.

Meetings – Project risk management should be an agenda item at periodic status meetings.
Control Risks – Tools & Tech.
Risk Register updates:
Outcomes of risk reassessments, risk audits and period risk reviews
Identification of new risks / update to existing risks
Updates to probability, impact, priority, response plans, ownership, and other elements of the risk register
Actual outcomes of projects risks and risk responses

Organizational Process Asset updates (for future projects):
Templates for the risk management plan, including the probability and impact matrix, and risk register
Risk breakdown structure
Lessons learned from the project risk management activities

Changes Requests – Recommended corrective / preventive actions

Project Management Plan updates – Same elements as Plan Risk Responses process

Project Document updates – Same documents as Plan Risk Responses process
Control Risks - Outputs
Follow the Risk Management Plan!

Implement Risk the plans to Avoid, Transfer, Mitigate, or Accept all Risks.

If any plan to Avoid, Transfer, Mitigate, or Accept a Risk is not working, take corrective action.
Risk Control
SharePoint – Risk and Issue Grouping
SharePoint - Risk Form
SharePoint – Assigning Ownership
SharePoint – Export to Excel
SharePoint – Export to Excel
SharePoint – Refresh from SP
Track Risks and Issues!
SharePoint and other applications help tremendously
Foster a culture of risk identification
Schedule specific meetings to review risks and issues
Risks are an input to Status Reports
Consider risk scales instead of high, medium, low
Lessons Learned
Found within: Organizational Performance Department/ Project Management Office (PMO)
Risk-Issue Register Template
Risk Criteria Picture
PMO Risk Function Description
Status Report Criteria Picture
SharePoint - Exchange Readiness Program Risk and Issue Register
Templates/ Links
Post Test – Check on Learning
1. An egg on the edge of the table is a…..
2. If you pay someone to ensure that the egg will not fall off the table what response have you used?
3. If you move the egg from the edge of the table to the center of the table what response have you used?
4. If you pick the egg off the table and put it in the refrigerator where it belongs what response have you used?
5. There is a chance that someone might turn on the fan causing the egg to fall of the table. You have just identified a….
The egg falls off the table….
Lessons Learned
Plan Risk Responses
Risk Register:
identified risks
root causes of risks
lists of potential responses
risk owners
symptoms and warning signs
the relative rating or priority list of project risks
a list of risks requiring response in the near term
a list of risks for additional analysis and response
trends in qualitative analysis results
a watch list of low-priority risks

Risk Management Plan:
roles and responsibilities
risk analysis definitions
timing for reviews (and for eliminating risks from review)
risk thresholds for low, moderate, and high risks
Plan Risk Responses - Inputs
Risk related contract decisions – To transfer risk or share risks
Project Management Plan updates:
Schedule Management Plan – Changes to resource loading / leveling
Cost Management Plan – Changes to accounting, tracking, reporting
Quality Management Plan – Changes to requirements, QA, QC
Procurement Management Plan – Changes to make-or-buy decisions
Human Resource Management Plan – Changes to staff allocation
Work Breakdown Structure – Added / removed work
Schedule Baseline – To reflect added / removed work
Cost Performance Baseline – To reflect add / removed work
Plan Risk Responses - Outputs
Project Management Plan Updates:
Identified risks, descriptions, causes, area of the project affected
Risk owners and assigned responsibilities
Outputs from risk analysis, including prioritized lists of project risks
Response strategies; specific actions to implement the chosen response strategy
Triggers, symptoms, and warning signs of risks’ occurrence
Budget and schedule activities required to implement the chosen responses
Contingency plans and triggers that call for their execution
Fallback plans for use if primary response proves to be inadequate
Residual risks expected to remain after planned responses have been taken, as well as those that have been deliberately accepted
Secondary risks that arise as a direct outcome of implementing a risk response
Contingency reserves (based on the quantitative risk analysis of the project and the organization’s risk thresholds)
Plan Risk Responses - Outputs
Strategies for negative risks (threats):
Avoid – change project management plan to eliminate risk entirely
Transfer – shift all or some negative impact with ownership to a 3rd party
Mitigate – reduce the probability or impact of an adverse risk event
Accept – do nothing. Passive acceptance will determine actions if threat occurs. Active acceptance may establish a contingency reserve of time, money, or resources to handle it.
Strategies for positive risks (opportunities)
Exploit – eliminate uncertainty that the opportunity will occur
Share – allocate some or all of the ownership of the opportunity to a 3rd party who can best capture the opportunity for the benefit of the project
Enhance – increase the probability or impacts of an opportunity
Accept – do not actively pursue an opportunity but remain willing to take advantage if it occurs

Contingent response strategy – Response to be invoked if risk event occurs

Expert Judgment - Provided by any group/person with specialized education, knowledge, skill, experience, or training in establishing risk responses
Plan Risk Responses – Tools & Tech.
Risk Responses must be:
Appropriate to the significance of the risk
Cost effective
Realistic for the project
Agreed upon by all parties
Owned by a risk response owner
Plan Risk Responses Process
The process of developing options and action to enhance opportunities and to reduce threats to project objectives.
Identify risk response owner
Select primary and backup strategy
Insert activities into the budget, schedule, and project management plan as needed.
Plan Risk Responses
Project Document updates:

Assumptions log updates – Assumptions will change with the application of risk responses.

Technical documentation updates – Technical approaches and deliverables may change with the application of risk responses.
Plan Risk Responses - Outputs
Plan Risk Management Data Flow Diagram
Identify Risks
Full transcript